diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-04 13:46:38 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-04 13:46:38 +0200 |
commit | 8dcf042a7f58dfac590b28174dc1d9b87ce5a893 (patch) | |
tree | 74acfbd69639855780f9b4608d36c48002434230 | |
parent | 926eaabc283dabc1b2db0bafbb41bc71f9766f05 (diff) | |
download | vyos-1x-8dcf042a7f58dfac590b28174dc1d9b87ce5a893.tar.gz vyos-1x-8dcf042a7f58dfac590b28174dc1d9b87ce5a893.zip |
pppoe: T2219: move adding of default route to ip-(up|down) script
As PPPoE interfaces should be part of a VRF it is required that the default
can also be set into the specified VRF. The default way of PPP by setting the
"defaultroute" option does not take a VRF into account. In this case PPP
installs a Kernel route forwarding all default traffic over this interface.
This change installs a static route with metric 1 instead into the routing
table via FRR. This is not the same as a Kernel route in terms of metric 1
compared to 0 but it should do the trick.
-rw-r--r-- | data/templates/pppoe/ip-down.script.tmpl | 16 | ||||
-rw-r--r-- | data/templates/pppoe/ip-up.script.tmpl | 33 | ||||
-rw-r--r-- | data/templates/pppoe/ipv6-up.script.tmpl | 82 | ||||
-rw-r--r-- | data/templates/pppoe/peer.tmpl | 132 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-pppoe.py | 21 |
5 files changed, 172 insertions, 112 deletions
diff --git a/data/templates/pppoe/ip-down.script.tmpl b/data/templates/pppoe/ip-down.script.tmpl new file mode 100644 index 000000000..f90da02bc --- /dev/null +++ b/data/templates/pppoe/ip-down.script.tmpl @@ -0,0 +1,16 @@ +#!/bin/sh + +# As PPPoE is an "on demand" interface we need to re-configure it when it +# becomes up + +if [ "$6" != "{{ intf }}" ]; then + exit +fi + +# add some info to syslog +DIALER_PID=$(cat /var/run/{{ intf }}.pid) +logger -t pppd[$DIALER_PID] "executing $0" + +# Debian PPP version has no support for replacing an existing default route +# thus we emulate this ba an ip-up script https://phabricator.vyos.net/T2220. +vtysh -c "conf t" -c "no ip route 0.0.0.0/0 {{ intf }}" diff --git a/data/templates/pppoe/ip-up.script.tmpl b/data/templates/pppoe/ip-up.script.tmpl new file mode 100644 index 000000000..c6aa02e9e --- /dev/null +++ b/data/templates/pppoe/ip-up.script.tmpl @@ -0,0 +1,33 @@ +#!/bin/sh + +# As PPPoE is an "on demand" interface we need to re-configure it when it +# becomes up +if [ "$6" != "{{ intf }}" ]; then + exit +fi + +# add some info to syslog +DIALER_PID=$(cat /var/run/{{ intf }}.pid) +logger -t pppd[$DIALER_PID] "executing $0" + +# Debian PPP version has no support for replacing an existing default route +# thus we emulate this ba an ip-up script https://phabricator.vyos.net/T2220. + +{% if 'auto' in default_route -%} + +# only insert a new default route if there is no default route configured +routes=$(vtysh -c "show running-config" | sed -n "/ip route/,/!/p" | grep 0.0.0.0/0 | wc -l) +if [ "$routes" -eq 0 ]; then + # No VRF, use default routing table + vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ intf }}" +fi + +{% elif 'force' in default_route -%} + +# Retrieve current static default routes and remove it from the routing table +vtysh -c "show running-config" | sed -n "/ip route/,/!/p" | grep 0.0.0.0/0 | while read route ; do + vtysh -c "conf t" -c "no ${route}" +done +# No VRF, use default routing table +vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ intf }}" +{% endif %} diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl index 037db66db..a4b08ddaf 100644 --- a/data/templates/pppoe/ipv6-up.script.tmpl +++ b/data/templates/pppoe/ipv6-up.script.tmpl @@ -1,41 +1,41 @@ -#!/bin/sh
-
-# As PPPoE is an "on demand" interface we need to re-configure it when it
-# becomes up
-
-if [ "$6" != "{{ intf }}" ]; then
- exit
-fi
-
-{% if ipv6_autoconf -%}
-# add some info to syslog
-DIALER_PID=$(cat /var/run/{{ intf }}.pid)
-logger -t pppd[$DIALER_PID] "executing $0"
-logger -t pppd[$DIALER_PID] "configuring interface {{ intf }} via $2"
-
-# Configure interface-specific Host/Router behaviour.
-# Note: It is recommended to have the same setting on all interfaces; mixed
-# router/host scenarios are rather uncommon. Possible values are:
-#
-# 0 Forwarding disabled
-# 1 Forwarding enabled
-#
-echo 1 > /proc/sys/net/ipv6/conf/{{ intf }}/forwarding
-
-# Accept Router Advertisements; autoconfigure using them.
-#
-# It also determines whether or not to transmit Router
-# Solicitations. If and only if the functional setting is to
-# accept Router Advertisements, Router Solicitations will be
-# transmitted. Possible values are:
-#
-# 0 Do not accept Router Advertisements.
-# 1 Accept Router Advertisements if forwarding is disabled.
-# 2 Overrule forwarding behaviour. Accept Router Advertisements
-# even if forwarding is enabled.
-#
-echo 2 > /proc/sys/net/ipv6/conf/{{ intf }}/accept_ra
-
-# Autoconfigure addresses using Prefix Information in Router Advertisements.
-echo 1 > /proc/sys/net/ipv6/conf/{{ intf }}/autoconfigure
-{% endif %}
+#!/bin/sh + +# As PPPoE is an "on demand" interface we need to re-configure it when it +# becomes up + +if [ "$6" != "{{ intf }}" ]; then + exit +fi + +{% if ipv6_autoconf -%} +# add some info to syslog +DIALER_PID=$(cat /var/run/{{ intf }}.pid) +logger -t pppd[$DIALER_PID] "executing $0" +logger -t pppd[$DIALER_PID] "configuring interface {{ intf }} via {{ source_interface }}" + +# Configure interface-specific Host/Router behaviour. +# Note: It is recommended to have the same setting on all interfaces; mixed +# router/host scenarios are rather uncommon. Possible values are: +# +# 0 Forwarding disabled +# 1 Forwarding enabled +# +echo 1 > /proc/sys/net/ipv6/conf/{{ intf }}/forwarding + +# Accept Router Advertisements; autoconfigure using them. +# +# It also determines whether or not to transmit Router +# Solicitations. If and only if the functional setting is to +# accept Router Advertisements, Router Solicitations will be +# transmitted. Possible values are: +# +# 0 Do not accept Router Advertisements. +# 1 Accept Router Advertisements if forwarding is disabled. +# 2 Overrule forwarding behaviour. Accept Router Advertisements +# even if forwarding is enabled. +# +echo 2 > /proc/sys/net/ipv6/conf/{{ intf }}/accept_ra + +# Autoconfigure addresses using Prefix Information in Router Advertisements. +echo 1 > /proc/sys/net/ipv6/conf/{{ intf }}/autoconfigure +{% endif %} diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl index 029361101..8651f12a5 100644 --- a/data/templates/pppoe/peer.tmpl +++ b/data/templates/pppoe/peer.tmpl @@ -1,69 +1,63 @@ -### Autogenerated by interfaces-pppoe.py ###
-
-{% if description %}
-# {{ description }}
-{% endif %}
-
-# Require peer to provide the local IP address if it is not
-# specified explicitly in the config file.
-noipdefault
-
-# Don't show the password in logfiles:
-hide-password
-
-# Standard Link Control Protocol (LCP) parameters:
-lcp-echo-interval 20
-lcp-echo-failure 3
-
-# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
-# requested and MUST be rejected if requested by the peer:
-# Address-and-Control-Field-Compression (ACFC)
-noaccomp
-
-# Asynchronous-Control-Character-Map (ACCM)
-default-asyncmap
-
-# Override any connect script that may have been set in /etc/ppp/options.
-connect /bin/true
-
-# Don't try to authenticate the remote node
-noauth
-
-# Don't try to proxy ARP for the remote endpoint. User can set proxy
-# arp entries up manually if they wish. More importantly, having
-# the "proxyarp" parameter set disables the "defaultroute" option.
-noproxyarp
-
-# Unlimited connection attempts
-maxfail 0
-
-plugin rp-pppoe.so
-{{ source_interface }}
-persist
-ifname {{ intf }}
-ipparam {{ intf }}
-debug
-logfile {{ logfile }}
-{% if 'auto' in default_route -%}
-defaultroute
-{% elif 'force' in default_route -%}
-defaultroute
-replacedefaultroute
-{% endif %}
-mtu {{ mtu }}
-mru {{ mtu }}
-user "{{ auth_username }}"
-password "{{ auth_password }}"
-{% if name_server -%}
-usepeerdns
-{% endif %}
-{% if ipv6_enable -%}
-+ipv6
-ipv6cp-use-ipaddr
-{% endif %}
-{% if service_name -%}
-rp_pppoe_service "{{ service_name }}"
-{% endif %}
-{% if on_demand %}
-demand
-{% endif %}
+### Autogenerated by interfaces-pppoe.py ### + +{% if description %} +# {{ description }} +{% endif %} + +# Require peer to provide the local IP address if it is not +# specified explicitly in the config file. +noipdefault + +# Don't show the password in logfiles: +hide-password + +# Standard Link Control Protocol (LCP) parameters: +lcp-echo-interval 20 +lcp-echo-failure 3 + +# RFC 2516, paragraph 7 mandates that the following options MUST NOT be +# requested and MUST be rejected if requested by the peer: +# Address-and-Control-Field-Compression (ACFC) +noaccomp + +# Asynchronous-Control-Character-Map (ACCM) +default-asyncmap + +# Override any connect script that may have been set in /etc/ppp/options. +connect /bin/true + +# Don't try to authenticate the remote node +noauth + +# Don't try to proxy ARP for the remote endpoint. User can set proxy +# arp entries up manually if they wish. More importantly, having +# the "proxyarp" parameter set disables the "defaultroute" option. +noproxyarp + +# Unlimited connection attempts +maxfail 0 + +plugin rp-pppoe.so +{{ source_interface }} +persist +ifname {{ intf }} +ipparam {{ intf }} +debug +logfile {{ logfile }} +mtu {{ mtu }} +mru {{ mtu }} +user "{{ auth_username }}" +password "{{ auth_password }}" +{% if name_server -%} +usepeerdns +{% endif %} +{% if ipv6_enable -%} ++ipv6 +ipv6cp-use-ipaddr +{% endif %} +{% if service_name -%} +rp_pppoe_service "{{ service_name }}" +{% endif %} +{% if on_demand %} +demand +{% endif %} diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index 66f7ed5fd..3b79795d7 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -168,9 +168,12 @@ def generate(pppoe): intf = pppoe['intf'] config_pppoe = f'/etc/ppp/peers/{intf}' script_pppoe_pre_up = f'/etc/ppp/ip-up.d/1000-vyos-pppoe-{intf}' - script_pppoe_ipv6_up = f'/etc/ppp/ipv6-up.d/1000-vyos-pppoe-autoconf-{intf}' + script_pppoe_ip_up = f'/etc/ppp/ip-up.d/1000-vyos-pppoe-{intf}' + script_pppoe_ip_down = f'/etc/ppp/ip-down.d/1000-vyos-pppoe-{intf}' + script_pppoe_ipv6_up = f'/etc/ppp/ipv6-up.d/1000-vyos-pppoe-{intf}' - config_files = [config_pppoe, script_pppoe_pre_up, script_pppoe_ipv6_up] + config_files = [config_pppoe, script_pppoe_pre_up, script_pppoe_ip_up, + script_pppoe_ip_down, script_pppoe_ipv6_up] # Ensure directories for config files exist - otherwise create them on demand for file in config_files: @@ -201,6 +204,18 @@ def generate(pppoe): with open(script_pppoe_pre_up, 'w') as f: f.write(config_text) + # Create script for ip-up.d + tmpl = env.get_template('ip-up.script.tmpl') + config_text = tmpl.render(pppoe) + with open(script_pppoe_ip_up, 'w') as f: + f.write(config_text) + + # Create script for ip-down.d + tmpl = env.get_template('ip-down.script.tmpl') + config_text = tmpl.render(pppoe) + with open(script_pppoe_ip_down, 'w') as f: + f.write(config_text) + # Create script for ipv6-up.d tmpl = env.get_template('ipv6-up.script.tmpl') config_text = tmpl.render(pppoe) @@ -209,6 +224,8 @@ def generate(pppoe): # make generated script file executable chmod_x_file(script_pppoe_pre_up) + chmod_x_file(script_pppoe_ip_up) + chmod_x_file(script_pppoe_ip_down) chmod_x_file(script_pppoe_ipv6_up) return None |