#
#  PRE: if
#

update reply {
	Filter-Id := "filter"
}

if ("%{Client-Shortname}" != '<UNKNOWN-CLIENT>') {
	update reply {
		Filter-Id += "fail 0"
	}
}

if ("%{Request-Processing-Stage}" != 'authorize') {
	update reply {
		Filter-Id += "fail 1"
	}
}

if ("%{Virtual-Server}" != 'default') {
	update reply {
		Filter-Id += "fail 2"
	}
}

if ("%{Module-Return-Code}" != '') {
	update reply {
		Filter-Id += "fail 3a"
	}
}

ok
if ("%{Module-Return-Code}" != 'ok') {
	update reply {
		Filter-Id += "fail 3b"
	}
}

if ("%{Packet-Type}" != 'Access-Request') {
	update reply {
		Filter-Id += "fail 4"
	}
}

# Response hasn't been set yet
if ("%{Response-Packet-Type}" != '') {
	update reply {
		Filter-Id += "fail 5"
	}
}

if ("%{Packet-Authentication-Vector}" != '0x00000000000000000000000000000000') {
	update reply {
		Filter-Id += "fail 6"
	}
}

if ("%{Client-IP-Address}" != 127.0.0.1) {
	update reply {
		Filter-Id += "fail 7a"
	}
}

if ("%{Packet-Src-IP-Address}" != 127.0.0.1) {
	update reply {
		Filter-Id += "fail 7b"
	}
}

if ("%{Packet-Dst-IP-Address}" != 127.0.0.1) {
	update reply {
		Filter-Id += "fail 8"
	}
}

# Can't have both...
if ("%{Packet-Src-IPv6-Address}" != '') {
	update reply {
		Filter-Id += "fail 9"
	}
}

if ("%{Packet-Dst-IPv6-Address}" != '') {
	update reply {
		Filter-Id += "fail 10"
	}
}

if ("%{Packet-Src-Port}" != '18120') {
	update reply {
		Filter-Id += "fail 11"
	}
}

if ("%{Packet-Dst-Port}" != '1812') {
	update reply {
		Filter-Id += "fail 12"
	}
}


# We should allow the user to overload virtual attributes
update request {
	Client-Shortname := 'my_test_client'
}

if ("%{Client-Shortname}" != 'my_test_client') {
	update reply {
		Filter-Id += "fail 13"
	}
}

# Operations on virtual attributes should be the same as on real ones
if ("%{Virtual-Server[0]}" != 'default') {
	update reply {
		Filter-Id += "fail 14"
	}
}

if ("%{Virtual-Server[*]}" != 'default') {
	update reply {
		Filter-Id += "fail 15"
	}
}

if ("%{Virtual-Server[#]}" != 1) {
	update reply {
		Filter-Id += "fail 16"
	}
}
