2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 PPP_SUPPORTED_AUTH_METHODS
="chap pap"
24 EXIT_PPPD_ERROR
=${EXIT_ERROR}
25 EXIT_PPPD_ERROR_FATAL
=$
(( ${EXIT_ERROR} + 1 ))
27 # This function monitors the pppd activity.
29 function pppd_angel
() {
33 local config_file
="${2}"
34 assert isset config_file
39 while [ $# -gt 0 ]; do
42 holdoff_time
="$(cli_get_val "${1}")"
45 warning
"Unrecognized argument: ${1}"
54 pppd_exec
"${device}" "${config_file}"
59 # pppd terminated gracefully. Propagating...
63 # pppd has a (non-fatal) error, in which case we
64 # restart it instantly, so it will try to re-establish
67 ${EXIT_PPPD_ERROR_FATAL})
68 # pppd has a fatal error. We cannot go on from here
69 # because there is either no chance to establish a connection
70 # without any user interaction, or we will damage the system.
71 log ERROR
"Fatal error. Not going to restart pppd."
75 log ERROR
"Invalid return code: ${ret}"
80 isset holdoff_time ||
continue
82 # When we got here, we need to wait a little bit and restart the
84 log INFO
"Restarting pppd in ${holdoff_time}s"
89 function pppd_exec
() {
93 local config_file
="${2}"
94 assert isset config_file
98 cmd
"pppd file ${config_file} $@"
101 # Get the hook of the zone
103 if zone_exists
"${device}"; then
104 hook
="$(zone_get_hook "${zone}")"
107 log DEBUG
"pppd exited with code: ${ret}"
109 # Evaluate return code.
111 case "${ret},${hook}" in
113 # Pppd has detached, or otherwise the connection was successfully
114 # established and terminated at the peer's request.
115 log DEBUG
"pppd exited gracefully"
119 # An immediately fatal error of some kind occurred, such as an
120 # essential system call failing, or running out of virtual memory.
121 log ERROR
"pppd crashed for an unknown reason"
122 return ${EXIT_PPPD_ERROR_FATAL}
125 # An error was detected in processing the options given, such as two
126 # mutually exclusive options being used.
127 log ERROR
"pppd: Configuration error"
128 return ${EXIT_PPPD_ERROR_FATAL}
131 # Pppd is not setuid-root and the invoking user is not root.
132 log ERROR
"pppd: Launched with insufficient privileges"
133 return ${EXIT_PPPD_ERROR_FATAL}
136 # The kernel does not support PPP, for example, the PPP kernel driver is
137 # not included or cannot be loaded.
138 log ERROR
"pppd: Kernel does not support PPP"
139 return ${EXIT_PPPD_ERROR_FATAL}
142 # Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
143 log ERROR
"pppd: Received SIGINT, SIGTERM or SIGHUP signal"
144 return ${EXIT_PPPD_ERROR}
147 # The serial port could not be locked.
148 log ERROR
"pppd: Serial port could not be locked"
149 return ${EXIT_PPPD_ERROR}
152 # The serial port could not be opened.
153 log ERROR
"pppd: Serial port could not be opened"
154 return ${EXIT_PPPD_ERROR}
157 # For PPPoE this tells us that we were not able to contact
158 # the DSLAM (i.e. timeout waiting for PADO packets)
159 log ERROR
"pppd: Unable to contact the DSLAM"
160 return ${EXIT_PPPD_ERROR}
163 # The connect script failed (returned a non-zero exit status).
164 log ERROR
"pppd: Connect script failed"
165 return ${EXIT_PPPD_ERROR_FATAL}
168 # The command specified as the argument to the pty option could not be run.
169 log ERROR
"pppd: Could not run pty command"
170 return ${EXIT_PPPD_ERROR_FATAL}
173 # The PPP negotiation failed, that is, it didn't reach the point where at
174 # least one network protocol (e.g. IP) was running.
175 log ERROR
"pppd: Protocol negotiation failed"
176 return ${EXIT_PPPD_ERROR}
179 # The peer system failed (or refused) to authenticate itself.
180 log ERROR
"pppd: peer system failed (or refused) to authenticate itself"
181 return ${EXIT_PPPD_ERROR}
184 # The link was established successfully and terminated because it was idle.
185 log ERROR
"pppd: Terminated because of idleness"
186 return ${EXIT_PPPD_ERROR}
189 # The link was established successfully and terminated because the connect time
191 log ERROR
"pppd: connect time limit was reached"
192 return ${EXIT_PPPD_ERROR}
195 # Callback was negotiated and an incoming call should arrive shortly.
196 # We should not be using this, so make it fatal that nobody is able to
198 return ${EXIT_PPPD_ERROR_FATAL}
201 # The link was terminated because the peer is not responding to echo requests.
202 log ERROR
"pppd: Peer is not responding to echo requests"
203 return ${EXIT_PPPD_ERROR}
206 # The link was terminated by the modem hanging up.
207 log ERROR
"pppd: Modem hung up"
208 return ${EXIT_PPPD_ERROR}
211 # The PPP negotiation failed because serial loopback was detected.
212 log ERROR
"pppd: Serial loopback detected"
213 return ${EXIT_PPPD_ERROR_FATAL}
216 # The init script failed (returned a non-zero exit status).
217 log ERROR
"pppd: Init script failed"
218 return ${EXIT_PPPD_ERROR_FATAL}
221 # We failed to authenticate ourselves to the peer.
222 log ERROR
"pppd: Authentication failed"
223 return ${EXIT_PPPD_ERROR_FATAL}
226 log ERROR
"pppd: Unhandled exit code: ${ret}"
227 return ${EXIT_PPPD_ERROR_FATAL}
232 function pppd_start
() {
236 # This will block until the connection has been established or
238 service_start
"pppd@${device}.service"
241 function pppd_stop
() {
245 service_stop
"pppd@${device}.service"
248 function pppd_status
() {
252 service_status
"pppd@${device}.service"
255 function ppp_common_ip_pre_up
() {
259 if ! zone_exists
${zone}; then
260 error
"Zone '${zone}' does not exist."
264 routing_db_from_ppp
${zone} ipv4
269 function ppp_common_ipv4_up
() {
273 if ! zone_exists
${zone}; then
274 error
"Zone '${zone}' does not exist."
278 routing_db_set
${zone} ipv4 active
1
279 routing_update
${zone} ipv4
280 routing_default_update
285 function ppp_common_ipv4_down
() {
289 if ! zone_exists
${zone}; then
290 error
"Zone '${zone}' does not exist."
294 # Remove the information about this zone from the routing database
295 # and update the routing table.
296 routing_db_remove
${zone} ipv4
297 routing_update
${zone} ipv4
298 routing_default_update
300 # Save accounting information
301 ppp_accounting
${zone}
306 function ppp_common_ipv6_up
() {
310 if ! zone_exists
${zone}; then
311 error
"Zone '${zone}' does not exist."
315 # Add information about this zone to the routing database.
316 routing_db_from_ppp
${zone} ipv6
318 routing_db_set
${zone} ipv6 active
1
319 routing_update
${zone} ipv6
320 routing_default_update
325 function ppp_common_ipv6_down
() {
329 if ! zone_exists
${zone}; then
330 error
"Zone '${zone}' does not exist."
334 # Remove the information about this zone from the routing database
335 # and update the routing table.
336 routing_db_remove
${zone} ipv6
337 routing_update
${zone} ipv6
338 routing_default_update
340 # Save accounting information
341 ppp_accounting
${zone}
346 function ppp_secret
() {
353 # Updateing secret file
355 while read user a secret
; do
356 if [ "'${USER}'" != "${user}" ]; then
357 echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
359 done < ${PPP_SECRETS}
360 echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
361 cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
362 rm -f ${PPP_SECRETS}.tmp
365 function ppp_accounting() {
369 db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
370 --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
373 function pppd_write_config() {
374 local file=${1}; shift
380 local default_asyncmap="true"
383 local lcp_echo_failure=3
384 local lcp_echo_interval=20
388 local plugin plugin_options
395 while [ $# -gt 0 ]; do
398 auth=$(cli_get_val ${1})
401 baudrate=$(cli_get_val ${1})
402 assert isoneof baudrate ${SERIAL_BAUDRATES}
405 connect_cmd=$(cli_get_val ${1})
407 # Enable or disable the use of the default asyncmap.
408 --default-asyncmap=*)
409 value=$(cli_get_val ${1})
410 if enabled value; then
411 default_asyncmap="true"
413 default_asyncmap="false"
416 # The name of the created ppp interface.
418 interface=$(cli_get_val ${1})
422 ipv6="$(cli_get_val ${1})"
425 --lcr-echo-failure=*)
426 lcr_echo_failure=$(cli_get_val ${1})
428 if ! isinteger ${lcr_echo_failure}; then
429 error "--lcr-echo-failure= requires a number"
434 --lcr-echo-interval=*)
435 lcr_echo_interval=$(cli_get_val ${1})
437 if ! isinteger ${lcr_echo_failure}; then
438 error "--lcr-echo-interval= requires a number"
442 # Maximum Transmission Unit
444 mtu=$(cli_get_val ${1})
446 # Maximum Receive Unit
448 mru=$(cli_get_val ${1})
451 password=$(cli_get_val ${1})
454 plugin=$(cli_get_val ${1})
457 plugin_options=$(cli_get_val ${1})
460 pty=$(cli_get_val ${1})
462 # Refused authentication methods
464 list_append refuses "$(cli_get_val "${1}")"
465 error_log "REFUSES $refuses $1"
467 # Sets if the modem is a serial device.
469 serial=$(cli_get_val ${1})
472 serial_device=$(cli_get_val ${1})
475 username=$(cli_get_val ${1})
478 log WARNING "Unhandled argument: ${1}"
484 if [ -z "${interface}" ]; then
485 log ERROR "You need to set the interface name: ${interface}"
488 linkname="${interface}"
491 if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
492 log ERROR "Unsupported auth method: ${auth}"
497 if enabled serial; then
498 assert isset serial_device
499 assert [ -c "${serial_device}" ]
502 # Set the user credentials.
503 ppp_secret "${username}" "${password}"
505 # Write the configuration header.
506 mkdir -p $(dirname ${file}) 2>/dev/null
507 config_header "PPP daemon configuration file" > ${file}
509 # At first, set the name of the link.
510 print "linkname ${linkname}\n" >> ${file}
512 # Configure the interface/zone name.
514 print "# Interface name"
515 print "ifname ${interface}"
520 if isset plugin; then
522 print "# Plugin settings"
523 print "plugin ${plugin} ${plugin_options}"
531 print "# pty settings"
532 print "pty \"${pty}\""
537 # User authentication
538 if isset username; then
540 print "# User authentication"
541 print "user ${username}"
545 print "require-${auth}"
548 # Refused authentication methods
549 for refuse in ${refuses}; do
550 print "refuse-${refuse}"
557 if enabled ipv6; then
559 print "# IPv6 support"
567 isset mru || mru=${mtu}
570 print "# MTU/MRU settings"
577 if enabled serial; then
579 print "# Serial modem settings"
580 print "${serial_device} ${baudrate}"
588 if isset connect_cmd; then
590 print "# Connect command"
591 print "connect \"${connect_cmd}\""
598 if enabled default_asyncmap; then
600 print "# Use the default asyncmap."
601 print "default-asyncmap"
608 print "# LCP settings"
609 print "lcp-echo-failure ${lcp_echo_failure}"
610 print "lcp-echo-interval ${lcp_echo_interval}"
614 # Add the default settings.
616 print "# Disable the compression"
617 print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"
619 print "noipdefault nodetach debug"