We might consider moving the sorting logic to BaseListField at some point as most cases expect sort by value anyway and we only have a couple of exceptions to that logic.
This field was added to the Kea dialogReservation4.xml form in
https://github.com/opnsense/core/pull/8890, however this specific option
was not properly hooked up and did not generate the expected config,
preventing netboot scenarios that rely on next-server from being set on
a per-reservation basis (the per-subnet variant of this option does work
fine).
This commit hooks it up to generate the expected "next-server" Kea
config entry on a per-reservation basis.
The group option collapsed multiple related model rows into a single
display entry while still storing the UUID of one concrete source row.
This makes the selected relation dependent on iteration order and is not
a stable representation of the grouped object.
References:
fe571ac442
Frr was the only consumer (I could grep in core and plugins, don't know if external ones exist), I reworked how the relationship is displayed there to make it more obvious to the user how items relate to each other, and also prevent that the wrong items get deleted. Configs should be more coherent now.
It's also not perfect, but more "obvious" lets say.
It also helps with the addition of internalModelUseSafeDelete in FRR.
opnsense/plugins@0798cdeopnsense/plugins@d3c3e79opnsense/plugins@cb9a5d6
This reverts commit e4dc9ad212.
This reverts commit 45ef8ddd1a.
The current approach is fine since it is not the default behaviour to
use change() to save the form.
Discussed with: @swhite2
tests.xml doesn't list the field so none of this is ever shown
and most could probably be removed, but I have no idea how this
is supposed to work. The default type is pinned to Custom.
* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.
This falls back to the key which isn't going to be translated
since it's likely a technical term or keyword.
Also translate the $subvalue which appears to have been missed
before.
Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.
One spot where this matters: under kea v6 subnet add "DNS servers"
entry e.g. "::", click auto collect for check mark, click save. Interface
and subnet validation is red, the DNS server one shown is not.
* Add a dynamic_prefix key to the user-context so we know which subnet6 should be enriched in a post apply hook later
* Also add dynamic_prefix to subnet6 dialog
* Add prefix source interface and resolve current prefix via Autoconf::getPrefix
* model bump not needed anymore
* Add validations that disallow users to configure subnet value, pool value and reservations for a dynamic prefix subnet. The subnet must be empty since it is auto configured, the pool is auto configured as ::1000-::2000 and seeded with initial prefix, reservations cannot be created because that would blow up as there is no concept like partial IPv6 addresses in KEA. We always want to bootstrap KEA with an initial working configuration.
* Since the prefix_source is verbatim to a subnet, we only allow its usage once per unique constraint
* Add a mvp for the dynamic pd_pool, the pool is auto generated from the largets possible prefix that does not include the IA_NA generated address pool. Validation ensures the user can only change the delegated prefix length, but not anything about the pool itself. KEA is very strict about validations, auto generation is required here to ensure the model stays sane.
* Make prefix pool validation stricter, if only a /64 prefix exists there is nothing we can do if we offer both IA_NA and IA_PD, at least /63 would be required for one IA_NA and one IA_PD pool.
* Remove config instantiation inside loops
* Fix typo in previous
* Add comment about possible overlap between identity association and prefix delegation. Cannot be cleanly solved, and if somebody doesn't use identity associaton in interface configurations it does not make sense to arbitrary reduce the size here.
* Hide fields used for static prefix configuration if the subnet and pd_pool are dynamic.
* Add grid formatter to mark values as dynamic if they are in a dynamic subnet
* Add helper utilities for idassoc owned prefixes, and a helper in firewall util that can split a prefix into two children.
* Change all plumbing in the KEA model to use the new idassoc and util helper methods
* Small typo in previous, type should be checkbox now for the dynamic prefix
* Add more validations to prevent multiple dynamic subnets and pd_pools per interface. Fix some other small details
* Add hook script that can regenerate and reload the running kea-dhcpv6 configuration, and wipe leases assigned to dynamic subnets.
* plist-fix
* Do not call kea_generage_dhcpv6 helper directly
* Remove some unused cruft in KeaDhcpv6.php
* Update src/etc/inc/plugins.inc.d/kea.inc
Co-authored-by: Franco Fichtner <franco@opnsense.org>
* Update src/etc/inc/plugins.inc.d/kea.inc
Co-authored-by: Franco Fichtner <franco@opnsense.org>
* use nested ifs inside kea_newwanip
* Use mwexecf instead
* Always pass model into kea_generate_dhcpv6()
* Add a small guard to the pd_pool generation so it doesnt pass null into explode
* Add a temporary placeholder prefix for all idassoc interfaces that for any reason do not offer a real prefix yet
* Emit the prefix status and prefix source into the user context for troubleshooting help
* Add a new client-class that prevents any client in a subnet from getting leases as long as the subnet has a temporary placeholder prefix
* Since we always have a prefix, this validation can be relaxed
* Only evaluate the client class inside a subnet scope if its required.
* DisableCache in the subnet model relation fields so interfaces have their description
* Always run dhcpv6 newwanip hook script when dhcpv6 is enabled since it's cheap and essentially side effect free
* Since KEA logs all commands issued to its socket anyway, we can reduce some of the kea_prefix_renew logging. Streamline the STDOUT result as well.
* DHCPSRV_ONLY_IF_REQUIRED_DEPRECATED The parameter 'only-if-required' is deprecated. Use 'only-in-additional-list' instead
* Fix the NO_LEASES_PLEASE client-classes test
* Add comment about issue if interfaces vanish or become deconfigured by the user, but the KEA config is not adjusted accordingly.
* Only emit NO_LEASES_PLEASE client class conditionally if a non valid prefix exists
* Fix dynamic pd pool validation, emit calculated prefix lengths to help user
* Since one interface can have multiple subnets in IPv6 its better to group them via interface. It also helps with dynamic pools since in the same interface you could have a static ULA pool as well.
* Move subnet to logically group dynamic prefix and interface
* Mark missing option_data_autocollect feature
* Retrofit an option_data_autocollect in here, but only write parameters into the generated config, not into the persisted configuration. Via this, the DNS server can be automatically pointed to a primary IP address and change at the same time as a dynamic prefix when the hook script is executed.
* Validate that domain_search and dns_servers is empty when option_data_autocollect is used.
* Attach a grid formatter to option_data_autocollect to show if options are dynamic
* Implement track6-prefix-id to track6_prefix_range relationship to calculate available subnets
* We don't need prefix_id in the KeaDHCPv6 model anymore.
* Shorten this comment a bit, now the relationship is not dependant on later interfaces anymore directly
* Remove variable that's not reused
---------
Co-authored-by: Franco Fichtner <franco@opnsense.org>
This extends the prefix ID selection to be able to reserve a
range of IDs in order to automatically hand them out via Kea.
The accepted value is between 1 and the end of the PD ID range
and also validates against other IDs and their ranges.
This approach differs from the old ISC DHCPv6 in that we can
make room for delegation to avoid later surprises. It might
force a user to reshuffle his ID range, but Kea wants a IA-NA
subnet that is within the pool reserved here.
