summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-08-31 22:32:53 +0200
committerChristian Poessinger <christian@poessinger.com>2018-08-31 22:32:53 +0200
commit81e1cf8dbf02b95a89caa180f483a66655591d1a (patch)
tree77fc349be90e2ad0975ed0788f430a26bcf7f0de
parentc16a8fcb9dca029a233ca9365ad7791b1df495f1 (diff)
parent8a5c00e897a98e8a532a364b1178bd3317bffef9 (diff)
downloadvyos-1x-81e1cf8dbf02b95a89caa180f483a66655591d1a.tar.gz
vyos-1x-81e1cf8dbf02b95a89caa180f483a66655591d1a.zip
Merge branch 'dhcpv6-server-rewrite' into current
* dhcpv6-server-rewrite: T811: dhcpv6_server.py: add missing validators when comitting config changes dhcp_server.py: cleanup bcast_relay.py: remove obsolete import statement vyos: package: bugfix in validate.py for is_subnet_connected() T778: dhcpv6-server: XML and Python rewrite
-rw-r--r--interface-definitions/dhcpv6-server.xml316
-rw-r--r--python/vyos/validate.py5
-rwxr-xr-xsrc/conf_mode/bcast_relay.py1
-rwxr-xr-xsrc/conf_mode/dhcp_server.py66
-rwxr-xr-xsrc/conf_mode/dhcpv6_server.py451
5 files changed, 804 insertions, 35 deletions
diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml
new file mode 100644
index 000000000..e63eb2242
--- /dev/null
+++ b/interface-definitions/dhcpv6-server.xml
@@ -0,0 +1,316 @@
+<?xml version="1.0"?>
+<!-- DHCPv6 server configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py">
+ <properties>
+ <help>DHCP for IPv6 (DHCPv6) server</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCPv6 server</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="preference">
+ <properties>
+ <help>Preference of this DHCPv6 server compared with others</help>
+ <valueHelp>
+ <format>0-255</format>
+ <description>DHCPv6 server preference (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <tagNode name="shared-network-name">
+ <properties>
+ <help>DHCPv6 shared network name [REQUIRED]</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid DHCPv6 pool name</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCPv6 configuration for shared-network</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <tagNode name="subnet">
+ <properties>
+ <help>IPv6 DHCP subnet for this shared network [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <node name="address-range">
+ <properties>
+ <help>Parameters setting ranges for assigning IPv6 addresses</help>
+ </properties>
+ <children>
+ <tagNode name="prefix">
+ <properties>
+ <help>IPv6 prefix defining range of addresses to assign</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="temporary">
+ <properties>
+ <help>Address range will be used for temporary addresses</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="start">
+ <properties>
+ <help>First in range of consecutive IPv6 addresses to assign</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="stop">
+ <properties>
+ <help>Last in range of consecutive IPv6 addresses</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="domain-search">
+ <properties>
+ <help>Domain name for client to search</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid domain name syntax</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="lease-time">
+ <properties>
+ <help>Parameters relating to the lease time</help>
+ </properties>
+ <children>
+ <leafNode name="default">
+ <properties>
+ <help>Default time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ <leafNode name="maximum">
+ <properties>
+ <help>Maximum time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ <leafNode name="minimum">
+ <properties>
+ <help>Minimum time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="name-server">
+ <properties>
+ <help>IPv6 address of a Recursive DNS Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of DNS name server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nis-domain">
+ <properties>
+ <help>NIS domain name for client to use</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS domain name syntax</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nis-server">
+ <properties>
+ <help>IPv6 address of a NIS Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-domain">
+ <properties>
+ <help>NIS+ domain name for client to use</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS+ domain name syntax</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-server">
+ <properties>
+ <help>IPv6 address of a NIS+ Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS+ server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="prefix-delegation">
+ <properties>
+ <help>Parameters relating to IPv6 prefix delegation</help>
+ </properties>
+ <children>
+ <tagNode name="start">
+ <properties>
+ <help>First in range of IPv6 addresses to be used in prefix delegation</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address used in prefix delegation</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="prefix-length">
+ <properties>
+ <help>Length in bits of prefixes to be delegated</help>
+ <valueHelp>
+ <format>0-255</format>
+ <description>DHCPv6 server preference (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last in range of IPv6 addresses to be used in prefix delegation</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address used in prefix delegation</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="sip-server-address">
+ <properties>
+ <help>IPv6 address of SIP server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of SIP server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sip-server-name">
+ <properties>
+ <help>SIP server name</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid SIP server name syntax</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sntp-server">
+ <properties>
+ <help>IPv6 address of an SNTP Server for client to use</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <tagNode name="static-mapping">
+ <properties>
+ <help>Name of static mapping</help>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable static-mapping</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="identifier">
+ <properties>
+ <help>Client identifier for this static mapping</help>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-address">
+ <properties>
+ <help>Client IPv5 address for this static mapping</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address for this tatic mapping</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/python/vyos/validate.py b/python/vyos/validate.py
index b681edc5e..1b77f196a 100644
--- a/python/vyos/validate.py
+++ b/python/vyos/validate.py
@@ -68,7 +68,8 @@ def is_subnet_connected(subnet, primary=False):
system.
primary check if the subnet is reachable via the primary IP address of this
- interface. E.g. ISC DHCP can only listen on primary addresses.
+ interface, or in other words has a broadcast address configured. ISC DHCP
+ for instance will complain if it should listen on non broadcast interfaces.
Return True/False
"""
@@ -81,7 +82,7 @@ def is_subnet_connected(subnet, primary=False):
for interface in netifaces.interfaces():
# check if the requested address type is configured at all
if addr_type not in netifaces.ifaddresses(interface).keys():
- return False
+ continue
# An interface can have multiple addresses, but some software components
# only support the primary address :(
diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py
index 8cc948610..d1257d4a5 100755
--- a/src/conf_mode/bcast_relay.py
+++ b/src/conf_mode/bcast_relay.py
@@ -19,7 +19,6 @@
import sys
import os
import fnmatch
-import subprocess
import jinja2
from vyos.config import Config
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 1458ed1d0..a26e4626a 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -38,8 +38,8 @@ config_tmpl = """
# For options please consult the following website:
# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
-
-log-facility local7;
+#
+# log-facility local7;
{% if hostfile_update %}
on commit {
@@ -112,12 +112,12 @@ failover peer "{{ subnet.failover_name }}" {
{% for network in shared_network %}
{%- if not network.disabled -%}
shared-network {{ network.name }} {
- {% if network.authoritative %}authoritative;{% endif %}
+ {{ "authoritative;" if network.authoritative }}
{%- if network.network_parameters %}
# The following {{ network.network_parameters | length }} line(s) were added as shared-network-parameters in the CLI and have not been validated
{%- for param in network.network_parameters %}
{{ param }}
- {%- endfor -%}
+ {%- endfor %}
{%- endif %}
{%- for subnet in network.subnet %}
subnet {{ subnet.address }} netmask {{ subnet.netmask }} {
@@ -195,9 +195,15 @@ shared-network {{ network.name }} {
}
{%- endif %}
{%- endfor %}
- {%- for range in subnet.range %}
- range {{ range.start }} {{ range.stop }};
- {%- endfor %}
+ pool {
+ {%- if subnet.failover_name %}
+ failover peer "{{ subnet.failover_name }}";
+ deny dynamic bootp clients;
+ {%- endif %}
+ {%- for range in subnet.range %}
+ range {{ range.start }} {{ range.stop }};
+ {%- endfor %}
+ }
}
{%- endfor %}
on commit { set shared-networkname = "{{ network.name }}"; }
@@ -606,17 +612,17 @@ def verify(dhcp):
raise ConfigError('No DHCP shared networks configured.\n' \
'At least one DHCP shared network must be configured.')
+ # Inspect shared-network/subnet
+ failover_names = []
+ listen_ok = False
+ subnets = []
+
# A shared-network requires a subnet definition
for network in dhcp['shared_network']:
if len(network['subnet']) == 0:
raise ConfigError('No DHCP lease subnets configured for {0}. At least one\n' \
'lease subnet must be configured for each shared network.'.format(network['name']))
- # Inspect our subnet configuration
- failover_names = []
- listen_ok = False
- subnets = []
- for network in dhcp['shared_network']:
for subnet in network['subnet']:
# Subnet static route declaration requires destination and router
if subnet['static_subnet'] or subnet['static_router']:
@@ -650,34 +656,34 @@ def verify(dhcp):
stop = range['stop']
# DHCP stop IP required after start IP
if start and not stop:
- raise ConfigError('Stop IP address in DHCP range for start {0} is not defined!'.format(start))
+ raise ConfigError('DHCP range stop address for start {0} is not defined!'.format(start))
# Start address must be inside network
if not ipaddress.ip_address(start) in ipaddress.ip_network(subnet['network']):
- raise ConfigError('Start IP address {0} of DHCP range is not in subnet {1}\n' \
+ raise ConfigError('DHCP range start address {0} is not in subnet {1}\n' \
'specified for shared network {2}!'.format(start, subnet['network'], network['name']))
# Stop address must be inside network
if not ipaddress.ip_address(stop) in ipaddress.ip_network(subnet['network']):
- raise ConfigError('Stop IP address {0} of DHCP range is not in subnet {1}\n' \
+ raise ConfigError('DHCP range stop address {0} is not in subnet {1}\n' \
'specified for shared network {2}!'.format(stop, subnet['network'], network['name']))
# Stop address must be greater or equal to start address
if not ipaddress.ip_address(stop) >= ipaddress.ip_address(start):
- raise ConfigError('Stop IP address {0} of DHCP range should be greater or equal\n' \
- 'to the start IP address {1} of this range!'.format(stop, start))
+ raise ConfigError('DHCP range stop address {0} must be greater or equal\n' \
+ 'to the range start address {1}!'.format(stop, start))
# Range start address must be unique
if start in range_start:
raise ConfigError('Conflicting DHCP lease range:\n' \
- 'Pool start IP address {0} defined multipe times!'.format(range['start']))
+ 'Pool start address {0} defined multipe times!'.format(start))
else:
range_start.append(start)
# Range stop address must be unique
if stop in range_stop:
raise ConfigError('Conflicting DHCP lease range:\n' \
- 'Pool stop IP address {0} defined multipe times!'.format(range['stop']))
+ 'Pool stop address {0} defined multipe times!'.format(stop))
else:
range_stop.append(stop)
@@ -705,18 +711,18 @@ def verify(dhcp):
for mapping in subnet['static_mapping']:
# Static IP address must be configured
if not mapping['ip_address']:
- raise ConfigError('No static lease IP address specified for static mapping {0}\n' \
- 'under shared network name {1}!'.format(mapping['name'], network['name']))
+ raise ConfigError('DHCP static lease IP address not specified for static mapping\n' \
+ '{0} under shared network name {1}!'.format(mapping['name'], network['name']))
# Static IP address must be in bound
if not ipaddress.ip_address(mapping['ip_address']) in ipaddress.ip_network(subnet['network']):
- raise ConfigError('Static DHCP lease IP address {0} under static mapping {1}\n' \
- 'in shared network {2} is outside DHCP lease network {3}!' \
+ raise ConfigError('DHCP static lease IP address {0} for static mapping {1}\n' \
+ 'in shared network {2} is outside DHCP lease subnet {3}!' \
.format(mapping['ip_address'], mapping['name'], network['name'], subnet['network']))
# Static mapping requires MAC address
if not mapping['mac_address']:
- raise ConfigError('No static lease MAC address specified for static mapping\n' \
+ raise ConfigError('DHCP static lease MAC address not specified for static mapping\n' \
'{0} under shared network name {1}!'.format(mapping['name'], network['name']))
# There must be one subnet connected to a listen interface.
@@ -725,28 +731,24 @@ def verify(dhcp):
if vyos.validate.is_subnet_connected(subnet['network'], primary=True):
listen_ok = True
- #
# Subnets must be non overlapping
- #
if subnet['network'] in subnets:
- raise ConfigError('Subnets must be unique! Subnet {0} defined multiple times!'.format(subnet))
+ raise ConfigError('DHCP subnets must be unique! Subnet {0} defined multiple times!'.format(subnet))
else:
subnets.append(subnet['network'])
- #
# Check for overlapping subnets
- #
net = ipaddress.ip_network(subnet['network'])
for n in subnets:
net2 = ipaddress.ip_network(n)
- if (net.compare_networks(net2) != 0):
+ if (net != net2):
if net.overlaps(net2):
- raise ConfigError('Conflicting subnet ranges: {0} overlaps with {1}'.format(net, net2))
+ raise ConfigError('DHCP conflicting subnet ranges: {0} overlaps {1}'.format(net, net2))
if not listen_ok:
raise ConfigError('None of the DHCP lease subnets are inside any configured subnet on\n' \
'broadcast interfaces. At least one lease subnet must be set such that\n' \
- 'DHCP server listens on a one broadcast interface')
+ 'DHCP server listens on a one broadcast interface!')
return None
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
new file mode 100755
index 000000000..bb3e6e90d
--- /dev/null
+++ b/src/conf_mode/dhcpv6_server.py
@@ -0,0 +1,451 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import ipaddress
+
+import jinja2
+
+import vyos.validate
+
+from vyos.config import Config
+from vyos import ConfigError
+
+config_file = r'/etc/dhcp/dhcpd6.conf'
+lease_file = r'/config/dhcpd6.leases'
+daemon_config_file = r'/etc/default/isc-dhcpv6-server'
+
+# Please be careful if you edit the template.
+config_tmpl = """
+### Autogenerated by dhcpv6_server.py ###
+
+# For options please consult the following website:
+# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
+
+log-facility local7;
+{%- if preference %}
+option dhcp6.preference {{ preference }};
+{%- endif %}
+
+# Shared network configration(s)
+{% for network in shared_network %}
+{%- if not network.disabled -%}
+shared-network {{ network.name }} {
+ {%- for subnet in network.subnet %}
+ subnet6 {{ subnet.network }} {
+ {%- for range in subnet.range6_prefix %}
+ range6 {{ range.prefix }}{{ " temporary" if range.temporary }};
+ {%- endfor %}
+ {%- for range in subnet.range6 %}
+ range6 {{ range.start }} {{ range.stop }};
+ {%- endfor %}
+ {%- if subnet.domain_search %}
+ option dhcp6.domain-search {{ subnet.domain_search | join(', ') }};
+ {%- endif %}
+ {%- if subnet.lease_def %}
+ default-lease-time {{ subnet.lease_def }};
+ {%- endif %}
+ {%- if subnet.lease_max %}
+ max-lease-time {{ subnet.lease_max }};
+ {%- endif %}
+ {%- if subnet.lease_min %}
+ min-lease-time {{ subnet.lease_min }};
+ {%- endif %}
+ {%- if subnet.dns_server %}
+ option dhcp6.name-servers {{ subnet.dns_server | join(', ') }};
+ {%- endif %}
+ {%- if subnet.nis_domain %}
+ option dhcp6.nis-domain-name "{{ subnet.nis_domain }}";
+ {%- endif %}
+ {%- if subnet.nis_server %}
+ option dhcp6.nis-servers {{ subnet.nis_server | join(', ') }};
+ {%- endif %}
+ {%- if subnet.nisp_domain %}
+ option dhcp6.nisp-domain-name "{{ subnet.nisp_domain }}";
+ {%- endif %}
+ {%- if subnet.nisp_server %}
+ option dhcp6.nisp-servers {{ subnet.nisp_server | join(', ') }};
+ {%- endif %}
+ {%- if subnet.sip_address %}
+ option dhcp6.sip-servers-addresses {{ subnet.sip_address | join(', ') }};
+ {%- endif %}
+ {%- if subnet.sip_hostname %}
+ option dhcp6.sip-servers-names {{ subnet.sip_hostname | join(', ') }};
+ {%- endif %}
+ {%- if subnet.sntp_server %}
+ option dhcp6.sntp-servers {{ subnet.sntp_server | join(', ') }};
+ {%- endif %}
+ {%- for host in subnet.static_mapping %}
+ {% if not host.disabled -%}
+ host {{ network.name }}_{{ host.name }} {
+ host-identifier option dhcp6.client-id "{{ host.client_identifier }}";
+ fixed-address6 {{ host.ipv6_address }};
+ }
+ {%- endif %}
+ {%- endfor %}
+ }
+ {%- endfor %}
+}
+{%- endif %}
+{% endfor %}
+
+"""
+
+daemon_tmpl = """
+### Autogenerated by dhcp_server.py ###
+
+# sourced by /etc/init.d/isc-dhcpv6-server
+
+DHCPD_CONF=/etc/dhcp/dhcpd6.conf
+DHCPD_PID=/var/run/dhcpd6.pid
+OPTIONS="-6 -lf {{ lease_file }}"
+INTERFACES=""
+"""
+
+default_config_data = {
+ 'lease_file': lease_file,
+ 'preference': '',
+ 'disabled': False,
+ 'shared_network': []
+}
+
+def get_config():
+ dhcpv6 = default_config_data
+ conf = Config()
+ if not conf.exists('service dhcpv6-server'):
+ return None
+ else:
+ conf.set_level('service dhcpv6-server')
+
+ # Check for global disable of DHCPv6 service
+ if conf.exists('disable'):
+ dhcpv6['disabled'] = True
+ return dhcpv6
+
+ # Preference of this DHCPv6 server compared with others
+ if conf.exists('preference'):
+ dhcpv6['preference'] = conf.return_value('preference')
+
+ # check for multiple, shared networks served with DHCPv6 addresses
+ if conf.exists('shared-network-name'):
+ for network in conf.list_nodes('shared-network-name'):
+ conf.set_level('service dhcpv6-server shared-network-name {0}'.format(network))
+ config = {
+ 'name': network,
+ 'disabled': False,
+ 'subnet': []
+ }
+
+ # If disabled, the shared-network configuration becomes inactive
+ if conf.exists('disable'):
+ config['disabled'] = True
+
+ # check for multiple subnet configurations in a shared network
+ if conf.exists('subnet'):
+ for net in conf.list_nodes('subnet'):
+ conf.set_level('service dhcpv6-server shared-network-name {0} subnet {1}'.format(network, net))
+ subnet = {
+ 'network': net,
+ 'range6_prefix': [],
+ 'range6': [],
+ 'default_router': '',
+ 'dns_server': [],
+ 'domain_name': '',
+ 'domain_search': [],
+ 'lease_def': '',
+ 'lease_min': '',
+ 'lease_max': '',
+ 'nis_domain': '',
+ 'nis_server': [],
+ 'nisp_domain': '',
+ 'nisp_server': [],
+ 'sip_address': [],
+ 'sip_hostname': [],
+ 'sntp_server': [],
+ 'static_mapping': []
+ }
+
+ # For any subnet on which addresses will be assigned dynamically, there must be at
+ # least one address range statement. The range statement gives the lowest and highest
+ # IP addresses in a range. All IP addresses in the range should be in the subnet in
+ # which the range statement is declared.
+ if conf.exists('address-range prefix'):
+ for prefix in conf.list_nodes('address-range prefix'):
+ range = {
+ 'prefix': prefix,
+ 'temporary': False
+ }
+
+ # Address range will be used for temporary addresses
+ if conf.exists('address-range prefix {0} temporary'.format(range['prefix'])):
+ range['temporary'] = True
+
+ # Append to subnet temporary range6 list
+ subnet['range6_prefix'].append(range)
+
+ if conf.exists('address-range start'):
+ for range in conf.list_nodes('address-range start'):
+ range = {
+ 'start': range,
+ 'stop': conf.return_value('address-range start {0} stop'.format(range))
+ }
+
+ # Append to subnet range6 list
+ subnet['range6'].append(range)
+
+ # The domain-search option specifies a 'search list' of Domain Names to be used
+ # by the client to locate not-fully-qualified domain names.
+ if conf.exists('domain-search'):
+ for domain in conf.return_values('domain-search'):
+ subnet['domain_search'].append('"' + domain + '"')
+
+ # IPv6 address valid lifetime
+ # (at the end the address is no longer usable by the client)
+ # (set to 30 days, the usual IPv6 default)
+ if conf.exists('lease-time default'):
+ subnet['lease_def'] = conf.return_value('lease-time default')
+
+ # Time should be the maximum length in seconds that will be assigned to a lease.
+ # The only exception to this is that Dynamic BOOTP lease lengths, which are not
+ # specified by the client, are not limited by this maximum.
+ if conf.exists('lease-time maximum'):
+ subnet['lease_max'] = conf.return_value('lease-time maximum')
+
+ # Time should be the minimum length in seconds that will be assigned to a lease
+ if conf.exists('lease-time minimum'):
+ subnet['lease_min'] = conf.return_value('lease-time minimum')
+
+ # Specifies a list of Domain Name System name servers available to the client.
+ # Servers should be listed in order of preference.
+ if conf.exists('name-server'):
+ subnet['dns_server'] = conf.return_values('name-server')
+
+ # Ancient NIS (Network Information Service) domain name
+ if conf.exists('nis-domain'):
+ subnet['nis_domain'] = conf.return_value('nis-domain')
+
+ # Ancient NIS (Network Information Service) servers
+ if conf.exists('nis-server'):
+ subnet['nis_server'] = conf.return_values('nis-server')
+
+ # Ancient NIS+ (Network Information Service) domain name
+ if conf.exists('nisplus-domain'):
+ subnet['nisp_domain'] = conf.return_value('nisplus-domain')
+
+ # Ancient NIS+ (Network Information Service) servers
+ if conf.exists('nisplus-server'):
+ subnet['nisp_server'] = conf.return_values('nisplus-server')
+
+ # Prefix Delegation (RFC 3633)
+ if conf.exists('prefix-delegation'):
+ print('TODO: This option is actually not implemented right now!')
+
+ # Local SIP server that is to be used for all outbound SIP requests - IPv6 address
+ if conf.exists('sip-server-address'):
+ subnet['sip_address'] = conf.return_values('sip-server-address')
+
+ # Local SIP server that is to be used for all outbound SIP requests - hostname
+ if conf.exists('sip-server-name'):
+ for hostname in conf.return_values('sip-server-name'):
+ subnet['sip_hostname'].append('"' + hostname + '"')
+
+ # List of local SNTP servers available for the client to synchronize their clocks
+ if conf.exists('sntp-server'):
+ subnet['sntp_server'] = conf.return_values('sntp-server')
+
+ #
+ # Static DHCP v6 leases
+ #
+ if conf.exists('static-mapping'):
+ for mapping in conf.list_nodes('static-mapping'):
+ conf.set_level('service dhcpv6-server shared-network-name {0} subnet {1} static-mapping {2}'.format(network, net, mapping))
+ mapping = {
+ 'name': mapping,
+ 'disabled': False,
+ 'ipv6_address': '',
+ 'client_identifier': '',
+ }
+
+ # This static lease is disabled
+ if conf.exists('disable'):
+ mapping['disabled'] = True
+
+ # IPv6 address used for this DHCP client
+ if conf.exists('ipv6-address'):
+ mapping['ipv6_address'] = conf.return_value('ipv6-address')
+
+ # This option specifies the client’s DUID identifier. DUIDs are similar but different from DHCPv4 client identifiers
+ if conf.exists('identifier'):
+ mapping['client_identifier'] = conf.return_value('identifier')
+
+ # append static mapping configuration tu subnet list
+ subnet['static_mapping'].append(mapping)
+
+ # append subnet configuration to shared network subnet list
+ config['subnet'].append(subnet)
+
+
+ # append shared network configuration to config dictionary
+ dhcpv6['shared_network'].append(config)
+
+ return dhcpv6
+
+def verify(dhcpv6):
+ if dhcpv6 is None:
+ return None
+
+ if dhcpv6['disabled']:
+ return None
+
+ # If DHCP is enabled we need one share-network
+ if len(dhcpv6['shared_network']) == 0:
+ raise ConfigError('No DHCPv6 shared networks configured.\n' \
+ 'At least one DHCPv6 shared network must be configured.')
+
+ # Inspect shared-network/subnet
+ subnets = []
+ listen_ok = False
+
+ for network in dhcpv6['shared_network']:
+ # A shared-network requires a subnet definition
+ if len(network['subnet']) == 0:
+ raise ConfigError('No DHCPv6 lease subnets configured for {0}. At least one\n' \
+ 'lease subnet must be configured for each shared network.'.format(network['name']))
+
+ range6_start = []
+ range6_stop = []
+ for subnet in network['subnet']:
+ # Ususal range declaration with a start and stop address
+ for range6 in subnet['range6']:
+ # shorten names
+ start = range6['start']
+ stop = range6['stop']
+
+ # DHCPv6 stop address is required
+ if start and not stop:
+ raise ConfigError('DHCPv6 range stop address for start {0} is not defined!'.format(start))
+
+ # Start address must be inside network
+ if not ipaddress.ip_address(start) in ipaddress.ip_network(subnet['network']):
+ raise ConfigError('DHCPv6 range start address {0} is not in subnet {1}\n' \
+ 'specified for shared network {2}!'.format(start, subnet['network'], network['name']))
+
+ # Stop address must be inside network
+ if not ipaddress.ip_address(stop) in ipaddress.ip_network(subnet['network']):
+ raise ConfigError('DHCPv6 range stop address {0} is not in subnet {1}\n' \
+ 'specified for shared network {2}!'.format(stop, subnet['network'], network['name']))
+
+ # Stop address must be greater or equal to start address
+ if not ipaddress.ip_address(stop) >= ipaddress.ip_address(start):
+ raise ConfigError('DHCPv6 range stop address {0} must be greater or equal\n' \
+ 'to the range start address {1}!'.format(stop, start))
+
+ # DHCPv6 range start address must be unique - two ranges can't
+ # start with the same address - makes no sense
+ if start in range6_start:
+ raise ConfigError('Conflicting DHCPv6 lease range:\n' \
+ 'Pool start address {0} defined multipe times!'.format(start))
+ else:
+ range6_start.append(start)
+
+ # DHCPv6 range stop address must be unique - two ranges can't
+ # end with the same address - makes no sense
+ if stop in range6_stop:
+ raise ConfigError('Conflicting DHCPv6 lease range:\n' \
+ 'Pool stop address {0} defined multipe times!'.format(stop))
+ else:
+ range6_stop.append(stop)
+
+ # We also have prefixes that require checking
+ for prefix in subnet['range6_prefix']:
+ # If configured prefix does not match our subnet, we have to check that it's inside
+ if ipaddress.ip_network(prefix['prefix']) != ipaddress.ip_network(subnet['network']):
+ # Configured prefixes must be inside our network
+ if not ipaddress.ip_network(prefix['prefix']) in ipaddress.ip_network(subnet['network']):
+ raise ConfigError('DHCPv6 prefix {0} is not in subnet {1}\n' \
+ 'specified for shared network {2}!'.format(prefix['prefix'], subnet['network'], network['name']))
+
+ # DHCPv6 requires at least one configured address range or one static mapping
+ if not network['disabled']:
+ if vyos.validate.is_subnet_connected(subnet['network']):
+ listen_ok = True
+
+ # DHCPv6 subnet must not overlap. ISC DHCP also complains about overlapping
+ # subnets: "Warning: subnet 2001:db8::/32 overlaps subnet 2001:db8:1::/32"
+ net = ipaddress.ip_network(subnet['network'])
+ for n in subnets:
+ net2 = ipaddress.ip_network(n)
+ if (net != net2):
+ if net.overlaps(net2):
+ raise ConfigError('DHCPv6 conflicting subnet ranges: {0} overlaps {1}'.format(net, net2))
+
+ if not listen_ok:
+ raise ConfigError('None of the DHCPv6 subnets are connected to a subnet6 on\n' \
+ 'this machine. At least one subnet6 must be connected such that\n' \
+ 'DHCPv6 listens on an interface!')
+
+
+ return None
+
+def generate(dhcpv6):
+ if dhcpv6 is None:
+ return None
+
+ if dhcpv6['disabled']:
+ print('Warning: DHCPv6 server will be deactivated because it is disabled')
+ return None
+
+ tmpl = jinja2.Template(config_tmpl)
+ config_text = tmpl.render(dhcpv6)
+ with open(config_file, 'w') as f:
+ f.write(config_text)
+
+ tmpl = jinja2.Template(daemon_tmpl)
+ config_text = tmpl.render(dhcpv6)
+ with open(daemon_config_file, 'w') as f:
+ f.write(config_text)
+
+ return None
+
+def apply(dhcpv6):
+ if (dhcpv6 is None) or dhcpv6['disabled']:
+ # DHCP server is removed in the commit
+ os.system('sudo systemctl stop isc-dhcpv6-server.service')
+ if os.path.exists(config_file):
+ os.unlink(config_file)
+ if os.path.exists(daemon_config_file):
+ os.unlink(daemon_config_file)
+ else:
+ # If our file holding DHCPv6 leases does yet not exist - create it
+ if not os.path.exists(lease_file):
+ os.mknod(lease_file)
+
+ os.system('sudo systemctl restart isc-dhcpv6-server.service')
+
+ return None
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ sys.exit(1)