diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2
index 6b01958e5..ddf0da518 100644
--- a/data/templates/accel-ppp/pppoe.config.j2
+++ b/data/templates/accel-ppp/pppoe.config.j2
@@ -1,122 +1,123 @@
### generated by accel_pppoe.py ###
[modules]
log_syslog
pppoe
shaper
{# Common authentication backend definitions #}
{% include 'accel-ppp/config_modules_auth_mode.j2' %}
ippool
{# Common IPv6 definitions #}
{% include 'accel-ppp/config_modules_ipv6.j2' %}
{# Common authentication protocols (pap, chap ...) #}
{% include 'accel-ppp/config_modules_auth_protocols.j2' %}
{% if snmp is vyos_defined %}
net-snmp
{% endif %}
{% if limits is vyos_defined %}
connlimit
{% endif %}
{% if extended_scripts is vyos_defined %}
sigchld
pppd_compat
{% endif %}
[core]
thread-count={{ thread_count }}
[log]
syslog=accel-pppoe,daemon
copy=1
level=5
{% if authentication.mode is vyos_defined("noauth") %}
[auth]
noauth=1
{% endif %}
[client-ip-range]
0.0.0.0/0
[common]
{% if session_control is vyos_defined and session_control is not vyos_defined('disable') %}
single-session={{ session_control }}
{% endif %}
{% if max_concurrent_sessions is vyos_defined %}
max-starting={{ max_concurrent_sessions }}
{% endif %}
[pppoe]
verbose=1
ac-name={{ access_concentrator }}
{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
{% if iface_config.vlan is not vyos_defined %}
interface={{ iface }}
{% else %}
{% for vlan in iface_config.vlan %}
interface=re:^{{ iface }}\.{{ vlan | range_to_regex }}$
{% endfor %}
vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
{% endif %}
{% endfor %}
{% endif %}
{% if service_name %}
service-name={{ service_name | join(',') }}
{% endif %}
{% if pado_delay %}
-{% set pado_delay_param = namespace(value='0') %}
-{% for delay in pado_delay | sort(attribute='0') %}
+{% set delay_without_sessions = pado_delay.delays_without_sessions[0] | default('0') %}
+{% set pado_delay_param = namespace(value=delay_without_sessions) %}
+{% for delay, sessions in pado_delay.delays_with_sessions | sort(attribute='1') %}
{% if not loop.last %}
-{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %}
+{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + sessions | string %}
{% else %}
-{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %}
+{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + sessions | string %}
{% endif %}
{% endfor %}
pado-delay={{ pado_delay_param.value }}
{% endif %}
{% if authentication.radius.called_sid_format is vyos_defined %}
called-sid={{ authentication.radius.called_sid_format }}
{% endif %}
{% if authentication.mode is vyos_defined("noauth") %}
noauth=1
{% endif %}
{% if default_pool is vyos_defined %}
ip-pool={{ default_pool }}
{% endif %}
{% if default_ipv6_pool is vyos_defined %}
ipv6-pool={{ default_ipv6_pool }}
ipv6-pool-delegate={{ default_ipv6_pool }}
{% endif %}
{# Common IP pool definitions #}
{% include 'accel-ppp/config_ip_pool.j2' %}
{# Common IPv6 pool definitions #}
{% include 'accel-ppp/config_ipv6_pool.j2' %}
{# Common DNS name-server definition #}
{% include 'accel-ppp/config_name_server.j2' %}
{# Common wins-server definition #}
{% include 'accel-ppp/config_wins_server.j2' %}
{# Common chap-secrets and RADIUS server/option definitions #}
{% include 'accel-ppp/config_chap_secrets_radius.j2' %}
{# Common ppp-options definitions #}
{% include 'accel-ppp/ppp-options.j2' %}
{# Common RADIUS shaper configuration #}
{% include 'accel-ppp/config_shaper_radius.j2' %}
{# Common Extended scripts configuration #}
{% include 'accel-ppp/config_extended_scripts.j2' %}
{# Common Limits configuration #}
{% include 'accel-ppp/config_limits.j2' %}
{# Common SNMP definitions #}
{% include 'accel-ppp/config_snmp.j2' %}
[cli]
tcp=127.0.0.1:2001
diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py
index d7c7aa164..5a48b1f58 100755
--- a/smoketest/scripts/cli/test_service_pppoe-server.py
+++ b/smoketest/scripts/cli/test_service_pppoe-server.py
@@ -1,153 +1,175 @@
#!/usr/bin/env python3
#
# Copyright (C) 2022-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from base_accel_ppp_test import BasicAccelPPPTest
from configparser import ConfigParser
from vyos.utils.file import read_file
from vyos.template import range_to_regex
local_if = ['interfaces', 'dummy', 'dum667']
ac_name = 'ACN'
interface = 'eth0'
class TestServicePPPoEServer(BasicAccelPPPTest.TestCase):
@classmethod
def setUpClass(cls):
cls._base_path = ['service', 'pppoe-server']
cls._config_file = '/run/accel-pppd/pppoe.conf'
cls._chap_secrets = '/run/accel-pppd/pppoe.chap-secrets'
cls._protocol_section = 'pppoe'
# call base-classes classmethod
super(TestServicePPPoEServer, cls).setUpClass()
def tearDown(self):
self.cli_delete(local_if)
super().tearDown()
def verify(self, conf):
mtu = '1492'
# validate some common values in the configuration
for tmp in ['log_syslog', 'pppoe', 'ippool',
'auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5',
'auth_pap', 'shaper']:
# Settings without values provide None
self.assertEqual(conf['modules'][tmp], None)
# check Access Concentrator setting
self.assertTrue(conf['pppoe']['ac-name'] == ac_name)
self.assertTrue(conf['pppoe'].getboolean('verbose'))
self.assertTrue(conf['pppoe']['interface'], interface)
# check ppp
self.assertTrue(conf['ppp'].getboolean('verbose'))
self.assertTrue(conf['ppp'].getboolean('check-ip'))
self.assertEqual(conf['ppp']['mtu'], mtu)
super().verify(conf)
def basic_protocol_specific_config(self):
self.cli_set(local_if + ['address', '192.0.2.1/32'])
self.set(['access-concentrator', ac_name])
self.set(['interface', interface])
def test_pppoe_limits(self):
self.basic_config()
self.set(['limits', 'connection-limit', '20/min'])
self.cli_commit()
conf = ConfigParser(allow_no_value=True, delimiters='=')
conf.read(self._config_file)
self.assertEqual(conf['connlimit']['limit'], '20/min')
def test_pppoe_server_authentication_protocols(self):
# Test configuration of local authentication for PPPoE server
self.basic_config()
# explicitly test mschap-v2 - no special reason
self.set( ['authentication', 'protocols', 'mschap-v2'])
# commit changes
self.cli_commit()
# Validate configuration values
conf = ConfigParser(allow_no_value=True)
conf.read(self._config_file)
self.assertEqual(conf['modules']['auth_mschap_v2'], None)
def test_pppoe_server_shaper(self):
fwmark = '223'
limiter = 'tbf'
self.basic_config()
self.set(['shaper', 'fwmark', fwmark])
# commit changes
self.cli_commit()
# Validate configuration values
conf = ConfigParser(allow_no_value=True, delimiters='=')
conf.read(self._config_file)
# basic verification
self.verify(conf)
self.assertEqual(conf['shaper']['fwmark'], fwmark)
self.assertEqual(conf['shaper']['down-limiter'], limiter)
def test_accel_radius_authentication(self):
radius_called_sid = 'ifname:mac'
self.set(['authentication', 'radius', 'called-sid-format', radius_called_sid])
# run common tests
super().test_accel_radius_authentication()
# Validate configuration values
conf = ConfigParser(allow_no_value=True, delimiters='=')
conf.read(self._config_file)
# Validate configuration
self.assertEqual(conf['pppoe']['called-sid'], radius_called_sid)
def test_pppoe_server_vlan(self):
vlans = ['100', '200', '300-310']
# Test configuration of local authentication for PPPoE server
self.basic_config()
for vlan in vlans:
self.set(['interface', interface, 'vlan', vlan])
# commit changes
self.cli_commit()
# Validate configuration values
config = read_file(self._config_file)
for vlan in vlans:
tmp = range_to_regex(vlan)
self.assertIn(f'interface=re:^{interface}\.{tmp}$', config)
tmp = ','.join(vlans)
self.assertIn(f'vlan-mon={interface},{tmp}', config)
+ def test_pppoe_server_pado_delay(self):
+ delay_without_sessions = '10'
+ delays = {'20': '200', '30': '300'}
+
+ self.basic_config()
+
+ self.set(['pado-delay', delay_without_sessions])
+ self.cli_commit()
+
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+ self.assertEqual(conf['pppoe']['pado-delay'], delay_without_sessions)
+
+ for delay, sessions in delays.items():
+ self.set(['pado-delay', delay, 'sessions', sessions])
+ self.cli_commit()
+
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,-1:300')
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index c9d1e805f..b9d174933 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -1,122 +1,147 @@
#!/usr/bin/env python3
#
# Copyright (C) 2018-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sys import exit
from vyos.config import Config
from vyos.configdict import get_accel_dict
from vyos.configdict import is_node_changed
from vyos.configverify import verify_interface_exists
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
from vyos.accel_ppp_util import verify_accel_ppp_name_servers
from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos import ConfigError
from vyos import airbag
airbag.enable()
pppoe_conf = r'/run/accel-pppd/pppoe.conf'
pppoe_chap_secrets = r'/run/accel-pppd/pppoe.chap-secrets'
+def convert_pado_delay(pado_delay):
+ new_pado_delay = {'delays_without_sessions': [],
+ 'delays_with_sessions': []}
+ for delay, sessions in pado_delay.items():
+ if not sessions:
+ new_pado_delay['delays_without_sessions'].append(delay)
+ else:
+ new_pado_delay['delays_with_sessions'].append((delay, int(sessions['sessions'])))
+ return new_pado_delay
+
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
base = ['service', 'pppoe-server']
if not conf.exists(base):
return None
# retrieve common dictionary keys
pppoe = get_accel_dict(conf, base, pppoe_chap_secrets)
if dict_search('client_ip_pool', pppoe):
# Multiple named pools require ordered values T5099
pppoe['ordered_named_pools'] = get_pools_in_order(dict_search('client_ip_pool', pppoe))
+ if dict_search('pado_delay', pppoe):
+ pado_delay = dict_search('pado_delay', pppoe)
+ pppoe['pado_delay'] = convert_pado_delay(pado_delay)
+
# reload-or-restart does not implemented in accel-ppp
# use this workaround until it will be implemented
# https://phabricator.accel-ppp.org/T3
conditions = [is_node_changed(conf, base + ['client-ip-pool']),
is_node_changed(conf, base + ['client-ipv6-pool']),
is_node_changed(conf, base + ['interface'])]
if any(conditions):
pppoe.update({'restart_required': {}})
pppoe['server_type'] = 'pppoe'
return pppoe
+def verify_pado_delay(pppoe):
+ if 'pado_delay' in pppoe:
+ pado_delay = pppoe['pado_delay']
+
+ delays_without_sessions = pado_delay['delays_without_sessions']
+ if len(delays_without_sessions) > 1:
+ raise ConfigError(
+ f'Cannot add more then ONE pado-delay without sessions, '
+ f'but {len(delays_without_sessions)} were set'
+ )
+
def verify(pppoe):
if not pppoe:
return None
verify_accel_ppp_authentication(pppoe)
verify_accel_ppp_ip_pool(pppoe)
verify_accel_ppp_name_servers(pppoe)
verify_accel_ppp_wins_servers(pppoe)
-
+ verify_pado_delay(pppoe)
if 'interface' not in pppoe:
raise ConfigError('At least one listen interface must be defined!')
# Check is interface exists in the system
for interface in pppoe['interface']:
verify_interface_exists(interface)
return None
def generate(pppoe):
if not pppoe:
return None
render(pppoe_conf, 'accel-ppp/pppoe.config.j2', pppoe)
if dict_search('authentication.mode', pppoe) == 'local':
render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.j2',
pppoe, permission=0o640)
return None
def apply(pppoe):
systemd_service = 'accel-ppp@pppoe.service'
if not pppoe:
call(f'systemctl stop {systemd_service}')
for file in [pppoe_conf, pppoe_chap_secrets]:
if os.path.exists(file):
os.unlink(file)
return None
if 'restart_required' in pppoe:
call(f'systemctl restart {systemd_service}')
else:
call(f'systemctl reload-or-restart {systemd_service}')
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)