summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-04-18 13:54:07 -0700
committerJohn Estabrook <jestabro@sentrium.io>2020-01-16 11:40:29 -0600
commit99ebe3e0c2bf362f9746361b922574b2e3c5eb9f (patch)
treea70da77906a5865e78cdbc2c247403e57e0e11d5
parente679b7827f3e3ddbb03dcdd8f49835520c21c438 (diff)
downloadvyos-1x-99ebe3e0c2bf362f9746361b922574b2e3c5eb9f.tar.gz
vyos-1x-99ebe3e0c2bf362f9746361b922574b2e3c5eb9f.zip
[pppoe-server] T1341 - Adding rate-limiter for pppoe server users
- RADIUS shaper settings (cherry picked from commit d4556b31e920197e1c58febb8d87a1765bfea81f)
-rw-r--r--interface-definitions/pppoe-server.xml38
-rwxr-xr-xsrc/conf_mode/accel_pppoe.py81
2 files changed, 67 insertions, 52 deletions
diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml
index 65f2e8ccd..4cbfce8c0 100644
--- a/interface-definitions/pppoe-server.xml
+++ b/interface-definitions/pppoe-server.xml
@@ -184,6 +184,24 @@
</leafNode>
</children>
</node>
+ <node name="rate-limit">
+ <properties>
+ <help>Upload/Download speed limits</help>
+ </properties>
+ <children>
+ <leafNode name="attribute">
+ <properties>
+ <help>Specifies which radius attribute contains rate information. (default is Filter-ID)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="enable">
+ <properties>
+ <help>Enables Bandwidth shaping via RADIUS</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
</children>
@@ -221,7 +239,6 @@
</leafNode>
</children>
</node>
-
<node name="client-ipv6-pool">
<properties>
<help>Pool of client IPv6 addresses</help>
@@ -366,25 +383,6 @@
</leafNode>
</children>
</node>
- <node name="radius">
- <properties>
- <help>RADIUS settings</help>
- </properties>
- <children>
- <leafNode name="default-interim-interval">
- <properties>
- <help>Default interim accounting interval</help>
- <valueHelp>
- <format>text</format>
- <description>Use local username/password configuration</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 60-10000000"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
<leafNode name="service-name">
<properties>
<help>Service name</help>
diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py
index 6ef959806..376696697 100755
--- a/src/conf_mode/accel_pppoe.py
+++ b/src/conf_mode/accel_pppoe.py
@@ -76,7 +76,7 @@ level=5
{% if snmp == 'enable-ma' %}
[snmp]
master=1
-{% endif %}
+{% endif -%}
[client-ip-range]
disable
@@ -101,24 +101,24 @@ gw-ip-address={{ppp_gw}}
{% for prfx in client_ipv6_pool['delegate-prefix']: %}
delegate={{prfx}}
{% endfor %}
-{% endif %}
+{% endif -%}
{% if dns %}
[dns]
{% if dns[0] %}
dns1={{dns[0]}}
-{% endif %}
+{% endif -%}
{% if dns[1] %}
dns2={{dns[1]}}
-{% endif %}
-{% endif %}
+{% endif -%}
+{% endif -%}
{% if dnsv6 %}
[dnsv6]
{% for srv in dnsv6: %}
dns={{srv}}
{% endfor %}
-{% endif %}
+{% endif -%}
{% if wins %}
[wins]
@@ -127,13 +127,13 @@ wins1={{wins[0]}}
{% endif %}
{% if wins[1] %}
wins2={{wins[1]}}
-{% endif %}
-{% endif %}
+{% endif -%}
+{% endif -%}
{% if authentication['mode'] == 'local' %}
[chap-secrets]
chap-secrets=/etc/accel-ppp/pppoe/chap-secrets
-{% endif %}
+{% endif -%}
{% if authentication['mode'] == 'radius' %}
[radius]
@@ -156,14 +156,20 @@ nas-identifier={{authentication['radiusopt']['nas-id']}}
{% endif %}
{% if authentication['radiusopt']['nas-ip'] %}
nas-ip-address={{authentication['radiusopt']['nas-ip']}}
-{% endif %}
+{% endif -%}
{% if authentication['radiusopt']['dae-srv'] %}
dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\
{{authentication['radiusopt']['dae-srv']['port']}},\
{{authentication['radiusopt']['dae-srv']['secret']}}
-{% endif %}
+{% endif -%}
gw-ip-address={{ppp_gw}}
verbose=1
+
+{% if authentication['radiusopt']['shaper'] %}
+[shaper]
+verbose=1
+attr={{authentication['radiusopt']['shaper']['attr']}}
+{% endif -%}
{% endif %}
[ppp]
@@ -437,28 +443,39 @@ def get_config():
}
)
- #### advanced radius-setting
- if c.exists('authentication radius-settings'):
- if c.exists('authentication radius-settings acct-timeout'):
- config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
- if c.exists('authentication radius-settings max-try'):
- config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try')
- if c.exists('authentication radius-settings timeout'):
- config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout')
- if c.exists('authentication radius-settings nas-identifier'):
- config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier')
- if c.exists('authentication radius-settings nas-ip-address'):
- config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address')
- if c.exists('authentication radius-settings dae-server'):
- config_data['authentication']['radiusopt'].update(
- {
- 'dae-srv' : {
- 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'),
- 'port' : c.return_value('authentication radius-settings dae-server port'),
- 'secret' : str(c.return_value('authentication radius-settings dae-server secret'))
- }
+ #### advanced radius-setting
+ if c.exists('authentication radius-settings'):
+ if c.exists('authentication radius-settings acct-timeout'):
+ config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
+ if c.exists('authentication radius-settings max-try'):
+ config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try')
+ if c.exists('authentication radius-settings timeout'):
+ config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout')
+ if c.exists('authentication radius-settings nas-identifier'):
+ config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier')
+ if c.exists('authentication radius-settings nas-ip-address'):
+ config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address')
+ if c.exists('authentication radius-settings dae-server'):
+ config_data['authentication']['radiusopt'].update(
+ {
+ 'dae-srv' : {
+ 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'),
+ 'port' : c.return_value('authentication radius-settings dae-server port'),
+ 'secret' : str(c.return_value('authentication radius-settings dae-server secret'))
}
- )
+ }
+ )
+ #### filter-id is the internal accel default if attribute is empty
+ #### set here as default for visibility which may change in the future
+ if c.exists('authentication radius-settings rate-limit enable'):
+ if not c.exists('authentication radius-settings rate-limit attribute'):
+ config_data['authentication']['radiusopt']['shaper'] = {
+ 'attr' : 'Filter-ID'
+ }
+ else:
+ config_data['authentication']['radiusopt']['shaper'] = {
+ 'attr' : c.return_value('authentication radius-settings rate-limit attribute')
+ }
if c.exists('mtu'):
config_data['mtu'] = c.return_value('mtu')