From c1dd6401478306257cb62f4809ed087781c245ce Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 15 Dec 2019 16:59:23 +0100 Subject: dynamic-dns: T1879: extend valueHelp strings (cherry picked from commit 6b7453ea7d2b17e3988895e4fd8a5e8b634a8f90) --- interface-definitions/dns-dynamic.xml | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/dns-dynamic.xml b/interface-definitions/dns-dynamic.xml index 8e7e77475..e6b9bc318 100644 --- a/interface-definitions/dns-dynamic.xml +++ b/interface-definitions/dns-dynamic.xml @@ -78,47 +78,47 @@ afraid - + afraid.org Services changeip - + changeip.com Services cloudflare - + cloudflare.com Services dnspark - + dnspark.com Services dslreports - + dslreports.com Services dyndns - + dyndns.com Services easydns - + easydns.com Services namecheap - + namecheap.com Services noip - + noip.com Services sitelutions - + sitelutions.com Services zoneedit - + zoneedit.com Services @@ -147,43 +147,43 @@ changeip - + changeip protocol cloudflare - + cloudflare protocol dnspark - + dnspark protocol dslreports1 - + dslreports1 protocol dyndns2 - + dyndns2 protocol easydns - + easydns protocol namecheap - + namecheap protocol noip - + noip protocol sitelutions - + sitelutions protocol zoneedit1 - + zoneedit1 protocol -- cgit v1.2.3 From afdee28b8227eb21494c3dddddbe95045c4df91d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 15 Dec 2019 17:00:12 +0100 Subject: dynamic-dns: T1879: extend XML validators (cherry picked from commit 47c368136342f235765e1a0b611f0783a73ce299) --- interface-definitions/dns-dynamic.xml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/dns-dynamic.xml b/interface-definitions/dns-dynamic.xml index e6b9bc318..725ebadac 100644 --- a/interface-definitions/dns-dynamic.xml +++ b/interface-definitions/dns-dynamic.xml @@ -120,6 +120,10 @@ zoneedit zoneedit.com Services + + (custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit) + + Please choose from the list of allowed services @@ -141,10 +145,9 @@ ddclient protocol used for DDNS service [REQUIRED FOR CUSTOM] - - protocol - ddclient protocol - + + changeip cloudflare dnspark dslreports1 dyndns2 easydns namecheap noip sitelutions zoneedit1 + changeip changeip protocol @@ -185,6 +188,10 @@ zoneedit1 zoneedit1 protocol + + (changeip|cloudflare|dnspark|dslreports1|dyndns2|easydns|namecheap|noip|sitelutions|zoneedit1) + + Please choose from the list of allowed protocols -- cgit v1.2.3 From e679b7827f3e3ddbb03dcdd8f49835520c21c438 Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 18 Apr 2019 11:28:47 -0700 Subject: [pppoe-server] T1341 - Adding rate-limiter for pppoe server users - implementation for locally definied users (cherry picked from commit c1dc93391b9ec1785ab648fa7685521c85774d28) --- interface-definitions/pppoe-server.xml | 23 +++++++++++++++++++++++ src/conf_mode/accel_pppoe.py | 30 ++++++++++++++++++++++++------ 2 files changed, 47 insertions(+), 6 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index ad4522679..65f2e8ccd 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -60,6 +60,29 @@ Static client IP address + + + Upload/Download speed limits + + + + + Upload bandwidth limit in bits/sec + + + + + + + + Download bandwidth limit in bits/sec + + + + + + + diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index fb40b5c54..6ef959806 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -245,11 +245,16 @@ tcp=127.0.0.1:2001 ### pppoe chap secrets chap_secrets_conf = ''' -# username server password acceptable local IP addresses +# username server password acceptable local IP addresses shaper {% for user in authentication['local-users'] %} {% if authentication['local-users'][user]['state'] == 'enabled' %} +{% if (authentication['local-users'][user]['upload']) and (authentication['local-users'][user]['download']) %} +{{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}}\t\ +{{authentication['local-users'][user]['download']}}/{{authentication['local-users'][user]['upload']}} +{% else %} {{user}}\t*\t{{authentication['local-users'][user]['passwd']}}\t{{authentication['local-users'][user]['ip']}} {% endif %} +{% endif %} {% endfor %} ''' ### @@ -389,9 +394,11 @@ def get_config(): config_data['authentication']['local-users'].update( { usr : { - 'passwd' : '', - 'state' : 'enabled', - 'ip' : '*' + 'passwd' : None, + 'state' : 'enabled', + 'ip' : '*', + 'upload' : None, + 'download' : None } } ) @@ -401,7 +408,11 @@ def get_config(): config_data['authentication']['local-users'][usr]['state'] = 'disable' if c.exists('authentication local-users username ' + usr + ' static-ip'): config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') - + if c.exists('authentication local-users username ' + usr + ' rate-limit download'): + config_data['authentication']['local-users'][usr]['download'] = c.return_value('authentication local-users username ' + usr + ' rate-limit download') + if c.exists('authentication local-users username ' + usr + ' rate-limit upload'): + config_data['authentication']['local-users'][usr]['upload'] = c.return_value('authentication local-users username ' + usr + ' rate-limit upload') + ### authentication mode radius servers and settings if c.exists('authentication mode radius'): @@ -496,10 +507,17 @@ def verify(c): if c['authentication']['mode'] == 'local': if not c['authentication']['local-users']: raise ConfigError('pppoe-server authentication local-users required') - + for usr in c['authentication']['local-users']: if not c['authentication']['local-users'][usr]['passwd']: raise ConfigError('user ' + usr + ' requires a password') + ### if up/download is set, check that both have a value + if c['authentication']['local-users'][usr]['upload']: + if not c['authentication']['local-users'][usr]['download']: + raise ConfigError('user ' + usr + ' requires download speed value') + if c['authentication']['local-users'][usr]['download']: + if not c['authentication']['local-users'][usr]['upload']: + raise ConfigError('user ' + usr + ' requires upload speed value') if c['authentication']['mode'] == 'radius': if len(c['authentication']['radiussrv']) == 0: -- cgit v1.2.3 From 99ebe3e0c2bf362f9746361b922574b2e3c5eb9f Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 18 Apr 2019 13:54:07 -0700 Subject: [pppoe-server] T1341 - Adding rate-limiter for pppoe server users - RADIUS shaper settings (cherry picked from commit d4556b31e920197e1c58febb8d87a1765bfea81f) --- interface-definitions/pppoe-server.xml | 38 ++++++++-------- src/conf_mode/accel_pppoe.py | 81 ++++++++++++++++++++-------------- 2 files changed, 67 insertions(+), 52 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 65f2e8ccd..4cbfce8c0 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -184,6 +184,24 @@ + + + Upload/Download speed limits + + + + + Specifies which radius attribute contains rate information. (default is Filter-ID) + + + + + Enables Bandwidth shaping via RADIUS + + + + + @@ -221,7 +239,6 @@ - Pool of client IPv6 addresses @@ -366,25 +383,6 @@ - - - RADIUS settings - - - - - Default interim accounting interval - - text - Use local username/password configuration - - - - - - - - Service name diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 6ef959806..376696697 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -76,7 +76,7 @@ level=5 {% if snmp == 'enable-ma' %} [snmp] master=1 -{% endif %} +{% endif -%} [client-ip-range] disable @@ -101,24 +101,24 @@ gw-ip-address={{ppp_gw}} {% for prfx in client_ipv6_pool['delegate-prefix']: %} delegate={{prfx}} {% endfor %} -{% endif %} +{% endif -%} {% if dns %} [dns] {% if dns[0] %} dns1={{dns[0]}} -{% endif %} +{% endif -%} {% if dns[1] %} dns2={{dns[1]}} -{% endif %} -{% endif %} +{% endif -%} +{% endif -%} {% if dnsv6 %} [dnsv6] {% for srv in dnsv6: %} dns={{srv}} {% endfor %} -{% endif %} +{% endif -%} {% if wins %} [wins] @@ -127,13 +127,13 @@ wins1={{wins[0]}} {% endif %} {% if wins[1] %} wins2={{wins[1]}} -{% endif %} -{% endif %} +{% endif -%} +{% endif -%} {% if authentication['mode'] == 'local' %} [chap-secrets] chap-secrets=/etc/accel-ppp/pppoe/chap-secrets -{% endif %} +{% endif -%} {% if authentication['mode'] == 'radius' %} [radius] @@ -156,14 +156,20 @@ nas-identifier={{authentication['radiusopt']['nas-id']}} {% endif %} {% if authentication['radiusopt']['nas-ip'] %} nas-ip-address={{authentication['radiusopt']['nas-ip']}} -{% endif %} +{% endif -%} {% if authentication['radiusopt']['dae-srv'] %} dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\ {{authentication['radiusopt']['dae-srv']['port']}},\ {{authentication['radiusopt']['dae-srv']['secret']}} -{% endif %} +{% endif -%} gw-ip-address={{ppp_gw}} verbose=1 + +{% if authentication['radiusopt']['shaper'] %} +[shaper] +verbose=1 +attr={{authentication['radiusopt']['shaper']['attr']}} +{% endif -%} {% endif %} [ppp] @@ -437,28 +443,39 @@ def get_config(): } ) - #### advanced radius-setting - if c.exists('authentication radius-settings'): - if c.exists('authentication radius-settings acct-timeout'): - config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout') - if c.exists('authentication radius-settings max-try'): - config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try') - if c.exists('authentication radius-settings timeout'): - config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout') - if c.exists('authentication radius-settings nas-identifier'): - config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier') - if c.exists('authentication radius-settings nas-ip-address'): - config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address') - if c.exists('authentication radius-settings dae-server'): - config_data['authentication']['radiusopt'].update( - { - 'dae-srv' : { - 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'), - 'port' : c.return_value('authentication radius-settings dae-server port'), - 'secret' : str(c.return_value('authentication radius-settings dae-server secret')) - } + #### advanced radius-setting + if c.exists('authentication radius-settings'): + if c.exists('authentication radius-settings acct-timeout'): + config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout') + if c.exists('authentication radius-settings max-try'): + config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try') + if c.exists('authentication radius-settings timeout'): + config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout') + if c.exists('authentication radius-settings nas-identifier'): + config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier') + if c.exists('authentication radius-settings nas-ip-address'): + config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address') + if c.exists('authentication radius-settings dae-server'): + config_data['authentication']['radiusopt'].update( + { + 'dae-srv' : { + 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'), + 'port' : c.return_value('authentication radius-settings dae-server port'), + 'secret' : str(c.return_value('authentication radius-settings dae-server secret')) } - ) + } + ) + #### filter-id is the internal accel default if attribute is empty + #### set here as default for visibility which may change in the future + if c.exists('authentication radius-settings rate-limit enable'): + if not c.exists('authentication radius-settings rate-limit attribute'): + config_data['authentication']['radiusopt']['shaper'] = { + 'attr' : 'Filter-ID' + } + else: + config_data['authentication']['radiusopt']['shaper'] = { + 'attr' : c.return_value('authentication radius-settings rate-limit attribute') + } if c.exists('mtu'): config_data['mtu'] = c.return_value('mtu') -- cgit v1.2.3 From c7ff494723846e87928393832f576881316eef9f Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 18 Apr 2019 15:24:01 -0700 Subject: [pppoe-server] - typo corrected (cherry picked from commit 87ddd50f55cd80873e295d66803ceb072de6fd74) --- interface-definitions/pppoe-server.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 4cbfce8c0..212688d8c 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -67,7 +67,7 @@ - Upload bandwidth limit in bits/sec + Upload bandwidth limit in kbits/sec @@ -75,7 +75,7 @@ - Download bandwidth limit in bits/sec + Download bandwidth limit in kbits/sec -- cgit v1.2.3 From d1b12cf8bbe964e9cdb6c0e60fe74d5c410d448c Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 23 Apr 2019 09:38:17 -0700 Subject: [pppoe-server] - fixed default RADIUS attribute Filter-Id (cherry picked from commit 2cd0498f50296d5d9e80b6acafb63dd3d45fb5cd) --- interface-definitions/pppoe-server.xml | 2 +- src/conf_mode/accel_pppoe.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 212688d8c..1190cd9ff 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -191,7 +191,7 @@ - Specifies which radius attribute contains rate information. (default is Filter-ID) + Specifies which radius attribute contains rate information. (default is Filter-Id) diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 376696697..3b3bf8cac 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -470,7 +470,7 @@ def get_config(): if c.exists('authentication radius-settings rate-limit enable'): if not c.exists('authentication radius-settings rate-limit attribute'): config_data['authentication']['radiusopt']['shaper'] = { - 'attr' : 'Filter-ID' + 'attr' : 'Filter-Id' } else: config_data['authentication']['radiusopt']['shaper'] = { -- cgit v1.2.3 From caec7a022a5760cac1bf67499e77c3028571d510 Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 18 Jun 2019 15:07:41 -0700 Subject: [pppoe-server] T1452 - add vendor option to shaper (cherry picked from commit 85c9e0200a4619f0388b7fd7ba9a03f4be933ef5) --- interface-definitions/pppoe-server.xml | 5 +++++ src/conf_mode/accel_pppoe.py | 6 ++++++ 2 files changed, 11 insertions(+) (limited to 'interface-definitions') diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 1190cd9ff..18b0e649c 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -194,6 +194,11 @@ Specifies which radius attribute contains rate information. (default is Filter-Id) + + + Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) + + Enables Bandwidth shaping via RADIUS diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 3b3bf8cac..97e3723f0 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -169,6 +169,9 @@ verbose=1 [shaper] verbose=1 attr={{authentication['radiusopt']['shaper']['attr']}} +{% if authentication['radiusopt']['shaper']['vendor'] %} +vendor={{authentication['radiusopt']['shaper']['vendor']}} +{% endif -%} {% endif -%} {% endif %} @@ -476,6 +479,9 @@ def get_config(): config_data['authentication']['radiusopt']['shaper'] = { 'attr' : c.return_value('authentication radius-settings rate-limit attribute') } + if c.exists('authentication radius-settings rate-limit vendor'): + config_data['authentication']['radiusopt']['shaper']['vendor'] = c.return_value('authentication radius-settings rate-limit vendor') + if c.exists('mtu'): config_data['mtu'] = c.return_value('mtu') -- cgit v1.2.3 From ebfd8e5e6ef64f86291b28ad08225fb497c32655 Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 16 Jan 2020 08:38:44 -0800 Subject: snmpd: T1964: forbid whitespace in script extension identifier (cherry picked from commit 742da889afa4375d5b6cb98dada7f2d3ec2f0326) --- interface-definitions/snmp.xml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/snmp.xml b/interface-definitions/snmp.xml index 821d1367d..fcc733c6c 100644 --- a/interface-definitions/snmp.xml +++ b/interface-definitions/snmp.xml @@ -585,16 +585,24 @@ Extension name + + ^[a-z0-9\.\-\_]+ + + Script extension contains invalid characters - - Script location and name - - - - - + + Script location and name + + + + + ^[a-z0-9\.\-\_\/]+ + + Script extension contains invalid characters + + -- cgit v1.2.3