2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 PPP_SUPPORTED_AUTH_METHODS
="chap pap"
24 EXIT_PPPD_ERROR
=${EXIT_ERROR}
25 EXIT_PPPD_ERROR_FATAL
=$
(( ${EXIT_ERROR} + 1 ))
27 # This function monitors the pppd activity.
33 local config_file
="${2}"
34 assert isset config_file
39 while [ $# -gt 0 ]; do
42 holdoff_time
="$(cli_get_val "${1}")"
45 warning
"Unrecognized argument: ${1}"
54 pppd_exec
"${device}" "${config_file}"
59 # pppd terminated gracefully. Propagating...
63 # pppd has a (non-fatal) error, in which case we
64 # restart it instantly, so it will try to re-establish
67 ${EXIT_PPPD_ERROR_FATAL})
68 # pppd has a fatal error. We cannot go on from here
69 # because there is either no chance to establish a connection
70 # without any user interaction, or we will damage the system.
71 log ERROR
"Fatal error. Not going to restart pppd."
75 log ERROR
"Invalid return code: ${ret}"
80 isset holdoff_time ||
continue
82 # When we got here, we need to wait a little bit and restart the
84 log INFO
"Restarting pppd in ${holdoff_time}s"
93 local config_file
="${2}"
94 assert isset config_file
98 cmd
"pppd file ${config_file} $@"
101 # Get the hook of the zone
103 if zone_exists
"${device}"; then
104 hook
="$(zone_get_hook "${zone}")"
107 log DEBUG
"pppd exited with code: ${ret}"
109 # Evaluate return code.
111 case "${ret},${hook}" in
113 # Pppd has detached, or otherwise the connection was successfully
114 # established and terminated at the peer's request.
115 log DEBUG
"pppd exited gracefully"
119 # An immediately fatal error of some kind occurred, such as an
120 # essential system call failing, or running out of virtual memory.
121 log ERROR
"pppd crashed for an unknown reason"
122 return ${EXIT_PPPD_ERROR_FATAL}
125 # An error was detected in processing the options given, such as two
126 # mutually exclusive options being used.
127 log ERROR
"pppd: Configuration error"
128 return ${EXIT_PPPD_ERROR_FATAL}
131 # Pppd is not setuid-root and the invoking user is not root.
132 log ERROR
"pppd: Launched with insufficient privileges"
133 return ${EXIT_PPPD_ERROR_FATAL}
136 # The kernel does not support PPP, for example, the PPP kernel driver is
137 # not included or cannot be loaded.
138 log ERROR
"pppd: Kernel does not support PPP"
139 return ${EXIT_PPPD_ERROR_FATAL}
142 # Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
143 log ERROR
"pppd: Received SIGINT, SIGTERM or SIGHUP signal"
144 return ${EXIT_PPPD_ERROR}
147 # The serial port could not be locked.
148 log ERROR
"pppd: Serial port could not be locked"
149 return ${EXIT_PPPD_ERROR}
152 # The serial port could not be opened.
153 log ERROR
"pppd: Serial port could not be opened"
154 return ${EXIT_PPPD_ERROR}
157 # For PPPoE this tells us that we were not able to contact
158 # the DSLAM (i.e. timeout waiting for PADO packets)
159 log ERROR
"pppd: Unable to contact the DSLAM"
160 return ${EXIT_PPPD_ERROR}
163 # The connect script failed (returned a non-zero exit status).
164 log ERROR
"pppd: Connect script failed"
165 return ${EXIT_PPPD_ERROR_FATAL}
168 # The command specified as the argument to the pty option could not be run.
169 log ERROR
"pppd: Could not run pty command"
170 return ${EXIT_PPPD_ERROR_FATAL}
173 # The PPP negotiation failed, that is, it didn't reach the point where at
174 # least one network protocol (e.g. IP) was running.
175 log ERROR
"pppd: Protocol negotiation failed"
176 return ${EXIT_PPPD_ERROR}
179 # The peer system failed (or refused) to authenticate itself.
180 log ERROR
"pppd: peer system failed (or refused) to authenticate itself"
181 return ${EXIT_PPPD_ERROR}
184 # The link was established successfully and terminated because it was idle.
185 log ERROR
"pppd: Terminated because of idleness"
186 return ${EXIT_PPPD_ERROR}
189 # The link was established successfully and terminated because the connect time
191 log ERROR
"pppd: connect time limit was reached"
192 return ${EXIT_PPPD_ERROR}
195 # Callback was negotiated and an incoming call should arrive shortly.
196 # We should not be using this, so make it fatal that nobody is able to
198 return ${EXIT_PPPD_ERROR_FATAL}
201 # The link was terminated because the peer is not responding to echo requests.
202 log ERROR
"pppd: Peer is not responding to echo requests"
203 return ${EXIT_PPPD_ERROR}
206 # The link was terminated by the modem hanging up.
207 log ERROR
"pppd: Modem hung up"
208 return ${EXIT_PPPD_ERROR}
211 # The PPP negotiation failed because serial loopback was detected.
212 log ERROR
"pppd: Serial loopback detected"
213 return ${EXIT_PPPD_ERROR_FATAL}
216 # The init script failed (returned a non-zero exit status).
217 log ERROR
"pppd: Init script failed"
218 return ${EXIT_PPPD_ERROR_FATAL}
221 # We failed to authenticate ourselves to the peer.
222 log ERROR
"pppd: Authentication failed"
223 return ${EXIT_PPPD_ERROR_FATAL}
226 log ERROR
"pppd: Unhandled exit code: ${ret}"
227 return ${EXIT_PPPD_ERROR_FATAL}
236 # This will block until the connection has been established or
238 service_start
"pppd@${device}.service"
245 service_stop
"pppd@${device}.service"
252 service_status
"pppd@${device}.service"
255 ppp_common_ip_pre_up
() {
259 if ! zone_exists
${zone}; then
260 error
"Zone '${zone}' does not exist."
264 routing_db_from_ppp
${zone} ipv4
269 ppp_common_ipv4_up
() {
273 if ! zone_exists
${zone}; then
274 error
"Zone '${zone}' does not exist."
278 db_set
"${zone}/ipv4/active" 1
280 routing_update
${zone} ipv4
281 routing_default_update
286 ppp_common_ipv4_down
() {
290 if ! zone_exists
${zone}; then
291 error
"Zone '${zone}' does not exist."
295 # Remove the information about this zone from the routing database
296 # and update the routing table.
297 db_delete
"${zone}/ipv4"
299 routing_update
${zone} ipv4
300 routing_default_update
302 # Save accounting information
303 ppp_accounting
${zone}
308 ppp_common_ipv6_up
() {
312 if ! zone_exists
${zone}; then
313 error
"Zone '${zone}' does not exist."
317 # Add information about this zone to the routing database.
318 routing_db_from_ppp
${zone} ipv6
320 db_set
"${zone}/ipv6/active" 1
322 routing_update
${zone} ipv6
323 routing_default_update
328 ppp_common_ipv6_down
() {
332 if ! zone_exists
${zone}; then
333 error
"Zone '${zone}' does not exist."
337 # Remove the information about this zone from the routing database
338 # and update the routing table.
339 db_delete
"${zone}/ipv6"
341 routing_update
${zone} ipv6
342 routing_default_update
344 # Save accounting information
345 ppp_accounting
${zone}
357 # Updateing secret file
359 while read user a secret
; do
360 if [ "'${USER}'" != "${user}" ]; then
361 echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
363 done < ${PPP_SECRETS}
364 echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
365 cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
366 rm -f ${PPP_SECRETS}.tmp
373 db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
374 --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
377 pppd_write_config() {
378 local file=${1}; shift
384 local default_asyncmap="true"
387 local lcp_echo_failure=3
388 local lcp_echo_interval=20
392 local plugin plugin_options
399 while [ $# -gt 0 ]; do
402 auth=$(cli_get_val "${1}")
405 baudrate=$(cli_get_val "${1}")
406 assert isoneof baudrate ${SERIAL_BAUDRATES}
409 connect_cmd=$(cli_get_val "${1}")
411 # Enable or disable the use of the default asyncmap.
412 --default-asyncmap=*)
413 value=$(cli_get_val "${1}")
414 if enabled value; then
415 default_asyncmap="true"
417 default_asyncmap="false"
420 # The name of the created ppp interface.
422 interface=$(cli_get_val "${1}")
426 ipv6="$(cli_get_val "${1}")"
429 --lcr-echo-failure=*)
430 lcr_echo_failure=$(cli_get_val "${1}")
432 if ! isinteger ${lcr_echo_failure}; then
433 error "--lcr-echo-failure= requires a number"
438 --lcr-echo-interval=*)
439 lcr_echo_interval=$(cli_get_val "${1}")
441 if ! isinteger ${lcr_echo_failure}; then
442 error "--lcr-echo-interval= requires a number"
446 # Maximum Transmission Unit
448 mtu=$(cli_get_val "${1}")
450 # Maximum Receive Unit
452 mru=$(cli_get_val "${1}")
455 password=$(cli_get_val "${1}")
458 plugin=$(cli_get_val "${1}")
461 plugin_options=$(cli_get_val "${1}")
464 pty=$(cli_get_val "${1}")
466 # Refused authentication methods
468 list_append refuses "$(cli_get_val "${1}")"
469 error_log "REFUSES $refuses $1"
471 # Sets if the modem is a serial device.
473 serial=$(cli_get_val "${1}")
476 serial_device=$(cli_get_val "${1}")
479 username=$(cli_get_val "${1}")
482 log WARNING "Unhandled argument: ${1}"
488 if [ -z "${interface}" ]; then
489 log ERROR "You need to set the interface name: ${interface}"
492 linkname="${interface}"
495 if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
496 log ERROR "Unsupported auth method: ${auth}"
501 if enabled serial; then
502 assert isset serial_device
503 assert [ -c "${serial_device}" ]
506 # Set the user credentials.
507 ppp_secret "${username}" "${password}"
509 # Write the configuration header.
510 mkdir -p $(dirname ${file}) 2>/dev/null
511 config_header "PPP daemon configuration file" > ${file}
513 # At first, set the name of the link.
514 print "linkname ${linkname}\n" >> ${file}
516 # Configure the interface/zone name.
518 print "# Interface name"
519 print "ifname ${interface}"
524 if isset plugin; then
526 print "# Plugin settings"
527 print "plugin ${plugin} ${plugin_options}"
535 print "# pty settings"
536 print "pty \"${pty}\""
541 # User authentication
542 if isset username; then
544 print "# User authentication"
545 print "user ${username}"
549 print "require-${auth}"
552 # Refused authentication methods
553 for refuse in ${refuses}; do
554 print "refuse-${refuse}"
568 if enabled ipv6; then
570 print "# IPv6 support"
578 isset mru || mru=${mtu}
581 print "# MTU/MRU settings"
588 if enabled serial; then
590 print "# Serial modem settings"
591 print "${serial_device} ${baudrate}"
599 if isset connect_cmd; then
601 print "# Connect command"
602 print "connect \"${connect_cmd}\""
609 if enabled default_asyncmap; then
611 print "# Use the default asyncmap."
612 print "default-asyncmap"
619 print "# LCP settings"
620 print "lcp-echo-failure ${lcp_echo_failure}"
621 print "lcp-echo-interval ${lcp_echo_interval}"
625 # Add the default settings.
627 print "# Disable the compression"
628 print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"
630 print "noipdefault nodetach debug"