summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-04-18 11:28:47 -0700
committerJohn Estabrook <jestabro@sentrium.io>2020-01-16 11:40:29 -0600
commite679b7827f3e3ddbb03dcdd8f49835520c21c438 (patch)
tree20bcb2275227f757c87858eed03f33eac12a2bae
parent0c5658a7297dad4130d17fe6c507d41632d55a9d (diff)
downloadvyos-1x-e679b7827f3e3ddbb03dcdd8f49835520c21c438.tar.gz
vyos-1x-e679b7827f3e3ddbb03dcdd8f49835520c21c438.zip
[pppoe-server] T1341 - Adding rate-limiter for pppoe server users
- implementation for locally definied users (cherry picked from commit c1dc93391b9ec1785ab648fa7685521c85774d28)
-rw-r--r--interface-definitions/pppoe-server.xml23
-rwxr-xr-xsrc/conf_mode/accel_pppoe.py30
2 files changed, 47 insertions, 6 deletions
diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml
index ad4522679..65f2e8ccd 100644
--- a/interface-definitions/pppoe-server.xml
+++ b/interface-definitions/pppoe-server.xml
@@ -60,6 +60,29 @@
<help>Static client IP address</help>
</properties>
</leafNode>
+ <node name="rate-limit">
+ <properties>
+ <help>Upload/Download speed limits</help>
+ </properties>
+ <children>
+ <leafNode name="upload">
+ <properties>
+ <help>Upload bandwidth limit in bits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="download">
+ <properties>
+ <help>Download bandwidth limit in bits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</tagNode>
</children>
diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py
index fb40b5c54..6ef959806 100755
--- a/src/conf_mode/accel_pppoe.py
+++ b/src/conf_mode/accel_pppoe.py
@@ -245,11 +245,16 @@ tcp=127.0.0.1:2001
### pppoe chap secrets
chap_secrets_conf = '''
-# username server password acceptable local IP addresses
+# username server password acceptable local IP addresses shaper
{% for user in authentication['local-users'] %}
{% if authentication['local-users'][user]['state'] == 'enabled' %}
+{% if (authentication['local-users'][user]['upload']) and (authentication['local-users'][user]['download']) %}
+{{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}}\t\
+{{authentication['local-users'][user]['download']}}/{{authentication['local-users'][user]['upload']}}
+{% else %}
{{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}}
{% endif %}
+{% endif %}
{% endfor %}
'''
###
@@ -389,9 +394,11 @@ def get_config():
config_data['authentication']['local-users'].update(
{
usr : {
- 'passwd' : '',
- 'state' : 'enabled',
- 'ip' : '*'
+ 'passwd' : None,
+ 'state' : 'enabled',
+ 'ip' : '*',
+ 'upload' : None,
+ 'download' : None
}
}
)
@@ -401,7 +408,11 @@ def get_config():
config_data['authentication']['local-users'][usr]['state'] = 'disable'
if c.exists('authentication local-users username ' + usr + ' static-ip'):
config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip')
-
+ if c.exists('authentication local-users username ' + usr + ' rate-limit download'):
+ config_data['authentication']['local-users'][usr]['download'] = c.return_value('authentication local-users username ' + usr + ' rate-limit download')
+ if c.exists('authentication local-users username ' + usr + ' rate-limit upload'):
+ config_data['authentication']['local-users'][usr]['upload'] = c.return_value('authentication local-users username ' + usr + ' rate-limit upload')
+
### authentication mode radius servers and settings
if c.exists('authentication mode radius'):
@@ -496,10 +507,17 @@ def verify(c):
if c['authentication']['mode'] == 'local':
if not c['authentication']['local-users']:
raise ConfigError('pppoe-server authentication local-users required')
-
+
for usr in c['authentication']['local-users']:
if not c['authentication']['local-users'][usr]['passwd']:
raise ConfigError('user ' + usr + ' requires a password')
+ ### if up/download is set, check that both have a value
+ if c['authentication']['local-users'][usr]['upload']:
+ if not c['authentication']['local-users'][usr]['download']:
+ raise ConfigError('user ' + usr + ' requires download speed value')
+ if c['authentication']['local-users'][usr]['download']:
+ if not c['authentication']['local-users'][usr]['upload']:
+ raise ConfigError('user ' + usr + ' requires upload speed value')
if c['authentication']['mode'] == 'radius':
if len(c['authentication']['radiussrv']) == 0: