From f875731a710eb7fadefd5a73d65e53915477dce8 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Sun, 16 Jun 2019 17:07:16 +0200 Subject: dhcpv6-server: Add name constraint, clarify help, fix typos --- interface-definitions/dhcpv6-server.xml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'interface-definitions/dhcpv6-server.xml') diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index e63eb2242..bf049cf7a 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -268,7 +268,7 @@ - IPv6 address of an SNTP Server for client to use + IPv6 address of an SNTP server for client to use @@ -278,25 +278,29 @@ Name of static mapping + + ^[-_a-zA-Z0-9.]+$ + + Invalid static-mapping name - Option to disable static-mapping + Option to disable static mapping - Client identifier for this static mapping + Client identifier (DUID) for this static mapping [REQUIRED] - Client IPv5 address for this static mapping + Client IPv6 address for this static mapping [REQUIRED] ipv6 - IPv6 address for this tatic mapping + IPv6 address for this static mapping [REQUIRED] -- cgit v1.2.3 From 87df87e3983e120ad171ae9dc2966309fc14fcd8 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Sun, 16 Jun 2019 19:22:49 +0200 Subject: T1439: add dhcpv6-client-id validator --- interface-definitions/dhcpv6-server.xml | 9 ++++++++- src/validators/dhcpv6-client-id | 28 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100755 src/validators/dhcpv6-client-id (limited to 'interface-definitions/dhcpv6-server.xml') diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index bf049cf7a..b1e5c8d6c 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -281,7 +281,7 @@ ^[-_a-zA-Z0-9.]+$ - Invalid static-mapping name + Invalid static-mapping name. May only contain letters, numbers and .-_ @@ -293,6 +293,13 @@ Client identifier (DUID) for this static mapping [REQUIRED] + + h[[:h]...] + DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) + + + + diff --git a/src/validators/dhcpv6-client-id b/src/validators/dhcpv6-client-id new file mode 100755 index 000000000..a8c3e60b6 --- /dev/null +++ b/src/validators/dhcpv6-client-id @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import re + +if len(sys.argv) == 2: + pattern = "^([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})$" + if re.match(pattern, sys.argv[1]): + sys.exit(0) + else: + sys.exit(1) + -- cgit v1.2.3 From 6a6634b02d73cc93cd7368cf2290940b57fae9c7 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Sun, 16 Jun 2019 21:59:01 +0200 Subject: T1439: move DUID validator to regex --- interface-definitions/dhcpv6-server.xml | 2 +- src/validators/dhcpv6-client-id | 28 ---------------------------- 2 files changed, 1 insertion(+), 29 deletions(-) delete mode 100755 src/validators/dhcpv6-client-id (limited to 'interface-definitions/dhcpv6-server.xml') diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index b1e5c8d6c..09ffe67ed 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -298,7 +298,7 @@ DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) - + ^([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})$ diff --git a/src/validators/dhcpv6-client-id b/src/validators/dhcpv6-client-id deleted file mode 100755 index a8c3e60b6..000000000 --- a/src/validators/dhcpv6-client-id +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2019 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import re - -if len(sys.argv) == 2: - pattern = "^([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})$" - if re.match(pattern, sys.argv[1]): - sys.exit(0) - else: - sys.exit(1) - -- cgit v1.2.3 From 03c09b1b0d7dfdab9fc87bc7b017455c45141ced Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Sun, 16 Jun 2019 22:52:05 +0200 Subject: T1439: remove beginning and end anchors, they are implied with re.fullmatch --- interface-definitions/dhcpv6-server.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'interface-definitions/dhcpv6-server.xml') diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index 09ffe67ed..e18a58608 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -279,7 +279,7 @@ Name of static mapping - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ Invalid static-mapping name. May only contain letters, numbers and .-_ @@ -298,7 +298,7 @@ DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) - ^([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})$ + ([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2}) -- cgit v1.2.3 From 377c04cbd7c11f3288664f9e64a95ee8fda23457 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Thu, 4 Jul 2019 12:15:52 +0200 Subject: T1435 plus other dhcp/dhcpv6-server enhancements - T1435: dhcp-server: make ip-address optional in static-mapping - remove [REQUIRED] from dhcpv6-server static-mapping identifier and ipv6-address - verify if static-mapping ipv6-address is in subnet - make help and error messages in conf-mode more descriptive - remove regex ^$ anchors (implied in re.fullmatch) --- interface-definitions/dhcp-server.xml | 41 ++++++++++++++++++--------------- interface-definitions/dhcpv6-server.xml | 29 ++++++++++++----------- src/conf_mode/dhcp_server.py | 21 ++++++++--------- src/conf_mode/dhcpv6_server.py | 16 +++++++++++++ 4 files changed, 64 insertions(+), 43 deletions(-) (limited to 'interface-definitions/dhcpv6-server.xml') diff --git a/interface-definitions/dhcp-server.xml b/interface-definitions/dhcp-server.xml index 87999f496..7d42294e8 100644 --- a/interface-definitions/dhcp-server.xml +++ b/interface-definitions/dhcp-server.xml @@ -46,9 +46,9 @@ DHCP shared network name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCP pool name + Invalid shared network name. May only contain letters, numbers and .-_ @@ -151,7 +151,7 @@ - IP address that needs to be excluded from DHCP lease range + IP address to exclude from DHCP lease range ipv4 IPv4 address to exclude from lease range @@ -183,9 +183,9 @@ DHCP failover peer name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid failover peer name + Invalid failover peer name. May only contain letters, numbers and .-_ @@ -193,7 +193,7 @@ IP address of failover peer [REQUIRED] ipv4 - IPv4 address to exclude from lease range + IPv4 address of failover peer @@ -225,12 +225,12 @@ Lease timeout in seconds (default: 86400) 0-4294967295 - DHCP lease time in seconds must be between 0 and 4294967295 (49 days) + DHCP lease time in seconds - DHCP lease time must be 0 to 4294967295 + DHCP lease time must be between 0 and 4294967295 (49 days) @@ -288,9 +288,9 @@ DHCP lease range - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCP lease range name + Invalid DHCP lease range name. May only contain letters, numbers and .-_ @@ -321,22 +321,22 @@ - Static mapping for specified address type + Name of static mapping - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid static-mapping name + Invalid static mapping name. May only contain letters, numbers and .-_ - Option to disable static-mapping + Option to disable static mapping - Static mapping for specified IP address [REQUIRED] + Fixed IP address of static mapping ipv4 IPv4 address used in static mapping @@ -348,7 +348,7 @@ - Static mapping for specified MAC address [REQUIRED] + MAC address of static mapping [REQUIRED] h:h:h:h:h:h MAC address used in static mapping [REQUIRED] @@ -358,6 +358,7 @@ Additional static-mapping parameters for DHCP server. + Will be placed inside the "host" block of the mapping. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors. @@ -414,10 +415,14 @@ Offset of the client's subnet in seconds from Coordinated Universal Time (UTC) + + [-]N + Time offset (number, may be negative) + - ^-?[0-9]+$ + -?[0-9]+ - Invalid time offset valuee + Invalid time offset value diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index e18a58608..28b56a64d 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -32,9 +32,9 @@ DHCPv6 shared network name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCPv6 pool name + Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ @@ -112,9 +112,9 @@ Domain name for client to search - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid domain name syntax + Invalid domain name. May only contain letters, numbers and .-_ @@ -157,9 +157,9 @@ NIS domain name for client to use - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid NIS domain name syntax + Invalid NIS domain name @@ -179,9 +179,9 @@ NIS+ domain name for client to use - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid NIS+ domain name syntax + Invalid NIS+ domain name. May only contain letters, numbers and .-_ @@ -260,9 +260,9 @@ SIP server name - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid SIP server name syntax + Invalid SIP server name. May only contain letters, numbers and .-_ @@ -281,7 +281,7 @@ [-_a-zA-Z0-9.]+ - Invalid static-mapping name. May only contain letters, numbers and .-_ + Invalid static mapping name. May only contain letters, numbers and .-_ @@ -292,7 +292,7 @@ - Client identifier (DUID) for this static mapping [REQUIRED] + Client identifier (DUID) for this static mapping h[[:h]...] DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) @@ -300,14 +300,15 @@ ([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2}) + Invalid DUID. Must be in the format h[[:h]...] where each \"h\" is 1 to 2 hex characters. - Client IPv6 address for this static mapping [REQUIRED] + Client IPv6 address for this static mapping ipv6 - IPv6 address for this static mapping [REQUIRED] + IPv6 address for this static mapping diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 78927a847..6d88ea95a 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -187,7 +187,9 @@ shared-network {{ network.name }} { {%- for host in subnet.static_mapping %} {% if not host.disabled -%} host {% if host_decl_name -%} {{ host.name }} {%- else -%} {{ network.name }}_{{ host.name }} {%- endif %} { + {%- if host.ip_address %} fixed-address {{ host.ip_address }}; + {%- endif %} hardware ethernet {{ host.mac_address }}; {%- if host.static_parameters %} # The following {{ host.static_parameters | length }} line(s) were added as static-mapping-parameters in the CLI and have not been validated @@ -728,22 +730,19 @@ def verify(dhcp): raise ConfigError('No DHCP address range or active static-mapping set\n' \ 'for subnet {0}!'.format(subnet['network'])) - # Static IP address mappings require both an IP address and MAC address + # Static mappings require just a MAC address (will use an IP from the dynamic pool if IP is not set) for mapping in subnet['static_mapping']: - # Static IP address must be configured - if not mapping['ip_address']: - raise ConfigError('DHCP static lease IP address not specified for static mapping\n' \ - '{0} under shared network name {1}!'.format(mapping['name'], network['name'])) - # Static IP address must be in bound - if not ipaddress.ip_address(mapping['ip_address']) in ipaddress.ip_network(subnet['network']): - raise ConfigError('DHCP static lease IP address {0} for static mapping {1}\n' \ - 'in shared network {2} is outside DHCP lease subnet {3}!' \ - .format(mapping['ip_address'], mapping['name'], network['name'], subnet['network'])) + if mapping['ip_address']: + # Static IP address must be in bound + if not ipaddress.ip_address(mapping['ip_address']) in ipaddress.ip_network(subnet['network']): + raise ConfigError('DHCP static lease IP address {0} for static mapping {1}\n' \ + 'in shared network {2} is outside DHCP lease subnet {3}!' \ + .format(mapping['ip_address'], mapping['name'], network['name'], subnet['network'])) # Static mapping requires MAC address if not mapping['mac_address']: - raise ConfigError('DHCP static lease MAC address not specified for static mapping\n' \ + raise ConfigError('DHCP static lease MAC address not specified for static mapping\n' \ '{0} under shared network name {1}!'.format(mapping['name'], network['name'])) # There must be one subnet connected to a listen interface. diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index f5117de53..d2769466e 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -94,8 +94,12 @@ shared-network {{ network.name }} { {%- for host in subnet.static_mapping %} {% if not host.disabled -%} host {{ network.name }}_{{ host.name }} { + {%- if host.client_identifier %} host-identifier option dhcp6.client-id {{ host.client_identifier }}; + {%- endif %} + {%- if host.ipv6_address %} fixed-address6 {{ host.ipv6_address }}; + {%- endif %} } {%- endif %} {%- endfor %} @@ -384,7 +388,19 @@ def verify(dhcpv6): raise ConfigError('DHCPv6 prefix {0} is not in subnet {1}\n' \ 'specified for shared network {2}!'.format(prefix['prefix'], subnet['network'], network['name'])) + # Static mappings don't require anything (but check if IP is in subnet if it's set) + for mapping in subnet['static_mapping']: + if mapping['ipv6_address']: + # Static address must be in subnet + if not ipaddress.ip_address(mapping['ipv6_address']) in ipaddress.ip_network(subnet['network']): + raise ConfigError('DHCPv6 static mapping IPv6 address {0} for static mapping {1}\n' \ + 'in shared network {2} is outside subnet {3}!' \ + .format(mapping['ipv6_address'], mapping['name'], network['name'], subnet['network'])) + # DHCPv6 requires at least one configured address range or one static mapping + # (FIXME: is not actually checked right now?) + + # There must be one subnet connected to a listen interface if network is not disabled. if not network['disabled']: if vyos.validate.is_subnet_connected(subnet['network']): listen_ok = True -- cgit v1.2.3