From c15ee875a6ed6d2f053ad0dd6d576b93a6ea858f Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 21 Apr 2024 21:22:13 +0200
Subject: [PATCH 1/3] smoketest: support dynamic enable of smoketest debugging

$ touch /tmp/vyos.smoketest.debug

will enable dynamic debugging of the smoketests - showing the appropriate CLI
commands on stdout

(cherry picked from commit 0cb4294fdfe5ae0e0e8fd06436f38b67f16413a2)
---
 smoketest/scripts/cli/base_vyostest_shim.py | 4 +++-
 src/init/vyos-router                        | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py
index c49d3e76c5..efaa74fe01 100644
--- a/smoketest/scripts/cli/base_vyostest_shim.py
+++ b/smoketest/scripts/cli/base_vyostest_shim.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -47,6 +47,8 @@ class TestCase(unittest.TestCase):
         def setUpClass(cls):
             cls._session = ConfigSession(os.getpid())
             cls._session.save_config(save_config)
+            if os.path.exists('/tmp/vyos.smoketest.debug'):
+                cls.debug = True
             pass
 
         @classmethod
diff --git a/src/init/vyos-router b/src/init/vyos-router
index c2cb9169fa..2d069978a2 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -388,6 +388,7 @@ start ()
         touch /tmp/vyos.ifconfig.debug
         touch /tmp/vyos.frr.debug
         touch /tmp/vyos.container.debug
+        touch /tmp/vyos.smoketest.debug
     fi
 
     log_action_begin_msg "Mounting VyOS Config"

From b6c343c363bf471fc78bd8dec885c88f1dd90cb5 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 26 May 2024 08:53:13 +0200
Subject: [PATCH 2/3] Revert "dhcpv6-server: T3493: adds prefix range
 validation"

This reverts the prefix start/stop address must be inside network part from
commit 4cde0b8ce778d269d3fe1d4f33ba5b2caf424181.
---
 src/conf_mode/service_dhcpv6-server.py | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index 36b2d8b08d..560251336b 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -113,29 +113,11 @@ def verify(dhcpv6):
                     raise ConfigError('prefix-delegation start address not defined!')
 
                 for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
-                    prefix_start_addr = prefix
-
-                    # Prefix start address must be inside network
-                    if not ip_address(prefix_start_addr) in ip_network(subnet):
-                        raise ConfigError(f'Prefix delegation start address '\
-                                          f'"{prefix_start_addr}" is not in '\
-                                          f'subnet "{subnet}"')
-
                     if 'stop' not in prefix_config:
                         raise ConfigError(f'Stop address of delegated IPv6 '\
                                           f'prefix range "{prefix}" '\
                                           f'must be configured')
 
-                    if 'stop' in prefix_config:
-                       prefix_stop_addr = prefix_config['stop']
-
-                       # Prefix stop address must be inside network
-                       if not (ip_address(prefix_stop_addr) in
-                              ip_network(subnet)):
-                           raise ConfigError(f'Prefix delegation stop '\
-                                             f'address "{prefix_stop_addr}" '\
-                                             f'is not in subnet "{subnet}"')
-
                     if 'prefix_length' not in prefix_config:
                         raise ConfigError(f'Length of delegated IPv6 prefix '\
                                           f'must be configured')

From ccd564c2328a086b326957fdde8b07ca560bd6b2 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 26 May 2024 10:06:02 +0200
Subject: [PATCH 3/3] dhcpv6-server: T3493: add proper validation for
 prefix-delegation start/stop address

ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;"
where the IPv6 prefix/range must be :: terminaated with a delegated prefix
length at the end.

This commit changes the validator that the IPv6 address defined on the CLI must
always end with ::. In addition a verify() step is added to check that the
stop address is greater than start address.
---
 .../service_dhcpv6-server.xml.in              |  6 ++++--
 .../scripts/cli/test_service_dhcpv6-server.py |  8 +++++++-
 src/conf_mode/service_dhcpv6-server.py        | 19 +++++++++++++------
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index a64da83ae4..effba38846 100644
--- a/interface-definitions/service_dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -229,7 +229,8 @@
                             <description>IPv6 address used in prefix delegation</description>
                           </valueHelp>
                           <constraint>
-                            <validator name="ipv6-address"/>
+                            <!-- IPv6 address used MUST end with :: -->
+                            <regex>([a-fA-F0-9]{1,4}:)+:</regex>
                           </constraint>
                         </properties>
                         <children>
@@ -254,7 +255,8 @@
                                 <description>IPv6 address used in prefix delegation</description>
                               </valueHelp>
                               <constraint>
-                                <validator name="ipv6-address"/>
+                                <!-- IPv6 address used MUST end with :: -->
+                                <regex>([a-fA-F0-9]{1,4}:)+:</regex>
                               </constraint>
                             </properties>
                           </leafNode>
diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py
index cb6206632c..c07d8509e0 100755
--- a/smoketest/scripts/cli/test_service_dhcpv6-server.py
+++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py
@@ -18,6 +18,7 @@
 
 from base_vyostest_shim import VyOSUnitTestSHIM
 
+from vyos.configsession import ConfigSessionError
 from vyos.template import inc_ip
 from vyos.utils.process import process_named_running
 from vyos.utils.file import read_file
@@ -143,9 +144,14 @@ def test_prefix_delegation(self):
         pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
 
         self.cli_set(pool + ['address-range', 'start', range_start, 'stop', range_stop])
-        self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop])
         self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'prefix-length', delegate_len])
 
+        self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_start])
+        # Prefix delegation stop address must be greater then start address
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop])
+
         # commit changes
         self.cli_commit()
 
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index 560251336b..25f19285c9 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -105,22 +105,29 @@ def verify(dhcpv6):
                 if 'prefix' in subnet_config:
                     for prefix in subnet_config['prefix']:
                         if ip_network(prefix) not in ip_network(subnet):
-                            raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}""')
+                            raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}"!')
 
             # Prefix delegation sanity checks
             if 'prefix_delegation' in subnet_config:
                 if 'start' not in subnet_config['prefix_delegation']:
-                    raise ConfigError('prefix-delegation start address not defined!')
+                        raise ConfigError(f'Start address of delegated IPv6 prefix range "{prefix}" '\
+                                          f'must be configured!')
 
                 for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
                     if 'stop' not in prefix_config:
-                        raise ConfigError(f'Stop address of delegated IPv6 '\
-                                          f'prefix range "{prefix}" '\
-                                          f'must be configured')
+                        raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+                                          f'must be configured!')
+
+                    start_addr = prefix
+                    stop_addr = prefix_config['stop']
+
+                    if ip_address(stop_addr) <= ip_address(start_addr):
+                        raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+                                          f'must be greater than start address!')
 
                     if 'prefix_length' not in prefix_config:
                         raise ConfigError(f'Length of delegated IPv6 prefix '\
-                                          f'must be configured')
+                                          f'must be configured!')
 
             # Static mappings don't require anything (but check if IP is in subnet if it's set)
             if 'static_mapping' in subnet_config: