PPPoE Unique Login without using FreeRadius at all solved. traffic shaping Up+download included.

Rani Ahmed rani79 at idm.net.lb
Thu May 4 06:46:28 CEST 2006 

Hi all..
what follows is a very very cheap solution to disallow 2 different 
computers to login to rp-pppoe server using the same username. This 
means the same username should have one and only one login session in 
the whole network.
This /DOES/ not use FreeRadius at all.
It uses only /etc/ppp/ip-up.d and /etc/ppp/ip-down.d shell scripts.
This also contains NO-borrowing / NO-shared-bandwidth traffic shaping 
using HTB.
This is Tested and it works AND IS FINAL.
Works for People who has scheduled electrical powerdowns within parts of 
the same country like it's the case in Lebanon in the Middle East.
Can be used any where, currently used in a Wireless LAN.

Remember this uses /etc/ppp/chap-secrets for login.
It uses the same setup described in:
    http://wrath.geoweb.ge/pppoe-server.html
How it can be cheap? because i did not use a NAS. since from my research 
online, i have to buy a wireless NAS e.g Cisco (1000$ worth).
#######################put in /etc/ppp/ip-up.d/pppoeup script. make it 
executeble##############
#!/bin/bash

#Customer $IP
IP=$5

#Customer pppN device
dev=$1

#making sure of the existance of the file /root/shaping/check this is 
used as a check-in.
if [ ![-f /root/shaping/check] ]
        then
                mkdir  /root/shaping/ > /dev/null 2>&1
                touch /root/shaping/check
        fi
#checking if the file contains a previously added $IP ie an already 
logged in Customer.
prev_dev=$(grep -e $IP /root/shaping/check| cut -f2)

#if the Customer $IP is in the file /root/shaping/check then shutdown 
the current log in
##FIXME##kill the session smoothly, no signal means simply normal close###
#Shutdown the $dev and then ..
##FIXME##Kill the session in SURE KILL NO MERCY KILL (signal number -9 ) 
This wont let  pppoedown work/run.

#any device will be  flushed automatically after the timeout period finishes
#and will run  ip-down.d/pppoedown electricity shutdown
#therefore there is no worry on the /root/shaping/check
if [ "$prev_dev" != "" ]
 then
        #ifconfig $dev down
        #kill -9  $(cat  /var/run/${dev}.pid )
        #sed -e '/'$IP'\t'$prev_dev'/d' -i /root/shaping/check
        if [ -f /var/run/${prev_dev}.pid ]
                then
                         kill   $(cat  /var/run/${prev_dev}.pid )
                fi
 fi

# if Customer $IP not in the file /root/shaping/check append the $IP to 
the file and continue normally.
echo $IP$'\t'$dev >> /root/shaping/check

/sbin/tc qdisc del $dev root 2> /dev/null > dev/null
/sbin/tc qdisc del ${dev} ingress 2> /dev/null > dev/null

# /root/shaping/speeds is a tabulated file of dedicated speeds. written 
as follows:

#   IP   UPload_speed (kBytes/sec)   UPload_burst (kBytes)    
DOWNload_speed (kBytes/sec)  DOWNload_burst (kBytes)

uprate=$(brief_config /root/shaping/speeds |  grep -e  $IP  | cut -f 2 )
upburst=$(brief_config /root/shaping/speeds | grep -e $IP  |  cut -f 3 )
downrate=$( brief_config /root/shaping/speeds | grep -e $IP  | cut -f 4)
downburst=$( brief_config /root/shaping/speeds | grep -e  $IP | cut -f 5)

loginname=$(grep -e $IP /etc/ppp/chap-secrets | cut -f 1)

date=`date`

/sbin/tc qdisc add dev $dev root handle 1: htb default 1
/sbin/tc class add dev $dev parent 1:1 classid 1:1 htb rate 
${downrate}kbps ceil ${downrate}kbps  burst ${downburst}kB

#U32="/sbin/tc filter add dev ${dev} protocol ip parent 1:0 prio 1 u32"

#${U32} match ip src ${IP} flowid 1:1

/sbin/tc qdisc add dev $dev handle ffff: ingress

/sbin/tc filter add dev $dev protocol ip parent ffff: prio 50 u32 match 
ip src 0.0.0.0/0 police rate ${uprate}kbps burst ${upburst}kB drop flowid :1

echo "${loginname} loggin at ${date} downrate ${downrate} uprate 
${uprate} " >> /root/shaping/pppoe.log


################## end of file /etc/ppp/ip-up.d/pppoeup 
###############################




#############put in /etc/ppp/ip-down.d/pppoedown script. make it 
executeble##############


#!/bin/bash

#Customer's pppN device/interface and his IP
dev=$1
IP=$5
#remove his traffic shaping issues
/sbin/tc qdisc del dev $dev root
/sbin/tc qdisc del dev $dev ingress

#get his username and to echo his logout time later.
loginname=$(grep -e $5 /etc/ppp/chap-secrets | cut -f 1)
date=`date`

#delete him from the check list
#sed -e '/'$dev'/d' -i /root/shaping/check
sed -e '/'$IP'\t'$dev'/d' -i /root/shaping/check

#write his log out date.
echo "${loginname} logout at ${date}" >> /root/shaping/pppoe.log


#############end of /etc/ppp/ip-down.d/pppoedown script ##############

Wish ye all good luck.
SuperLinux : To Linux infinity and beyond!

More information about the Freeradius-Users mailing list