[people/stevee/network.git] / src / hooks / zones / pppoe

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

HOOK_SETTINGS="HOOK ACCESS_CONCENTRATOR AUTH USERNAME PASSWORD"
HOOK_SETTINGS="${HOOK_SETTINGS} SERVICE_NAME MTU IPV6 PREFIX_DELEGATION"

# User credentials for the dialin.
USERNAME=""
PASSWORD=""

# Set the authentication mechanism.
AUTH=

# Access Concentrator.
ACCESS_CONCENTRATOR=""

# Service name.
SERVICE_NAME=""

# Maximum Transmission Unit.
# 1492 is a very common value for that.
MTU=1492

# This hook can work with all authentication methods supported by pppd.
PPPOE_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
PPPOE_PLUGIN="rp-pppoe.so"

# Request an IPv6 address.
IPV6="true"

# Use IPv6 prefix delegation.
PREFIX_DELEGATION="false"

function hook_check_settings() {
	assert isset USERNAME
	assert isset PASSWORD

	isset AUTH && assert isoneof AUTH ${PPPOE_SUPPORTED_AUTH_METHODS}

	assert isset IPV6
	assert isset PREFIX_DELEGATION
}

function hook_parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--access-concentrator=*)
				ACCESS_CONCENTRATOR=$(cli_get_val ${1})
				;;
			--auth=*)
				AUTH=$(cli_get_val ${1})
				;;
			--ipv6=*)
				local value="$(cli_get_val "${1}")"
				if enabled value; then
					IPV6="true"
				else
					IPV6="false"
				fi
				;;
			--mtu=*)
				MTU=$(cli_get_val ${1})
				;;
			--password=*)
				PASSWORD=$(cli_get_val ${1})
				;;
			--prefix-delegation=*)
				PREFIX_DELEGATION="$(cli_get_bool "${1}")"
				;;
			--service-name=*)
				SERVICE_NAME=$(cli_get_val ${1})
				;;
			--username=*)
				USERNAME=$(cli_get_val ${1})
				;;
			*)
				warning "Unknown argument: ${1}" >&2
				;;
		esac
		shift
	done
}

function hook_up() {
	local zone=${1}
	assert isset zone

	zone_settings_read "${zone}"

	# Bring up the port.
	local port=$(__hook_get_port "${zone}")
	port_up "${port}"

	# Start the ppp daemon.
	pppd_start ${zone}

	exit ${EXIT_OK}
}

function hook_down() {
	local zone=${1}
	assert isset zone

	zone_settings_read "${zone}"

	# Stop the ppp daemon.
	pppd_stop ${zone}

	# Bring down the port.
	log DEBUG "Bringing down port '${PORT}'."
	port_down ${PORT}

	exit ${EXIT_OK}
}

function hook_hotplug() {
	local zone="${1}"

	case "$(hotplug_action)" in
		add)
			if hotplug_event_interface_is_port_of_zone "${zone}"; then
				# Bring up the zone if it is enabled but not active, yet.
				zone_start_auto "${zone}"

				exit ${EXIT_OK}
			fi
			;;
		remove)
			# PPPoE cannot work if the ethernet device has been removed
			if hotplug_event_interface_is_port_of_zone "${zone}"; then
				if zone_is_active "${zone}"; then
					zone_stop "${zone}"
				fi

				exit ${EXIT_OK}
			fi
			;;
	esac

	exit ${EXIT_NOT_HANDLED}
}

function hook_discover() {
	local device=${1}

	# This obviously only works on ethernet (or compatible) devices
	if ! device_is_ethernet_compatible "${device}"; then
		exit ${EXIT_ERROR}
	fi

	local output
	output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1)

	# Exit if there was not output
	[ -z "${output}" ] && exit ${DISCOVER_ERROR}

	# Exit if PADI timed out
	grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR}

	local ac
	while read line; do
		case "${line}" in
			Access-Concentrator:*)
				ac="${line#Access-Concentrator: }"
				;;
		esac
	done <<<"${output}"

	echo "ACCESS_CONCENTRATOR=\"$ac\""

	exit ${DISCOVER_OK}
}

function hook_status() {
	local zone=${1}
	assert isset zone

	cli_device_headline ${zone}

	zone_settings_read "${zone}"

	cli_headline 2 "Configuration"
	cli_print_fmt1 2 "Username" "${USERNAME}"
	cli_print_fmt1 2 "Password" "<hidden>"

	local port=$(__hook_get_port "${zone}")
	if isset port; then
		cli_print_fmt1 2 "Port" "${port}"
	fi
	cli_space

	# Exit if zone is down
	if ! zone_is_up ${zone}; then
		echo # Empty line
		exit ${EXIT_ERROR}
	fi

	# XXX display time since connection started

	cli_headline 2 "Point-to-Point-over-Ethernet protocol"
	local proto
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		routing_db_exists ${zone} ${proto} || continue

		local headline
		case "${proto}" in
			ipv6)
				headline="Internet Protocol Version 6"
				;;
			ipv4)
				headline="Internet Protocol Version 4"
				;;
			*)
				headline="Unkown protocol"
				;;
		esac
		cli_headline 3 "${headline}"

		cli_print_fmt1 3 "IP address"  "$(routing_db_get ${zone} ${proto} local-ip-address)"
		cli_print_fmt1 3 "Gateway"     "$(routing_db_get ${zone} ${proto} remote-ip-address)"
		cli_print_fmt1 3 "DNS servers" "$(routing_db_get ${zone} ${proto} dns)"
		cli_space
		cli_print_fmt1 3 "MAC-Remote"  "$(routing_db_get ${zone} ${proto} remote-address)"
		cli_space
	done

	exit ${EXIT_OK}
}

function hook_ppp_write_config() {
	local zone=${1}
	assert isset zone

	local file=${2}
	assert isset file

	# Read in the configuration files.
	zone_settings_read "${zone}"

	# A port has to be assigned for this action
	local port=$(__hook_get_port "${zone}")
	if ! isset port; then
		error "No port assigned to pppoe hook of zone '${zone}'"
		exit ${EXIT_ERROR}
	fi

	# Prepare the command line options for the pppoe plugin.
	local plugin_options

	# Add the access concentrator (if any).
	if isset ACCESS_CONCENTRATOR; then
		plugin_options="${plugin_options} rp_pppoe_ac '${ACCESS_CONCENTRATOR}'"
	fi

	# Add the service name (if any).
	if isset SERVICE_NAME; then
		plugin_options="${plugin_options} rp_pppoe_service '${SERVICE_NAME}'"
	fi

	# The last argument must be the interface.
	plugin_options="${plugin_options} ${port}"

	pppd_write_config ${file} \
		--interface="${zone}" \
		--username="${USERNAME}" \
		--password="${PASSWORD}" \
		--mtu="${MTU}" \
		--auth="${AUTH}" \
		--ipv6="${IPV6}" \
		\
		--plugin="${PPPOE_PLUGIN}" \
		--plugin-options="${plugin_options}"

	exit ${EXIT_OK}
}

function __hook_get_port() {
	local zone="${1}"

	local port
	for port in $(zone_get_ports "${zone}"); do
		echo "${port}"
		return ${EXIT_OK}
	done

	return ${EXIT_ERROR}
}

function hook_port_add() {
	# Excepting at least two arguments here
	assert [ $# -ge 2 ]

	local zone="${1}"
	local port="${2}"
	shift 2

	# PPPoE can only use one port
	local ports_num="$(zone_get_ports_num "${zone}")"
	if [ ${ports_num} -ge 1 ]; then
		local port=$(__hook_get_port "${zone}")
		error "The pppoe zone hook only supports assigning one port"
		error "  port '${port}' has already been assigned to zone '${zone}'"
		return ${EXIT_ERROR}
	fi

	zone_port_settings_write "${zone}" "${port}"
	log INFO "Port '${port}' has been added to zone '${zone}'"

	exit ${EXIT_OK}
}

function hook_port_remove() {
	assert [ $# -eq 2 ]

	local zone="${1}"
	local port="${2}"

	# Shut down the port (if possible)
	port_down "${port}"

	log INFO "Port '${port}' has been removed from zone '${zone}'"
	zone_port_settings_remove "${zone}" "${port}"

	exit ${EXIT_OK}
}
Commit	Line	Data
1848564d MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
97cb552e	5	# Copyright (C) 2012 IPFire Network Development Team #
1848564d MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
f41fa3d7	22	. /usr/lib/network/header-zone
1848564d	23
97cb552e	24	HOOK_SETTINGS="HOOK ACCESS_CONCENTRATOR AUTH USERNAME PASSWORD"
529141df	25	HOOK_SETTINGS="${HOOK_SETTINGS} SERVICE_NAME MTU IPV6 PREFIX_DELEGATION"
1848564d	26
97cb552e MT	27	# User credentials for the dialin.
	28	USERNAME=""
	29	PASSWORD=""
1848564d	30
97cb552e	31	# Set the authentication mechanism.
1848564d	32	AUTH=
97cb552e	33
97cb552e MT	34	# Access Concentrator.
	35	ACCESS_CONCENTRATOR=""
	36
	37	# Service name.
	38	SERVICE_NAME=""
	39
	40	# Maximum Transmission Unit.
	41	# 1492 is a very common value for that.
1848564d	42	MTU=1492
1848564d	43
97cb552e	44	# This hook can work with all authentication methods supported by pppd.
3a829636	45	PPPOE_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
1848564d MT	46	PPPOE_PLUGIN="rp-pppoe.so"
1848564d MT	47
69e93b3c MT	48	# Request an IPv6 address.
	49	IPV6="true"
	50
08e40c8c MT	51	# Use IPv6 prefix delegation.
	52	PREFIX_DELEGATION="false"
	53
1e6f187e	54	function hook_check_settings() {
97cb552e MT	55	assert isset USERNAME
97cb552e MT	56	assert isset PASSWORD
261132f9	57
3a829636	58	isset AUTH && assert isoneof AUTH ${PPPOE_SUPPORTED_AUTH_METHODS}
261132f9	59
69e93b3c	60	assert isset IPV6
08e40c8c	61	assert isset PREFIX_DELEGATION
1848564d MT	62	}
1848564d MT	63
2181765d	64	function hook_parse_cmdline() {
1848564d	65	while [ $# -gt 0 ]; do
97cb552e MT	66	case "${1}" in
	67	--access-concentrator=*)
	68	ACCESS_CONCENTRATOR=$(cli_get_val ${1})
1848564d	69	;;
97cb552e MT	70	--auth=*)
97cb552e MT	71	AUTH=$(cli_get_val ${1})
1848564d	72	;;
69e93b3c MT	73	--ipv6=*)
	74	local value="$(cli_get_val "${1}")"
	75	if enabled value; then
	76	IPV6="true"
	77	else
	78	IPV6="false"
	79	fi
	80	;;
1848564d	81	--mtu=*)
97cb552e	82	MTU=$(cli_get_val ${1})
1848564d	83	;;
97cb552e MT	84	--password=*)
97cb552e MT	85	PASSWORD=$(cli_get_val ${1})
1848564d	86	;;
08e40c8c MT	87	--prefix-delegation=*)
	88	PREFIX_DELEGATION="$(cli_get_bool "${1}")"
	89	;;
97cb552e MT	90	--service-name=*)
97cb552e MT	91	SERVICE_NAME=$(cli_get_val ${1})
1848564d	92	;;
97cb552e MT	93	--username=*)
97cb552e MT	94	USERNAME=$(cli_get_val ${1})
201b7dff	95	;;
1848564d	96	*)
97cb552e	97	warning "Unknown argument: ${1}" >&2
1848564d MT	98	;;
	99	esac
	100	shift
	101	done
1848564d MT	102	}
1848564d MT	103
2181765d	104	function hook_up() {
1848564d	105	local zone=${1}
711ffac1 MT	106	assert isset zone
711ffac1 MT	107
1e6f187e	108	zone_settings_read "${zone}"
2044f591 MT	109
2044f591 MT	110	# Bring up the port.
529141df MT	111	local port=$(__hook_get_port "${zone}")
529141df MT	112	port_up "${port}"
2044f591	113
97cb552e MT	114	# Start the ppp daemon.
97cb552e MT	115	pppd_start ${zone}
da453c33	116
97cb552e	117	exit ${EXIT_OK}
1848564d MT	118	}
1848564d MT	119
2181765d	120	function hook_down() {
1848564d	121	local zone=${1}
97cb552e	122	assert isset zone
1848564d	123
1e6f187e	124	zone_settings_read "${zone}"
2044f591	125
97cb552e MT	126	# Stop the ppp daemon.
97cb552e MT	127	pppd_stop ${zone}
1848564d	128
2044f591 MT	129	# Bring down the port.
	130	log DEBUG "Bringing down port '${PORT}'."
	131	port_down ${PORT}
	132
1848564d MT	133	exit ${EXIT_OK}
	134	}
	135
0994996d MT	136	function hook_hotplug() {
	137	local zone="${1}"
	138
	139	case "$(hotplug_action)" in
	140	add)
	141	if hotplug_event_interface_is_port_of_zone "${zone}"; then
	142	# Bring up the zone if it is enabled but not active, yet.
	143	zone_start_auto "${zone}"
	144
	145	exit ${EXIT_OK}
	146	fi
	147	;;
	148	remove)
	149	# PPPoE cannot work if the ethernet device has been removed
	150	if hotplug_event_interface_is_port_of_zone "${zone}"; then
	151	if zone_is_active "${zone}"; then
	152	zone_stop "${zone}"
	153	fi
	154
	155	exit ${EXIT_OK}
	156	fi
	157	;;
	158	esac
	159
	160	exit ${EXIT_NOT_HANDLED}
	161	}
	162
2181765d	163	function hook_discover() {
1848564d MT	164	local device=${1}
1848564d MT	165
5dfc94a8 MT	166	# This obviously only works on ethernet (or compatible) devices
5dfc94a8 MT	167	if ! device_is_ethernet_compatible "${device}"; then
5b20e43a	168	exit ${EXIT_ERROR}
1848564d MT	169	fi
	170
	171	local output
	172	output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1)
	173
	174	# Exit if there was not output
	175	[ -z "${output}" ] && exit ${DISCOVER_ERROR}
	176
	177	# Exit if PADI timed out
	178	grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR}
	179
	180	local ac
	181	while read line; do
	182	case "${line}" in
	183	Access-Concentrator:*)
	184	ac="${line#Access-Concentrator: }"
	185	;;
	186	esac
	187	done <<<"${output}"
	188
	189	echo "ACCESS_CONCENTRATOR=\"$ac\""
	190
	191	exit ${DISCOVER_OK}
	192	}
5b20e43a	193
2181765d	194	function hook_status() {
8eadf1da	195	local zone=${1}
711ffac1 MT	196	assert isset zone
711ffac1 MT	197
3cb2fc42	198	cli_device_headline ${zone}
8eadf1da	199
1e6f187e	200	zone_settings_read "${zone}"
711ffac1	201
3cb2fc42	202	cli_headline 2 "Configuration"
97cb552e MT	203	cli_print_fmt1 2 "Username" "${USERNAME}"
97cb552e MT	204	cli_print_fmt1 2 "Password" "<hidden>"
529141df MT	205
	206	local port=$(__hook_get_port "${zone}")
	207	if isset port; then
	208	cli_print_fmt1 2 "Port" "${port}"
	209	fi
3cb2fc42 MT	210	cli_space
3cb2fc42 MT	211
8eadf1da MT	212	# Exit if zone is down
	213	if ! zone_is_up ${zone}; then
	214	echo # Empty line
	215	exit ${EXIT_ERROR}
	216	fi
	217
711ffac1 MT	218	# XXX display time since connection started
711ffac1 MT	219
3cb2fc42	220	cli_headline 2 "Point-to-Point-over-Ethernet protocol"
201b7dff MT	221	local proto
	222	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	223	routing_db_exists ${zone} ${proto} \|\| continue
3cb2fc42 MT	224
	225	local headline
	226	case "${proto}" in
	227	ipv6)
	228	headline="Internet Protocol Version 6"
	229	;;
	230	ipv4)
	231	headline="Internet Protocol Version 4"
	232	;;
	233	*)
	234	headline="Unkown protocol"
	235	;;
	236	esac
	237	cli_headline 3 "${headline}"
	238
	239	cli_print_fmt1 3 "IP address" "$(routing_db_get ${zone} ${proto} local-ip-address)"
	240	cli_print_fmt1 3 "Gateway" "$(routing_db_get ${zone} ${proto} remote-ip-address)"
	241	cli_print_fmt1 3 "DNS servers" "$(routing_db_get ${zone} ${proto} dns)"
	242	cli_space
	243	cli_print_fmt1 3 "MAC-Remote" "$(routing_db_get ${zone} ${proto} remote-address)"
	244	cli_space
201b7dff	245	done
3cb2fc42	246
8eadf1da MT	247	exit ${EXIT_OK}
	248	}
	249
2181765d	250	function hook_ppp_write_config() {
97cb552e MT	251	local zone=${1}
	252	assert isset zone
	253
	254	local file=${2}
	255	assert isset file
	256
	257	# Read in the configuration files.
1e6f187e	258	zone_settings_read "${zone}"
97cb552e	259
529141df MT	260	# A port has to be assigned for this action
	261	local port=$(__hook_get_port "${zone}")
	262	if ! isset port; then
	263	error "No port assigned to pppoe hook of zone '${zone}'"
	264	exit ${EXIT_ERROR}
	265	fi
	266
97cb552e MT	267	# Prepare the command line options for the pppoe plugin.
	268	local plugin_options
	269
	270	# Add the access concentrator (if any).
	271	if isset ACCESS_CONCENTRATOR; then
	272	plugin_options="${plugin_options} rp_pppoe_ac '${ACCESS_CONCENTRATOR}'"
711ffac1 MT	273	fi
711ffac1 MT	274
97cb552e MT	275	# Add the service name (if any).
	276	if isset SERVICE_NAME; then
	277	plugin_options="${plugin_options} rp_pppoe_service '${SERVICE_NAME}'"
	278	fi
711ffac1	279
97cb552e	280	# The last argument must be the interface.
529141df	281	plugin_options="${plugin_options} ${port}"
97cb552e MT	282
	283	pppd_write_config ${file} \
	284	--interface="${zone}" \
6c74a64c MT	285	--username="${USERNAME}" \
6c74a64c MT	286	--password="${PASSWORD}" \
97cb552e MT	287	--mtu="${MTU}" \
97cb552e MT	288	--auth="${AUTH}" \
69e93b3c	289	--ipv6="${IPV6}" \
97cb552e MT	290	\
	291	--plugin="${PPPOE_PLUGIN}" \
	292	--plugin-options="${plugin_options}"
	293
6c74a64c	294	exit ${EXIT_OK}
711ffac1	295	}
529141df MT	296
	297	function __hook_get_port() {
	298	local zone="${1}"
	299
	300	local port
	301	for port in $(zone_get_ports "${zone}"); do
	302	echo "${port}"
	303	return ${EXIT_OK}
	304	done
	305
	306	return ${EXIT_ERROR}
	307	}
	308
	309	function hook_port_add() {
	310	# Excepting at least two arguments here
	311	assert [ $# -ge 2 ]
	312
	313	local zone="${1}"
	314	local port="${2}"
	315	shift 2
	316
	317	# PPPoE can only use one port
	318	local ports_num="$(zone_get_ports_num "${zone}")"
	319	if [ ${ports_num} -ge 1 ]; then
	320	local port=$(__hook_get_port "${zone}")
	321	error "The pppoe zone hook only supports assigning one port"
	322	error " port '${port}' has already been assigned to zone '${zone}'"
	323	return ${EXIT_ERROR}
	324	fi
	325
e9df08ad	326	zone_port_settings_write "${zone}" "${port}"
529141df MT	327	log INFO "Port '${port}' has been added to zone '${zone}'"
	328
	329	exit ${EXIT_OK}
	330	}
	331
	332	function hook_port_remove() {
	333	assert [ $# -eq 2 ]
	334
	335	local zone="${1}"
	336	local port="${2}"
	337
	338	# Shut down the port (if possible)
	339	port_down "${port}"
	340
	341	log INFO "Port '${port}' has been removed from zone '${zone}'"
e9df08ad	342	zone_port_settings_remove "${zone}" "${port}"
529141df MT	343
	344	exit ${EXIT_OK}
	345	}