Skip to content

Commit

Permalink
dhcp: support stateless DHCP
Browse files Browse the repository at this point in the history 
* Support stateless RA and update help text
* Allow DHCPv6 to run without a range

PR: https://forum.opnsense.org/index.php?topic=6418.0
  • Loading branch information
@fichtner
fichtner committed Nov 20, 2017
1 parent 38aafc8 commit 38c1daa
Show file tree
Hide file tree
Showing 3 changed files with 112 additions and 102 deletions.
11 changes: 9 additions & 2 deletions src/etc/inc/services.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,10 @@ function services_radvd_configure($blacklist = array())
$radvdconf .= "\tAdvManagedFlag on;\n";
$radvdconf .= "\tAdvOtherConfigFlag on;\n";
break;
case "stateless":
$radvdconf .= "\tAdvManagedFlag off;\n";
$radvdconf .= "\tAdvOtherConfigFlag on;\n";
break;
default:
break;
}
Expand All @@ -183,6 +187,7 @@ function services_radvd_configure($blacklist = array())
break;
case "assist":
case "unmanaged":
case "stateless":
$radvdconf .= "\t\tAdvOnLink on;\n";
$radvdconf .= "\t\tAdvAutonomous on;\n";
$radvdconf .= "\t\tAdvRouterAddr on;\n";
Expand Down Expand Up @@ -1162,17 +1167,19 @@ EOD;

if (is_ipaddrv6($ifcfgipv6)) {
$dhcpdv6conf .= "\nsubnet6 {$subnetv6}/{$ifcfgsnv6}";
} else {
} elseif (!empty($dhcpv6ifconf['range']['from'])) {
$subnet6 = gen_subnetv6($dhcpv6ifconf['range']['from'], "64");
$dhcpdv6conf .= "\nsubnet6 {$subnet6}/64";
}
$dhcpdv6conf .= " {\n";

$dhcpdv6conf .= <<<EOD
if (!empty($dhcpv6ifconf['range']['from'])) {
$dhcpdv6conf .= <<<EOD
range6 {$dhcpv6ifconf['range']['from']} {$dhcpv6ifconf['range']['to']};
$dnscfgv6
EOD;
}

if (!empty($dhcpv6ifconf['prefixrange']['from']) && is_ipaddrv6($dhcpv6ifconf['prefixrange']['from']) && is_ipaddrv6($dhcpv6ifconf['prefixrange']['to'])) {
$dhcpdv6conf .= " prefix6 {$dhcpv6ifconf['prefixrange']['from']} {$dhcpv6ifconf['prefixrange']['to']}/{$dhcpv6ifconf['prefixrange']['prefixlength']};\n";
Expand Down
140 changes: 69 additions & 71 deletions src/www/services_dhcpv6.php
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,32 @@
<?php

/*
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
* Copyright (C) 2014-2016 Deciso B.V.
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
* Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

require_once("guiconfig.inc");
require_once("filter.inc");
Expand Down Expand Up @@ -116,23 +116,30 @@ function reconfigure_dhcpd()
}
}
}
/* input validation */
$reqdfields = explode(" ", "range_from range_to");
$reqdfieldsn = array(gettext("Range begin"),gettext("Range end"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);

if (!empty($pconfig['prefixrange_from']) && !is_ipaddrv6($pconfig['prefixrange_from'])) {
$input_errors[] = gettext("A valid range must be specified.");
}
if (!empty($pconfig['prefixrange_to']) && !is_ipaddrv6($pconfig['prefixrange_to'])) {
if (!empty($pconfig['prefixrange_from']) && !is_ipaddrv6($pconfig['prefixrange_from']) ||
!empty($pconfig['prefixrange_to']) && !is_ipaddrv6($pconfig['prefixrange_to'])) {
$input_errors[] = gettext("A valid prefix range must be specified.");
}
if (!empty($pconfig['range_from']) && !is_ipaddrv6($pconfig['range_from'])) {
if (!empty($pconfig['range_from']) && empty($pconfig['range_to']) ||
empty($pconfig['range_from']) && !empty($pconfig['range_to'])) {
$input_errors[] = gettext("A valid range must be specified.");
}
if (!empty($pconfig['range_to']) && !is_ipaddrv6($pconfig['range_to'])) {
} elseif (!empty($pconfig['range_from']) && !is_ipaddrv6($pconfig['range_from']) ||
!empty($pconfig['range_to']) && !is_ipaddrv6($pconfig['range_to'])) {
$input_errors[] = gettext("A valid range must be specified.");
} else {
/* Disallow a range that includes the virtualip */
if (!empty($config['virtualip']['vip'])) {
foreach($config['virtualip']['vip'] as $vip) {
if($vip['interface'] == $if) {
if (!empty($vip['subnetv6']) && is_inrange_v6($vip['subnetv6'], $pconfig['range_from'], $pconfig['range_to'])) {
$input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."),$vip['subnetv6']);
}
}
}
}
}

if (!empty($pconfig['gateway']) && !is_ipaddrv6($pconfig['gateway'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified for the gateway.");
}
Expand Down Expand Up @@ -179,55 +186,46 @@ function reconfigure_dhcpd()
$input_errors[] = gettext("A valid URL must be specified for the network bootfile.");
}

// Disallow a range that includes the virtualip
if (!empty($config['virtualip']['vip'])) {
foreach($config['virtualip']['vip'] as $vip) {
if($vip['interface'] == $if) {
if (!empty($vip['subnetv6']) && is_inrange_v6($vip['subnetv6'], $pconfig['range_from'], $pconfig['range_to'])) {
$input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."),$vip['subnetv6']);
}
}
}
}

if (count($input_errors) == 0) {
/* make sure the range lies within the current subnet */
$ifcfgip = get_interface_ipv6($if);
$ifcfgsn = get_interface_subnetv6($if);
$subnet_start = gen_subnetv6($ifcfgip, $ifcfgsn);
$subnet_end = gen_subnetv6_max($ifcfgip, $ifcfgsn);

if (is_ipaddrv6($ifcfgip)) {
if ((!is_inrange_v6($pconfig['range_from'], $subnet_start, $subnet_end)) ||
(!is_inrange_v6($pconfig['range_to'], $subnet_start, $subnet_end))) {
$input_errors[] = gettext("The specified range lies outside of the current subnet.");
if (!empty($pconfig['range_from']) && !empty($pconfig['range_to'])) {
if (is_ipaddrv6($ifcfgip) && !empty($pconfig['range_from']) && !empty($pconfig['range_to'])) {
if ((!is_inrange_v6($pconfig['range_from'], $subnet_start, $subnet_end)) ||
(!is_inrange_v6($pconfig['range_to'], $subnet_start, $subnet_end))) {
$input_errors[] = gettext("The specified range lies outside of the current subnet.");
}
}

/* "from" cannot be higher than "to" */
if (inet_pton($pconfig['range_from']) > inet_pton($pconfig['range_to'])) {
$input_errors[] = gettext("The range is invalid (first element higher than second element).");
}

/* Verify static mappings do not overlap:
- available DHCP range
- prefix delegation range (FIXME: still need to be completed) */
$dynsubnet_start = inet_pton($pconfig['range_from']);
$dynsubnet_end = inet_pton($pconfig['range_to']);
if (!empty($config['dhcpdv6'][$if]['staticmap'])) {
foreach ($config['dhcpdv6'][$if]['staticmap'] as $map) {
if (!empty($map['ipaddrv6']) && inet_pton($map['ipaddrv6']) > $dynsubnet_start && inet_pton($map['ipaddrv6']) < $dynsubnet_end) {
$input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings."));
break;
}
}
}
}
/* "from" cannot be higher than "to" */
if (inet_pton($pconfig['range_from']) > inet_pton($pconfig['range_to'])) {
$input_errors[] = gettext("The range is invalid (first element higher than second element).");
}

/* make sure that the DHCP Relay isn't enabled on this interface */
if (isset($config['dhcrelay'][$if]['enable'])) {
$input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."),
!empty($config['interfaces'][$if]['descr']) ? htmlspecialchars($config['interfaces'][$if]['descr']) : strtoupper($if));
}


/* Verify static mappings do not overlap:
- available DHCP range
- prefix delegation range (FIXME: still need to be completed) */
$dynsubnet_start = inet_pton($pconfig['range_from']);
$dynsubnet_end = inet_pton($pconfig['range_to']);
if (!empty($config['dhcpdv6'][$if]['staticmap'])) {
foreach ($config['dhcpdv6'][$if]['staticmap'] as $map) {
if (!empty($map['ipaddrv6']) && inet_pton($map['ipaddrv6']) > $dynsubnet_start && inet_pton($map['ipaddrv6']) < $dynsubnet_end) {
$input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings."));
break;
}
}
}
}

if (count($input_errors) == 0) {
Expand Down
63 changes: 34 additions & 29 deletions src/www/services_router_advertisements.php
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,33 @@
<?php

/*
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
* Copyright (C) 2016-2017 Franco Fichtner <franco@opnsense.org>
* Copyright (C) 2014-2016 Deciso B.V.
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
* Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

require_once("guiconfig.inc");
require_once("services.inc");
Expand Down Expand Up @@ -227,11 +228,15 @@ function addRow() {
<option value="assist" <?=$pconfig['ramode'] == "assist" ? "selected=\"selected\"" : ""; ?> >
<?=gettext("Assisted");?>
</option>
<option value="stateless" <?=$pconfig['ramode'] == "stateless" ? "selected=\"selected\"" : ""; ?> >
<?=gettext("Stateless");?>
</option>
</select>
<div class="hidden" for="help_for_ramode">
<strong><?= sprintf(gettext("Select the Operating Mode for the Router Advertisement (RA) Daemon."))?></strong>
<?= sprintf(gettext("Use \"Router Only\" to only advertise this router, \"Unmanaged\" for Router Advertising with Stateless Autoconfig, \"Managed\" for assignment through (a) DHCPv6 Server, \"Assisted\" for DHCPv6 Server assignment combined with Stateless Autoconfig"));?>
<?= sprintf(gettext("It is not required to activate this DHCPv6 server when set to \"Managed\", this can be another host on the network")); ?>
<?= gettext('Select the Operating Mode for the Router Advertisement (RA) Daemon.') ?></strong>
<?= gettext('Use "Router Only" to only advertise this router, "Unmanaged" for Router Advertising with Stateless Autoconfig, ' .
'"Managed" for exclusive DHCPv6 Server assignment, "Assisted" for DHCPv6 Server assignment combined with Stateless Autoconfig, ' .
'or "Stateless" for Router Advertising with Statless Autoconfig and optional DHCPv6 Server queries.') ?>
</div>
</td>
</tr>
Expand Down

0 comments on commit 38c1daa

Please sign in to comment.