From 377c04cbd7c11f3288664f9e64a95ee8fda23457 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Thu, 4 Jul 2019 12:15:52 +0200 Subject: T1435 plus other dhcp/dhcpv6-server enhancements - T1435: dhcp-server: make ip-address optional in static-mapping - remove [REQUIRED] from dhcpv6-server static-mapping identifier and ipv6-address - verify if static-mapping ipv6-address is in subnet - make help and error messages in conf-mode more descriptive - remove regex ^$ anchors (implied in re.fullmatch) --- interface-definitions/dhcp-server.xml | 41 ++++++++++++++++++--------------- interface-definitions/dhcpv6-server.xml | 29 ++++++++++++----------- src/conf_mode/dhcp_server.py | 21 ++++++++--------- src/conf_mode/dhcpv6_server.py | 16 +++++++++++++ 4 files changed, 64 insertions(+), 43 deletions(-) diff --git a/interface-definitions/dhcp-server.xml b/interface-definitions/dhcp-server.xml index 87999f496..7d42294e8 100644 --- a/interface-definitions/dhcp-server.xml +++ b/interface-definitions/dhcp-server.xml @@ -46,9 +46,9 @@ DHCP shared network name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCP pool name + Invalid shared network name. May only contain letters, numbers and .-_ @@ -151,7 +151,7 @@ - IP address that needs to be excluded from DHCP lease range + IP address to exclude from DHCP lease range ipv4 IPv4 address to exclude from lease range @@ -183,9 +183,9 @@ DHCP failover peer name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid failover peer name + Invalid failover peer name. May only contain letters, numbers and .-_ @@ -193,7 +193,7 @@ IP address of failover peer [REQUIRED] ipv4 - IPv4 address to exclude from lease range + IPv4 address of failover peer @@ -225,12 +225,12 @@ Lease timeout in seconds (default: 86400) 0-4294967295 - DHCP lease time in seconds must be between 0 and 4294967295 (49 days) + DHCP lease time in seconds - DHCP lease time must be 0 to 4294967295 + DHCP lease time must be between 0 and 4294967295 (49 days) @@ -288,9 +288,9 @@ DHCP lease range - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCP lease range name + Invalid DHCP lease range name. May only contain letters, numbers and .-_ @@ -321,22 +321,22 @@ - Static mapping for specified address type + Name of static mapping - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid static-mapping name + Invalid static mapping name. May only contain letters, numbers and .-_ - Option to disable static-mapping + Option to disable static mapping - Static mapping for specified IP address [REQUIRED] + Fixed IP address of static mapping ipv4 IPv4 address used in static mapping @@ -348,7 +348,7 @@ - Static mapping for specified MAC address [REQUIRED] + MAC address of static mapping [REQUIRED] h:h:h:h:h:h MAC address used in static mapping [REQUIRED] @@ -358,6 +358,7 @@ Additional static-mapping parameters for DHCP server. + Will be placed inside the "host" block of the mapping. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors. @@ -414,10 +415,14 @@ Offset of the client's subnet in seconds from Coordinated Universal Time (UTC) + + [-]N + Time offset (number, may be negative) + - ^-?[0-9]+$ + -?[0-9]+ - Invalid time offset valuee + Invalid time offset value diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml index e18a58608..28b56a64d 100644 --- a/interface-definitions/dhcpv6-server.xml +++ b/interface-definitions/dhcpv6-server.xml @@ -32,9 +32,9 @@ DHCPv6 shared network name [REQUIRED] - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid DHCPv6 pool name + Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ @@ -112,9 +112,9 @@ Domain name for client to search - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid domain name syntax + Invalid domain name. May only contain letters, numbers and .-_ @@ -157,9 +157,9 @@ NIS domain name for client to use - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid NIS domain name syntax + Invalid NIS domain name @@ -179,9 +179,9 @@ NIS+ domain name for client to use - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid NIS+ domain name syntax + Invalid NIS+ domain name. May only contain letters, numbers and .-_ @@ -260,9 +260,9 @@ SIP server name - ^[-_a-zA-Z0-9.]+$ + [-_a-zA-Z0-9.]+ - Invalid SIP server name syntax + Invalid SIP server name. May only contain letters, numbers and .-_ @@ -281,7 +281,7 @@ [-_a-zA-Z0-9.]+ - Invalid static-mapping name. May only contain letters, numbers and .-_ + Invalid static mapping name. May only contain letters, numbers and .-_ @@ -292,7 +292,7 @@ - Client identifier (DUID) for this static mapping [REQUIRED] + Client identifier (DUID) for this static mapping h[[:h]...] DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) @@ -300,14 +300,15 @@ ([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2}) + Invalid DUID. Must be in the format h[[:h]...] where each \"h\" is 1 to 2 hex characters. - Client IPv6 address for this static mapping [REQUIRED] + Client IPv6 address for this static mapping ipv6 - IPv6 address for this static mapping [REQUIRED] + IPv6 address for this static mapping diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 78927a847..6d88ea95a 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -187,7 +187,9 @@ shared-network {{ network.name }} { {%- for host in subnet.static_mapping %} {% if not host.disabled -%} host {% if host_decl_name -%} {{ host.name }} {%- else -%} {{ network.name }}_{{ host.name }} {%- endif %} { + {%- if host.ip_address %} fixed-address {{ host.ip_address }}; + {%- endif %} hardware ethernet {{ host.mac_address }}; {%- if host.static_parameters %} # The following {{ host.static_parameters | length }} line(s) were added as static-mapping-parameters in the CLI and have not been validated @@ -728,22 +730,19 @@ def verify(dhcp): raise ConfigError('No DHCP address range or active static-mapping set\n' \ 'for subnet {0}!'.format(subnet['network'])) - # Static IP address mappings require both an IP address and MAC address + # Static mappings require just a MAC address (will use an IP from the dynamic pool if IP is not set) for mapping in subnet['static_mapping']: - # Static IP address must be configured - if not mapping['ip_address']: - raise ConfigError('DHCP static lease IP address not specified for static mapping\n' \ - '{0} under shared network name {1}!'.format(mapping['name'], network['name'])) - # Static IP address must be in bound - if not ipaddress.ip_address(mapping['ip_address']) in ipaddress.ip_network(subnet['network']): - raise ConfigError('DHCP static lease IP address {0} for static mapping {1}\n' \ - 'in shared network {2} is outside DHCP lease subnet {3}!' \ - .format(mapping['ip_address'], mapping['name'], network['name'], subnet['network'])) + if mapping['ip_address']: + # Static IP address must be in bound + if not ipaddress.ip_address(mapping['ip_address']) in ipaddress.ip_network(subnet['network']): + raise ConfigError('DHCP static lease IP address {0} for static mapping {1}\n' \ + 'in shared network {2} is outside DHCP lease subnet {3}!' \ + .format(mapping['ip_address'], mapping['name'], network['name'], subnet['network'])) # Static mapping requires MAC address if not mapping['mac_address']: - raise ConfigError('DHCP static lease MAC address not specified for static mapping\n' \ + raise ConfigError('DHCP static lease MAC address not specified for static mapping\n' \ '{0} under shared network name {1}!'.format(mapping['name'], network['name'])) # There must be one subnet connected to a listen interface. diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index f5117de53..d2769466e 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -94,8 +94,12 @@ shared-network {{ network.name }} { {%- for host in subnet.static_mapping %} {% if not host.disabled -%} host {{ network.name }}_{{ host.name }} { + {%- if host.client_identifier %} host-identifier option dhcp6.client-id {{ host.client_identifier }}; + {%- endif %} + {%- if host.ipv6_address %} fixed-address6 {{ host.ipv6_address }}; + {%- endif %} } {%- endif %} {%- endfor %} @@ -384,7 +388,19 @@ def verify(dhcpv6): raise ConfigError('DHCPv6 prefix {0} is not in subnet {1}\n' \ 'specified for shared network {2}!'.format(prefix['prefix'], subnet['network'], network['name'])) + # Static mappings don't require anything (but check if IP is in subnet if it's set) + for mapping in subnet['static_mapping']: + if mapping['ipv6_address']: + # Static address must be in subnet + if not ipaddress.ip_address(mapping['ipv6_address']) in ipaddress.ip_network(subnet['network']): + raise ConfigError('DHCPv6 static mapping IPv6 address {0} for static mapping {1}\n' \ + 'in shared network {2} is outside subnet {3}!' \ + .format(mapping['ipv6_address'], mapping['name'], network['name'], subnet['network'])) + # DHCPv6 requires at least one configured address range or one static mapping + # (FIXME: is not actually checked right now?) + + # There must be one subnet connected to a listen interface if network is not disabled. if not network['disabled']: if vyos.validate.is_subnet_connected(subnet['network']): listen_ok = True -- cgit v1.2.3