From f6da0e89992e82a0650cd9488aeb65f53ffa1977 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Wed, 8 Feb 2023 18:05:36 +0000 Subject: T1993: PPPoE-server add section shaper and fwmark option Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223' --- data/templates/accel-ppp/config_shaper_radius.j2 | 12 +++++++++--- .../include/accel-ppp/shaper.xml.i | 21 +++++++++++++++++++++ interface-definitions/service-pppoe-server.xml.in | 1 + 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 interface-definitions/include/accel-ppp/shaper.xml.i diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2 index 942cdf132..0cf6a6a92 100644 --- a/data/templates/accel-ppp/config_shaper_radius.j2 +++ b/data/templates/accel-ppp/config_shaper_radius.j2 @@ -1,7 +1,7 @@ -{% if authentication.mode is vyos_defined('radius') %} -{% if authentication.radius.rate_limit.enable is vyos_defined %} +{% if authentication.mode is vyos_defined('radius') or shaper is vyos_defined %} [shaper] verbose=1 +{% if authentication.radius.rate_limit.enable is vyos_defined %} attr={{ authentication.radius.rate_limit.attribute }} {% if authentication.radius.rate_limit.vendor is vyos_defined %} vendor={{ authentication.radius.rate_limit.vendor }} @@ -10,4 +10,10 @@ vendor={{ authentication.radius.rate_limit.vendor }} rate-multiplier={{ authentication.radius.rate_limit.multiplier }} {% endif %} {% endif %} -{% endif %} +{% if shaper is vyos_defined %} +{% if shaper.fwmark is vyos_defined %} +fwmark={{ shaper.fwmark }} +down-limiter=htb +{% endif %} +{% endif %} +{% endif %} \ No newline at end of file diff --git a/interface-definitions/include/accel-ppp/shaper.xml.i b/interface-definitions/include/accel-ppp/shaper.xml.i new file mode 100644 index 000000000..b4f9536d2 --- /dev/null +++ b/interface-definitions/include/accel-ppp/shaper.xml.i @@ -0,0 +1,21 @@ + + + + Traffic shaper bandwidth parameters + + + + + Firewall mark value for traffic that excludes from shaping + + u32:1-2147483647 + Match firewall mark value + + + + + + + + + diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in index db8522287..65e0f41c4 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service-pppoe-server.xml.in @@ -227,6 +227,7 @@ replace + #include Enable SNMP -- cgit v1.2.3 From 3f4aee7a34463594b8b3164f472dc4ff35eac322 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Thu, 9 Feb 2023 09:27:38 +0000 Subject: T1993: Extend smoketest for fwmark shaper check --- smoketest/scripts/cli/test_service_pppoe-server.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py index 7546c2e3d..0b442067c 100755 --- a/smoketest/scripts/cli/test_service_pppoe-server.py +++ b/smoketest/scripts/cli/test_service_pppoe-server.py @@ -143,6 +143,9 @@ class TestServicePPPoEServer(BasicAccelPPPTest.TestCase): self.basic_config() subnet = '172.18.0.0/24' + fwmark = '223' + limiter = 'htb' + self.set(['client-ip-pool', 'subnet', subnet]) start = '192.0.2.10' @@ -151,6 +154,7 @@ class TestServicePPPoEServer(BasicAccelPPPTest.TestCase): start_stop = f'{start}-{stop_octet}' self.set(['client-ip-pool', 'start', start]) self.set(['client-ip-pool', 'stop', stop]) + self.set(['shaper', 'fwmark', fwmark]) # commit changes self.cli_commit() @@ -163,6 +167,8 @@ class TestServicePPPoEServer(BasicAccelPPPTest.TestCase): self.assertEqual(conf['ip-pool'][subnet], None) self.assertEqual(conf['ip-pool'][start_stop], None) self.assertEqual(conf['ip-pool']['gw-ip-address'], self._gateway) + self.assertEqual(conf['shaper']['fwmark'], fwmark) + self.assertEqual(conf['shaper']['down-limiter'], limiter) def test_pppoe_server_client_ipv6_pool(self): -- cgit v1.2.3