From 8e2112261c68189c2c78455c3e1f32d7f5447ab9 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Sat, 20 Jan 2024 22:25:06 +0100
Subject: dhcpv6: T3771: Allow installation of routes for delegated prefixes

---
 interface-definitions/service_dhcpv6-server.xml.in | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'interface-definitions')

diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index 07cbfc85d..73ea69cc0 100644
--- a/interface-definitions/service_dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -10,6 +10,12 @@
         <children>
           #include <include/generic-disable-node.xml.i>
           #include <include/listen-interface-multi-broadcast.xml.i>
+          <leafNode name="disable-route-autoinstall">
+            <properties>
+              <help>Do not install routes for delegated prefixes</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <node name="global-parameters">
             <properties>
               <help>Additional global parameters for DHCPv6 server</help>
-- 
cgit v1.2.3


From 7253c8a3d4649e2c253a4d26c8123a65aedd46e7 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Wed, 24 Jan 2024 00:14:52 +0100
Subject: dhcpv6: T3316: Add support for excluded-prefix in prefix delegation

---
 interface-definitions/service_dhcpv6-server.xml.in | 25 ++++++++++++++++++++++
 python/vyos/kea.py                                 | 10 +++++++--
 .../scripts/cli/test_service_dhcpv6-server.py      | 11 +++++++++-
 src/conf_mode/service_dhcpv6-server.py             | 17 +++++++++++++++
 4 files changed, 60 insertions(+), 3 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index 73ea69cc0..28b97a64b 100644
--- a/interface-definitions/service_dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -231,6 +231,31 @@
                               <constraintErrorMessage>Delegated prefix length must be between 32 and 96</constraintErrorMessage>
                             </properties>
                           </leafNode>
+                          <leafNode name="excluded-prefix">
+                            <properties>
+                              <help>IPv6 prefix to be excluded from prefix delegation</help>
+                              <valueHelp>
+                                <format>ipv6</format>
+                                <description>IPv6 prefix excluded from prefix delegation</description>
+                              </valueHelp>
+                              <constraint>
+                                <validator name="ipv6-address"/>
+                              </constraint>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="excluded-prefix-length">
+                            <properties>
+                              <help>Length in bits of excluded prefix</help>
+                              <valueHelp>
+                                <format>u32:33-64</format>
+                                <description>Excluded prefix length (33-128)</description>
+                              </valueHelp>
+                              <constraint>
+                                <validator name="numeric" argument="--range 33-128"/>
+                              </constraint>
+                              <constraintErrorMessage>Prefix length must be between 33 and 128</constraintErrorMessage>
+                            </properties>
+                          </leafNode>
                         </children>
                       </tagNode>
                     </children>
diff --git a/python/vyos/kea.py b/python/vyos/kea.py
index fb5afc2ce..720bebec3 100644
--- a/python/vyos/kea.py
+++ b/python/vyos/kea.py
@@ -237,11 +237,17 @@ def kea6_parse_subnet(subnet, config):
 
         if 'prefix' in config['prefix_delegation']:
             for prefix, pd_conf in config['prefix_delegation']['prefix'].items():
-                pd_pools.append({
+                pd_pool = {
                     'prefix': prefix,
                     'prefix-len': int(pd_conf['prefix_length']),
                     'delegated-len': int(pd_conf['delegated_length'])
-                })
+                }
+
+                if 'excluded_prefix' in pd_conf:
+                    pd_pool['excluded-prefix'] = pd_conf['excluded_prefix']
+                    pd_pool['excluded-prefix-len'] = int(pd_conf['excluded_prefix_length'])
+
+                pd_pools.append(pd_pool)
 
         out['pd-pools'] = pd_pools
 
diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py
index dcce30f55..5a831b8a0 100755
--- a/smoketest/scripts/cli/test_service_dhcpv6-server.py
+++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py
@@ -215,6 +215,7 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
         delegate_start = '2001:db8:ee::'
         delegate_len = '64'
         prefix_len = '56'
+        exclude_len = '66'
 
         pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
         self.cli_set(pool + ['subnet-id', '1'])
@@ -222,6 +223,8 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
         self.cli_set(pool + ['range', '1', 'stop', range_stop])
         self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'delegated-length', delegate_len])
         self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'prefix-length', prefix_len])
+        self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'excluded-prefix', delegate_start])
+        self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'excluded-prefix-length', exclude_len])
 
         # commit changes
         self.cli_commit()
@@ -241,7 +244,13 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
         self.verify_config_object(
                 obj,
                 ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pd-pools'],
-                {'prefix': delegate_start, 'prefix-len': int(prefix_len), 'delegated-len': int(delegate_len)})
+                {
+                    'prefix': delegate_start,
+                    'prefix-len': int(prefix_len),
+                    'delegated-len': int(delegate_len),
+                    'excluded-prefix': delegate_start,
+                    'excluded-prefix-len': int(exclude_len)
+                })
 
         # Check for running process
         self.assertTrue(process_named_running(PROCESS_NAME))
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index 214531904..add83eb0d 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -144,6 +144,23 @@ def verify(dhcpv6):
                     if prefix_config['prefix_length'] > prefix_config['delegated_length']:
                         raise ConfigError('Length of delegated IPv6 prefix must be within parent prefix')
 
+                    if 'excluded_prefix' in prefix_config:
+                        if 'excluded_prefix_length' not in prefix_config:
+                            raise ConfigError('Length of excluded IPv6 prefix must be configured')
+
+                        prefix_len = prefix_config['prefix_length']
+                        prefix_obj = ip_network(f'{prefix}/{prefix_len}')
+
+                        excluded_prefix = prefix_config['excluded_prefix']
+                        excluded_len = prefix_config['excluded_prefix_length']
+                        excluded_obj = ip_network(f'{excluded_prefix}/{excluded_len}')
+
+                        if excluded_len <= prefix_config['delegated_length']:
+                            raise ConfigError('Excluded IPv6 prefix must be smaller than delegated prefix')
+
+                        if not excluded_obj.subnet_of(prefix_obj):
+                            raise ConfigError(f'Excluded prefix "{excluded_prefix}" does not exist in the prefix')
+
             # Static mappings don't require anything (but check if IP is in subnet if it's set)
             if 'static_mapping' in subnet_config:
                 for mapping, mapping_config in subnet_config['static_mapping'].items():
-- 
cgit v1.2.3


From ecfc3495e759b8e79c4cff6e110ae00b0ee81e5c Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 23 Jan 2024 21:05:22 +0100
Subject: dhcp: T3316: Change help text on `listen-interface` to be generic

---
 interface-definitions/include/listen-interface-multi-broadcast.xml.i | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/listen-interface-multi-broadcast.xml.i b/interface-definitions/include/listen-interface-multi-broadcast.xml.i
index b3d5a3ecc..00bd45e6e 100644
--- a/interface-definitions/include/listen-interface-multi-broadcast.xml.i
+++ b/interface-definitions/include/listen-interface-multi-broadcast.xml.i
@@ -1,7 +1,7 @@
 <!-- include start from listen-interface-multi-broadcast.xml.i -->
 <leafNode name="listen-interface">
   <properties>
-    <help>Interface for DHCP Relay Agent to listen for requests</help>
+    <help>Interface to listen on</help>
     <completionHelp>
       <script>${vyos_completion_dir}/list_interfaces --broadcast</script>
     </completionHelp>
-- 
cgit v1.2.3