]> git.ipfire.org Git - people/stevee/network.git/blob - src/functions/functions.ppp
projects / people / stevee / network.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pppoe: Allow hotplugging the port and better handle pppd errors
[people/stevee/network.git] / src / functions / functions.ppp
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 PPP_SUPPORTED_AUTH_METHODS="chap pap"
23
24 EXIT_PPPD_ERROR=${EXIT_ERROR}
25 EXIT_PPPD_ERROR_FATAL=$(( ${EXIT_ERROR} + 1 ))
26
27 # This function monitors the pppd activity.
28
29 function pppd_angel() {
30 local device="${1}"
31 assert isset device
32
33 local config_file="${2}"
34 assert isset config_file
35 shift 2
36
37 local holdoff_time
38
39 while [ $# -gt 0 ]; do
40 case "${1}" in
41 --holdoff-time=*)
42 holdoff_time="$(cli_get_val "${1}")"
43 ;;
44 *)
45 warning "Unrecognized argument: ${1}"
46 return ${EXIT_ERROR}
47 ;;
48 esac
49 shift
50 done
51
52 while :; do
53 # Execute ppp daemon.
54 pppd_exec "${device}" "${config_file}"
55 local ret=${?}
56
57 case "${ret}" in
58 ${EXIT_OK})
59 # pppd terminated gracefully. Propagating...
60 return ${EXIT_OK}
61 ;;
62 ${EXIT_PPPD_ERROR})
63 # pppd has a (non-fatal) error, in which case we
64 # restart it instantly, so it will try to re-establish
65 # the connection.
66 ;;
67 ${EXIT_PPPD_ERROR_FATAL})
68 # pppd has a fatal error. We cannot go on from here
69 # because there is either no chance to establish a connection
70 # without any user interaction, or we will damage the system.
71 log ERROR "Fatal error. Not going to restart pppd."
72 return ${EXIT_ERROR}
73 ;;
74 *)
75 log ERROR "Invalid return code: ${ret}"
76 return ${EXIT_ERROR}
77 ;;
78 esac
79
80 isset holdoff_time || continue
81
82 # When we got here, we need to wait a little bit and restart the
83 # ppp daemon soon.
84 log INFO "Restarting pppd in ${holdoff_time}s"
85 sleep ${holdoff_time}
86 done
87 }
88
89 function pppd_exec() {
90 local device="${1}"
91 assert isset device
92
93 local config_file="${2}"
94 assert isset config_file
95 shift 2
96
97 # Execute pppd.
98 cmd "pppd file ${config_file} $@"
99 local ret=$?
100
101 # Get the hook of the zone
102 local hook
103 if zone_exists "${device}"; then
104 hook="$(zone_get_hook "${zone}")"
105 fi
106
107 log DEBUG "pppd exited with code: ${ret}"
108
109 # Evaluate return code.
110 local error_code
111 case "${ret},${hook}" in
112 0,*)
113 # Pppd has detached, or otherwise the connection was successfully
114 # established and terminated at the peer's request.
115 log DEBUG "pppd exited gracefully"
116 return ${EXIT_OK}
117 ;;
118 1,*)
119 # An immediately fatal error of some kind occurred, such as an
120 # essential system call failing, or running out of virtual memory.
121 log ERROR "pppd crashed for an unknown reason"
122 return ${EXIT_PPPD_ERROR_FATAL}
123 ;;
124 2,*)
125 # An error was detected in processing the options given, such as two
126 # mutually exclusive options being used.
127 log ERROR "pppd: Configuration error"
128 return ${EXIT_PPPD_ERROR_FATAL}
129 ;;
130 3,*)
131 # Pppd is not setuid-root and the invoking user is not root.
132 log ERROR "pppd: Launched with insufficient privileges"
133 return ${EXIT_PPPD_ERROR_FATAL}
134 ;;
135 4,*)
136 # The kernel does not support PPP, for example, the PPP kernel driver is
137 # not included or cannot be loaded.
138 log ERROR "pppd: Kernel does not support PPP"
139 return ${EXIT_PPPD_ERROR_FATAL}
140 ;;
141 5,*)
142 # Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
143 log ERROR "pppd: Received SIGINT, SIGTERM or SIGHUP signal"
144 return ${EXIT_PPPD_ERROR}
145 ;;
146 6,*)
147 # The serial port could not be locked.
148 log ERROR "pppd: Serial port could not be locked"
149 return ${EXIT_PPPD_ERROR}
150 ;;
151 7,*)
152 # The serial port could not be opened.
153 log ERROR "pppd: Serial port could not be opened"
154 return ${EXIT_PPPD_ERROR}
155 ;;
156 8,pppoe)
157 # For PPPoE this tells us that we were not able to contact
158 # the DSLAM (i.e. timeout waiting for PADO packets)
159 log ERROR "pppd: Unable to contact the DSLAM"
160 return ${EXIT_PPPD_ERROR}
161 ;;
162 8,*)
163 # The connect script failed (returned a non-zero exit status).
164 log ERROR "pppd: Connect script failed"
165 return ${EXIT_PPPD_ERROR_FATAL}
166 ;;
167 9,*)
168 # The command specified as the argument to the pty option could not be run.
169 log ERROR "pppd: Could not run pty command"
170 return ${EXIT_PPPD_ERROR_FATAL}
171 ;;
172 10,*)
173 # The PPP negotiation failed, that is, it didn't reach the point where at
174 # least one network protocol (e.g. IP) was running.
175 log ERROR "pppd: Protocol negotiation failed"
176 return ${EXIT_PPPD_ERROR}
177 ;;
178 11,*)
179 # The peer system failed (or refused) to authenticate itself.
180 log ERROR "pppd: peer system failed (or refused) to authenticate itself"
181 return ${EXIT_PPPD_ERROR}
182 ;;
183 12,*)
184 # The link was established successfully and terminated because it was idle.
185 log ERROR "pppd: Terminated because of idleness"
186 return ${EXIT_PPPD_ERROR}
187 ;;
188 13,*)
189 # The link was established successfully and terminated because the connect time
190 # limit was reached.
191 log ERROR "pppd: connect time limit was reached"
192 return ${EXIT_PPPD_ERROR}
193 ;;
194 14,*)
195 # Callback was negotiated and an incoming call should arrive shortly.
196 # We should not be using this, so make it fatal that nobody is able to
197 # abuse the feature.
198 return ${EXIT_PPPD_ERROR_FATAL}
199 ;;
200 15,*)
201 # The link was terminated because the peer is not responding to echo requests.
202 log ERROR "pppd: Peer is not responding to echo requests"
203 return ${EXIT_PPPD_ERROR}
204 ;;
205 16,*)
206 # The link was terminated by the modem hanging up.
207 log ERROR "pppd: Modem hung up"
208 return ${EXIT_PPPD_ERROR}
209 ;;
210 17,*)
211 # The PPP negotiation failed because serial loopback was detected.
212 log ERROR "pppd: Serial loopback detected"
213 return ${EXIT_PPPD_ERROR_FATAL}
214 ;;
215 18,*)
216 # The init script failed (returned a non-zero exit status).
217 log ERROR "pppd: Init script failed"
218 return ${EXIT_PPPD_ERROR_FATAL}
219 ;;
220 19,*)
221 # We failed to authenticate ourselves to the peer.
222 log ERROR "pppd: Authentication failed"
223 return ${EXIT_PPPD_ERROR_FATAL}
224 ;;
225 *)
226 log ERROR "pppd: Unhandled exit code: ${ret}"
227 return ${EXIT_PPPD_ERROR_FATAL}
228 ;;
229 esac
230 }
231
232 function pppd_start() {
233 local device="${1}"
234 assert isset device
235
236 # This will block until the connection has been established or
237 # pppd exited.
238 service_start "pppd@${device}.service"
239 }
240
241 function pppd_stop() {
242 local device="${1}"
243 assert isset device
244
245 service_stop "pppd@${device}.service"
246 }
247
248 function pppd_status() {
249 local device="${1}"
250 assert isset device
251
252 service_status "pppd@${device}.service"
253 }
254
255 function ppp_common_ip_pre_up() {
256 local zone=${1}
257 shift
258
259 if ! zone_exists ${zone}; then
260 error "Zone '${zone}' does not exist."
261 return ${EXIT_ERROR}
262 fi
263
264 routing_db_from_ppp ${zone} ipv4
265
266 return ${EXIT_OK}
267 }
268
269 function ppp_common_ipv4_up() {
270 local zone=${1}
271 shift
272
273 if ! zone_exists ${zone}; then
274 error "Zone '${zone}' does not exist."
275 return ${EXIT_ERROR}
276 fi
277
278 routing_db_set ${zone} ipv4 active 1
279 routing_update ${zone} ipv4
280 routing_default_update
281
282 return ${EXIT_OK}
283 }
284
285 function ppp_common_ipv4_down() {
286 local zone=${1}
287 shift
288
289 if ! zone_exists ${zone}; then
290 error "Zone '${zone}' does not exist."
291 return ${EXIT_ERROR}
292 fi
293
294 # Remove the information about this zone from the routing database
295 # and update the routing table.
296 routing_db_remove ${zone} ipv4
297 routing_update ${zone} ipv4
298 routing_default_update
299
300 # Save accounting information
301 ppp_accounting ${zone}
302
303 return ${EXIT_OK}
304 }
305
306 function ppp_common_ipv6_up() {
307 local zone=${1}
308 shift
309
310 if ! zone_exists ${zone}; then
311 error "Zone '${zone}' does not exist."
312 return ${EXIT_ERROR}
313 fi
314
315 # Add information about this zone to the routing database.
316 routing_db_from_ppp ${zone} ipv6
317
318 routing_db_set ${zone} ipv6 active 1
319 routing_update ${zone} ipv6
320 routing_default_update
321
322 return ${EXIT_OK}
323 }
324
325 function ppp_common_ipv6_down() {
326 local zone=${1}
327 shift
328
329 if ! zone_exists ${zone}; then
330 error "Zone '${zone}' does not exist."
331 return ${EXIT_ERROR}
332 fi
333
334 # Remove the information about this zone from the routing database
335 # and update the routing table.
336 routing_db_remove ${zone} ipv6
337 routing_update ${zone} ipv6
338 routing_default_update
339
340 # Save accounting information
341 ppp_accounting ${zone}
342
343 return ${EXIT_OK}
344 }
345
346 function ppp_secret() {
347 local USER=${1}
348 local SECRET=${2}
349 local a
350 local secret
351 local user
352
353 # Updateing secret file
354 > ${PPP_SECRETS}.tmp
355 while read user a secret; do
356 if [ "'${USER}'" != "${user}" ]; then
357 echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp
358 fi
359 done < ${PPP_SECRETS}
360 echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp
361 cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS}
362 rm -f ${PPP_SECRETS}.tmp
363 }
364
365 function ppp_accounting() {
366 local zone=${1}
367 shift
368
369 db_ppp_update ${zone} --duration="${CONNECT_TIME}" \
370 --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}"
371 }
372
373 function pppd_write_config() {
374 local file=${1}; shift
375 assert isset file
376
377 local auth
378 local baudrate
379 local connect_cmd
380 local default_asyncmap="true"
381 local interface
382 local ipv6="true"
383 local lcp_echo_failure=3
384 local lcp_echo_interval=20
385 local linkname
386 local mtu mru
387 local password
388 local plugin plugin_options
389 local pty
390 local refuses
391 local serial="false"
392 local username
393 local value
394
395 while [ $# -gt 0 ]; do
396 case "${1}" in
397 --auth=*)
398 auth=$(cli_get_val ${1})
399 ;;
400 --baudrate=*)
401 baudrate=$(cli_get_val ${1})
402 assert isoneof baudrate ${SERIAL_BAUDRATES}
403 ;;
404 --connect-command=*)
405 connect_cmd=$(cli_get_val ${1})
406 ;;
407 # Enable or disable the use of the default asyncmap.
408 --default-asyncmap=*)
409 value=$(cli_get_val ${1})
410 if enabled value; then
411 default_asyncmap="true"
412 else
413 default_asyncmap="false"
414 fi
415 ;;
416 # The name of the created ppp interface.
417 --interface=*)
418 interface=$(cli_get_val ${1})
419 ;;
420 # IPv6
421 --ipv6=*)
422 ipv6="$(cli_get_val ${1})"
423 ;;
424 # LCP echo failure.
425 --lcr-echo-failure=*)
426 lcr_echo_failure=$(cli_get_val ${1})
427
428 if ! isinteger ${lcr_echo_failure}; then
429 error "--lcr-echo-failure= requires a number"
430 return ${EXIT_ERROR}
431 fi
432 ;;
433 # LCP echo interval.
434 --lcr-echo-interval=*)
435 lcr_echo_interval=$(cli_get_val ${1})
436
437 if ! isinteger ${lcr_echo_failure}; then
438 error "--lcr-echo-interval= requires a number"
439 return ${EXIT_ERROR}
440 fi
441 ;;
442 # Maximum Transmission Unit
443 --mtu=*)
444 mtu=$(cli_get_val ${1})
445 ;;
446 # Maximum Receive Unit
447 --mru=*)
448 mru=$(cli_get_val ${1})
449 ;;
450 --password=*)
451 password=$(cli_get_val ${1})
452 ;;
453 --plugin=*)
454 plugin=$(cli_get_val ${1})
455 ;;
456 --plugin-options=*)
457 plugin_options=$(cli_get_val ${1})
458 ;;
459 --pty=*)
460 pty=$(cli_get_val ${1})
461 ;;
462 # Refused authentication methods
463 --refuse=*)
464 list_append refuses "$(cli_get_val "${1}")"
465 error_log "REFUSES $refuses $1"
466 ;;
467 # Sets if the modem is a serial device.
468 --serial=*)
469 serial=$(cli_get_val ${1})
470 ;;
471 --serial-device=*)
472 serial_device=$(cli_get_val ${1})
473 ;;
474 --username=*)
475 username=$(cli_get_val ${1})
476 ;;
477 *)
478 log WARNING "Unhandled argument: ${1}"
479 ;;
480 esac
481 shift
482 done
483
484 if [ -z "${interface}" ]; then
485 log ERROR "You need to set the interface name: ${interface}"
486 return ${EXIT_ERROR}
487 fi
488 linkname="${interface}"
489
490 if isset auth; then
491 if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then
492 log ERROR "Unsupported auth method: ${auth}"
493 return ${EXIT_ERROR}
494 fi
495 fi
496
497 if enabled serial; then
498 assert isset serial_device
499 assert [ -c "${serial_device}" ]
500 fi
501
502 # Set the user credentials.
503 ppp_secret "${username}" "${password}"
504
505 # Write the configuration header.
506 mkdir -p $(dirname ${file}) 2>/dev/null
507 config_header "PPP daemon configuration file" > ${file}
508
509 # At first, set the name of the link.
510 print "linkname ${linkname}\n" >> ${file}
511
512 # Configure the interface/zone name.
513 (
514 print "# Interface name"
515 print "ifname ${interface}"
516 print
517 ) >> ${file}
518
519 # Plugin settings
520 if isset plugin; then
521 (
522 print "# Plugin settings"
523 print "plugin ${plugin} ${plugin_options}"
524 print
525 ) >> ${file}
526 fi
527
528 # pty settings
529 if isset pty; then
530 (
531 print "# pty settings"
532 print "pty \"${pty}\""
533 print
534 ) >> ${file}
535 fi
536
537 # User authentication
538 if isset username; then
539 (
540 print "# User authentication"
541 print "user ${username}"
542
543 print "noauth"
544 if isset auth; then
545 print "require-${auth}"
546 fi
547
548 # Refused authentication methods
549 for refuse in ${refuses}; do
550 print "refuse-${refuse}"
551 done
552 print
553 ) >> ${file}
554 fi
555
556 # IPv6
557 if enabled ipv6; then
558 (
559 print "# IPv6 support"
560 print "+ipv6"
561 print
562 ) >> ${file}
563 fi
564
565 # MTU/MRU settings
566 if isset mtu; then
567 isset mru || mru=${mtu}
568
569 (
570 print "# MTU/MRU settings"
571 print "mtu ${mtu}"
572 print "mru ${mru}"
573 print
574 ) >> ${file}
575 fi
576
577 if enabled serial; then
578 (
579 print "# Serial modem settings"
580 print "${serial_device} ${baudrate}"
581 print "crtscts"
582 print "lock"
583 print "modem"
584 print
585 ) >> ${file}
586
587 # Connect command
588 if isset connect_cmd; then
589 (
590 print "# Connect command"
591 print "connect \"${connect_cmd}\""
592 print
593 ) >> ${file}
594 fi
595 fi
596
597 # Default asyncmap.
598 if enabled default_asyncmap; then
599 (
600 print "# Use the default asyncmap."
601 print "default-asyncmap"
602 print
603 ) >> ${file}
604 fi
605
606 # LCP settings.
607 (
608 print "# LCP settings"
609 print "lcp-echo-failure ${lcp_echo_failure}"
610 print "lcp-echo-interval ${lcp_echo_interval}"
611 print
612 ) >> ${file}
613
614 # Add the default settings.
615 (
616 print "# Disable the compression"
617 print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe"
618
619 print "noipdefault nodetach debug"
620 ) >> ${file}
621
622 return ${EXIT_OK}
623 }
Stevee's network tree.