diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-19 07:49:03 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-12-20 23:21:07 +0100 |
commit | 4d721a58020971d00ab854c37b68e88359999f9c (patch) | |
tree | 75bb9f8bdf08ccb5cdc793e434c374070704312b /data | |
parent | b873112dd7253b64d323e183758dbabaa0f28b6e (diff) | |
download | vyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.tar.gz vyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.zip |
T2898: add ndp-proxy service
VyOS CLI command
set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static'
Will generate the following NDP proxy configuration
$ cat /run/ndppd/ndppd.conf
# autogenerated by service_ndp-proxy.py
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
route-ttl 30000
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules
proxy eth0 {
# Turn on or off the router flag for Neighbor Advertisements
router no
# Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
timeout 500
# Control how long a valid or invalid entry remains in the cache (milliseconds)
ttl 30000
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:db8::/64 {
static
}
}
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 1 | ||||
-rw-r--r-- | data/templates/ndppd/ndppd.conf.j2 | 71 |
2 files changed, 32 insertions, 40 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 92d3863ce..6d7261b73 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -63,6 +63,7 @@ "service_ipoe-server.py", "service_mdns-repeater.py", "service_monitoring_telegraf.py", +"service_ndp-proxy.py", "service_pppoe-server.py", "service_router-advert.py", "service_upnp.py", diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2 index 1297f36be..6369dbdeb 100644 --- a/data/templates/ndppd/ndppd.conf.j2 +++ b/data/templates/ndppd/ndppd.conf.j2 @@ -1,44 +1,35 @@ -######################################################## -# -# autogenerated by nat66.py -# -# The configuration file must define one upstream -# interface. -# -# For some services, such as nat66, because it runs -# stateless, it needs to rely on NDP Proxy to respond -# to NDP requests. -# -# When using nat66 source rules, NDP Proxy needs -# to be enabled -# -######################################################## +# autogenerated by service_ndp-proxy.py -{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %} -{% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not defined %} -{% if config.outbound_interface.name is vyos_defined %} -{% if config.outbound_interface.name not in global.ndppd_interfaces %} -{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface.name] %} -{% endif %} -{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %} -{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface.name,'rule':config.translation.address}] %} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} +# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route +route-ttl {{ route_refresh }} + +{% if interface is vyos_defined %} +# This sets up a listener, that will listen for any Neighbor Solicitation +# messages, and respond to them according to a set of rules +{% for iface, iface_config in interface.items() if iface_config.disable is not vyos_defined %} +proxy {{ iface }} { + # Turn on or off the router flag for Neighbor Advertisements + router {{ 'yes' if iface_config.enable_router_bit is vyos_defined else 'no' }} + # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) + timeout {{ iface_config.timeout }} + # Control how long a valid or invalid entry remains in the cache (milliseconds) + ttl {{ iface_config.ttl }} -{% for interface in global.ndppd_interfaces %} -proxy {{ interface }} { - router yes - timeout 500 - ttl 30000 -{% for map in global.ndppd_prefixs %} -{% if map.interface == interface %} - rule {{ map.rule }} { - static +{% if iface_config.prefix is vyos_defined %} + # This is a rule that the target address is to match against. If no netmask + # is provided, /128 is assumed. You may have several rule sections, and the + # addresses may or may not overlap. +{% for prefix, prefix_config in iface_config.prefix.items() if prefix_config.disable is not vyos_defined %} + rule {{ prefix }} { +{% if prefix_config.mode is vyos_defined('interface') %} + iface {{ prefix_config.interface }} +{% else %} + {{ prefix_config.mode }} +{% endif %} } -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} } -{% endfor %} + +{% endfor %} +{% endif %} |