From 794f193d11c8c1b5fed78f4e40280480446ab593 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 29 Aug 2021 14:29:19 +0200
Subject: xml: add missing "u32:" value declarator on integer ranges

---
 interface-definitions/dhcp-server.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 015500043..bafd6f6a2 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -96,7 +96,7 @@
                     <properties>
                       <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help>
                       <valueHelp>
-                        <format>0-32</format>
+                        <format>u32:0-32</format>
                         <description>DHCP client prefix length must be 0 to 32</description>
                       </valueHelp>
                       <constraint>
-- 
cgit v1.2.3


From a4440bd589db645eb99f343a8163e188a700774c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 21:27:47 +0200
Subject: dhcp-server: T1968: allow multiple static-routes to be configured

vyos@vyos# show service dhcp-server
 shared-network-name LAN {
     subnet 10.0.0.0/24 {
         default-router 10.0.0.1
         dns-server 194.145.150.1
         lease 88
         range 0 {
             start 10.0.0.100
             stop 10.0.0.200
         }
         static-route 192.168.10.0/24 {
             next-hop 10.0.0.2
         }
         static-route 192.168.20.0/24 {
             router 10.0.0.2
         }
     }
 }
---
 data/templates/dhcp-server/dhcpd.conf.tmpl        | 10 ++--
 interface-definitions/dhcp-server.xml.in          | 29 +++++------
 smoketest/scripts/cli/test_service_dhcp-server.py |  3 +-
 src/conf_mode/dhcp_server.py                      |  7 +--
 src/migration-scripts/dhcp-server/5-to-6          | 61 +++++++++++++++++++++++
 5 files changed, 85 insertions(+), 25 deletions(-)
 create mode 100755 src/migration-scripts/dhcp-server/5-to-6

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index f0bfa468c..3ac92d3c9 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -110,9 +110,13 @@ shared-network {{ network | replace('_','-') }} {
 {%           if subnet_config.default_router and subnet_config.default_router is not none %}
 {%             set static_default_route = ', ' + '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %}
 {%           endif %}
-{%           if subnet_config.static_route.router is defined and subnet_config.static_route.router is not none and subnet_config.static_route.destination_subnet is defined and subnet_config.static_route.destination_subnet is not none %}
-        option rfc3442-static-route {{ subnet_config.static_route.destination_subnet | isc_static_route(subnet_config.static_route.router) }}{{ static_default_route }};
-        option windows-static-route {{ subnet_config.static_route.destination_subnet | isc_static_route(subnet_config.static_route.router) }};
+{%           if subnet_config.static_route is defined and subnet_config.static_route is not none %}
+{%           set rfc3442_routes = [] %}
+{%           for route, route_options in subnet_config.static_route.items() %}
+{%             set rfc3442_routes = rfc3442_routes.append(route | isc_static_route(route_options.next_hop)) %}
+{%           endfor %}
+        option rfc3442-static-route {{ rfc3442_routes | join(', ') }}{{ static_default_route }};
+        option windows-static-route {{ rfc3442_routes | join(', ') }};
 {%           endif %}
 {%         endif %}
 {%         if subnet_config.ip_forwarding is defined %}
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index bafd6f6a2..c0f72dd86 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -357,26 +357,21 @@
                       </leafNode>
                     </children>
                   </tagNode>
-                  <node name="static-route">
+                  <tagNode name="static-route">
                     <properties>
-                      <help>Classless static route</help>
+                      <help>Classless static route destination subnet [REQUIRED]</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>IPv4 address and prefix length</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                      </constraint>
                     </properties>
                     <children>
-                      <leafNode name="destination-subnet">
-                        <properties>
-                          <help>Destination subnet [REQUIRED]</help>
-                          <valueHelp>
-                            <format>ipv4net</format>
-                            <description>IPv4 address and prefix length</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-prefix"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="router">
+                      <leafNode name="next-hop">
                         <properties>
-                          <help>IP address of router to be used to reach the destination subnet [REQUIRED]</help>
+                          <help>IP address of router to be used to reach the destination subnet</help>
                           <valueHelp>
                             <format>ipv4</format>
                             <description>IPv4 address of router</description>
@@ -387,7 +382,7 @@
                         </properties>
                       </leafNode>
                     </children>
-                  </node>
+                  </tagNode >
                   <leafNode name="subnet-parameters">
                     <properties>
                       <help>Additional subnet parameters for DHCP server. You must
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 815bd333a..40977bb04 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -123,8 +123,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
         self.cli_set(pool + ['wpad-url', wpad])
         self.cli_set(pool + ['server-identifier', server_identifier])
 
-        self.cli_set(pool + ['static-route', 'destination-subnet', '10.0.0.0/24'])
-        self.cli_set(pool + ['static-route', 'router', '192.0.2.1'])
+        self.cli_set(pool + ['static-route', '10.0.0.0/24', 'next-hop', '192.0.2.1'])
 
         # check validate() - No DHCP address range or active static-mapping set
         with self.assertRaises(ConfigSessionError):
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index cdee72e09..8d6cef8b7 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -159,9 +159,10 @@ def verify(dhcp):
                               'lease subnet must be configured.')
 
         for subnet, subnet_config in network_config['subnet'].items():
-            if 'static_route' in subnet_config and len(subnet_config['static_route']) != 2:
-                raise ConfigError('Missing DHCP static-route parameter(s):\n' \
-                                  'destination-subnet | router must be defined!')
+            if 'static_route' in subnet_config:
+                for route, route_option in subnet_config['static_route'].items():
+                    if 'next_hop' not in route_option:
+                        raise ConfigError(f'DHCP static-route "{route}" requires router to be defined!')
 
             # Check if DHCP address range is inside configured subnet declaration
             if 'range' in subnet_config:
diff --git a/src/migration-scripts/dhcp-server/5-to-6 b/src/migration-scripts/dhcp-server/5-to-6
new file mode 100755
index 000000000..4cd2ec07a
--- /dev/null
+++ b/src/migration-scripts/dhcp-server/5-to-6
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import sys
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+base = ['service', 'dhcp-server', 'shared-network-name']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+    # Nothing to do
+    exit(0)
+
+# Run this for every instance if 'shared-network-name'
+for network in config.list_nodes(base):
+    base_network = base + [network]
+
+    if not config.exists(base_network + ['subnet']):
+        continue
+
+    # Run this for every specified 'subnet'
+    for subnet in config.list_nodes(base_network + ['subnet']):
+        base_subnet = base_network + ['subnet', subnet]
+
+        if config.exists(base_subnet + ['static-route']):
+            prefix = config.return_value(base_subnet + ['static-route', 'destination-subnet'])
+            router = config.return_value(base_subnet + ['static-route', 'router'])
+            config.delete(base_subnet + ['static-route'])
+
+            config.set(base_subnet + ['static-route', prefix, 'next-hop'], value=router)
+            config.set_tag(base_subnet + ['static-route'])
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)
-- 
cgit v1.2.3


From e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 21:48:53 +0200
Subject: dhcp-server: T3838: rename dns-server to name-server node

IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
---
 data/templates/dhcp-server/dhcpd.conf.tmpl         |  4 +--
 interface-definitions/dhcp-server.xml.in           | 14 +-------
 interface-definitions/dhcpv6-server.xml.in         | 42 ++--------------------
 interface-definitions/dns-forwarding.xml.in        | 19 +---------
 .../include/accel-ppp/name-server.xml.i            | 20 -----------
 .../include/name-server-ipv4-ipv6.xml.i            | 20 +++++++++++
 .../include/name-server-ipv4.xml.i                 | 15 ++++++++
 .../include/name-server-ipv6.xml.i                 | 15 ++++++++
 interface-definitions/interfaces-openvpn.xml.in    | 18 +---------
 interface-definitions/service_ipoe-server.xml.in   |  2 +-
 interface-definitions/service_pppoe-server.xml.in  |  2 +-
 interface-definitions/service_router-advert.xml.in | 14 +-------
 interface-definitions/vpn_ipsec.xml.in             |  3 +-
 interface-definitions/vpn_l2tp.xml.in              |  2 +-
 interface-definitions/vpn_openconnect.xml.in       |  2 +-
 interface-definitions/vpn_pptp.xml.in              | 14 +-------
 interface-definitions/vpn_sstp.xml.in              |  2 +-
 smoketest/scripts/cli/test_service_dhcp-server.py  | 16 ++++-----
 src/migration-scripts/dhcp-server/5-to-6           |  7 ++++
 19 files changed, 81 insertions(+), 150 deletions(-)
 delete mode 100644 interface-definitions/include/accel-ppp/name-server.xml.i
 create mode 100644 interface-definitions/include/name-server-ipv4-ipv6.xml.i
 create mode 100644 interface-definitions/include/name-server-ipv4.xml.i
 create mode 100644 interface-definitions/include/name-server-ipv6.xml.i

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 3ac92d3c9..ed39ff4da 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -84,8 +84,8 @@ shared-network {{ network | replace('_','-') }} {
 {%     if network_config.subnet is defined and network_config.subnet is not none %}
 {%       for subnet, subnet_config in network_config.subnet.items() %}
     subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} {
-{%         if subnet_config.dns_server is defined and subnet_config.dns_server is not none %}
-        option domain-name-servers {{ subnet_config.dns_server | join(', ') }};
+{%         if subnet_config.name_server is defined and subnet_config.name_server is not none %}
+        option domain-name-servers {{ subnet_config.name_server | join(', ') }};
 {%         endif %}
 {%         if subnet_config.domain_search is defined and subnet_config.domain_search is not none %}
         option domain-search "{{ subnet_config.domain_search | join('", "') }}";
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index c0f72dd86..3a1eee60e 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -117,19 +117,7 @@
                       </constraint>
                     </properties>
                   </leafNode>
-                  <leafNode name="dns-server">
-                    <properties>
-                      <help>DNS server IPv4 address</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>DNS server IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
+                  #include <include/name-server-ipv4.xml.i>
                   <leafNode name="domain-name">
                     <properties>
                       <help>Client Domain Name</help>
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in
index 95b1e5602..58181872b 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/dhcpv6-server.xml.in
@@ -14,19 +14,7 @@
               <help>Additional global parameters for DHCPv6 server</help>
             </properties>
             <children>
-              <leafNode name="name-server">
-                <properties>
-                  <help>IPv6 address of a Recursive DNS Server</help>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>IPv6 address of DNS name server</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv6-address"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
+              #include <include/name-server-ipv6.xml.i>
             </children>
           </node>
           <leafNode name="preference">
@@ -70,19 +58,7 @@
                     </properties>
                   </leafNode>
                   #include <include/dhcp-server-domain-search.xml.i>
-                  <leafNode name="name-server">
-                    <properties>
-                      <help>IPv6 address of a Recursive DNS Server</help>
-                      <valueHelp>
-                        <format>ipv6</format>
-                        <description>IPv6 address of DNS name server</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv6-address"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
+                  #include <include/name-server-ipv6.xml.i>
                 </children>
               </node>
               <tagNode name="subnet">
@@ -194,19 +170,7 @@
                       </leafNode>
                     </children>
                   </node>
-                  <leafNode name="name-server">
-                    <properties>
-                      <help>IPv6 address of a Recursive DNS Server</help>
-                      <valueHelp>
-                        <format>ipv6</format>
-                        <description>IPv6 address of DNS name server</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv6-address"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
+                  #include <include/name-server-ipv6.xml.i>
                   <leafNode name="nis-domain">
                     <properties>
                       <help>NIS domain name for client to use</help>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 06e45ce1e..33cb6223f 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -148,24 +148,7 @@
                 </properties>
                 <defaultValue>3600</defaultValue>
               </leafNode>
-              <leafNode name="name-server">
-                <properties>
-                  <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>Domain Name Server (DNS) IPv4 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>Domain Name Server (DNS) IPv6 address</description>
-                  </valueHelp>
-                  <multi/>
-                  <constraint>
-                    <validator name="ipv4-address"/>
-                    <validator name="ipv6-address"/>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/name-server-ipv4-ipv6.xml.i>
               <leafNode name="source-address">
                 <properties>
                   <help>Local addresses from which to send DNS queries</help>
diff --git a/interface-definitions/include/accel-ppp/name-server.xml.i b/interface-definitions/include/accel-ppp/name-server.xml.i
deleted file mode 100644
index e744b384f..000000000
--- a/interface-definitions/include/accel-ppp/name-server.xml.i
+++ /dev/null
@@ -1,20 +0,0 @@
-<!-- include start from accel-ppp/name-server.xml.i -->
-<leafNode name="name-server">
-  <properties>
-    <help>Domain Name Server (DNS) propagated to client</help>
-    <valueHelp>
-      <format>ipv4</format>
-      <description>Domain Name Server (DNS) IPv4 address</description>
-    </valueHelp>
-    <valueHelp>
-      <format>ipv6</format>
-      <description>Domain Name Server (DNS) IPv6 address</description>
-    </valueHelp>
-    <constraint>
-      <validator name="ipv4-address"/>
-      <validator name="ipv6-address"/>
-    </constraint>
-    <multi/>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/name-server-ipv4-ipv6.xml.i b/interface-definitions/include/name-server-ipv4-ipv6.xml.i
new file mode 100644
index 000000000..14973234b
--- /dev/null
+++ b/interface-definitions/include/name-server-ipv4-ipv6.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from name-server-ipv4-ipv6.xml.i -->
+<leafNode name="name-server">
+  <properties>
+    <help>Domain Name Servers (DNS) addresses</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Domain Name Server (DNS) IPv4 address</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>Domain Name Server (DNS) IPv6 address</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="ipv6-address"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/name-server-ipv4.xml.i b/interface-definitions/include/name-server-ipv4.xml.i
new file mode 100644
index 000000000..0cf884e03
--- /dev/null
+++ b/interface-definitions/include/name-server-ipv4.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from name-server-ipv4.xml.i -->
+<leafNode name="name-server">
+  <properties>
+    <help>Domain Name Servers (DNS) addresses</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Domain Name Server (DNS) IPv4 address</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/name-server-ipv6.xml.i b/interface-definitions/include/name-server-ipv6.xml.i
new file mode 100644
index 000000000..d4517c4c6
--- /dev/null
+++ b/interface-definitions/include/name-server-ipv6.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from name-server-ipv6.xml.i -->
+<leafNode name="name-server">
+  <properties>
+    <help>Domain Name Servers (DNS) addresses</help>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>Domain Name Server (DNS) IPv6 address</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv6-address"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 3ad367900..2ecac78e2 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -554,23 +554,7 @@
                   </constraint>
                 </properties>
               </leafNode>
-              <leafNode name="name-server">
-                <properties>
-                  <help>Domain Name Server (DNS)</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>DNS server IPv4 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>DNS server IPv6 address</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ip-address"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
+              #include <include/name-server-ipv4-ipv6.xml.i>
               <tagNode name="push-route">
                 <properties>
                   <help>Route to be pushed to all clients</help>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index 7c575ba77..b19acab56 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -111,7 +111,7 @@
               </leafNode>
             </children>
           </tagNode>
-          #include <include/accel-ppp/name-server.xml.i>
+          #include <include/name-server-ipv4-ipv6.xml.i>
           #include <include/accel-ppp/client-ipv6-pool.xml.i>
           <node name="authentication">
             <properties>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index 6fb0bf9f4..188aed6c4 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -59,7 +59,7 @@
             </children>
           </node>
           #include <include/accel-ppp/client-ipv6-pool.xml.i>
-          #include <include/accel-ppp/name-server.xml.i>
+          #include <include/name-server-ipv4-ipv6.xml.i>
           <tagNode name="interface">
             <properties>
               <help>interface(s) to listen on</help>
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index e18b27f1b..0f4009f5c 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -135,19 +135,7 @@
                   </leafNode>
                 </children>
               </node>
-              <leafNode name="name-server">
-                <properties>
-                  <help>IPv6 address of recursive DNS server</help>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>IPv6 address of DNS name server</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv6-address"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
+              #include <include/name-server-ipv6.xml.i>
               <leafNode name="other-config-flag">
                 <properties>
                   <help>Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information</help>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 4120232ea..164ba6618 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -884,8 +884,7 @@
                       </constraint>
                     </properties>
                   </leafNode>
-                  <!-- Include Accel-PPP definition here, maybe time for a rename? -->
-                  #include <include/accel-ppp/name-server.xml.i>
+                  #include <include/name-server-ipv4-ipv6.xml.i>
                 </children>
               </tagNode>
               #include <include/radius-server-ipv4.xml.i>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 6d556d0bb..cbd5e38e7 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -23,7 +23,7 @@
                 </properties>
               </leafNode>
               #include <include/accel-ppp/gateway-address.xml.i>
-              #include <include/accel-ppp/name-server.xml.i>
+              #include <include/name-server-ipv4-ipv6.xml.i>
               <node name="lns">
                 <properties>
                   <help>L2TP Network Server (LNS)</help>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index a33ff67ea..0db5e79d0 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -170,7 +170,7 @@
                   </leafNode>
                 </children>
               </node>
-              #include <include/accel-ppp/name-server.xml.i>
+              #include <include/name-server-ipv4-ipv6.xml.i>
             </children>
           </node>
       </children>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index dab317f68..0d1690013 100644
--- a/interface-definitions/vpn_pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -22,19 +22,7 @@
                   </constraint>
                 </properties>
               </leafNode>
-              <leafNode name="name-server">
-                <properties>
-                  <help>Domain Name Server (DNS) propagated to client</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                    <description>Domain Name Server (DNS) IPv4 address</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-address"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
+              #include <include/name-server-ipv4.xml.i>
               #include <include/accel-ppp/wins-server.xml.i>
               <node name="client-ip-pool">
                 <properties>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index 5cd331d7f..9901a0cdf 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -27,7 +27,7 @@
           </node>
           #include <include/interface/mtu-68-1500.xml.i>
           #include <include/accel-ppp/gateway-address.xml.i>
-          #include <include/accel-ppp/name-server.xml.i>
+          #include <include/name-server-ipv4-ipv6.xml.i>
           <node name="client-ip-pool">
             <properties>
               <help>Client IP pools and gateway setting</help>
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 40977bb04..37e016778 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2021 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -59,8 +59,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
         pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
         # we use the first subnet IP address as default gateway
         self.cli_set(pool + ['default-router', router])
-        self.cli_set(pool + ['dns-server', dns_1])
-        self.cli_set(pool + ['dns-server', dns_2])
+        self.cli_set(pool + ['name-server', dns_1])
+        self.cli_set(pool + ['name-server', dns_2])
         self.cli_set(pool + ['domain-name', domain_name])
 
         # check validate() - No DHCP address range or active static-mapping set
@@ -108,8 +108,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
         pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
         # we use the first subnet IP address as default gateway
         self.cli_set(pool + ['default-router', router])
-        self.cli_set(pool + ['dns-server', dns_1])
-        self.cli_set(pool + ['dns-server', dns_2])
+        self.cli_set(pool + ['name-server', dns_1])
+        self.cli_set(pool + ['name-server', dns_2])
         self.cli_set(pool + ['domain-name', domain_name])
         self.cli_set(pool + ['ip-forwarding'])
         self.cli_set(pool + ['smtp-server', smtp_server])
@@ -201,8 +201,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
         pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
         # we use the first subnet IP address as default gateway
         self.cli_set(pool + ['default-router', router])
-        self.cli_set(pool + ['dns-server', dns_1])
-        self.cli_set(pool + ['dns-server', dns_2])
+        self.cli_set(pool + ['name-server', dns_1])
+        self.cli_set(pool + ['name-server', dns_2])
         self.cli_set(pool + ['domain-name', domain_name])
 
         # check validate() - No DHCP address range or active static-mapping set
@@ -261,7 +261,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
             pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
             # we use the first subnet IP address as default gateway
             self.cli_set(pool + ['default-router', router])
-            self.cli_set(pool + ['dns-server', dns_1])
+            self.cli_set(pool + ['name-server', dns_1])
             self.cli_set(pool + ['domain-name', domain_name])
             self.cli_set(pool + ['lease', lease_time])
 
diff --git a/src/migration-scripts/dhcp-server/5-to-6 b/src/migration-scripts/dhcp-server/5-to-6
index 4cd2ec07a..7f447ac17 100755
--- a/src/migration-scripts/dhcp-server/5-to-6
+++ b/src/migration-scripts/dhcp-server/5-to-6
@@ -14,6 +14,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+# T1968: allow multiple static-routes to be configured
+# T3838: rename dns-server -> name-server
 
 import sys
 from vyos.configtree import ConfigTree
@@ -45,6 +47,7 @@ for network in config.list_nodes(base):
     for subnet in config.list_nodes(base_network + ['subnet']):
         base_subnet = base_network + ['subnet', subnet]
 
+        # T1968: allow multiple static-routes to be configured
         if config.exists(base_subnet + ['static-route']):
             prefix = config.return_value(base_subnet + ['static-route', 'destination-subnet'])
             router = config.return_value(base_subnet + ['static-route', 'router'])
@@ -53,6 +56,10 @@ for network in config.list_nodes(base):
             config.set(base_subnet + ['static-route', prefix, 'next-hop'], value=router)
             config.set_tag(base_subnet + ['static-route'])
 
+        # T3838: rename dns-server -> name-server
+        if config.exists(base_subnet + ['dns-server']):
+            config.rename(base_subnet + ['dns-server'], 'name-server')
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())
-- 
cgit v1.2.3


From 564f05614b6e8650185c46b9625f6a0cd9661639 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 22:01:57 +0200
Subject: dhcp-server: xml: use description building block

---
 interface-definitions/dhcp-server.xml.in | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 3a1eee60e..5db46a0c4 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -53,11 +53,7 @@
                   <valueless/>
                 </properties>
               </leafNode>
-              <leafNode name="description">
-                <properties>
-                  <help>Shared-network-name description</help>
-                </properties>
-              </leafNode>
+              #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
               <leafNode name="shared-network-parameters">
                 <properties>
-- 
cgit v1.2.3


From d411a40a3598c55fae7abd8bc5f1876007aa704b Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 22:09:05 +0200
Subject: dhcp-server: T3839: support name-servers and domain config per
 shared-network

DHCP servers "shared-network" level only makes sense if one can specify
configuration items that can be inherited by individual subnets. This is now
possible for name-servers and the domain-name.

set service dhcp-server shared-network-name LAN domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
---
 data/templates/dhcp-server/dhcpd.conf.tmpl           |  6 ++++++
 interface-definitions/dhcp-server.xml.in             | 12 +++---------
 interface-definitions/include/dhcp-domain-name.xml.i | 11 +++++++++++
 3 files changed, 20 insertions(+), 9 deletions(-)
 create mode 100644 interface-definitions/include/dhcp-domain-name.xml.i

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index ed39ff4da..108c9cc85 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -74,6 +74,12 @@ shared-network {{ network | replace('_','-') }} {
 {%     if network_config.authoritative is defined %}
     authoritative;
 {%     endif %}
+{%     if network_config.name_server is defined and network_config.name_server is not none %}
+    option domain-name-servers {{ network_config.name_server | join(', ') }};
+{%     endif %}
+{%     if network_config.domain_name is defined and network_config.domain_name is not none %}
+    option domain-name "{{ network_config.domain_name }}";
+{%     endif %}
 {%     if network_config.shared_network_parameters is defined and network_config.shared_network_parameters is not none %}
     # The following {{ network_config.shared_network_parameters | length }} line(s)
     # were added as shared-network-parameters in the CLI and have not been validated
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 5db46a0c4..e629d96ab 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -53,6 +53,8 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              #include <include/dhcp-domain-name.xml.i>
+              #include <include/name-server-ipv4.xml.i>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
               <leafNode name="shared-network-parameters">
@@ -114,15 +116,7 @@
                     </properties>
                   </leafNode>
                   #include <include/name-server-ipv4.xml.i>
-                  <leafNode name="domain-name">
-                    <properties>
-                      <help>Client Domain Name</help>
-                      <constraint>
-                        <validator name="fqdn"/>
-                      </constraint>
-                      <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
-                    </properties>
-                  </leafNode>
+                  #include <include/dhcp-domain-name.xml.i>
                   #include <include/dhcp-server-domain-search.xml.i>
                   <leafNode name="exclude">
                     <properties>
diff --git a/interface-definitions/include/dhcp-domain-name.xml.i b/interface-definitions/include/dhcp-domain-name.xml.i
new file mode 100644
index 000000000..eb95596da
--- /dev/null
+++ b/interface-definitions/include/dhcp-domain-name.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from dhcp-domain-name.xml.i -->
+<leafNode name="domain-name">
+  <properties>
+    <help>Client Domain Name</help>
+    <constraint>
+      <validator name="fqdn"/>
+    </constraint>
+    <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
-- 
cgit v1.2.3


From a8ccf72c222caad8cd7aaca9bca773be39e87f5c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Sep 2021 10:51:15 +0200
Subject: dhcp-server: T3672: only one failover peer is supported

---
 data/templates/dhcp-server/dhcpd.conf.tmpl | 37 ++++-------
 interface-definitions/dhcp-server.xml.in   | 98 ++++++++++++++----------------
 src/conf_mode/dhcp_server.py               | 36 +++++------
 src/migration-scripts/dhcp-server/5-to-6   | 25 ++++++--
 4 files changed, 97 insertions(+), 99 deletions(-)

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 108c9cc85..54fff3ded 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -31,32 +31,25 @@ option wpad-url code 252 = text;
 {%   endfor %}
 
 {% endif %}
-{% if shared_network_name is defined and shared_network_name is not none %}
-{%   for network, network_config in shared_network_name.items() if network_config.disable is not defined %}
-{%     if network_config.subnet is defined and network_config.subnet is not none %}
-{%       for subnet, subnet_config in network_config.subnet.items() %}
-{%         if subnet_config.failover is defined and subnet_config.failover is defined and subnet_config.failover.name is defined and subnet_config.failover.name is not none %}
-# Failover configuration for {{ subnet }}
-failover peer "{{ subnet_config.failover.name }}" {
-{%           if subnet_config.failover.status == 'primary' %}
+{% if failover is defined and failover is not none %}
+{%   set dhcp_failover_name = 'VyOS-DHCP-failover-peer' %}
+# DHCP failover configuration
+failover peer "{{ dhcp_failover_name }}" {
+{%   if failover.status == 'primary' %}
     primary;
     mclt 1800;
     split 128;
-{%           elif subnet_config.failover.status == 'secondary' %}
+{%   elif failover.status == 'secondary' %}
     secondary;
-{%           endif %}
-    address {{ subnet_config.failover.local_address }};
+{%   endif %}
+    address {{ failover.source_address }};
     port 520;
-    peer address {{ subnet_config.failover.peer_address }};
+    peer address {{ failover.remote }};
     peer port 520;
     max-response-delay 30;
     max-unacked-updates 10;
     load balance max seconds 3;
 }
-{%         endif %}
-{%       endfor %}
-{%     endif %}
-{%   endfor %}
 {% endif %}
 {% if listen_address is defined and listen_address is not none %}
 
@@ -184,23 +177,17 @@ shared-network {{ network | replace('_','-') }} {
         }
 {%           endfor %}
 {%         endif %}
-{%         if subnet_config.failover is defined and subnet_config.failover.name is defined and subnet_config.failover.name is not none %}
         pool {
-            failover peer "{{ subnet_config.failover.name }}";
+{%         if subnet_config.enable_failover is defined %}
+            failover peer "{{ dhcp_failover_name }}";
             deny dynamic bootp clients;
+{%         endif %}
 {%           if subnet_config.range is defined and subnet_config.range is not none %}
 {%             for range, range_options in subnet_config.range.items() %}
             range {{ range_options.start }} {{ range_options.stop }};
 {%             endfor %}
 {%           endif %}
         }
-{%         else %}
-{%           if subnet_config.range is defined and subnet_config.range is not none %}
-{%             for range, range_options in subnet_config.range.items() %}
-        range {{ range_options.start }} {{ range_options.stop }};
-{%             endfor %}
-{%           endif %}
-{%         endif %}
     }
 {%       endfor %}
 {%     endif %}
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index e629d96ab..960b8a4f0 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -16,6 +16,46 @@
               <valueless/>
             </properties>
           </leafNode>
+          <node name="failover">
+            <properties>
+              <help>DHCP failover configuration</help>
+            </properties>
+            <children>
+              #include <include/source-address-ipv4.xml.i>
+              <leafNode name="remote">
+                <properties>
+                  <help>IPv4 remote address used for connectio</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IPv4 address of failover peer</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="status">
+                <properties>
+                  <help>Failover hierarchy</help>
+                  <completionHelp>
+                    <list>primary secondary</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>primary</format>
+                    <description>Configure this server to be the primary node</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>secondary</format>
+                    <description>Configure this server to be the secondary node</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>^(primary|secondary)$</regex>
+                  </constraint>
+                  <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <leafNode name="global-parameters">
             <properties>
               <help>Additional global parameters for DHCP server. You must
@@ -118,6 +158,12 @@
                   #include <include/name-server-ipv4.xml.i>
                   #include <include/dhcp-domain-name.xml.i>
                   #include <include/dhcp-server-domain-search.xml.i>
+                  <leafNode name="enable-failover">
+                    <properties>
+                      <help>Enable DHCP failover support for this subnet</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
                   <leafNode name="exclude">
                     <properties>
                       <help>IP address to exclude from DHCP lease range</help>
@@ -131,58 +177,6 @@
                       <multi/>
                     </properties>
                   </leafNode>
-                  <node name="failover">
-                    <properties>
-                      <help>DHCP failover parameters</help>
-                    </properties>
-                    <children>
-                      <leafNode name="local-address">
-                        <properties>
-                          <help>IP address for failover peer to connect [REQUIRED]</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address to exclude from lease range</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="name">
-                        <properties>
-                          <help>DHCP failover peer name [REQUIRED]</help>
-                          <constraint>
-                            <regex>[-_a-zA-Z0-9.]+</regex>
-                          </constraint>
-                          <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="peer-address">
-                        <properties>
-                          <help>IP address of failover peer [REQUIRED]</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address of failover peer</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="status">
-                        <properties>
-                          <help>DHCP failover peer status (primary|secondary) [REQUIRED]</help>
-                          <completionHelp>
-                            <list>primary secondary</list>
-                          </completionHelp>
-                          <constraint>
-                            <regex>^(primary|secondary)$</regex>
-                          </constraint>
-                          <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
                   <leafNode name="ip-forwarding">
                     <properties>
                       <help>Enable IP forwarding on client</help>
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 8d6cef8b7..5b3809017 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -148,9 +148,9 @@ def verify(dhcp):
                           'At least one DHCP shared network must be configured.')
 
     # Inspect shared-network/subnet
-    failover_names = []
     listen_ok = False
     subnets = []
+    failover_ok = False
 
     # A shared-network requires a subnet definition
     for network, network_config in dhcp['shared_network_name'].items():
@@ -159,11 +159,19 @@ def verify(dhcp):
                               'lease subnet must be configured.')
 
         for subnet, subnet_config in network_config['subnet'].items():
+            # All delivered static routes require a next-hop to be set
             if 'static_route' in subnet_config:
                 for route, route_option in subnet_config['static_route'].items():
                     if 'next_hop' not in route_option:
                         raise ConfigError(f'DHCP static-route "{route}" requires router to be defined!')
 
+            # DHCP failover needs at least one subnet that uses it
+            if 'enable_failover' in subnet_config:
+                if 'failover' not in dhcp:
+                    raise ConfigError(f'Can not enable failover for "{subnet}" in "{network}".\n' \
+                                      'Failover is not configured globally!')
+                failover_ok = True
+
             # Check if DHCP address range is inside configured subnet declaration
             if 'range' in subnet_config:
                 networks = []
@@ -192,23 +200,6 @@ def verify(dhcp):
                     tmp = IPRange(range_config['start'], range_config['stop'])
                     networks.append(tmp)
 
-            if 'failover' in subnet_config:
-                for key in ['local_address', 'peer_address', 'name', 'status']:
-                    if key not in subnet_config['failover']:
-                        raise ConfigError(f'Missing DHCP failover parameter "{key}"!')
-
-                # Failover names must be uniquie
-                if subnet_config['failover']['name'] in failover_names:
-                    name = subnet_config['failover']['name']
-                    raise ConfigError(f'DHCP failover names must be unique:\n' \
-                                      f'{name} has already been configured!')
-                failover_names.append(subnet_config['failover']['name'])
-
-                # Failover requires start/stop ranges for pool
-                if 'range' not in subnet_config:
-                    raise ConfigError(f'DHCP failover requires at least one start-stop range to be configured\n'\
-                                      f'within shared-network "{network}, {subnet}" for using failover!')
-
             # Exclude addresses must be in bound
             if 'exclude' in subnet_config:
                 for exclude in subnet_config['exclude']:
@@ -252,6 +243,15 @@ def verify(dhcp):
                     if net.overlaps(net2):
                         raise ConfigError('Conflicting subnet ranges: "{net}" overlaps "{net2}"!')
 
+    if 'failover' in dhcp:
+        if not failover_ok:
+            raise ConfigError('DHCP failover must be enabled for at least one subnet!')
+
+        for key in ['source_address', 'remote', 'status']:
+            if key not in dhcp['failover']:
+                tmp = key.replace('_', '-')
+                raise ConfigError(f'DHCP failover requires "{tmp}" to be specified!')
+
     for address in (dict_search('listen_address', dhcp) or []):
         if is_addr_assigned(address):
             listen_ok = True
diff --git a/src/migration-scripts/dhcp-server/5-to-6 b/src/migration-scripts/dhcp-server/5-to-6
index 7f447ac17..39bbb9f50 100755
--- a/src/migration-scripts/dhcp-server/5-to-6
+++ b/src/migration-scripts/dhcp-server/5-to-6
@@ -29,16 +29,16 @@ file_name = sys.argv[1]
 with open(file_name, 'r') as f:
     config_file = f.read()
 
-base = ['service', 'dhcp-server', 'shared-network-name']
+base = ['service', 'dhcp-server']
 config = ConfigTree(config_file)
 
-if not config.exists(base):
+if not config.exists(base + ['shared-network-name']):
     # Nothing to do
     exit(0)
 
 # Run this for every instance if 'shared-network-name'
-for network in config.list_nodes(base):
-    base_network = base + [network]
+for network in config.list_nodes(base + ['shared-network-name']):
+    base_network = base + ['shared-network-name', network]
 
     if not config.exists(base_network + ['subnet']):
         continue
@@ -60,6 +60,23 @@ for network in config.list_nodes(base):
         if config.exists(base_subnet + ['dns-server']):
             config.rename(base_subnet + ['dns-server'], 'name-server')
 
+
+        # T3672: ISC DHCP server only supports one failover peer
+        if config.exists(base_subnet + ['failover']):
+            # There can only be one failover configuration, if none is present
+            # we add the first one
+            if not config.exists(base + ['failover']):
+                local = config.return_value(base_subnet + ['failover', 'local-address'])
+                remote = config.return_value(base_subnet + ['failover', 'peer-address'])
+                status = config.return_value(base_subnet + ['failover', 'status'])
+
+                config.set(base + ['failover', 'remote'], value=remote)
+                config.set(base + ['failover', 'source-address'], value=local)
+                config.set(base + ['failover', 'status'], value=status)
+
+            config.delete(base_subnet + ['failover'])
+            config.set(base_subnet + ['enable-failover'])
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())
-- 
cgit v1.2.3


From 83ea0cb273e29db22062cc133b6eabd4ba2761c7 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Sep 2021 11:14:43 +0200
Subject: dhcp-server: T3841: add option to perform ICMP check before address
 assignment

---
 data/templates/dhcp-server/dhcpd.conf.tmpl          | 6 ++++++
 interface-definitions/dhcp-server.xml.in            | 2 ++
 interface-definitions/include/dhcp-ping-check.xml.i | 8 ++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 interface-definitions/include/dhcp-ping-check.xml.i

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 54fff3ded..c71934426 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -73,6 +73,9 @@ shared-network {{ network | replace('_','-') }} {
 {%     if network_config.domain_name is defined and network_config.domain_name is not none %}
     option domain-name "{{ network_config.domain_name }}";
 {%     endif %}
+{%     if network_config.ping_check is defined %}
+    ping-check true;
+{%     endif %}
 {%     if network_config.shared_network_parameters is defined and network_config.shared_network_parameters is not none %}
     # The following {{ network_config.shared_network_parameters | length }} line(s)
     # were added as shared-network-parameters in the CLI and have not been validated
@@ -160,6 +163,9 @@ shared-network {{ network | replace('_','-') }} {
         default-lease-time {{ subnet_config.lease }};
         max-lease-time {{ subnet_config.lease }};
 {%         endif %}
+{%         if network_config.ping_check is not defined and subnet_config.ping_check is defined %}
+        ping-check true;
+{%         endif %}
 {%         if subnet_config.static_mapping is defined and subnet_config.static_mapping is not none %}
 {%           for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not defined %}
         host {{ host | replace('_','-') if host_decl_name is defined else network | replace('_','-') + '_' + host | replace('_','-') }} {
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 960b8a4f0..7ff777c43 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -94,6 +94,7 @@
                 </properties>
               </leafNode>
               #include <include/dhcp-domain-name.xml.i>
+              #include <include/dhcp-ping-check.xml.i>
               #include <include/name-server-ipv4.xml.i>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
@@ -210,6 +211,7 @@
                       <multi/>
                     </properties>
                   </leafNode>
+                  #include <include/dhcp-ping-check.xml.i>
                   <leafNode name="pop-server">
                     <properties>
                       <help>IP address of POP3 server</help>
diff --git a/interface-definitions/include/dhcp-ping-check.xml.i b/interface-definitions/include/dhcp-ping-check.xml.i
new file mode 100644
index 000000000..0b2a1214a
--- /dev/null
+++ b/interface-definitions/include/dhcp-ping-check.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from dhcp-ping-check.xml.i -->
+<leafNode name="ping-check">
+  <properties>
+    <help>Sends ICMP Echo request to the address being assigned</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<!-- include end -->
-- 
cgit v1.2.3


From 59e5b5eb4c0507f9d3831483152a748b58560bfd Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Sep 2021 11:31:01 +0200
Subject: xml: dhcp-server: move building blocks to dhcp subdirectory

---
 interface-definitions/dhcp-server.xml.in                     | 10 +++++-----
 interface-definitions/dhcpv6-server.xml.in                   |  4 ++--
 interface-definitions/include/dhcp-domain-name.xml.i         | 11 -----------
 interface-definitions/include/dhcp-ping-check.xml.i          |  8 --------
 .../include/dhcp-server-domain-search.xml.i                  | 12 ------------
 interface-definitions/include/dhcp/domain-name.xml.i         | 11 +++++++++++
 interface-definitions/include/dhcp/domain-search.xml.i       | 12 ++++++++++++
 interface-definitions/include/dhcp/ping-check.xml.i          |  8 ++++++++
 8 files changed, 38 insertions(+), 38 deletions(-)
 delete mode 100644 interface-definitions/include/dhcp-domain-name.xml.i
 delete mode 100644 interface-definitions/include/dhcp-ping-check.xml.i
 delete mode 100644 interface-definitions/include/dhcp-server-domain-search.xml.i
 create mode 100644 interface-definitions/include/dhcp/domain-name.xml.i
 create mode 100644 interface-definitions/include/dhcp/domain-search.xml.i
 create mode 100644 interface-definitions/include/dhcp/ping-check.xml.i

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 7ff777c43..4551d75a9 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -93,8 +93,8 @@
                   <valueless/>
                 </properties>
               </leafNode>
-              #include <include/dhcp-domain-name.xml.i>
-              #include <include/dhcp-ping-check.xml.i>
+              #include <include/dhcp/domain-name.xml.i>
+              #include <include/dhcp/ping-check.xml.i>
               #include <include/name-server-ipv4.xml.i>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
@@ -157,8 +157,8 @@
                     </properties>
                   </leafNode>
                   #include <include/name-server-ipv4.xml.i>
-                  #include <include/dhcp-domain-name.xml.i>
-                  #include <include/dhcp-server-domain-search.xml.i>
+                  #include <include/dhcp/domain-name.xml.i>
+                  #include <include/dhcp/domain-search.xml.i>
                   <leafNode name="enable-failover">
                     <properties>
                       <help>Enable DHCP failover support for this subnet</help>
@@ -211,7 +211,7 @@
                       <multi/>
                     </properties>
                   </leafNode>
-                  #include <include/dhcp-ping-check.xml.i>
+                  #include <include/dhcp/ping-check.xml.i>
                   <leafNode name="pop-server">
                     <properties>
                       <help>IP address of POP3 server</help>
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in
index 18aa53fb8..fb96571f5 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/dhcpv6-server.xml.in
@@ -58,7 +58,7 @@
                       </constraint>
                     </properties>
                   </leafNode>
-                  #include <include/dhcp-server-domain-search.xml.i>
+                  #include <include/dhcp/domain-search.xml.i>
                   #include <include/name-server-ipv6.xml.i>
                 </children>
               </node>
@@ -127,7 +127,7 @@
                       </tagNode>
                     </children>
                   </node>
-                  #include <include/dhcp-server-domain-search.xml.i>
+                  #include <include/dhcp/domain-search.xml.i>
                   <node name="lease-time">
                     <properties>
                       <help>Parameters relating to the lease time</help>
diff --git a/interface-definitions/include/dhcp-domain-name.xml.i b/interface-definitions/include/dhcp-domain-name.xml.i
deleted file mode 100644
index eb95596da..000000000
--- a/interface-definitions/include/dhcp-domain-name.xml.i
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- include start from dhcp-domain-name.xml.i -->
-<leafNode name="domain-name">
-  <properties>
-    <help>Client Domain Name</help>
-    <constraint>
-      <validator name="fqdn"/>
-    </constraint>
-    <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/dhcp-ping-check.xml.i b/interface-definitions/include/dhcp-ping-check.xml.i
deleted file mode 100644
index 0b2a1214a..000000000
--- a/interface-definitions/include/dhcp-ping-check.xml.i
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- include start from dhcp-ping-check.xml.i -->
-<leafNode name="ping-check">
-  <properties>
-    <help>Sends ICMP Echo request to the address being assigned</help>
-    <valueless/>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/dhcp-server-domain-search.xml.i b/interface-definitions/include/dhcp-server-domain-search.xml.i
deleted file mode 100644
index 4fc55097b..000000000
--- a/interface-definitions/include/dhcp-server-domain-search.xml.i
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- include start from dhcp-server-domain-search.xml.i -->
-<leafNode name="domain-search">
-  <properties>
-    <help>Client Domain Name search list</help>
-    <constraint>
-      <validator name="fqdn"/>
-    </constraint>
-     <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore.</constraintErrorMessage>
-    <multi/>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/dhcp/domain-name.xml.i b/interface-definitions/include/dhcp/domain-name.xml.i
new file mode 100644
index 000000000..410e27d29
--- /dev/null
+++ b/interface-definitions/include/dhcp/domain-name.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from dhcp/domain-name.xml.i -->
+<leafNode name="domain-name">
+  <properties>
+    <help>Client Domain Name</help>
+    <constraint>
+      <validator name="fqdn"/>
+    </constraint>
+    <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/domain-search.xml.i b/interface-definitions/include/dhcp/domain-search.xml.i
new file mode 100644
index 000000000..bcc8fcd12
--- /dev/null
+++ b/interface-definitions/include/dhcp/domain-search.xml.i
@@ -0,0 +1,12 @@
+<!-- include start from dhcp/domain-search.xml.i -->
+<leafNode name="domain-search">
+  <properties>
+    <help>Client Domain Name search list</help>
+    <constraint>
+      <validator name="fqdn"/>
+    </constraint>
+     <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore.</constraintErrorMessage>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i
new file mode 100644
index 000000000..a506f68e4
--- /dev/null
+++ b/interface-definitions/include/dhcp/ping-check.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from dhcp/ping-check.xml.i -->
+<leafNode name="ping-check">
+  <properties>
+    <help>Sends ICMP Echo request to the address being assigned</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<!-- include end -->
-- 
cgit v1.2.3


From 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 19 Sep 2021 11:32:04 +0200
Subject: dhcp-server: T3672: re-add missing "name" CLI option

This option is mandatory and must be user configurable as it needs to match
on both sides.
---
 data/templates/dhcp-server/dhcpd.conf.tmpl | 5 ++---
 interface-definitions/dhcp-server.xml.in   | 9 +++++++++
 src/conf_mode/dhcp_server.py               | 2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index c71934426..790f57bbb 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -32,9 +32,8 @@ option wpad-url code 252 = text;
 
 {% endif %}
 {% if failover is defined and failover is not none %}
-{%   set dhcp_failover_name = 'VyOS-DHCP-failover-peer' %}
 # DHCP failover configuration
-failover peer "{{ dhcp_failover_name }}" {
+failover peer "{{ failover.name }}" {
 {%   if failover.status == 'primary' %}
     primary;
     mclt 1800;
@@ -185,7 +184,7 @@ shared-network {{ network | replace('_','-') }} {
 {%         endif %}
         pool {
 {%         if subnet_config.enable_failover is defined %}
-            failover peer "{{ dhcp_failover_name }}";
+            failover peer "{{ failover.name }}";
             deny dynamic bootp clients;
 {%         endif %}
 {%           if subnet_config.range is defined and subnet_config.range is not none %}
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 4551d75a9..2707ce96d 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -34,6 +34,15 @@
                   </constraint>
                 </properties>
               </leafNode>
+              <leafNode name="name">
+                <properties>
+                  <help>Peer name used to identify connection</help>
+                  <constraint>
+                    <regex>[-_a-zA-Z0-9.]+</regex>
+                  </constraint>
+                  <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage>
+                </properties>
+              </leafNode>
               <leafNode name="status">
                 <properties>
                   <help>Failover hierarchy</help>
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 5b3809017..28f2a4ca5 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -247,7 +247,7 @@ def verify(dhcp):
         if not failover_ok:
             raise ConfigError('DHCP failover must be enabled for at least one subnet!')
 
-        for key in ['source_address', 'remote', 'status']:
+        for key in ['name', 'remote', 'source_address', 'status']:
             if key not in dhcp['failover']:
                 tmp = key.replace('_', '-')
                 raise ConfigError(f'DHCP failover requires "{tmp}" to be specified!')
-- 
cgit v1.2.3


From 689d1824d251ea9fbd81bf0c941dbd36e33ef420 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 21 Sep 2021 20:01:21 +0200
Subject: dhcp-server: T3839: support domain-search and ntp-server config per
 shared-network

---
 data/templates/dhcp-server/dhcpd.conf.tmpl          | 12 +++++++++---
 interface-definitions/dhcp-server.xml.in            | 21 ++++++---------------
 interface-definitions/include/dhcp/ntp-server.xml.i | 15 +++++++++++++++
 3 files changed, 30 insertions(+), 18 deletions(-)
 create mode 100644 interface-definitions/include/dhcp/ntp-server.xml.i

(limited to 'interface-definitions/dhcp-server.xml.in')

diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index d774b4827..003c585dd 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -72,6 +72,12 @@ shared-network {{ network | replace('_','-') }} {
 {%     if network_config.domain_name is defined and network_config.domain_name is not none %}
     option domain-name "{{ network_config.domain_name }}";
 {%     endif %}
+{%     if network_config.domain_search is defined and network_config.domain_search is not none %}
+    option domain-search "{{ network_config.domain_search | join('", "') }}";
+{%     endif %}
+{%     if network_config.ntp_server is defined and network_config.ntp_server is not none %}
+    option ntp-servers {{ network_config.ntp_server | join(', ') }};
+{%     endif %}
 {%     if network_config.ping_check is defined %}
     ping-check true;
 {%     endif %}
@@ -88,6 +94,9 @@ shared-network {{ network | replace('_','-') }} {
 {%         if subnet_config.name_server is defined and subnet_config.name_server is not none %}
         option domain-name-servers {{ subnet_config.name_server | join(', ') }};
 {%         endif %}
+{%         if subnet_config.domain_name is defined and subnet_config.domain_name is not none %}
+        option domain-name "{{ subnet_config.domain_name }}";
+{%         endif %}
 {%         if subnet_config.domain_search is defined and subnet_config.domain_search is not none %}
         option domain-search "{{ subnet_config.domain_search | join('", "') }}";
 {%         endif %}
@@ -129,9 +138,6 @@ shared-network {{ network | replace('_','-') }} {
 {%         if subnet_config.server_identifier is defined and subnet_config.server_identifier is not none %}
         option dhcp-server-identifier {{ subnet_config.server_identifier }};
 {%         endif %}
-{%         if subnet_config.domain_name is defined and subnet_config.domain_name is not none %}
-        option domain-name "{{ subnet_config.domain_name }}";
-{%         endif %}
 {%         if subnet_config.subnet_parameters is defined and subnet_config.subnet_parameters is not none %}
         # The following {{ subnet_config.subnet_parameters | length }} line(s) were added as
         # subnet-parameters in the CLI and have not been validated!!!
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 2707ce96d..47bdc4db1 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -103,10 +103,12 @@
                 </properties>
               </leafNode>
               #include <include/dhcp/domain-name.xml.i>
+              #include <include/dhcp/domain-search.xml.i>
+              #include <include/dhcp/ntp-server.xml.i>
               #include <include/dhcp/ping-check.xml.i>
-              #include <include/name-server-ipv4.xml.i>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
+              #include <include/name-server-ipv4.xml.i>
               <leafNode name="shared-network-parameters">
                 <properties>
                   <help>Additional shared-network parameters for DHCP server.
@@ -165,9 +167,10 @@
                       </constraint>
                     </properties>
                   </leafNode>
-                  #include <include/name-server-ipv4.xml.i>
                   #include <include/dhcp/domain-name.xml.i>
                   #include <include/dhcp/domain-search.xml.i>
+                  #include <include/generic-description.xml.i>
+                  #include <include/name-server-ipv4.xml.i>
                   <leafNode name="enable-failover">
                     <properties>
                       <help>Enable DHCP failover support for this subnet</help>
@@ -207,19 +210,7 @@
                     </properties>
                     <defaultValue>86400</defaultValue>
                   </leafNode>
-                  <leafNode name="ntp-server">
-                    <properties>
-                      <help>IP address of NTP server</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>NTP server IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
+                  #include <include/dhcp/ntp-server.xml.i>
                   #include <include/dhcp/ping-check.xml.i>
                   <leafNode name="pop-server">
                     <properties>
diff --git a/interface-definitions/include/dhcp/ntp-server.xml.i b/interface-definitions/include/dhcp/ntp-server.xml.i
new file mode 100644
index 000000000..32d8207e5
--- /dev/null
+++ b/interface-definitions/include/dhcp/ntp-server.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from dhcp/ntp-server.xml.i -->
+                  <leafNode name="ntp-server">
+                    <properties>
+                      <help>IP address of NTP server</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>NTP server IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+<!-- include end -->
-- 
cgit v1.2.3