[network.git] / functions.ppp

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

PPP_SUPPORTED_AUTH_METHODS="chap pap"

function pppd_start() {
	local interface=${1}
	assert isset interface

	# This will block until the connection has been established or
	# pppd exited.
	service_start "pppd@${interface}"

	# Get the exit code of the ppp daemon and figure out
	# how to handle this.
	local ret=$(service_get_exitcode "pppd@${interface}")
	case "${ret}" in
		0)
			return ${EXIT_OK}
			;;
		1)
			error "pppd crashed for an unknown reason"
			;;
		2)
			error "pppd: Configuration error"
			;;
		5)
			error "pppd terminated"
			;;
		16)
			error "pppd: Link terminated by modem"
			;;
		19)
			error "pppd: Authentication failed"
			;;
		*)
			error "pppd: Unhandled exit code: ${ret}"
			;;
	esac

	return ${ret}
}

function pppd_stop() {
	local interface=${1}
	assert isset interface

	service_stop "pppd@${interface}"
}

function pppd_status() {
	local interface=${1}
	assert isset interface

	service_status "pppd@${interface}"
}

function ppp_common_ip_pre_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	routing_db_from_ppp ${zone} ipv4

	# Request firewall reload
	event_emit firewall-reload

	return ${EXIT_OK}
}

function ppp_common_ip_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	routing_db_set ${zone} ipv4 active 1
	routing_update ${zone} ipv4
	routing_default_update

	# Emit interface-up event
	event_interface_up ${zone}

	return ${EXIT_OK}
}

function ppp_common_ip_down() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Remove the information about this zone from the routing database
	# and update the routing table.
	routing_db_remove ${zone} ipv4
	routing_update ${zone} ipv4
	routing_default_update

	# Save accounting information
	ppp_accounting ${zone}

	# Emit interface-up event
	event_interface_down ${zone}

	return ${EXIT_OK}
}

function ppp_common_ipv6_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Add information about this zone to the routing database.
	routing_db_from_ppp ${zone} ipv6

	routing_db_set ${zone} ipv6 active 1
	routing_update ${zone} ipv6
	routing_default_update

	# Emit interface-up event
	event_interface_up ${zone}

	return ${EXIT_OK}
}

function ppp_common_ipv6_down() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Remove the information about this zone from the routing database
	# and update the routing table.
	routing_db_remove ${zone} ipv6
	routing_update ${zone} ipv6
	routing_default_update

	# Save accounting information
	ppp_accounting ${zone}

	# Emit interface-up event
	event_interface_down ${zone}

	return ${EXIT_OK}
}

function ppp_secret() {
	local USER=${1}
	local SECRET=${2}
	local a
	local secret
	local user

	# Updateing secret file
	> ${PPP_SECRETS}.tmp
	while read user a secret; do
		if [ "'${USER}'" != "${user}" ]; then
			echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
		fi
	done < ${PPP_SECRETS}
	echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
	cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
	rm -f ${PPP_SECRETS}.tmp
}

function ppp_accounting() {
	local zone=${1}
	shift

	db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
		--rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
}

function pppd_exec() {
	log DEBUG "Running pppd with parameters '$@'."

	pppd $@ > /dev/null
}

function pppd_write_config() {
	local file=${1}; shift
	assert isset file

	local auth
	local baudrate
	local connect_cmd
	local default_asyncmap="true"
	local interface
	local lcp_echo_failure=3
	local lcp_echo_interval=20
	local linkname
	local mtu mru
	local password
	local plugin plugin_options
	local serial="false"
	local username
	local value

	while [ $# -gt 0 ]; do
		case "${1}" in
			--auth=*)
				auth=$(cli_get_val ${1})
				;;
			--baudrate=*)
				baudrate=$(cli_get_val ${1})
				assert isoneof baudrate ${SERIAL_BAUDRATES}
				;;
			--connect-command=*)
				connect_cmd=$(cli_get_val ${1})
				;;
			# Enable or disable the use of the default asyncmap.
			--default-asyncmap=*)
				value=$(cli_get_val ${1})
				if enabled value; then
					default_asyncmap="true"
				else
					default_asyncmap="false"
				fi
				;;
			# The name of the created ppp interface.
			--interface=*)
				interface=$(cli_get_val ${1})
				;;
			# LCP echo failure.
			--lcr-echo-failure=*)
				lcr_echo_failure=$(cli_get_val ${1})

				if ! isinteger ${lcr_echo_failure}; then
					error "--lcr-echo-failure= requires a number"
					return ${EXIT_ERROR}
				fi
				;;
			# LCP echo interval.
			--lcr-echo-interval=*)
				lcr_echo_interval=$(cli_get_val ${1})

				if ! isinteger ${lcr_echo_failure}; then
					error "--lcr-echo-interval= requires a number"
					return ${EXIT_ERROR}
				fi
				;;
			# Maximum Transmission Unit
			--mtu=*)
				mtu=$(cli_get_val ${1})
				;;
			# Maximum Receive Unit
			--mru=*)
				mru=$(cli_get_val ${1})
				;;
			--password=*)
				password=$(cli_get_val ${1})
				;;
			--plugin=*)
				plugin=$(cli_get_val ${1})
				;;
			--plugin-options=*)
				plugin_options=$(cli_get_val ${1})
				;;
			# Sets if the modem is a serial device.
			--serial=*)
				serial=$(cli_get_val ${1})
				;;
			--serial-device=*)
				serial_device=$(cli_get_val ${1})
				;;
			--username=*)
				username=$(cli_get_val ${1})
				;;
			*)
				log WARNING "Unhandled argument: ${1}"
				;;
		esac
		shift
	done

	if [ -z "${interface}" ]; then
		log ERROR "You need to set the interface name: ${interface}"
		return ${EXIT_ERROR}
	fi
	linkname="${interface}"

	if isset auth; then
		if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
			log ERROR "Unsupported auth method: ${auth}"
			return ${EXIT_ERROR}
		fi
	fi

	if enabled serial; then
		assert isset serial_device
		assert [ -c "${serial_device}" ]
	fi

	# Set the user credentials.
	ppp_secret "${username}" "${password}"

	# Write the configuration header.
	mkdir -p $(dirname ${file}) 2>/dev/null
	config_header "PPP daemon configuration file" > ${file}

	# At first, set the name of the link.
	print "linkname ${linkname}\n" >> ${file}

	# Configure the interface/zone name.
	(
		print "# Interface name"
		print "ifname ${interface}"
		print
	) >> ${file}

	# Plugin settings
	if isset plugin; then
		(
			print "# Plugin settings"
			print "plugin ${plugin} ${plugin_options}"
			print
		) >> ${file}
	fi

	# User authentication
	if isset username; then
		(
			print "# User authentication"
			print "user ${username}"

			print "noauth"
			if isset auth; then
				print "require-${auth}"
			fi
			print
		) >> ${file}
	fi

	# MTU/MRU settings
	if isset mtu; then
		isset mru || mru=${mtu}

		(
			print "# MTU/MRU settings"
			print "mtu ${mtu}"
			print "mru ${mru}"
			print
		) >> ${file}
	fi

	if enabled serial; then
		(
			print "# Serial modem settings"
			print "${serial_device} ${baudrate}"
			print "crtscts"
			print "lock"
			print "modem"
			print
		) >> ${file}

		# Connect command
		if isset connect_cmd; then
			(
				print "# Connect command"
				print "connect \"${connect_cmd}\""
				print
			) >> ${file}
		fi
	fi

	# Default asyncmap.
	if enabled default_asyncmap; then
		(
			print "# Use the default asyncmap."
			print "default-asyncmap"
			print
		) >> ${file}
	fi

	# LCP settings.
	(
		print "# LCP settings"
		print "lcp-echo-failure ${lcp_echo_failure}"
		print "lcp-echo-interval ${lcp_echo_interval}"
		print
	) >> ${file}

	# Add the default settings.
	(
		print "# Disable the compression"
		print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"

		print "noipdefault updetach debug"
	) >> ${file}

	return ${EXIT_OK}
}
Commit	Line	Data
5b20e43a MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
1848564d	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
5b20e43a MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
97cb552e MT	22	PPP_SUPPORTED_AUTH_METHODS="chap pap"
	23
	24	function pppd_start() {
	25	local interface=${1}
	26	assert isset interface
	27
81d0c0b9 MT	28	# This will block until the connection has been established or
81d0c0b9 MT	29	# pppd exited.
97cb552e	30	service_start "pppd@${interface}"
81d0c0b9 MT	31
	32	# Get the exit code of the ppp daemon and figure out
	33	# how to handle this.
	34	local ret=$(service_get_exitcode "pppd@${interface}")
	35	case "${ret}" in
	36	0)
	37	return ${EXIT_OK}
	38	;;
	39	1)
	40	error "pppd crashed for an unknown reason"
	41	;;
	42	2)
	43	error "pppd: Configuration error"
	44	;;
45d5539c	45	5)
81d0c0b9 MT	46	error "pppd terminated"
81d0c0b9 MT	47	;;
6c74a64c MT	48	16)
	49	error "pppd: Link terminated by modem"
	50	;;
81d0c0b9 MT	51	19)
	52	error "pppd: Authentication failed"
	53	;;
	54	*)
	55	error "pppd: Unhandled exit code: ${ret}"
	56	;;
	57	esac
	58
	59	return ${ret}
97cb552e MT	60	}
	61
	62	function pppd_stop() {
	63	local interface=${1}
	64	assert isset interface
	65
	66	service_stop "pppd@${interface}"
	67	}
	68
	69	function pppd_status() {
	70	local interface=${1}
	71	assert isset interface
	72
	73	service_status "pppd@${interface}"
	74	}
	75
c7ad7801 MT	76	function ppp_common_ip_pre_up() {
	77	local zone=${1}
	78	shift
	79
	80	if ! zone_exists ${zone}; then
	81	error "Zone '${zone}' does not exist."
	82	return ${EXIT_ERROR}
	83	fi
	84
2c973348	85	routing_db_from_ppp ${zone} ipv4
ff8ec5ef	86
c7ad7801	87	# Request firewall reload
98146c00	88	event_emit firewall-reload
c7ad7801 MT	89
	90	return ${EXIT_OK}
	91	}
	92
	93	function ppp_common_ip_up() {
	94	local zone=${1}
	95	shift
	96
	97	if ! zone_exists ${zone}; then
	98	error "Zone '${zone}' does not exist."
	99	return ${EXIT_ERROR}
	100	fi
	101
2c973348 MT	102	routing_db_set ${zone} ipv4 active 1
2c973348 MT	103	routing_update ${zone} ipv4
f5a771cf	104	routing_default_update
ff8ec5ef	105
c7ad7801 MT	106	# Emit interface-up event
	107	event_interface_up ${zone}
	108
	109	return ${EXIT_OK}
	110	}
	111
	112	function ppp_common_ip_down() {
	113	local zone=${1}
	114	shift
	115
	116	if ! zone_exists ${zone}; then
	117	error "Zone '${zone}' does not exist."
	118	return ${EXIT_ERROR}
	119	fi
	120
201b7dff MT	121	# Remove the information about this zone from the routing database
	122	# and update the routing table.
	123	routing_db_remove ${zone} ipv4
	124	routing_update ${zone} ipv4
f5a771cf	125	routing_default_update
201b7dff MT	126
	127	# Save accounting information
	128	ppp_accounting ${zone}
	129
	130	# Emit interface-up event
	131	event_interface_down ${zone}
	132
	133	return ${EXIT_OK}
	134	}
	135
	136	function ppp_common_ipv6_up() {
	137	local zone=${1}
	138	shift
	139
	140	if ! zone_exists ${zone}; then
	141	error "Zone '${zone}' does not exist."
	142	return ${EXIT_ERROR}
	143	fi
	144
	145	# Add information about this zone to the routing database.
	146	routing_db_from_ppp ${zone} ipv6
	147
	148	routing_db_set ${zone} ipv6 active 1
	149	routing_update ${zone} ipv6
f5a771cf	150	routing_default_update
201b7dff MT	151
	152	# Emit interface-up event
	153	event_interface_up ${zone}
	154
	155	return ${EXIT_OK}
	156	}
	157
	158	function ppp_common_ipv6_down() {
	159	local zone=${1}
	160	shift
	161
	162	if ! zone_exists ${zone}; then
	163	error "Zone '${zone}' does not exist."
	164	return ${EXIT_ERROR}
	165	fi
	166
	167	# Remove the information about this zone from the routing database
	168	# and update the routing table.
	169	routing_db_remove ${zone} ipv6
	170	routing_update ${zone} ipv6
f5a771cf	171	routing_default_update
201b7dff	172
059469a8 MT	173	# Save accounting information
	174	ppp_accounting ${zone}
	175
c7ad7801 MT	176	# Emit interface-up event
	177	event_interface_down ${zone}
	178
	179	return ${EXIT_OK}
	180	}
	181
5b20e43a MT	182	function ppp_secret() {
	183	local USER=${1}
	184	local SECRET=${2}
	185	local a
	186	local secret
	187	local user
	188
	189	# Updateing secret file
	190	> ${PPP_SECRETS}.tmp
	191	while read user a secret; do
	192	if [ "'${USER}'" != "${user}" ]; then
	193	echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
	194	fi
	195	done < ${PPP_SECRETS}
	196	echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
	197	cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
	198	rm -f ${PPP_SECRETS}.tmp
	199	}
	200
059469a8 MT	201	function ppp_accounting() {
	202	local zone=${1}
	203	shift
5b20e43a	204
059469a8 MT	205	db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
059469a8 MT	206	--rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
5b20e43a	207	}
711ffac1 MT	208
711ffac1 MT	209	function pppd_exec() {
711ffac1 MT	210	log DEBUG "Running pppd with parameters '$@'."
	211
	212	pppd $@ > /dev/null
	213	}
97cb552e MT	214
	215	function pppd_write_config() {
	216	local file=${1}; shift
	217	assert isset file
	218
	219	local auth
6c74a64c MT	220	local baudrate
6c74a64c MT	221	local connect_cmd
45d5539c	222	local default_asyncmap="true"
97cb552e	223	local interface
45d5539c MT	224	local lcp_echo_failure=3
45d5539c MT	225	local lcp_echo_interval=20
97cb552e MT	226	local linkname
97cb552e MT	227	local mtu mru
6c74a64c	228	local password
97cb552e	229	local plugin plugin_options
6c74a64c MT	230	local serial="false"
6c74a64c MT	231	local username
45d5539c	232	local value
97cb552e MT	233
	234	while [ $# -gt 0 ]; do
	235	case "${1}" in
	236	--auth=*)
	237	auth=$(cli_get_val ${1})
	238	;;
6c74a64c MT	239	--baudrate=*)
	240	baudrate=$(cli_get_val ${1})
	241	assert isoneof baudrate ${SERIAL_BAUDRATES}
	242	;;
	243	--connect-command=*)
	244	connect_cmd=$(cli_get_val ${1})
	245	;;
45d5539c MT	246	# Enable or disable the use of the default asyncmap.
	247	--default-asyncmap=*)
	248	value=$(cli_get_val ${1})
	249	if enabled value; then
	250	default_asyncmap="true"
	251	else
	252	default_asyncmap="false"
	253	fi
	254	;;
97cb552e MT	255	# The name of the created ppp interface.
	256	--interface=*)
	257	interface=$(cli_get_val ${1})
	258	;;
45d5539c MT	259	# LCP echo failure.
	260	--lcr-echo-failure=*)
	261	lcr_echo_failure=$(cli_get_val ${1})
	262
	263	if ! isinteger ${lcr_echo_failure}; then
	264	error "--lcr-echo-failure= requires a number"
	265	return ${EXIT_ERROR}
	266	fi
	267	;;
	268	# LCP echo interval.
	269	--lcr-echo-interval=*)
	270	lcr_echo_interval=$(cli_get_val ${1})
	271
	272	if ! isinteger ${lcr_echo_failure}; then
	273	error "--lcr-echo-interval= requires a number"
	274	return ${EXIT_ERROR}
	275	fi
	276	;;
97cb552e MT	277	# Maximum Transmission Unit
	278	--mtu=*)
	279	mtu=$(cli_get_val ${1})
	280	;;
	281	# Maximum Receive Unit
	282	--mru=*)
	283	mru=$(cli_get_val ${1})
	284	;;
6c74a64c MT	285	--password=*)
	286	password=$(cli_get_val ${1})
	287	;;
97cb552e MT	288	--plugin=*)
	289	plugin=$(cli_get_val ${1})
	290	;;
	291	--plugin-options=*)
	292	plugin_options=$(cli_get_val ${1})
	293	;;
6c74a64c MT	294	# Sets if the modem is a serial device.
	295	--serial=*)
	296	serial=$(cli_get_val ${1})
	297	;;
	298	--serial-device=*)
	299	serial_device=$(cli_get_val ${1})
	300	;;
	301	--username=*)
	302	username=$(cli_get_val ${1})
97cb552e MT	303	;;
	304	*)
	305	log WARNING "Unhandled argument: ${1}"
	306	;;
	307	esac
	308	shift
	309	done
	310
	311	if [ -z "${interface}" ]; then
	312	log ERROR "You need to set the interface name: ${interface}"
	313	return ${EXIT_ERROR}
	314	fi
45d5539c	315	linkname="${interface}"
97cb552e MT	316
	317	if isset auth; then
	318	if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
	319	log ERROR "Unsupported auth method: ${auth}"
	320	return ${EXIT_ERROR}
	321	fi
	322	fi
	323
6c74a64c MT	324	if enabled serial; then
	325	assert isset serial_device
	326	assert [ -c "${serial_device}" ]
	327	fi
	328
	329	# Set the user credentials.
	330	ppp_secret "${username}" "${password}"
	331
97cb552e MT	332	# Write the configuration header.
	333	mkdir -p $(dirname ${file}) 2>/dev/null
	334	config_header "PPP daemon configuration file" > ${file}
	335
	336	# At first, set the name of the link.
45d5539c	337	print "linkname ${linkname}\n" >> ${file}
97cb552e	338
6c74a64c MT	339	# Configure the interface/zone name.
	340	(
	341	print "# Interface name"
	342	print "ifname ${interface}"
	343	print
	344	) >> ${file}
97cb552e MT	345
	346	# Plugin settings
	347	if isset plugin; then
	348	(
	349	print "# Plugin settings"
	350	print "plugin ${plugin} ${plugin_options}"
	351	print
	352	) >> ${file}
	353	fi
	354
	355	# User authentication
6c74a64c	356	if isset username; then
97cb552e MT	357	(
97cb552e MT	358	print "# User authentication"
6c74a64c	359	print "user ${username}"
97cb552e MT	360
	361	print "noauth"
	362	if isset auth; then
	363	print "require-${auth}"
	364	fi
	365	print
	366	) >> ${file}
	367	fi
	368
	369	# MTU/MRU settings
	370	if isset mtu; then
	371	isset mru \|\| mru=${mtu}
	372
	373	(
	374	print "# MTU/MRU settings"
	375	print "mtu ${mtu}"
	376	print "mru ${mru}"
	377	print
	378	) >> ${file}
	379	fi
	380
6c74a64c MT	381	if enabled serial; then
	382	(
	383	print "# Serial modem settings"
	384	print "${serial_device} ${baudrate}"
	385	print "crtscts"
	386	print "lock"
	387	print "modem"
	388	print
	389	) >> ${file}
	390
	391	# Connect command
	392	if isset connect_cmd; then
	393	(
	394	print "# Connect command"
	395	print "connect \"${connect_cmd}\""
	396	print
	397	) >> ${file}
	398	fi
	399	fi
	400
45d5539c MT	401	# Default asyncmap.
	402	if enabled default_asyncmap; then
	403	(
	404	print "# Use the default asyncmap."
	405	print "default-asyncmap"
	406	print
	407	) >> ${file}
	408	fi
	409
	410	# LCP settings.
	411	(
	412	print "# LCP settings"
	413	print "lcp-echo-failure ${lcp_echo_failure}"
	414	print "lcp-echo-interval ${lcp_echo_interval}"
	415	print
	416	) >> ${file}
	417
97cb552e MT	418	# Add the default settings.
	419	(
	420	print "# Disable the compression"
	421	print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"
	422
81d0c0b9	423	print "noipdefault updetach debug"
97cb552e MT	424	) >> ${file}
	425
	426	return ${EXIT_OK}
	427	}