diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 0f0c622d4..13272ade3 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -1,231 +1,238 @@
### Autogenerated by dhcp_server.py ###
# For options please consult the following website:
# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
#
# log-facility local7;
{% if hostfile_update is defined %}
on release {
set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name);
set ClientIp = binary-to-ascii(10, 8, ".",leased-address);
execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", "");
}
on expiry {
set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name);
set ClientIp = binary-to-ascii(10, 8, ".",leased-address);
execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", "");
}
{% endif %}
{{ 'use-host-decl-names on;' if host_decl_name is defined }}
ddns-update-style {{ 'interim' if dynamic_dns_update is defined else 'none' }};
option rfc3442-static-route code 121 = array of integer 8;
option windows-static-route code 249 = array of integer 8;
option wpad-url code 252 = text;
+option rfc8925-ipv6-only-preferred code 108 = unsigned integer 32;
{% if global_parameters is defined and global_parameters is not none %}
# The following {{ global_parameters | length }} line(s) have been added as
# global-parameters in the CLI and have not been validated !!!
{% for parameter in global_parameters %}
{{ parameter }}
{% endfor %}
{% endif %}
{% if failover is defined and failover is not none %}
# DHCP failover configuration
failover peer "{{ failover.name }}" {
{% if failover.status == 'primary' %}
primary;
mclt 1800;
split 128;
{% elif failover.status == 'secondary' %}
secondary;
{% endif %}
address {{ failover.source_address }};
port 647;
peer address {{ failover.remote }};
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
{% endif %}
{% if listen_address is defined and listen_address is not none %}
# DHCP server serving relay subnet, we need a connector to the real world
{% for address in listen_address %}
# Connected subnet statement for listen-address {{ address }}
subnet {{ address | network_from_ipv4 }} netmask {{ address | netmask_from_ipv4 }} { }
{% endfor %}
{% endif %}
# Shared network configration(s)
{% if shared_network_name is defined and shared_network_name is not none %}
{% for network, network_config in shared_network_name.items() if network_config.disable is not defined %}
shared-network {{ network }} {
{% if network_config.authoritative is defined %}
authoritative;
{% endif %}
{% if network_config.name_server is defined and network_config.name_server is not none %}
option domain-name-servers {{ network_config.name_server | join(', ') }};
{% endif %}
{% if network_config.domain_name is defined and network_config.domain_name is not none %}
option domain-name "{{ network_config.domain_name }}";
{% endif %}
{% if network_config.domain_search is defined and network_config.domain_search is not none %}
option domain-search "{{ network_config.domain_search | join('", "') }}";
{% endif %}
{% if network_config.ntp_server is defined and network_config.ntp_server is not none %}
option ntp-servers {{ network_config.ntp_server | join(', ') }};
{% endif %}
+{% if network_config.ntp_server is defined and network_config.ntp_server is not none %}
+ option ntp-servers {{ network_config.ntp_server | join(', ') }};
+{% endif %}
{% if network_config.ping_check is defined %}
ping-check true;
{% endif %}
{% if network_config.shared_network_parameters is defined and network_config.shared_network_parameters is not none %}
# The following {{ network_config.shared_network_parameters | length }} line(s)
# were added as shared-network-parameters in the CLI and have not been validated
{% for parameter in network_config.shared_network_parameters %}
{{ parameter }}
{% endfor %}
{% endif %}
{% if network_config.subnet is defined and network_config.subnet is not none %}
{% for subnet, subnet_config in network_config.subnet.items() %}
{% if subnet_config.description is defined and subnet_config.description is not none %}
# {{ subnet_config.description }}
{% endif %}
subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} {
{% if subnet_config.name_server is defined and subnet_config.name_server is not none %}
option domain-name-servers {{ subnet_config.name_server | join(', ') }};
{% endif %}
{% if subnet_config.domain_name is defined and subnet_config.domain_name is not none %}
option domain-name "{{ subnet_config.domain_name }}";
{% endif %}
{% if subnet_config.domain_search is defined and subnet_config.domain_search is not none %}
option domain-search "{{ subnet_config.domain_search | join('", "') }}";
{% endif %}
{% if subnet_config.ntp_server is defined and subnet_config.ntp_server is not none %}
option ntp-servers {{ subnet_config.ntp_server | join(', ') }};
{% endif %}
{% if subnet_config.pop_server is defined and subnet_config.pop_server is not none %}
option pop-server {{ subnet_config.pop_server | join(', ') }};
{% endif %}
{% if subnet_config.smtp_server is defined and subnet_config.smtp_server is not none %}
option smtp-server {{ subnet_config.smtp_server | join(', ') }};
{% endif %}
{% if subnet_config.time_server is defined and subnet_config.time_server is not none %}
option time-servers {{ subnet_config.time_server | join(', ') }};
{% endif %}
{% if subnet_config.wins_server is defined and subnet_config.wins_server is not none %}
option netbios-name-servers {{ subnet_config.wins_server | join(', ') }};
{% endif %}
+{% if subnet_config.ipv6_only_preferred is defined and subnet_config.ipv6_only_preferred is not none %}
+ option rfc8925-ipv6-only-preferred {{ subnet_config.ipv6_only_preferred }};
+{% endif %}
{% if subnet_config.static_route is defined and subnet_config.static_route is not none %}
{% set static_default_route = '' %}
{% if subnet_config.default_router and subnet_config.default_router is not none %}
{% set static_default_route = ', ' + '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %}
{% endif %}
{% if subnet_config.static_route is defined and subnet_config.static_route is not none %}
{% set rfc3442_routes = [] %}
{% for route, route_options in subnet_config.static_route.items() %}
{% set rfc3442_routes = rfc3442_routes.append(route | isc_static_route(route_options.next_hop)) %}
{% endfor %}
option rfc3442-static-route {{ rfc3442_routes | join(', ') }}{{ static_default_route }};
option windows-static-route {{ rfc3442_routes | join(', ') }};
{% endif %}
{% endif %}
{% if subnet_config.ip_forwarding is defined %}
option ip-forwarding true;
{% endif %}
{% if subnet_config.default_router and subnet_config.default_router is not none %}
option routers {{ subnet_config.default_router }};
{% endif %}
{% if subnet_config.server_identifier is defined and subnet_config.server_identifier is not none %}
option dhcp-server-identifier {{ subnet_config.server_identifier }};
{% endif %}
{% if subnet_config.subnet_parameters is defined and subnet_config.subnet_parameters is not none %}
# The following {{ subnet_config.subnet_parameters | length }} line(s) were added as
# subnet-parameters in the CLI and have not been validated!!!
{% for parameter in subnet_config.subnet_parameters %}
{{ parameter }}
{% endfor %}
{% endif %}
{% if subnet_config.tftp_server_name is defined and subnet_config.tftp_server_name is not none %}
option tftp-server-name "{{ subnet_config.tftp_server_name }}";
{% endif %}
{% if subnet_config.bootfile_name is defined and subnet_config.bootfile_name is not none %}
option bootfile-name "{{ subnet_config.bootfile_name }}";
filename "{{ subnet_config.bootfile_name }}";
{% endif %}
{% if subnet_config.bootfile_server is defined and subnet_config.bootfile_server is not none %}
next-server {{ subnet_config.bootfile_server }};
{% endif %}
{% if subnet_config.time_offset is defined and subnet_config.time_offset is not none %}
option time-offset {{ subnet_config.time_offset }};
{% endif %}
{% if subnet_config.wpad_url is defined and subnet_config.wpad_url is not none %}
option wpad-url "{{ subnet_config.wpad_url }}";
{% endif %}
{% if subnet_config.client_prefix_length is defined and subnet_config.client_prefix_length is not none %}
option subnet-mask {{ ('0.0.0.0/' ~ subnet_config.client_prefix_length) | netmask_from_cidr }};
{% endif %}
{% if subnet_config.lease is defined and subnet_config.lease is not none %}
default-lease-time {{ subnet_config.lease }};
max-lease-time {{ subnet_config.lease }};
{% endif %}
{% if network_config.ping_check is not defined and subnet_config.ping_check is defined %}
ping-check true;
{% endif %}
{% if subnet_config.static_mapping is defined and subnet_config.static_mapping is not none %}
{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not defined %}
host {{ host | replace('_','-') if host_decl_name is defined else network | replace('_','-') + '_' + host | replace('_','-') }} {
{% if host_config.ip_address is defined and host_config.ip_address is not none %}
fixed-address {{ host_config.ip_address }};
{% endif %}
hardware ethernet {{ host_config.mac_address }};
{% if host_config.static_mapping_parameters is defined and host_config.static_mapping_parameters is not none %}
# The following {{ host_config.static_mapping_parameters | length }} line(s) were added
# as static-mapping-parameters in the CLI and have not been validated
{% for parameter in host_config.static_mapping_parameters %}
{{ parameter }}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% if subnet_config.range is defined and subnet_config.range is not none %}
{# pool configuration can only be used if there follows a range option #}
pool {
{% endif %}
{% if subnet_config.enable_failover is defined %}
failover peer "{{ failover.name }}";
deny dynamic bootp clients;
{% endif %}
{% if subnet_config.range is defined and subnet_config.range is not none %}
{% for range, range_options in subnet_config.range.items() %}
range {{ range_options.start }} {{ range_options.stop }};
{% endfor %}
{% endif %}
{% if subnet_config.range is defined and subnet_config.range is not none %}
{# pool configuration can only be used if there follows a range option #}
}
{% endif %}
}
{% endfor %}
{% endif %}
on commit {
set shared-networkname = "{{ network }}";
{% if hostfile_update is defined %}
set ClientIp = binary-to-ascii(10, 8, ".", leased-address);
set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name, "empty_hostname");
if not (ClientName = "empty_hostname") {
set ClientDomain = pick-first-value(config-option domain-name, "..YYZ!");
execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac, ClientDomain);
} else {
log(concat("Hostname is not defined for client with IP: ", ClientIP, " MAC: ", ClientMac));
}
{% endif %}
}
}
{% endfor %}
{% endif %}
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 8c10ccf99..c1f2fe2fd 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -1,438 +1,451 @@
<?xml version="1.0"?>
<!-- DHCP server configuration -->
<interfaceDefinition>
<node name="service">
<children>
<node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py">
<properties>
<help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help>
<priority>911</priority>
</properties>
<children>
#include <include/generic-disable-node.xml.i>
<leafNode name="dynamic-dns-update">
<properties>
<help>Dynamically update Domain Name System (RFC4702)</help>
<valueless/>
</properties>
</leafNode>
<node name="failover">
<properties>
<help>DHCP failover configuration</help>
</properties>
<children>
#include <include/source-address-ipv4.xml.i>
<leafNode name="remote">
<properties>
<help>IPv4 remote address used for connectio</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address of failover peer</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="name">
<properties>
<help>Peer name used to identify connection</help>
<constraint>
<regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="status">
<properties>
<help>Failover hierarchy</help>
<completionHelp>
<list>primary secondary</list>
</completionHelp>
<valueHelp>
<format>primary</format>
<description>Configure this server to be the primary node</description>
</valueHelp>
<valueHelp>
<format>secondary</format>
<description>Configure this server to be the secondary node</description>
</valueHelp>
<constraint>
<regex>^(primary|secondary)$</regex>
</constraint>
<constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="global-parameters">
<properties>
<help>Additional global parameters for DHCP server. You must
use the syntax of dhcpd.conf in this text-field. Using this
without proper knowledge may result in a crashed DHCP server.
Check system log to look for errors.</help>
<multi/>
</properties>
</leafNode>
<leafNode name="hostfile-update">
<properties>
<help>Updating /etc/hosts file (per client lease)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="host-decl-name">
<properties>
<help>Use host declaration name for forward DNS name</help>
<valueless/>
</properties>
</leafNode>
#include <include/listen-address-ipv4.xml.i>
<tagNode name="shared-network-name">
<properties>
<help>Name of DHCP shared network</help>
<constraint>
<regex>[-_a-zA-Z0-9.]+</regex>
</constraint>
<constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage>
</properties>
<children>
<leafNode name="authoritative">
<properties>
<help>Option to make DHCP server authoritative for this physical network</help>
<valueless/>
</properties>
</leafNode>
#include <include/dhcp/domain-name.xml.i>
#include <include/dhcp/domain-search.xml.i>
#include <include/dhcp/ntp-server.xml.i>
#include <include/dhcp/ping-check.xml.i>
#include <include/generic-description.xml.i>
#include <include/generic-disable-node.xml.i>
#include <include/name-server-ipv4.xml.i>
<leafNode name="shared-network-parameters">
<properties>
<help>Additional shared-network parameters for DHCP server.
You must use the syntax of dhcpd.conf in this text-field.
Using this without proper knowledge may result in a crashed
DHCP server. Check system log to look for errors.</help>
<multi/>
</properties>
</leafNode>
<tagNode name="subnet">
<properties>
<help>DHCP subnet for shared network</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 address and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
<constraintErrorMessage>Invalid IPv4 subnet definition</constraintErrorMessage>
</properties>
<children>
<leafNode name="bootfile-name">
<properties>
<help>Bootstrap file name</help>
</properties>
</leafNode>
<leafNode name="bootfile-server">
<properties>
<help>Server (IP address or domain name) from which the initial
boot file is to be loaded</help>
</properties>
</leafNode>
<leafNode name="client-prefix-length">
<properties>
<help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help>
<valueHelp>
<format>u32:0-32</format>
<description>DHCP client prefix length must be 0 to 32</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-32"/>
</constraint>
<constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="default-router">
<properties>
<help>IP address of default router</help>
<valueHelp>
<format>ipv4</format>
<description>Default router IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
#include <include/dhcp/domain-name.xml.i>
#include <include/dhcp/domain-search.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4.xml.i>
<leafNode name="enable-failover">
<properties>
<help>Enable DHCP failover support for this subnet</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="exclude">
<properties>
<help>IP address to exclude from DHCP lease range</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address to exclude from lease range</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="ip-forwarding">
<properties>
<help>Enable IP forwarding on client</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="lease">
<properties>
<help>Lease timeout in seconds (default: 86400)</help>
<valueHelp>
<format>u32</format>
<description>DHCP lease time in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
<constraintErrorMessage>DHCP lease time must be between 0 and 4294967295 (49 days)</constraintErrorMessage>
</properties>
<defaultValue>86400</defaultValue>
</leafNode>
#include <include/dhcp/ntp-server.xml.i>
#include <include/dhcp/ping-check.xml.i>
<leafNode name="pop-server">
<properties>
<help>IP address of POP3 server</help>
<valueHelp>
<format>ipv4</format>
<description>POP3 server IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="server-identifier">
<properties>
<help>Address for DHCP server identifier</help>
<valueHelp>
<format>ipv4</format>
<description>DHCP server identifier IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="smtp-server">
<properties>
<help>IP address of SMTP server</help>
<valueHelp>
<format>ipv4</format>
<description>SMTP server IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<tagNode name="range">
<properties>
<help>DHCP lease range</help>
<constraint>
<regex>^[-_a-zA-Z0-9.]+$</regex>
</constraint>
<constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
<children>
<leafNode name="start">
<properties>
<help>First IP address for DHCP lease range</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 start address of pool</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="stop">
<properties>
<help>Last IP address for DHCP lease range</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 end address of pool</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
<tagNode name="static-mapping">
<properties>
<help>Name of static mapping</help>
<constraint>
<regex>^[-_a-zA-Z0-9.]+$</regex>
</constraint>
<constraintErrorMessage>Invalid static mapping name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
<children>
#include <include/generic-disable-node.xml.i>
<leafNode name="ip-address">
<properties>
<help>Fixed IP address of static mapping</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address used in static mapping</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mac-address">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>macaddr</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="static-mapping-parameters">
<properties>
<help>Additional static-mapping parameters for DHCP server.
Will be placed inside the "host" block of the mapping.
You must use the syntax of dhcpd.conf in this text-field.
Using this without proper knowledge may result in a crashed
DHCP server. Check system log to look for errors.</help>
<multi/>
</properties>
</leafNode>
</children>
</tagNode>
<tagNode name="static-route">
<properties>
<help>Classless static route destination subnet [REQUIRED]</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 address and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="next-hop">
<properties>
<help>IP address of router to be used to reach the destination subnet</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address of router</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode >
+ <leafNode name="ipv6-only-preferred">
+ <properties>
+ <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>Seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage>
+ </properties>
+ </leafNode>
<leafNode name="subnet-parameters">
<properties>
<help>Additional subnet parameters for DHCP server. You must
use the syntax of dhcpd.conf in this text-field. Using this
without proper knowledge may result in a crashed DHCP server.
Check system log to look for errors.</help>
<multi/>
</properties>
</leafNode>
<leafNode name="tftp-server-name">
<properties>
<help>TFTP server name</help>
<valueHelp>
<format>ipv4</format>
<description>TFTP server IPv4 address</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
<description>TFTP server FQDN</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
<validator name="fqdn"/>
</constraint>
</properties>
</leafNode>
<leafNode name="time-offset">
<properties>
<help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help>
<valueHelp>
<format>[-]N</format>
<description>Time offset (number, may be negative)</description>
</valueHelp>
<constraint>
<regex>-?[0-9]+</regex>
</constraint>
<constraintErrorMessage>Invalid time offset value</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="time-server">
<properties>
<help>IP address of time server</help>
<valueHelp>
<format>ipv4</format>
<description>Time server IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="wins-server">
<properties>
<help>IP address for Windows Internet Name Service (WINS) server</help>
<valueHelp>
<format>ipv4</format>
<description>WINS server IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="wpad-url">
<properties>
<help>Web Proxy Autodiscovery (WPAD) URL</help>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 9adb9c042..8568d96eb 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -1,486 +1,489 @@
#!/usr/bin/env python3
#
# Copyright (C) 2020-2021 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSessionError
from vyos.util import process_named_running
from vyos.util import read_file
from vyos.template import address_from_cidr
from vyos.template import inc_ip
from vyos.template import dec_ip
from vyos.template import netmask_from_cidr
PROCESS_NAME = 'dhcpd'
DHCPD_CONF = '/run/dhcp-server/dhcpd.conf'
base_path = ['service', 'dhcp-server']
subnet = '192.0.2.0/25'
router = inc_ip(subnet, 1)
dns_1 = inc_ip(subnet, 2)
dns_2 = inc_ip(subnet, 3)
domain_name = 'vyos.net'
class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
super(cls, cls).setUpClass()
cidr_mask = subnet.split('/')[-1]
cls.cli_set(cls, ['interfaces', 'dummy', 'dum8765', 'address', f'{router}/{cidr_mask}'])
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['interfaces', 'dummy', 'dum8765'])
super(cls, cls).tearDownClass()
def tearDown(self):
self.cli_delete(base_path)
self.cli_commit()
def test_dhcp_single_pool_range(self):
shared_net_name = 'SMOKE-1'
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
range_1_start = inc_ip(subnet, 40)
range_1_stop = inc_ip(subnet, 50)
self.cli_set(base_path + ['dynamic-dns-update'])
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['name-server', dns_1])
self.cli_set(pool + ['name-server', dns_2])
self.cli_set(pool + ['domain-name', domain_name])
self.cli_set(pool + ['ping-check'])
# check validate() - No DHCP address range or active static-mapping set
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
self.cli_set(pool + ['range', '1', 'start', range_1_start])
self.cli_set(pool + ['range', '1', 'stop', range_1_stop])
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'ddns-update-style interim;', config)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'option domain-name "{domain_name}";', config)
self.assertIn(f'default-lease-time 86400;', config)
self.assertIn(f'max-lease-time 86400;', config)
self.assertIn(f'ping-check true;', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
self.assertIn(f'range {range_1_start} {range_1_stop};', config)
self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_single_pool_options(self):
shared_net_name = 'SMOKE-0815'
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
smtp_server = '1.2.3.4'
time_server = '4.3.2.1'
tftp_server = 'tftp.vyos.io'
search_domains = ['foo.vyos.net', 'bar.vyos.net']
bootfile_name = 'vyos'
bootfile_server = '192.0.2.1'
wpad = 'http://wpad.vyos.io/foo/bar'
server_identifier = bootfile_server
+ ipv6_only_preferred = 300
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['name-server', dns_1])
self.cli_set(pool + ['name-server', dns_2])
self.cli_set(pool + ['domain-name', domain_name])
self.cli_set(pool + ['ip-forwarding'])
self.cli_set(pool + ['smtp-server', smtp_server])
self.cli_set(pool + ['pop-server', smtp_server])
self.cli_set(pool + ['time-server', time_server])
self.cli_set(pool + ['tftp-server-name', tftp_server])
for search in search_domains:
self.cli_set(pool + ['domain-search', search])
self.cli_set(pool + ['bootfile-name', bootfile_name])
self.cli_set(pool + ['bootfile-server', bootfile_server])
self.cli_set(pool + ['wpad-url', wpad])
self.cli_set(pool + ['server-identifier', server_identifier])
self.cli_set(pool + ['static-route', '10.0.0.0/24', 'next-hop', '192.0.2.1'])
+ self.cli_set(pool + ['ipv6-only-preferred', ipv6_only_preferred])
# check validate() - No DHCP address range or active static-mapping set
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'ddns-update-style none;', config)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'option domain-name "{domain_name}";', config)
search = '"' + ('", "').join(search_domains) + '"'
self.assertIn(f'option domain-search {search};', config)
self.assertIn(f'option ip-forwarding true;', config)
self.assertIn(f'option smtp-server {smtp_server};', config)
self.assertIn(f'option pop-server {smtp_server};', config)
self.assertIn(f'option time-servers {time_server};', config)
self.assertIn(f'option wpad-url "{wpad}";', config)
self.assertIn(f'option dhcp-server-identifier {server_identifier};', config)
self.assertIn(f'option tftp-server-name "{tftp_server}";', config)
self.assertIn(f'option bootfile-name "{bootfile_name}";', config)
self.assertIn(f'filename "{bootfile_name}";', config)
self.assertIn(f'next-server {bootfile_server};', config)
self.assertIn(f'default-lease-time 86400;', config)
self.assertIn(f'max-lease-time 86400;', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ self.assertIn(f'option rfc8925-ipv6-only-preferred {ipv6_only_preferred};', config)
# weird syntax for those static routes
self.assertIn(f'option rfc3442-static-route 24,10,0,0,192,0,2,1, 0,192,0,2,1;', config)
self.assertIn(f'option windows-static-route 24,10,0,0,192,0,2,1;', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_single_pool_static_mapping(self):
shared_net_name = 'SMOKE-2'
domain_name = 'private'
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['name-server', dns_1])
self.cli_set(pool + ['name-server', dns_2])
self.cli_set(pool + ['domain-name', domain_name])
# check validate() - No DHCP address range or active static-mapping set
with self.assertRaises(ConfigSessionError):
self.cli_commit()
client_base = 10
for client in ['client1', 'client2', 'client3']:
mac = '00:50:00:00:00:{}'.format(client_base)
self.cli_set(pool + ['static-mapping', client, 'mac-address', mac])
self.cli_set(pool + ['static-mapping', client, 'ip-address', inc_ip(subnet, client_base)])
client_base += 1
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'ddns-update-style none;', config)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'option domain-name "{domain_name}";', config)
self.assertIn(f'default-lease-time 86400;', config)
self.assertIn(f'max-lease-time 86400;', config)
client_base = 10
for client in ['client1', 'client2', 'client3']:
mac = '00:50:00:00:00:{}'.format(client_base)
ip = inc_ip(subnet, client_base)
self.assertIn(f'host {shared_net_name}_{client}' + ' {', config)
self.assertIn(f'fixed-address {ip};', config)
self.assertIn(f'hardware ethernet {mac};', config)
client_base += 1
self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_multiple_pools(self):
lease_time = '14400'
for network in ['0', '1', '2', '3']:
shared_net_name = f'VyOS-SMOKETEST-{network}'
subnet = f'192.0.{network}.0/24'
router = inc_ip(subnet, 1)
dns_1 = inc_ip(subnet, 2)
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
range_1_start = inc_ip(subnet, 30)
range_1_stop = inc_ip(subnet, 40)
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['name-server', dns_1])
self.cli_set(pool + ['domain-name', domain_name])
self.cli_set(pool + ['lease', lease_time])
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
self.cli_set(pool + ['range', '1', 'start', range_1_start])
self.cli_set(pool + ['range', '1', 'stop', range_1_stop])
client_base = 60
for client in ['client1', 'client2', 'client3', 'client4']:
mac = '02:50:00:00:00:{}'.format(client_base)
self.cli_set(pool + ['static-mapping', client, 'mac-address', mac])
self.cli_set(pool + ['static-mapping', client, 'ip-address', inc_ip(subnet, client_base)])
client_base += 1
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
for network in ['0', '1', '2', '3']:
shared_net_name = f'VyOS-SMOKETEST-{network}'
subnet = f'192.0.{network}.0/24'
router = inc_ip(subnet, 1)
dns_1 = inc_ip(subnet, 2)
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
range_1_start = inc_ip(subnet, 30)
range_1_stop = inc_ip(subnet, 40)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'ddns-update-style none;', config)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option domain-name-servers {dns_1};', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'option domain-name "{domain_name}";', config)
self.assertIn(f'default-lease-time {lease_time};', config)
self.assertIn(f'max-lease-time {lease_time};', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
self.assertIn(f'range {range_1_start} {range_1_stop};', config)
self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
client_base = 60
for client in ['client1', 'client2', 'client3', 'client4']:
mac = '02:50:00:00:00:{}'.format(client_base)
ip = inc_ip(subnet, client_base)
self.assertIn(f'host {shared_net_name}_{client}' + ' {', config)
self.assertIn(f'fixed-address {ip};', config)
self.assertIn(f'hardware ethernet {mac};', config)
client_base += 1
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_exclude_not_in_range(self):
# T3180: verify else path when slicing DHCP ranges and exclude address
# is not part of the DHCP range
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
pool = base_path + ['shared-network-name', 'EXCLUDE-TEST', 'subnet', subnet]
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['exclude', router])
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
# commit changes
self.cli_commit()
# VErify
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_exclude_in_range(self):
# T3180: verify else path when slicing DHCP ranges and exclude address
# is not part of the DHCP range
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 100)
# the DHCP exclude addresse is blanked out of the range which is done
# by slicing one range into two ranges
exclude_addr = inc_ip(range_0_start, 20)
range_0_stop_excl = dec_ip(exclude_addr, 1)
range_0_start_excl = inc_ip(exclude_addr, 1)
pool = base_path + ['shared-network-name', 'EXCLUDE-TEST-2', 'subnet', subnet]
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['exclude', exclude_addr])
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
# commit changes
self.cli_commit()
# Verify
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'range {range_0_start} {range_0_stop_excl};', config)
self.assertIn(f'range {range_0_start_excl} {range_0_stop};', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_relay_server(self):
# Listen on specific address and return DHCP leases from a non
# directly connected pool
self.cli_set(base_path + ['listen-address', router])
relay_subnet = '10.0.0.0/16'
relay_router = inc_ip(relay_subnet, 1)
range_0_start = '10.0.1.0'
range_0_stop = '10.0.250.255'
pool = base_path + ['shared-network-name', 'RELAY', 'subnet', relay_subnet]
self.cli_set(pool + ['default-router', relay_router])
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
# Check the relay network
self.assertIn(f'subnet {network} netmask {netmask}' + r' { }', config)
relay_network = address_from_cidr(relay_subnet)
relay_netmask = netmask_from_cidr(relay_subnet)
self.assertIn(f'subnet {relay_network} netmask {relay_netmask}' + r' {', config)
self.assertIn(f'option routers {relay_router};', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_invalid_raw_options(self):
shared_net_name = 'SMOKE-5'
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
self.cli_set(base_path + ['global-parameters', 'this-is-crap'])
# check generate() - dhcpd should not acceot this garbage config
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['global-parameters'])
# commit changes
self.cli_commit()
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
def test_dhcp_failover(self):
shared_net_name = 'FAILOVER'
failover_name = 'VyOS-Failover'
range_0_start = inc_ip(subnet, 10)
range_0_stop = inc_ip(subnet, 20)
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
# check validate() - No DHCP address range or active static-mapping set
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(pool + ['range', '0', 'start', range_0_start])
self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
# failover
failover_local = router
failover_remote = inc_ip(router, 1)
self.cli_set(base_path + ['failover', 'source-address', failover_local])
self.cli_set(base_path + ['failover', 'name', failover_name])
self.cli_set(base_path + ['failover', 'remote', failover_remote])
self.cli_set(base_path + ['failover', 'status', 'primary'])
# check validate() - failover needs to be enabled for at least one subnet
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(pool + ['enable-failover'])
# commit changes
self.cli_commit()
config = read_file(DHCPD_CONF)
self.assertIn(f'failover peer "{failover_name}"' + r' {', config)
self.assertIn(f'primary;', config)
self.assertIn(f'mclt 1800;', config)
self.assertIn(f'mclt 1800;', config)
self.assertIn(f'split 128;', config)
self.assertIn(f'port 647;', config)
self.assertIn(f'peer port 647;', config)
self.assertIn(f'max-response-delay 30;', config)
self.assertIn(f'max-unacked-updates 10;', config)
self.assertIn(f'load balance max seconds 3;', config)
self.assertIn(f'address {failover_local};', config)
self.assertIn(f'peer address {failover_remote};', config)
network = address_from_cidr(subnet)
netmask = netmask_from_cidr(subnet)
self.assertIn(f'ddns-update-style none;', config)
self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
self.assertIn(f'option routers {router};', config)
self.assertIn(f'range {range_0_start} {range_0_stop};', config)
self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
self.assertIn(f'failover peer "{failover_name}";', config)
self.assertIn(f'deny dynamic bootp clients;', config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
if __name__ == '__main__':
unittest.main(verbosity=2)