CoovaChilli uses RADIUS to provision access and to provide accounting.
Direction of Input and Output
The original ChilliSpot defined input and output as being data uploaded and downloaded by the client respectively. CoovaChilli, however, uses the reverse meaning (per default) making it more compatible with some other commercial access controllers.
In RFC 2866, it says:
- This attribute indicates how many octets have been received from the port over the course of this service being provided.
- This attribute indicates how many octets have been sent to the port in the course of delivering this service.
However, this is not very conclusive as it depends on what side of the port you are referring to. In the manual for a popular commercial access controller, is says:
- Number of octets/bytes received by the customer.
- Number of octets/bytes sent by the customer.
This is the definition adopted by CoovaChilli - one of the very first changes made to ChilliSpot, for use with back-end systems also supporting commercial access controllers. See Vendor Accounting Practices below for more information.
For backward compatibility, use the chilli option swapoctets to toggle back to the original meanings of input and output.
The following RADIUS attributes are used to place limits on a session authorized by a RADIUS Access-Accept response:
- Session-Timeout = seconds
- Standard RADIUS attribute (defined in RFC 2865) for setting the maximum session timeout. The user is logged out after this amount of time; session duration. Also see the defsessiontimeout option in chilli.conf(5).
- Idle-Timeout = seconds
- Standard RADIUS attribute (defined in RFC 2865) for setting the maximum idle timeout. The user is logged out after this amount of time of inactivity (no traffic). Also see the defidletimeout option in chilli.conf(5).
- Acct-Interim-Interval = seconds
- Standard RADIUS attributes (defined in RFC 2869) for setting the accounting interim update interval - the rate at which accounting update packets are sent. Also see the definteriminterval option in chilli.conf(5).
- ChilliSpot-Max-Input-Octets = bytes
ChilliSpot-Max-Output-Octets = bytes
ChilliSpot-Max-Total-Octets = bytes
- Chilli vendor specific attributes for setting the max in, out, or total bytes transferred for the session. See above for the meaning of input and output.
- WISPr-Bandwidth-Max-Up = bits/second
WISPr-Bandwidth-Max-Down = bits/second
- WISPr vendor specific attributes for setting the maximum bandwidth rate in bits per second.
- ChilliSpot-Bandwidth-Max-Up = kbits/second
ChilliSpot-Bandwidth-Max-Down = kbits/second
- Chilli vendor specific attributes for setting the maximum bandwidth rate in kbits per second. Internally, chilli multiplies this value by 1000 in converting to bits per second.
In all cases, the ChilliSpot vendor specific attributes override WISPr attribute values. However, using the WISPr attributes is perhaps the more standard way to go.
In RADIUS Accounting, the following attributes are used to report session statistics:
- Acct-Session-Time = seconds
- Duration of session in seconds.
- Acct-Input-Octets = bytes
Acct-Output-Octets = bytes
- The lower 32-bit value of the number of bytes of input and output (see above for a discussion of the meaning of input vs. output).
- Acct-Input-Gigawords = gigawords
Acct-Output-Gigawords = gigawords
- The upper 32-bit value of the number of bytes of input and output; or how many times the above attributes have rolled-over the 32-bit value.
- Acct-Input-Packets = num-packets
Acct-Output-Packets = num-packets
- The number of packets carrying input or output octets.
Vendor Accounting Practices
- Input is data from the Client to the NAS, and Output is data to the Client from the NAS
- Client *
- Input is data from the NAS to the Client, and Output is data to the NAS from the Client
- RFC 2866
- The RADIUS Accounting RFC states that Acct-Input-Octets indicates how many octets have been received from the port over the course of this service being provided - Although not very clearly stated, port should be seen from the point of view of the AC/NAS, not the Client (* those with the Client perspective are not RFC compliant).
- RFC 4005
- The Diameter NAS Application RFC states that Accounting-Input-Octets contains the number of octets received from the user which also (and perhaps more clearly) takes the point of view of the AC/NAS. In some early drafts, there was a mistake where it said this attribute contains the number of octets in IP packets received by the user.
- GSM WLAN Roaming Guidelines
- This document defines Acct-Input-Octets as the volume of the downstream traffic of the user - not very clear in the meaning, but seems to suggest the Client point of view.
- 3GPP TS 29.234
- This document defines Acct-Input-Octets as "the number of octets sent by the WLAN UE over the course of the session. According to IETF RFC 2866"
- IETF Opinions
- In the RFC 2866 clarifications thread
Supported, at least partially:
- RFC 2865 - Remote Authentication Dial In User Service (RADIUS)
- RFC 2866 - RADIUS Accounting
- RFC 2869 - RADIUS Extensions
- RFC 3576 - Dynamic Authorization Extensions to RADIUS
Others of interest:
- RFC 3162 - RADIUS and IPv6
- RFC 3580 - IEEE 802.1X RADIUS Usage Guidelines
- RFC 4372 - Chargeable User Identity
- RFC 4675 - RADIUS Attributes for Virtual LAN and Priority Support
- RFC 4849 - RADIUS Filter Rule Attribute