dhcpv6: T3771: Allow installation of routes for delegated prefixes

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2024-01-20 22:25:06 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2024-01-24 22:17:25 +0100
commit: 8e2112261c68189c2c78455c3e1f32d7f5447ab9 (patch)
tree: 8055a7ba62f0d9b886caf7d01496add9c78354c5
parent: 5c29cf757b449d68f06715a58d0b2e65e0a6c636 (diff)
download: vyos-1x-8e2112261c68189c2c78455c3e1f32d7f5447ab9.tar.gz
vyos-1x-8e2112261c68189c2c78455c3e1f32d7f5447ab9.zip
4 files changed, 96 insertions, 0 deletions
diff --git a/data/templates/dhcp-server/kea-dhcp6.conf.j2 b/data/templates/dhcp-server/kea-dhcp6.conf.j2
index 3ab21551b..2f0de6b30 100644
--- a/data/templates/dhcp-server/kea-dhcp6.conf.j2
+++ b/data/templates/dhcp-server/kea-dhcp6.conf.j2
@@ -19,6 +19,15 @@
             "name": "{{ lease_file }}"
         },
         "hooks-libraries": [
+{% if disable_route_autoinstall is not vyos_defined %}
+            {
+                "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_run_script.so",
+                "parameters": {
+                    "name": "/usr/libexec/vyos/system/on-dhcpv6-event.sh",
+                    "sync": false
+                }
+            },
+{% endif %}
             {
                 "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
                 "parameters": {}
diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index 07cbfc85d..73ea69cc0 100644
--- a/interface-definitions/service_dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -10,6 +10,12 @@
         <children>
           #include <include/generic-disable-node.xml.i>
           #include <include/listen-interface-multi-broadcast.xml.i>
+          <leafNode name="disable-route-autoinstall">
+            <properties>
+              <help>Do not install routes for delegated prefixes</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <node name="global-parameters">
             <properties>
               <help>Additional global parameters for DHCPv6 server</help>
diff --git a/src/etc/sudoers.d/vyos b/src/etc/sudoers.d/vyos
index c099446ba..63a944f41 100644
--- a/src/etc/sudoers.d/vyos
+++ b/src/etc/sudoers.d/vyos
@@ -44,6 +44,8 @@ Cmnd_Alias DIAGNOSTICS = /bin/ip vrf exec * /bin/ping *,       \
                          /bin/ip vrf exec * /bin/traceroute *, \
                          /bin/ip vrf exec * /usr/bin/mtr *, \
                          /usr/libexec/vyos/op_mode/*
+Cmnd_Alias KEA_IP6_ROUTES = /sbin/ip -6 route replace *,\
+                           /sbin/ip -6 route del *
 %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, HWINFO, \
 			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \
                         DMIDECODE, DISK, CONNTRACK, IP6TABLES,  \
@@ -55,3 +57,4 @@ Cmnd_Alias DIAGNOSTICS = /bin/ip vrf exec * /bin/ping *,       \
 # Allow members of group sudo to execute any command
 %sudo ALL=NOPASSWD: ALL
 
+_kea ALL=NOPASSWD: KEA_IP6_ROUTES
diff --git a/src/system/on-dhcpv6-event.sh b/src/system/on-dhcpv6-event.sh
new file mode 100755
index 000000000..fcc88ae6f
--- /dev/null
+++ b/src/system/on-dhcpv6-event.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+if [ $# -lt 1 ]; then
+  echo Invalid args
+  logger -s -t on-dhcpv6-event "Invalid args \"$@\""
+  exit 1
+fi
+
+action=$1
+
+case "$action" in
+  lease6_renew|lease6_recover)
+    exit 0
+    ;;
+
+  lease6_release|lease6_expire|lease6_decline)
+    ifname=$QUERY6_IFACE_NAME
+    client_ip=$LEASE6_ADDRESS
+    client_prefix_len=$LEASE6_PREFIX_LEN
+
+    if [[ "$LEASE6_TYPE" != "IA_PD" ]]; then
+      exit 0
+    fi
+
+    sudo -n /sbin/ip -6 route del ${client_ip}/${client_prefix_len} \
+      dev ${ifname} \
+      proto static
+
+    exit 0
+    ;;
+
+  leases6_committed)
+    for ((i = 0; i < $LEASES6_SIZE; i++)); do
+      ifname=$QUERY6_IFACE_NAME
+      requester_link_local=$QUERY6_REMOTE_ADDR
+      client_type_var="LEASES6_AT${i}_TYPE"
+      client_ip_var="LEASES6_AT${i}_ADDRESS"
+      client_prefix_len_var="LEASES6_AT${i}_PREFIX_LEN"
+
+      client_type=${!client_type_var}
+
+      if [[ "$client_type" != "IA_PD" ]]; then
+        continue
+      fi
+
+      client_ip=${!client_ip_var}
+      client_prefix_len=${!client_prefix_len_var}
+      
+      sudo -n /sbin/ip -6 route replace ${client_ip}/${client_prefix_len} \
+        via ${requester_link_local} \
+        dev ${ifname} \
+        proto static
+    done
+
+    exit 0
+    ;;
+
+  *)
+    logger -s -t on-dhcpv6-event "Invalid command \"$1\""
+    exit 1
+    ;;
+esac
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2024-01-20 22:25:06 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2024-01-24 22:17:25 +0100
commit	8e2112261c68189c2c78455c3e1f32d7f5447ab9 (patch)
tree	8055a7ba62f0d9b886caf7d01496add9c78354c5
parent	5c29cf757b449d68f06715a58d0b2e65e0a6c636 (diff)
download	vyos-1x-8e2112261c68189c2c78455c3e1f32d7f5447ab9.tar.gz vyos-1x-8e2112261c68189c2c78455c3e1f32d7f5447ab9.zip