From 93c9199589cca87321f1f0577d16099dbe78842b Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Wed, 14 Nov 2018 10:47:36 -0800
Subject: T835: accel-ppp pppoe implemetaion

  - ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs
  - snmp subagent and master mode
  - connlimits configurable
  - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.)
  - radius extended options (for HA etc.)
---
 interface-definitions/pppoe-server.xml | 347 ++++++++++++++++++++++++++++++++-
 1 file changed, 344 insertions(+), 3 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml
index 543ff1663..510bfeb3b 100644
--- a/interface-definitions/pppoe-server.xml
+++ b/interface-definitions/pppoe-server.xml
@@ -8,6 +8,19 @@
           <priority>900</priority>
         </properties>
         <children>
+          <node name="snmp">
+            <properties>
+              <help>Enable SNMP</help>
+            </properties>
+            <children>
+              <leafNode name="master-agent">
+                <properties>
+                  <help>enable SNMP master agent mode</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <leafNode name="access-concentrator">
             <properties>
               <help>Access concentrator name</help>
@@ -76,13 +89,77 @@
                   </valueHelp>
                 </properties>
                 <children>
-                  <leafNode name="key">
+                  <leafNode name="secret">
                     <properties>
                       <help>Key for accessing the specified server</help>
                     </properties>
                   </leafNode>
+                  <leafNode name="req-limit">
+                    <properties>
+                      <help>maximum number of simultaneous requests to server (default: unlimited)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="fail-time">
+                    <properties>
+                      <help>if server doesn't responds mark it as unavailable for this amount of time in seconds</help>
+                    </properties>
+                  </leafNode>
                 </children>
               </tagNode>
+              <node name="radius-settings">
+                <properties>
+                  <help>radius settings</help>
+                </properties>
+                <children>
+                  <leafNode name="timeout">
+                    <properties>
+                      <help>timeout to wait response from server (sec)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="acct-timeout">
+                    <properties>
+                      <help>timeout to wait reply for Interim-Update packets. (default 3 sec)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="max-try">
+                    <properties>
+                      <help>maximum number of tries to send Access-Request/Accounting-Request queries</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="nas-identifier">
+                    <properties>
+                      <help>value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="nas-ip-address">
+                    <properties>
+                      <help>value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
+                    </properties>
+                  </leafNode>
+                  <node name="dae-server">
+                    <properties>
+                      <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+                    </properties>
+                    <children>
+                      <leafNode name="ip-address">
+                        <properties>
+                          <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="port">
+                        <properties>
+                          <help>port for Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="secret">
+                        <properties>
+                          <help>secret for Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                </children>
+              </node>
             </children>
           </node>
           <node name="client-ip-pool">
@@ -108,14 +185,38 @@
               </leafNode>
             </children>
           </node>
+
+          <node name="client-ipv6-pool">
+            <properties>
+              <help>pool of client IP space</help>
+            </properties>
+            <children>
+              <leafNode name="prefix">
+                <properties>
+                  <help>format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help>
+                  <multi />
+                </properties>
+              </leafNode>
+              <leafNode name="delegate-prefix">
+                <properties>
+                  <help>format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633)</help>
+                  <multi />
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <node name="dns-servers">
             <properties>
-              <help>Domain Name Service (DNS) server</help>
+              <help>IPv4 Domain Name Service (DNS) server</help>
             </properties>
             <children>
             <leafNode name="server-1">
               <properties>
                 <help>Primary DNS server</help>
+                <valueHelp>
+                  <format>ipv4</format>
+                  <description>IPv4 address</description>
+                </valueHelp>
                 <constraint>
                   <validator name="ipv4-address"/>
                 </constraint>
@@ -124,6 +225,10 @@
             <leafNode name="server-2">
               <properties>
                 <help>Secondary DNS server</help>
+                <valueHelp>
+                  <format>ipv4</format>
+                  <description>IPv4 address</description>
+                </valueHelp>
                 <constraint>
                   <validator name="ipv4-address"/>
                 </constraint>
@@ -131,6 +236,49 @@
             </leafNode>
             </children>
           </node> 
+           <node name="dnsv6-servers">
+            <properties>
+              <help>IPv6 Domain Name Service (DNS) server</help>
+            </properties>
+            <children>
+              <leafNode name="server-1">
+                <properties>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address</description>
+                  </valueHelp>
+                  <help>Primary DNS server</help>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="server-2">
+                <properties>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address</description>
+                  </valueHelp>
+                  <help>Secondary DNS server</help>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="server-3">
+                <properties>
+                  <valueHelp>
+                    <format>ipv6</format>
+                  <description>IPv6 address</description>
+                  </valueHelp>
+                  <help>Tertiary DNS server</help>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <leafNode name="interface">
             <properties>
               <help>interface(s) to listen on</help>
@@ -150,12 +298,38 @@
           </leafNode>
           <leafNode name="mtu">
             <properties>
-              <help>Maximum Transmission Unit (MTU) - default 1440</help>
+              <help>Maximum Transmission Unit (MTU) - default 1492</help>
               <constraint>
               <validator name="numeric" argument="--range 128-16384"/>
               </constraint>
             </properties>
           </leafNode>
+          <node name="limits">
+            <properties>
+              <help>limits the connection rate from a single source</help>
+            </properties>
+            <children>
+              <leafNode name="connection-limit">
+                <properties>
+                  <help>acceptable rate of connections (e.g. 1/min, 60/sec)</help>
+                  <constraint>
+                    <regex>^[0-9]+\/(min|sec)$</regex>
+                  </constraint>
+                  <constraintErrorMessage>illegal value</constraintErrorMessage>
+                </properties>
+              </leafNode>
+              <leafNode name="burst">
+                <properties>
+                  <help>burst count</help>
+                </properties>
+              </leafNode>
+              <leafNode name="timeout">
+                <properties>
+                  <help>timeout in seconds</help>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <node name="radius">
             <properties>
               <help>RADIUS settings</help>
@@ -207,6 +381,173 @@
               </leafNode>
             </children>
           </node>
+          <node name="ppp-options">
+            <children>
+              <leafNode name="min-mtu">
+                <properties>
+                  <help>minimum acceptable MTU (68-65535)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 68-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="mru">
+                <properties>
+                  <help>preferred MRU (68-65535)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 68-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="ccp">
+                <properties>
+                  <help>ccp negotiation (default disabled)</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+              <node name="mppe">
+                <properties>
+                  <help>specifies mppe negotiation preference. (default prefer mppe)</help>
+                </properties>
+                <children>
+                  <leafNode name="require">
+                    <properties>
+                      <help>ask client for mppe, if it rejects drop connection</help>
+                      <valueless />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="prefer">
+                    <properties>
+                      <help>ask client for mppe, if it rejects don't fail</help>
+                      <valueless />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="deny">
+                    <properties>
+                      <help>deny mppe</help>
+                      <valueless />
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="lcp-echo-interval">
+                <properties>
+                  <help>lcp echo-requests/sec</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="lcp-echo-failure">
+                <properties>
+                  <help>maximum number of Echo-Requests may be sent without valid reply</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="lcp-echo-timeout">
+                <properties>
+                  <help>timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv4">
+                <properties>
+                  <help>specify IPv4 (IPCP) negotiation algorithm</help>
+                  <constraint>
+                    <regex>^(deny|allow|prefer|require)</regex>
+                  </constraint>
+                  <constraintErrorMessage>invalid value</constraintErrorMessage>
+                  <valueHelp>
+                    <format>deny</format>
+                    <description>don't negotiate IPv4</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>allow</format>
+                    <description>negotiate IPv4 only if client requests</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>prefer</format>
+                    <description>ask client for IPv4 negotiation, don't fail if he rejects</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>require</format>
+                    <description>require IPv4 negotiation</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6">
+                <properties>
+                  <help>specify IPv6 (IPCP6) negotiation algorithm</help>
+                  <constraint>
+                    <regex>^(deny|allow|prefer|require)</regex>
+                  </constraint>
+                  <constraintErrorMessage>invalid value</constraintErrorMessage>
+                  <valueHelp>
+                    <format>deny</format>
+                    <description>don't negotiate IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>allow</format>
+                    <description>negotiate IPv6 only if client requests</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>prefer</format>
+                    <description>ask client for IPv6 negotiation, don't fail if he rejects</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>require</format>
+                    <description>require IPv6 negotiation</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6-intf-id">
+                <properties>
+                  <help>Specify fixed or random interface identifier for IPv6</help>
+                  <valueHelp>
+                    <format>random</format>
+                    <description>specify random interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>x:x:x:x</format>
+                    <description>specify interface identifier for IPv6</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6-peer-intf-id">
+                <properties>
+                  <help>specify peer interface identifier for IPv6</help>
+                  <valueHelp>
+                    <format>x:x:x:x</format>
+                    <description>specify interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>random</format>
+                    <description>specify a random interface identifier for IPv6</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>calling-sid</format>
+                    <description>calculate interface identifier from calling-station-Id</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="ipv6-accept-peer-intf-id">
+                <properties>
+                  <help>accept peer's interface identifier</help>
+                  <valueless /> 
+                </properties>
+              </leafNode>
+
+
+            </children>
+          </node>
         </children>
       </node>
     </children>
-- 
cgit v1.2.3


From 439d86aa55c7eed9619391ecec04bc1fbd5f9323 Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Wed, 14 Nov 2018 16:24:27 -0800
Subject: Fixes: T940 adding immark to syslog options

---
 interface-definitions/syslog.xml | 15 +++++++++++++++
 src/conf_mode/syslog.py          | 20 ++++++++++++++------
 2 files changed, 29 insertions(+), 6 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml
index aafa91b55..a1479128c 100644
--- a/interface-definitions/syslog.xml
+++ b/interface-definitions/syslog.xml
@@ -520,6 +520,21 @@
                   </leafNode>
                 </children>
               </tagNode>
+              <node name="marker">
+                <properties>
+                  <help>mark messages sent to syslog</help>
+                </properties>
+                <children>
+                  <leafNode name="interval">
+                    <properties>
+                      <help>time interval how often a mark message is being sent in seconds (default: 1200)</help>
+                      <constraint>
+                        <validator name="numeric" argument="--positive"/>
+                      </constraint> 
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
             </children>
           </node>
           <tagNode name="file">
diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py
index f652cf3d0..f8f8d9457 100755
--- a/src/conf_mode/syslog.py
+++ b/src/conf_mode/syslog.py
@@ -30,6 +30,12 @@ from vyos import ConfigError
 configs = '''
 ## generated by syslog.py ##
 ## file based logging
+{% if files['global']['marker'] %}
+$ModLoad immark
+{% if files['global']['marker-interval'] %}
+$MarkMessagePeriod  {{files['global']['marker-interval']}} 
+{% endif %}
+{% endif %}
 {% for file in files %}
 $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}}
 {{files[file]['selectors']}} :omfile:${{file}}
@@ -80,10 +86,10 @@ def get_config():
   c.set_level('system syslog')  
 
   config_data = {
-    'files' : {},
+    'files'   : {},
     'console' : {},
-    'hosts' : {},
-    'user'  : {}
+    'hosts'   : {},
+    'user'    : {}
   }
 
   #####
@@ -102,13 +108,16 @@ def get_config():
     }
   )
 
+  if c.exists('global marker'):
+    config_data['files']['global']['marker'] = True
+    if c.exists('global marker interval'):
+      config_data['files']['global']['marker-interval'] = c.return_value('global marker interval') 
   if c.exists('global facility'):
     config_data['files']['global']['selectors'] = generate_selectors(c, 'global facility')
   if c.exists('global archive size'):
     config_data['files']['global']['max-size'] = int(c.return_value('global archive size'))* 1024
   if c.exists('global archive files'):
     config_data['files']['global']['max-files'] = c.return_value('global archive files')
-
   ###
   # set system syslog file
   ###
@@ -217,14 +226,12 @@ def generate_selectors(c, config_node):
 def generate(c):
   tmpl = jinja2.Template(configs, trim_blocks=True)
   config_text = tmpl.render(c)
-  #print (config_text)
   with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f:
     f.write(config_text)
 
   ## eventually write for each file its own logrotate file, since size is defined it shouldn't matter
   tmpl = jinja2.Template(logrotate_configs, trim_blocks=True)
   config_text = tmpl.render(c)
-  #print (config_text)
   with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f:
     f.write(config_text)
 
@@ -247,6 +254,7 @@ def verify(c):
   fac = ['*','auth','authpriv','cron','daemon','kern','lpr','mail','mark','news','protocols','security',\
         'syslog','user','uucp','local0','local1','local2','local3','local4','local5','local6','local7']
   lvl = ['emerg','alert','crit','err','warning','notice','info','debug','*']
+
   for conf in c:
     if c[conf]:
       for item in c[conf]:
-- 
cgit v1.2.3


From 7a615ab169a7f6141fd9b6e84ac1ea415216d9bb Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 17 Nov 2018 13:16:04 +0100
Subject: T1018: remove obsoleted 'dynamic' option from NTP

Increase NTP config version from 0 to 1. For more information see [1].

ntpd: Warning: the "dynamic" keyword has been obsoleted and will
be removed in the next release

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
---
 interface-definitions/ntp.xml    |  6 ------
 src/conf_mode/ntp.py             |  2 --
 src/migration-scripts/ntp/0-to-1 | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 8 deletions(-)
 create mode 100755 src/migration-scripts/ntp/0-to-1

(limited to 'interface-definitions')

diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml
index d324404da..945345898 100644
--- a/interface-definitions/ntp.xml
+++ b/interface-definitions/ntp.xml
@@ -14,12 +14,6 @@
               <help>Network Time Protocol (NTP) server</help>
             </properties>
             <children>
-              <leafNode name="dynamic">
-                <properties>
-                  <help>Allow server to be configured even if not reachable</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
               <leafNode name="noselect">
                 <properties>
                   <help>Marks the server as unused</help>
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py
index 0abb2746a..68a046939 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/ntp.py
@@ -108,8 +108,6 @@ def get_config():
                 "name": node,
                 "options": []
             }
-            if conf.exists('server {0} dynamic'.format(node)):
-                options.append('dynamic')
             if conf.exists('server {0} noselect'.format(node)):
                 options.append('noselect')
             if conf.exists('server {0} preempt'.format(node)):
diff --git a/src/migration-scripts/ntp/0-to-1 b/src/migration-scripts/ntp/0-to-1
new file mode 100755
index 000000000..9c66f3109
--- /dev/null
+++ b/src/migration-scripts/ntp/0-to-1
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+# Delete "set system ntp server <n> dynamic" option
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+if not config.exists(['system', 'ntp']):
+    # Nothing to do
+    sys.exit(0)
+else:
+    # Delete abandoned leaf node if found inside tag node for
+    # "set system ntp server <n> dynamic"
+    base = ['system', 'ntp', 'server']
+    for server in config.list_nodes(base):
+        if config.exists(base + [server, 'dynamic']):
+            config.delete(base + [server, 'dynamic'])
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        sys.exit(1)
-- 
cgit v1.2.3


From 7115030c32f8545e8a2e3f21723952110690d32f Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Sun, 18 Nov 2018 10:51:03 -0800
Subject: T835: adding default pado delay and mode autocomplete

---
 interface-definitions/pppoe-server.xml | 29 ++++++++++++++++-------------
 src/conf_mode/accel_pppoe.py           |  1 +
 2 files changed, 17 insertions(+), 13 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml
index 510bfeb3b..2fac4ec5a 100644
--- a/interface-definitions/pppoe-server.xml
+++ b/interface-definitions/pppoe-server.xml
@@ -64,22 +64,25 @@
                   </tagNode>
                 </children>
               </node>
-              <leafNode name="mode">
+              <node name="mode">
                 <properties>
                   <help>Authentication mode for PPPoE Server</help>
-                  <valueHelp>
-                    <format>local</format>
-                    <description>Use local username/password configuration</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>radius</format>
-                    <description>Use Radius server to autenticate users</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>^(local|radius)</regex>
-                  </constraint>
                 </properties>
-              </leafNode>
+                <children>
+                  <leafNode name="local">
+                    <properties>
+                      <help>Use local username/password configuration</help>
+                      <valueless />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="radius">
+                    <properties>
+                      <help>Use Radius server to autenticate users</help>
+                      <valueless />
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
               <tagNode name="radius-server">
                 <properties>
                   <help>IP address of radius server</help>
diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py
index 51a121eaf..0ef22110f 100755
--- a/src/conf_mode/accel_pppoe.py
+++ b/src/conf_mode/accel_pppoe.py
@@ -223,6 +223,7 @@ interface={{int}}
 {% if svc_name %}
 service-name={{svc_name}}
 {% endif %}
+pado-delay=0
 # maybe: called-sid, tr101, padi-limit etc.
 
 {% if limits %}
-- 
cgit v1.2.3