summaryrefslogtreecommitdiff
path: root/data/templates/ndppd
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-21 16:06:51 +0100
committerGitHub <noreply@github.com>2023-12-21 16:06:51 +0100
commit11b3750c4a01a120dc386e72a6781b1c16ed1120 (patch)
tree107d0af94e581601cc9c8032909178f5e593a421 /data/templates/ndppd
parent273c65311e70414ab6267e62d1abcc2eb0f00a3c (diff)
parent4d721a58020971d00ab854c37b68e88359999f9c (diff)
downloadvyos-1x-11b3750c4a01a120dc386e72a6781b1c16ed1120.tar.gz
vyos-1x-11b3750c4a01a120dc386e72a6781b1c16ed1120.zip
Merge pull request #2665 from c-po/ndp-proxy
T2898: add ndp-proxy service
Diffstat (limited to 'data/templates/ndppd')
-rw-r--r--data/templates/ndppd/ndppd.conf.j271
1 files changed, 31 insertions, 40 deletions
diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2
index 1297f36be..6369dbdeb 100644
--- a/data/templates/ndppd/ndppd.conf.j2
+++ b/data/templates/ndppd/ndppd.conf.j2
@@ -1,44 +1,35 @@
-########################################################
-#
-# autogenerated by nat66.py
-#
-# The configuration file must define one upstream
-# interface.
-#
-# For some services, such as nat66, because it runs
-# stateless, it needs to rely on NDP Proxy to respond
-# to NDP requests.
-#
-# When using nat66 source rules, NDP Proxy needs
-# to be enabled
-#
-########################################################
+# autogenerated by service_ndp-proxy.py
-{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %}
-{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not defined %}
-{% if config.outbound_interface.name is vyos_defined %}
-{% if config.outbound_interface.name not in global.ndppd_interfaces %}
-{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface.name] %}
-{% endif %}
-{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %}
-{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface.name,'rule':config.translation.address}] %}
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endif %}
+# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
+route-ttl {{ route_refresh }}
+
+{% if interface is vyos_defined %}
+# This sets up a listener, that will listen for any Neighbor Solicitation
+# messages, and respond to them according to a set of rules
+{% for iface, iface_config in interface.items() if iface_config.disable is not vyos_defined %}
+proxy {{ iface }} {
+ # Turn on or off the router flag for Neighbor Advertisements
+ router {{ 'yes' if iface_config.enable_router_bit is vyos_defined else 'no' }}
+ # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
+ timeout {{ iface_config.timeout }}
+ # Control how long a valid or invalid entry remains in the cache (milliseconds)
+ ttl {{ iface_config.ttl }}
-{% for interface in global.ndppd_interfaces %}
-proxy {{ interface }} {
- router yes
- timeout 500
- ttl 30000
-{% for map in global.ndppd_prefixs %}
-{% if map.interface == interface %}
- rule {{ map.rule }} {
- static
+{% if iface_config.prefix is vyos_defined %}
+ # This is a rule that the target address is to match against. If no netmask
+ # is provided, /128 is assumed. You may have several rule sections, and the
+ # addresses may or may not overlap.
+{% for prefix, prefix_config in iface_config.prefix.items() if prefix_config.disable is not vyos_defined %}
+ rule {{ prefix }} {
+{% if prefix_config.mode is vyos_defined('interface') %}
+ iface {{ prefix_config.interface }}
+{% else %}
+ {{ prefix_config.mode }}
+{% endif %}
}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
}
-{% endfor %}
+
+{% endfor %}
+{% endif %}