From 427ebbb1e103ff45774bdf79bd5b1cddeff2f686 Mon Sep 17 00:00:00 2001
From: Alex Bukharov <alex.bukharov@innablr.com.au>
Date: Wed, 23 Apr 2025 00:40:06 +1000
Subject: T6773: RFC-2136 support for Kea DHCP4 server (#4153)

---
 .../include/dhcp/ddns-dns-server.xml.i             |  19 +++
 .../include/dhcp/ddns-settings.xml.i               | 172 +++++++++++++++++++++
 interface-definitions/service_dhcp-server.xml.in   | 121 ++++++++++++++-
 3 files changed, 309 insertions(+), 3 deletions(-)
 create mode 100644 interface-definitions/include/dhcp/ddns-dns-server.xml.i
 create mode 100644 interface-definitions/include/dhcp/ddns-settings.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/dhcp/ddns-dns-server.xml.i b/interface-definitions/include/dhcp/ddns-dns-server.xml.i
new file mode 100644
index 000000000..ba9f186d0
--- /dev/null
+++ b/interface-definitions/include/dhcp/ddns-dns-server.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from dhcp/ddns-dns-server.xml.i -->
+<tagNode name="dns-server">
+  <properties>
+    <help>DNS server specification</help>
+    <valueHelp>
+      <format>u32:1-999999</format>
+      <description>Number for this DNS server</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-999999"/>
+    </constraint>
+    <constraintErrorMessage>DNS server number must be between 1 and 999999</constraintErrorMessage>
+  </properties>
+  <children>
+    #include <include/address-ipv4-ipv6-single.xml.i>
+    #include <include/port-number.xml.i>
+  </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/ddns-settings.xml.i b/interface-definitions/include/dhcp/ddns-settings.xml.i
new file mode 100644
index 000000000..3e202685e
--- /dev/null
+++ b/interface-definitions/include/dhcp/ddns-settings.xml.i
@@ -0,0 +1,172 @@
+<!-- include start from dhcp/ddns-settings.xml.i -->
+<leafNode name="send-updates">
+    <properties>
+        <help>Enable or disable updates for this scope</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Enable updates for this scope</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Disable updates for this scope</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="override-client-update">
+    <properties>
+        <help>Always update both forward and reverse DNS data, regardless of the client's request</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Force update both forward and reverse DNS records</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Respect client request settings</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="override-no-update">
+    <properties>
+        <help>Perform a DDNS update, even if the client instructs the server not to</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Force DDNS updates regardless of client request</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Respect client request settings</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="replace-client-name">
+    <properties>
+        <help>Replace client name mode</help>
+        <completionHelp>
+            <list>never always when-present when-not-present</list>
+        </completionHelp>
+        <valueHelp>
+            <format>never</format>
+            <description>Use the name the client sent. If the client sent no name, do not generate
+                one</description>
+        </valueHelp>
+        <valueHelp>
+            <format>always</format>
+            <description>Replace the name the client sent. If the client sent no name, generate one
+                for the client</description>
+        </valueHelp>
+        <valueHelp>
+            <format>when-present</format>
+            <description>Replace the name the client sent. If the client sent no name, do not
+                generate one</description>
+        </valueHelp>
+        <valueHelp>
+            <format>when-not-present</format>
+            <description>Use the name the client sent. If the client sent no name, generate one for
+                the client</description>
+        </valueHelp>
+        <constraint>
+            <regex>(never|always|when-present|when-not-present)</regex>
+        </constraint>
+        <constraintErrorMessage>Invalid replace client name mode</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="generated-prefix">
+    <properties>
+        <help>The prefix used in the generation of an FQDN</help>
+        <constraint>
+            <validator name="fqdn" />
+        </constraint>
+        <constraintErrorMessage>Invalid generated prefix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="qualifying-suffix">
+    <properties>
+        <help>The suffix used when generating an FQDN, or when qualifying a partial name</help>
+        <constraint>
+            <validator name="fqdn" />
+        </constraint>
+        <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="update-on-renew">
+    <properties>
+        <help>Update DNS record on lease renew</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Update DNS record on lease renew</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Do not update DNS record on lease renew</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="conflict-resolution">
+    <properties>
+        <help>DNS conflict resolution behavior</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Enable DNS conflict resolution</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Disable DNS conflict resolution</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="ttl-percent">
+    <properties>
+        <help>Calculate TTL of the DNS record as a percentage of the lease lifetime</help>
+        <constraint>
+            <validator name="numeric" argument="--range 1-100" />
+        </constraint>
+        <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="hostname-char-set">
+    <properties>
+        <help>A regular expression describing the invalid character set in the host name</help>
+    </properties>
+</leafNode>
+<leafNode name="hostname-char-replacement">
+    <properties>
+        <help>A string of zero or more characters with which to replace each invalid character in
+            the host name</help>
+    </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
index c0ab7c048..78f1cea4e 100644
--- a/interface-definitions/service_dhcp-server.xml.in
+++ b/interface-definitions/service_dhcp-server.xml.in
@@ -10,12 +10,111 @@
         </properties>
         <children>
           #include <include/generic-disable-node.xml.i>
-          <leafNode name="dynamic-dns-update">
+          <node name="dynamic-dns-update">
             <properties>
               <help>Dynamically update Domain Name System (RFC4702)</help>
-              <valueless/>
             </properties>
-          </leafNode>
+            <children>
+              #include <include/dhcp/ddns-settings.xml.i>
+              <tagNode name="tsig-key">
+                <properties>
+                  <help>TSIG key definition for DNS updates</help>
+                  <constraint>
+                    #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                  </constraint>
+                  <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, hyphen and underscore</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="algorithm">
+                    <properties>
+                      <help>TSIG key algorithm</help>
+                      <completionHelp>
+                        <list>md5 sha1 sha224 sha256 sha384 sha512</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>md5</format>
+                        <description>MD5 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha1</format>
+                        <description>SHA1 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha224</format>
+                        <description>SHA224 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha256</format>
+                        <description>SHA256 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha384</format>
+                        <description>SHA384 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha512</format>
+                        <description>SHA512 HMAC algorithm</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key algorithm</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="secret">
+                    <properties>
+                      <help>TSIG key secret (base64-encoded)</help>
+                      <constraint>
+                        <validator name="base64"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <tagNode name="forward-domain">
+                <properties>
+                  <help>Forward DNS domain name</help>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid forward DNS domain name</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="key-name">
+                    <properties>
+                      <help>TSIG key name for forward DNS updates</help>
+                      <constraint>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  #include <include/dhcp/ddns-dns-server.xml.i>
+                </children>
+              </tagNode>
+              <tagNode name="reverse-domain">
+                <properties>
+                  <help>Reverse DNS domain name</help>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid reverse DNS domain name</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="key-name">
+                    <properties>
+                      <help>TSIG key name for reverse DNS updates</help>
+                      <constraint>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  #include <include/dhcp/ddns-dns-server.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </node>
           <node name="high-availability">
             <properties>
               <help>DHCP high availability configuration</help>
@@ -105,6 +204,14 @@
               <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage>
             </properties>
             <children>
+              <node name="dynamic-dns-update">
+                <properties>
+                  <help>Dynamically update Domain Name System (RFC4702)</help>
+                </properties>
+                <children>
+                  #include <include/dhcp/ddns-settings.xml.i>
+                </children>
+              </node>
               <leafNode name="authoritative">
                 <properties>
                   <help>Option to make DHCP server authoritative for this physical network</help>
@@ -132,6 +239,14 @@
                   #include <include/dhcp/ping-check.xml.i>
                   #include <include/generic-description.xml.i>
                   #include <include/generic-disable-node.xml.i>
+                  <node name="dynamic-dns-update">
+                    <properties>
+                      <help>Dynamically update Domain Name System (RFC4702)</help>
+                    </properties>
+                    <children>
+                      #include <include/dhcp/ddns-settings.xml.i>
+                    </children>
+                  </node>
                   <leafNode name="exclude">
                     <properties>
                       <help>IP address to exclude from DHCP lease range</help>
-- 
cgit v1.2.3