[people/ms/network.git] / src / functions / functions.ppp

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

PPP_SUPPORTED_AUTH_METHODS="chap pap"

EXIT_PPPD_ERROR=${EXIT_ERROR}
EXIT_PPPD_ERROR_FATAL=$(( ${EXIT_ERROR} + 1 ))

# This function monitors the pppd activity.

pppd_angel() {
	local device="${1}"
	assert isset device

	local config_file="${2}"
	assert isset config_file
	shift 2

	local holdoff_time

	while [ $# -gt 0 ]; do
		case "${1}" in
			--holdoff-time=*)
				holdoff_time="$(cli_get_val "${1}")"
				;;
			*)
				warning "Unrecognized argument: ${1}"
				return ${EXIT_ERROR}
				;;
		esac
		shift
	done

	while :; do
		# Execute ppp daemon.
		pppd_exec "${device}" "${config_file}"
		local ret=${?}

		case "${ret}" in
			${EXIT_OK})
				# pppd terminated gracefully. Propagating...
				return ${EXIT_OK}
				;;
			${EXIT_PPPD_ERROR})
				# pppd has a (non-fatal) error, in which case we
				# restart it instantly, so it will try to re-establish
				# the connection.
				;;
			${EXIT_PPPD_ERROR_FATAL})
				# pppd has a fatal error. We cannot go on from here
				# because there is either no chance to establish a connection
				# without any user interaction, or we will damage the system.
				log ERROR "Fatal error. Not going to restart pppd."
				return ${EXIT_ERROR}
				;;
			*)
				log ERROR "Invalid return code: ${ret}"
				return ${EXIT_ERROR}
				;;
		esac

		isset holdoff_time || continue

		# When we got here, we need to wait a little bit and restart the
		# ppp daemon soon.
		log INFO "Restarting pppd in ${holdoff_time}s"
		sleep ${holdoff_time}
	done
}

pppd_exec() {
	local device="${1}"
	assert isset device

	local config_file="${2}"
	assert isset config_file
	shift 2

	# Execute pppd.
	cmd "pppd file ${config_file} $@"
	local ret=$?

	# Get the hook of the zone
	local hook
	if zone_exists "${device}"; then
		hook="$(zone_get_hook "${zone}")"
	fi

	log DEBUG "pppd exited with code: ${ret}"

	# Evaluate return code.
	local error_code
	case "${ret},${hook}" in
		0,*)
			# Pppd has detached, or otherwise the connection was successfully
			# established and terminated at the peer's request.
			log DEBUG "pppd exited gracefully"
			return ${EXIT_OK}
			;;
		1,*)
			# An immediately fatal error of some kind occurred, such as an
			# essential system call failing, or running out of virtual memory.
			log ERROR "pppd crashed for an unknown reason"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		2,*)
			# An error was detected in processing the options given, such as two
			# mutually exclusive options being used.
			log ERROR "pppd: Configuration error"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		3,*)
			# Pppd is not setuid-root and the invoking user is not root.
			log ERROR "pppd: Launched with insufficient privileges"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		4,*)
			# The kernel does not support PPP, for example, the PPP kernel driver is
			# not included or cannot be loaded.
			log ERROR "pppd: Kernel does not support PPP"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		5,*)
			# Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
			log ERROR "pppd: Received SIGINT, SIGTERM or SIGHUP signal"
			return ${EXIT_PPPD_ERROR}
			;;
		6,*)
			# The serial port could not be locked.
			log ERROR "pppd: Serial port could not be locked"
			return ${EXIT_PPPD_ERROR}
			;;
		7,*)
			# The serial port could not be opened.
			log ERROR "pppd: Serial port could not be opened"
			return ${EXIT_PPPD_ERROR}
			;;
		8,pppoe)
			# For PPPoE this tells us that we were not able to contact
			# the DSLAM (i.e. timeout waiting for PADO packets)
			log ERROR "pppd: Unable to contact the DSLAM"
			return ${EXIT_PPPD_ERROR}
			;;
		8,*)
			# The connect script failed (returned a non-zero exit status).
			log ERROR "pppd: Connect script failed"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		9,*)
			# The command specified as the argument to the pty option could not be run.
			log ERROR "pppd: Could not run pty command"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		10,*)
			# The PPP negotiation failed, that is, it didn't reach the point where at
			# least one network protocol (e.g. IP) was running.
			log ERROR "pppd: Protocol negotiation failed"
			return ${EXIT_PPPD_ERROR}
			;;
		11,*)
			# The peer system failed (or refused) to authenticate itself.
			log ERROR "pppd: peer system failed (or refused) to authenticate itself"
			return ${EXIT_PPPD_ERROR}
			;;
		12,*)
			# The link was established successfully and terminated because it was idle.
			log ERROR "pppd: Terminated because of idleness"
			return ${EXIT_PPPD_ERROR}
			;;
		13,*)
			# The link was established successfully and terminated because the connect time
			# limit was reached.
			log ERROR "pppd: connect time limit was reached"
			return ${EXIT_PPPD_ERROR}
			;;
		14,*)
			# Callback was negotiated and an incoming call should arrive shortly.
			# We should not be using this, so make it fatal that nobody is able to
			# abuse the feature.
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		15,*)
			# The link was terminated because the peer is not responding to echo requests.
			log ERROR "pppd: Peer is not responding to echo requests"
			return ${EXIT_PPPD_ERROR}
			;;
		16,*)
			# The link was terminated by the modem hanging up.
			log ERROR "pppd: Modem hung up"
			return ${EXIT_PPPD_ERROR}
			;;
		17,*)
			# The PPP negotiation failed because serial loopback was detected.
			log ERROR "pppd: Serial loopback detected"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		18,*)
			# The init script failed (returned a non-zero exit status).
			log ERROR "pppd: Init script failed"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		19,*)
			# We failed to authenticate ourselves to the peer.
			log ERROR "pppd: Authentication failed"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
		*)
			log ERROR "pppd: Unhandled exit code: ${ret}"
			return ${EXIT_PPPD_ERROR_FATAL}
			;;
	esac
}

pppd_start() {
	local device="${1}"
	assert isset device

	# This will block until the connection has been established or
	# pppd exited.
	service_start "pppd@${device}.service"
}

pppd_stop() {
	local device="${1}"
	assert isset device

	service_stop "pppd@${device}.service"
}

pppd_status() {
	local device="${1}"
	assert isset device

	service_status "pppd@${device}.service"
}

ppp_common_ip_pre_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	routing_db_from_ppp ${zone} ipv4

	return ${EXIT_OK}
}

ppp_common_ipv4_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	db_set "${zone}/ipv4/active" 1

	routing_update ${zone} ipv4
	routing_default_update

	return ${EXIT_OK}
}

ppp_common_ipv4_down() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Remove the information about this zone from the routing database
	# and update the routing table.
	db_delete "${zone}/ipv4"

	routing_update ${zone} ipv4
	routing_default_update

	# Save accounting information
	ppp_accounting ${zone}

	return ${EXIT_OK}
}

ppp_common_ipv6_up() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Add information about this zone to the routing database.
	routing_db_from_ppp ${zone} ipv6

	db_set "${zone}/ipv6/active" 1

	routing_update ${zone} ipv6
	routing_default_update

	return ${EXIT_OK}
}

ppp_common_ipv6_down() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		error "Zone '${zone}' does not exist."
		return ${EXIT_ERROR}
	fi

	# Remove the information about this zone from the routing database
	# and update the routing table.
	db_delete "${zone}/ipv6"

	routing_update ${zone} ipv6
	routing_default_update

	# Save accounting information
	ppp_accounting ${zone}

	return ${EXIT_OK}
}

ppp_secret() {
	local USER=${1}
	local SECRET=${2}
	local a
	local secret
	local user

	# Updateing secret file
	> ${PPP_SECRETS}.tmp
	while read user a secret; do
		if [ "'${USER}'" != "${user}" ]; then
			echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
		fi
	done < ${PPP_SECRETS}
	echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
	cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
	rm -f ${PPP_SECRETS}.tmp
}

ppp_accounting() {
	local zone=${1}
	shift

	db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
		--rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
}

pppd_write_config() {
	local file=${1}; shift
	assert isset file

	local auth
	local baudrate
	local connect_cmd
	local default_asyncmap="true"
	local interface
	local ipv6="true"
	local lcp_echo_failure=3
	local lcp_echo_interval=20
	local linkname
	local mtu mru
	local password
	local plugin plugin_options
	local pty
	local refuses
	local serial="false"
	local username
	local value

	while [ $# -gt 0 ]; do
		case "${1}" in
			--auth=*)
				auth=$(cli_get_val "${1}")
				;;
			--baudrate=*)
				baudrate=$(cli_get_val "${1}")
				assert isoneof baudrate ${SERIAL_BAUDRATES}
				;;
			--connect-command=*)
				connect_cmd=$(cli_get_val "${1}")
				;;
			# Enable or disable the use of the default asyncmap.
			--default-asyncmap=*)
				value=$(cli_get_val "${1}")
				if enabled value; then
					default_asyncmap="true"
				else
					default_asyncmap="false"
				fi
				;;
			# The name of the created ppp interface.
			--interface=*)
				interface=$(cli_get_val "${1}")
				;;
			# IPv6
			--ipv6=*)
				ipv6="$(cli_get_val "${1}")"
				;;
			# LCP echo failure.
			--lcr-echo-failure=*)
				lcr_echo_failure=$(cli_get_val "${1}")

				if ! isinteger ${lcr_echo_failure}; then
					error "--lcr-echo-failure= requires a number"
					return ${EXIT_ERROR}
				fi
				;;
			# LCP echo interval.
			--lcr-echo-interval=*)
				lcr_echo_interval=$(cli_get_val "${1}")

				if ! isinteger ${lcr_echo_failure}; then
					error "--lcr-echo-interval= requires a number"
					return ${EXIT_ERROR}
				fi
				;;
			# Maximum Transmission Unit
			--mtu=*)
				mtu=$(cli_get_val "${1}")
				;;
			# Maximum Receive Unit
			--mru=*)
				mru=$(cli_get_val "${1}")
				;;
			--password=*)
				password=$(cli_get_val "${1}")
				;;
			--plugin=*)
				plugin=$(cli_get_val "${1}")
				;;
			--plugin-options=*)
				plugin_options=$(cli_get_val "${1}")
				;;
			--pty=*)
				pty=$(cli_get_val "${1}")
				;;
			# Refused authentication methods
			--refuse=*)
				list_append refuses "$(cli_get_val "${1}")"
				error_log "REFUSES $refuses $1"
				;;
			# Sets if the modem is a serial device.
			--serial=*)
				serial=$(cli_get_val "${1}")
				;;
			--serial-device=*)
				serial_device=$(cli_get_val "${1}")
				;;
			--username=*)
				username=$(cli_get_val "${1}")
				;;
			*)
				log WARNING "Unhandled argument: ${1}"
				;;
		esac
		shift
	done

	if [ -z "${interface}" ]; then
		log ERROR "You need to set the interface name: ${interface}"
		return ${EXIT_ERROR}
	fi
	linkname="${interface}"

	if isset auth; then
		if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
			log ERROR "Unsupported auth method: ${auth}"
			return ${EXIT_ERROR}
		fi
	fi

	if enabled serial; then
		assert isset serial_device
		assert [ -c "${serial_device}" ]
	fi

	# Set the user credentials.
	ppp_secret "${username}" "${password}"

	# Write the configuration header.
	mkdir -p $(dirname ${file}) 2>/dev/null
	config_header "PPP daemon configuration file" > ${file}

	# At first, set the name of the link.
	print "linkname ${linkname}\n" >> ${file}

	# Configure the interface/zone name.
	(
		print "# Interface name"
		print "ifname ${interface}"
		print
	) >> ${file}

	# Plugin settings
	if isset plugin; then
		(
			print "# Plugin settings"
			print "plugin ${plugin} ${plugin_options}"
			print
		) >> ${file}
	fi

	# pty settings
	if isset pty; then
		(
			print "# pty settings"
			print "pty \"${pty}\""
			print
		 ) >> ${file}
	fi

	# User authentication
	if isset username; then
		(
			print "# User authentication"
			print "user ${username}"

			print "noauth"
			if isset auth; then
				print "require-${auth}"
			fi

			# Refused authentication methods
			for refuse in ${refuses}; do
				print "refuse-${refuse}"
			done
			print
		) >> ${file}
	fi

	# DNS
	(
		print "# DNS"
		print "usepeerdns"
		print
	) >> ${file}

	# IPv6
	if enabled ipv6; then
		(
			print "# IPv6 support"
			print "+ipv6"
			print
		) >> ${file}
	fi

	# MTU/MRU settings
	if isset mtu; then
		isset mru || mru=${mtu}

		(
			print "# MTU/MRU settings"
			print "mtu ${mtu}"
			print "mru ${mru}"
			print
		) >> ${file}
	fi

	if enabled serial; then
		(
			print "# Serial modem settings"
			print "${serial_device} ${baudrate}"
			print "crtscts"
			print "lock"
			print "modem"
			print
		) >> ${file}

		# Connect command
		if isset connect_cmd; then
			(
				print "# Connect command"
				print "connect \"${connect_cmd}\""
				print
			) >> ${file}
		fi
	fi

	# Default asyncmap.
	if enabled default_asyncmap; then
		(
			print "# Use the default asyncmap."
			print "default-asyncmap"
			print
		) >> ${file}
	fi

	# LCP settings.
	(
		print "# LCP settings"
		print "lcp-echo-failure ${lcp_echo_failure}"
		print "lcp-echo-interval ${lcp_echo_interval}"
		print
	) >> ${file}

	# Add the default settings.
	(
		print "# Disable the compression"
		print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"

		print "noipdefault nodetach debug"
	) >> ${file}

	return ${EXIT_OK}
}
Commit	Line	Data
5b20e43a MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
1848564d	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
5b20e43a MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
97cb552e MT	22	PPP_SUPPORTED_AUTH_METHODS="chap pap"
97cb552e MT	23
ea5f6354 MT	24	EXIT_PPPD_ERROR=${EXIT_ERROR}
ea5f6354 MT	25	EXIT_PPPD_ERROR_FATAL=$(( ${EXIT_ERROR} + 1 ))
97cb552e	26
ea5f6354 MT	27	# This function monitors the pppd activity.
ea5f6354 MT	28
1c6a4e30	29	pppd_angel() {
ea5f6354 MT	30	local device="${1}"
	31	assert isset device
	32
	33	local config_file="${2}"
	34	assert isset config_file
	35	shift 2
	36
	37	local holdoff_time
	38
	39	while [ $# -gt 0 ]; do
	40	case "${1}" in
	41	--holdoff-time=*)
	42	holdoff_time="$(cli_get_val "${1}")"
	43	;;
	44	*)
	45	warning "Unrecognized argument: ${1}"
	46	return ${EXIT_ERROR}
	47	;;
	48	esac
	49	shift
	50	done
	51
ea5f6354 MT	52	while :; do
	53	# Execute ppp daemon.
	54	pppd_exec "${device}" "${config_file}"
0994996d	55	local ret=${?}
acd07453	56
ea5f6354 MT	57	case "${ret}" in
	58	${EXIT_OK})
	59	# pppd terminated gracefully. Propagating...
	60	return ${EXIT_OK}
	61	;;
	62	${EXIT_PPPD_ERROR})
	63	# pppd has a (non-fatal) error, in which case we
	64	# restart it instantly, so it will try to re-establish
	65	# the connection.
	66	;;
	67	${EXIT_PPPD_ERROR_FATAL})
	68	# pppd has a fatal error. We cannot go on from here
	69	# because there is either no chance to establish a connection
	70	# without any user interaction, or we will damage the system.
acd07453	71	log ERROR "Fatal error. Not going to restart pppd."
0994996d	72	return ${EXIT_ERROR}
ea5f6354 MT	73	;;
	74	*)
	75	log ERROR "Invalid return code: ${ret}"
	76	return ${EXIT_ERROR}
	77	;;
	78	esac
	79
	80	isset holdoff_time \|\| continue
	81
	82	# When we got here, we need to wait a little bit and restart the
	83	# ppp daemon soon.
acd07453	84	log INFO "Restarting pppd in ${holdoff_time}s"
ea5f6354 MT	85	sleep ${holdoff_time}
	86	done
	87	}
81d0c0b9	88
1c6a4e30	89	pppd_exec() {
ea5f6354 MT	90	local device="${1}"
	91	assert isset device
	92
	93	local config_file="${2}"
	94	assert isset config_file
	95	shift 2
	96
	97	# Execute pppd.
	98	cmd "pppd file ${config_file} $@"
	99	local ret=$?
	100
0994996d MT	101	# Get the hook of the zone
	102	local hook
	103	if zone_exists "${device}"; then
	104	hook="$(zone_get_hook "${zone}")"
	105	fi
	106
	107	log DEBUG "pppd exited with code: ${ret}"
	108
ea5f6354 MT	109	# Evaluate return code.
ea5f6354 MT	110	local error_code
0994996d MT	111	case "${ret},${hook}" in
0994996d MT	112	0,*)
ea5f6354 MT	113	# Pppd has detached, or otherwise the connection was successfully
	114	# established and terminated at the peer's request.
	115	log DEBUG "pppd exited gracefully"
0994996d	116	return ${EXIT_OK}
81d0c0b9	117	;;
0994996d	118	1,*)
ea5f6354 MT	119	# An immediately fatal error of some kind occurred, such as an
	120	# essential system call failing, or running out of virtual memory.
	121	log ERROR "pppd crashed for an unknown reason"
0994996d	122	return ${EXIT_PPPD_ERROR_FATAL}
81d0c0b9	123	;;
0994996d	124	2,*)
ea5f6354 MT	125	# An error was detected in processing the options given, such as two
	126	# mutually exclusive options being used.
	127	log ERROR "pppd: Configuration error"
0994996d	128	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	129	;;
0994996d	130	3,*)
ea5f6354 MT	131	# Pppd is not setuid-root and the invoking user is not root.
ea5f6354 MT	132	log ERROR "pppd: Launched with insufficient privileges"
0994996d	133	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	134	;;
0994996d	135	4,*)
ea5f6354 MT	136	# The kernel does not support PPP, for example, the PPP kernel driver is
	137	# not included or cannot be loaded.
	138	log ERROR "pppd: Kernel does not support PPP"
0994996d	139	return ${EXIT_PPPD_ERROR_FATAL}
81d0c0b9	140	;;
0994996d	141	5,*)
ea5f6354 MT	142	# Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
ea5f6354 MT	143	log ERROR "pppd: Received SIGINT, SIGTERM or SIGHUP signal"
0994996d	144	return ${EXIT_PPPD_ERROR}
ea5f6354	145	;;
0994996d	146	6,*)
ea5f6354 MT	147	# The serial port could not be locked.
ea5f6354 MT	148	log ERROR "pppd: Serial port could not be locked"
0994996d	149	return ${EXIT_PPPD_ERROR}
ea5f6354	150	;;
0994996d	151	7,*)
ea5f6354 MT	152	# The serial port could not be opened.
ea5f6354 MT	153	log ERROR "pppd: Serial port could not be opened"
0994996d MT	154	return ${EXIT_PPPD_ERROR}
	155	;;
	156	8,pppoe)
	157	# For PPPoE this tells us that we were not able to contact
	158	# the DSLAM (i.e. timeout waiting for PADO packets)
	159	log ERROR "pppd: Unable to contact the DSLAM"
	160	return ${EXIT_PPPD_ERROR}
ea5f6354	161	;;
0994996d	162	8,*)
ea5f6354 MT	163	# The connect script failed (returned a non-zero exit status).
ea5f6354 MT	164	log ERROR "pppd: Connect script failed"
0994996d	165	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	166	;;
0994996d	167	9,*)
ea5f6354 MT	168	# The command specified as the argument to the pty option could not be run.
ea5f6354 MT	169	log ERROR "pppd: Could not run pty command"
0994996d	170	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	171	;;
0994996d	172	10,*)
ea5f6354 MT	173	# The PPP negotiation failed, that is, it didn't reach the point where at
	174	# least one network protocol (e.g. IP) was running.
	175	log ERROR "pppd: Protocol negotiation failed"
0994996d	176	return ${EXIT_PPPD_ERROR}
ea5f6354	177	;;
0994996d	178	11,*)
ea5f6354 MT	179	# The peer system failed (or refused) to authenticate itself.
ea5f6354 MT	180	log ERROR "pppd: peer system failed (or refused) to authenticate itself"
0994996d	181	return ${EXIT_PPPD_ERROR}
ea5f6354	182	;;
0994996d	183	12,*)
ea5f6354 MT	184	# The link was established successfully and terminated because it was idle.
ea5f6354 MT	185	log ERROR "pppd: Terminated because of idleness"
0994996d	186	return ${EXIT_PPPD_ERROR}
ea5f6354	187	;;
0994996d	188	13,*)
ea5f6354 MT	189	# The link was established successfully and terminated because the connect time
	190	# limit was reached.
	191	log ERROR "pppd: connect time limit was reached"
0994996d	192	return ${EXIT_PPPD_ERROR}
ea5f6354	193	;;
0994996d	194	14,*)
ea5f6354 MT	195	# Callback was negotiated and an incoming call should arrive shortly.
	196	# We should not be using this, so make it fatal that nobody is able to
	197	# abuse the feature.
0994996d	198	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	199	;;
0994996d	200	15,*)
ea5f6354 MT	201	# The link was terminated because the peer is not responding to echo requests.
ea5f6354 MT	202	log ERROR "pppd: Peer is not responding to echo requests"
0994996d	203	return ${EXIT_PPPD_ERROR}
81d0c0b9	204	;;
0994996d	205	16,*)
ea5f6354 MT	206	# The link was terminated by the modem hanging up.
ea5f6354 MT	207	log ERROR "pppd: Modem hung up"
0994996d	208	return ${EXIT_PPPD_ERROR}
ea5f6354	209	;;
0994996d	210	17,*)
ea5f6354 MT	211	# The PPP negotiation failed because serial loopback was detected.
ea5f6354 MT	212	log ERROR "pppd: Serial loopback detected"
0994996d	213	return ${EXIT_PPPD_ERROR_FATAL}
ea5f6354	214	;;
0994996d	215	18,*)
ea5f6354 MT	216	# The init script failed (returned a non-zero exit status).
ea5f6354 MT	217	log ERROR "pppd: Init script failed"
0994996d	218	return ${EXIT_PPPD_ERROR_FATAL}
6c74a64c	219	;;
0994996d	220	19,*)
ea5f6354 MT	221	# We failed to authenticate ourselves to the peer.
ea5f6354 MT	222	log ERROR "pppd: Authentication failed"
0994996d	223	return ${EXIT_PPPD_ERROR_FATAL}
81d0c0b9 MT	224	;;
81d0c0b9 MT	225	*)
ea5f6354	226	log ERROR "pppd: Unhandled exit code: ${ret}"
0994996d	227	return ${EXIT_PPPD_ERROR_FATAL}
81d0c0b9 MT	228	;;
81d0c0b9 MT	229	esac
ea5f6354 MT	230	}
ea5f6354 MT	231
1c6a4e30	232	pppd_start() {
ea5f6354 MT	233	local device="${1}"
	234	assert isset device
	235
	236	# This will block until the connection has been established or
	237	# pppd exited.
	238	service_start "pppd@${device}.service"
97cb552e MT	239	}
97cb552e MT	240
1c6a4e30	241	pppd_stop() {
ea5f6354 MT	242	local device="${1}"
ea5f6354 MT	243	assert isset device
97cb552e	244
ea5f6354	245	service_stop "pppd@${device}.service"
97cb552e MT	246	}
97cb552e MT	247
1c6a4e30	248	pppd_status() {
ea5f6354 MT	249	local device="${1}"
ea5f6354 MT	250	assert isset device
97cb552e	251
ea5f6354	252	service_status "pppd@${device}.service"
97cb552e MT	253	}
97cb552e MT	254
1c6a4e30	255	ppp_common_ip_pre_up() {
c7ad7801 MT	256	local zone=${1}
	257	shift
	258
	259	if ! zone_exists ${zone}; then
	260	error "Zone '${zone}' does not exist."
	261	return ${EXIT_ERROR}
	262	fi
	263
2c973348	264	routing_db_from_ppp ${zone} ipv4
ff8ec5ef	265
c7ad7801 MT	266	return ${EXIT_OK}
	267	}
	268
1c6a4e30	269	ppp_common_ipv4_up() {
c7ad7801 MT	270	local zone=${1}
	271	shift
	272
	273	if ! zone_exists ${zone}; then
	274	error "Zone '${zone}' does not exist."
	275	return ${EXIT_ERROR}
	276	fi
	277
c041b631 MT	278	db_set "${zone}/ipv4/active" 1
c041b631 MT	279
2c973348	280	routing_update ${zone} ipv4
f5a771cf	281	routing_default_update
ff8ec5ef	282
c7ad7801 MT	283	return ${EXIT_OK}
	284	}
	285
1c6a4e30	286	ppp_common_ipv4_down() {
c7ad7801 MT	287	local zone=${1}
	288	shift
	289
	290	if ! zone_exists ${zone}; then
	291	error "Zone '${zone}' does not exist."
	292	return ${EXIT_ERROR}
	293	fi
	294
201b7dff MT	295	# Remove the information about this zone from the routing database
201b7dff MT	296	# and update the routing table.
c041b631 MT	297	db_delete "${zone}/ipv4"
c041b631 MT	298
201b7dff	299	routing_update ${zone} ipv4
f5a771cf	300	routing_default_update
201b7dff MT	301
	302	# Save accounting information
	303	ppp_accounting ${zone}
	304
201b7dff MT	305	return ${EXIT_OK}
	306	}
	307
1c6a4e30	308	ppp_common_ipv6_up() {
201b7dff MT	309	local zone=${1}
	310	shift
	311
	312	if ! zone_exists ${zone}; then
	313	error "Zone '${zone}' does not exist."
	314	return ${EXIT_ERROR}
	315	fi
	316
	317	# Add information about this zone to the routing database.
	318	routing_db_from_ppp ${zone} ipv6
	319
c041b631 MT	320	db_set "${zone}/ipv6/active" 1
c041b631 MT	321
201b7dff	322	routing_update ${zone} ipv6
f5a771cf	323	routing_default_update
201b7dff	324
201b7dff MT	325	return ${EXIT_OK}
	326	}
	327
1c6a4e30	328	ppp_common_ipv6_down() {
201b7dff MT	329	local zone=${1}
	330	shift
	331
	332	if ! zone_exists ${zone}; then
	333	error "Zone '${zone}' does not exist."
	334	return ${EXIT_ERROR}
	335	fi
	336
	337	# Remove the information about this zone from the routing database
	338	# and update the routing table.
c041b631 MT	339	db_delete "${zone}/ipv6"
c041b631 MT	340
201b7dff	341	routing_update ${zone} ipv6
f5a771cf	342	routing_default_update
201b7dff	343
059469a8 MT	344	# Save accounting information
	345	ppp_accounting ${zone}
	346
c7ad7801 MT	347	return ${EXIT_OK}
	348	}
	349
1c6a4e30	350	ppp_secret() {
5b20e43a MT	351	local USER=${1}
	352	local SECRET=${2}
	353	local a
	354	local secret
	355	local user
	356
	357	# Updateing secret file
	358	> ${PPP_SECRETS}.tmp
	359	while read user a secret; do
	360	if [ "'${USER}'" != "${user}" ]; then
	361	echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
	362	fi
	363	done < ${PPP_SECRETS}
	364	echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
	365	cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
	366	rm -f ${PPP_SECRETS}.tmp
	367	}
	368
1c6a4e30	369	ppp_accounting() {
059469a8 MT	370	local zone=${1}
059469a8 MT	371	shift
5b20e43a	372
059469a8 MT	373	db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
059469a8 MT	374	--rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
5b20e43a	375	}
711ffac1	376
1c6a4e30	377	pppd_write_config() {
97cb552e MT	378	local file=${1}; shift
	379	assert isset file
	380
	381	local auth
6c74a64c MT	382	local baudrate
6c74a64c MT	383	local connect_cmd
45d5539c	384	local default_asyncmap="true"
97cb552e	385	local interface
aadb3cd0	386	local ipv6="true"
45d5539c MT	387	local lcp_echo_failure=3
45d5539c MT	388	local lcp_echo_interval=20
97cb552e MT	389	local linkname
97cb552e MT	390	local mtu mru
6c74a64c	391	local password
97cb552e	392	local plugin plugin_options
7649cf73 SS	393	local pty
7649cf73 SS	394	local refuses
6c74a64c MT	395	local serial="false"
6c74a64c MT	396	local username
45d5539c	397	local value
97cb552e MT	398
	399	while [ $# -gt 0 ]; do
	400	case "${1}" in
	401	--auth=*)
2212045f	402	auth=$(cli_get_val "${1}")
97cb552e	403	;;
6c74a64c	404	--baudrate=*)
2212045f	405	baudrate=$(cli_get_val "${1}")
6c74a64c MT	406	assert isoneof baudrate ${SERIAL_BAUDRATES}
	407	;;
	408	--connect-command=*)
2212045f	409	connect_cmd=$(cli_get_val "${1}")
6c74a64c	410	;;
45d5539c MT	411	# Enable or disable the use of the default asyncmap.
45d5539c MT	412	--default-asyncmap=*)
2212045f	413	value=$(cli_get_val "${1}")
45d5539c MT	414	if enabled value; then
	415	default_asyncmap="true"
	416	else
	417	default_asyncmap="false"
	418	fi
	419	;;
97cb552e MT	420	# The name of the created ppp interface.
97cb552e MT	421	--interface=*)
2212045f	422	interface=$(cli_get_val "${1}")
97cb552e	423	;;
aadb3cd0 MT	424	# IPv6
aadb3cd0 MT	425	--ipv6=*)
2212045f	426	ipv6="$(cli_get_val "${1}")"
aadb3cd0	427	;;
45d5539c MT	428	# LCP echo failure.
45d5539c MT	429	--lcr-echo-failure=*)
2212045f	430	lcr_echo_failure=$(cli_get_val "${1}")
45d5539c MT	431
	432	if ! isinteger ${lcr_echo_failure}; then
	433	error "--lcr-echo-failure= requires a number"
	434	return ${EXIT_ERROR}
	435	fi
	436	;;
	437	# LCP echo interval.
	438	--lcr-echo-interval=*)
2212045f	439	lcr_echo_interval=$(cli_get_val "${1}")
45d5539c MT	440
	441	if ! isinteger ${lcr_echo_failure}; then
	442	error "--lcr-echo-interval= requires a number"
	443	return ${EXIT_ERROR}
	444	fi
	445	;;
97cb552e MT	446	# Maximum Transmission Unit
97cb552e MT	447	--mtu=*)
2212045f	448	mtu=$(cli_get_val "${1}")
97cb552e MT	449	;;
	450	# Maximum Receive Unit
	451	--mru=*)
2212045f	452	mru=$(cli_get_val "${1}")
97cb552e	453	;;
6c74a64c	454	--password=*)
2212045f	455	password=$(cli_get_val "${1}")
6c74a64c	456	;;
97cb552e	457	--plugin=*)
2212045f	458	plugin=$(cli_get_val "${1}")
97cb552e MT	459	;;
97cb552e MT	460	--plugin-options=*)
2212045f	461	plugin_options=$(cli_get_val "${1}")
97cb552e	462	;;
7649cf73	463	--pty=*)
2212045f	464	pty=$(cli_get_val "${1}")
7649cf73 SS	465	;;
	466	# Refused authentication methods
	467	--refuse=*)
	468	list_append refuses "$(cli_get_val "${1}")"
	469	error_log "REFUSES $refuses $1"
	470	;;
6c74a64c MT	471	# Sets if the modem is a serial device.
6c74a64c MT	472	--serial=*)
2212045f	473	serial=$(cli_get_val "${1}")
6c74a64c MT	474	;;
6c74a64c MT	475	--serial-device=*)
2212045f	476	serial_device=$(cli_get_val "${1}")
6c74a64c MT	477	;;
6c74a64c MT	478	--username=*)
2212045f	479	username=$(cli_get_val "${1}")
97cb552e MT	480	;;
	481	*)
	482	log WARNING "Unhandled argument: ${1}"
	483	;;
	484	esac
	485	shift
	486	done
	487
	488	if [ -z "${interface}" ]; then
	489	log ERROR "You need to set the interface name: ${interface}"
	490	return ${EXIT_ERROR}
	491	fi
45d5539c	492	linkname="${interface}"
97cb552e MT	493
	494	if isset auth; then
	495	if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
	496	log ERROR "Unsupported auth method: ${auth}"
	497	return ${EXIT_ERROR}
	498	fi
	499	fi
	500
6c74a64c MT	501	if enabled serial; then
	502	assert isset serial_device
	503	assert [ -c "${serial_device}" ]
	504	fi
	505
	506	# Set the user credentials.
	507	ppp_secret "${username}" "${password}"
	508
97cb552e MT	509	# Write the configuration header.
	510	mkdir -p $(dirname ${file}) 2>/dev/null
	511	config_header "PPP daemon configuration file" > ${file}
	512
	513	# At first, set the name of the link.
45d5539c	514	print "linkname ${linkname}\n" >> ${file}
97cb552e	515
6c74a64c MT	516	# Configure the interface/zone name.
	517	(
	518	print "# Interface name"
	519	print "ifname ${interface}"
	520	print
	521	) >> ${file}
97cb552e MT	522
	523	# Plugin settings
	524	if isset plugin; then
	525	(
	526	print "# Plugin settings"
	527	print "plugin ${plugin} ${plugin_options}"
	528	print
	529	) >> ${file}
	530	fi
	531
7649cf73 SS	532	# pty settings
	533	if isset pty; then
	534	(
	535	print "# pty settings"
	536	print "pty \"${pty}\""
	537	print
	538	) >> ${file}
	539	fi
	540
97cb552e	541	# User authentication
6c74a64c	542	if isset username; then
97cb552e MT	543	(
97cb552e MT	544	print "# User authentication"
6c74a64c	545	print "user ${username}"
97cb552e MT	546
	547	print "noauth"
	548	if isset auth; then
	549	print "require-${auth}"
	550	fi
7649cf73 SS	551
	552	# Refused authentication methods
	553	for refuse in ${refuses}; do
	554	print "refuse-${refuse}"
	555	done
97cb552e MT	556	print
	557	) >> ${file}
	558	fi
	559
6f6aa9e8 MT	560	# DNS
	561	(
	562	print "# DNS"
	563	print "usepeerdns"
	564	print
	565	) >> ${file}
	566
aadb3cd0 MT	567	# IPv6
	568	if enabled ipv6; then
	569	(
	570	print "# IPv6 support"
	571	print "+ipv6"
	572	print
	573	) >> ${file}
	574	fi
	575
97cb552e MT	576	# MTU/MRU settings
	577	if isset mtu; then
	578	isset mru \|\| mru=${mtu}
	579
	580	(
	581	print "# MTU/MRU settings"
	582	print "mtu ${mtu}"
	583	print "mru ${mru}"
	584	print
	585	) >> ${file}
	586	fi
	587
6c74a64c MT	588	if enabled serial; then
	589	(
	590	print "# Serial modem settings"
	591	print "${serial_device} ${baudrate}"
	592	print "crtscts"
	593	print "lock"
	594	print "modem"
	595	print
	596	) >> ${file}
	597
	598	# Connect command
	599	if isset connect_cmd; then
	600	(
	601	print "# Connect command"
	602	print "connect \"${connect_cmd}\""
	603	print
	604	) >> ${file}
	605	fi
	606	fi
	607
45d5539c MT	608	# Default asyncmap.
	609	if enabled default_asyncmap; then
	610	(
	611	print "# Use the default asyncmap."
	612	print "default-asyncmap"
	613	print
	614	) >> ${file}
	615	fi
	616
	617	# LCP settings.
	618	(
	619	print "# LCP settings"
	620	print "lcp-echo-failure ${lcp_echo_failure}"
	621	print "lcp-echo-interval ${lcp_echo_interval}"
	622	print
	623	) >> ${file}
	624
97cb552e MT	625	# Add the default settings.
	626	(
	627	print "# Disable the compression"
	628	print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"
	629
ea5f6354	630	print "noipdefault nodetach debug"
97cb552e MT	631	) >> ${file}
	632
	633	return ${EXIT_OK}
	634	}