summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-19 07:49:03 +0100
committerChristian Breunig <christian@breunig.cc>2023-12-20 23:21:07 +0100
commit4d721a58020971d00ab854c37b68e88359999f9c (patch)
tree75bb9f8bdf08ccb5cdc793e434c374070704312b /data
parentb873112dd7253b64d323e183758dbabaa0f28b6e (diff)
downloadvyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.tar.gz
vyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.zip
T2898: add ndp-proxy service
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } }
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json1
-rw-r--r--data/templates/ndppd/ndppd.conf.j271
2 files changed, 32 insertions, 40 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index 92d3863ce..6d7261b73 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -63,6 +63,7 @@
"service_ipoe-server.py",
"service_mdns-repeater.py",
"service_monitoring_telegraf.py",
+"service_ndp-proxy.py",
"service_pppoe-server.py",
"service_router-advert.py",
"service_upnp.py",
diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2
index 1297f36be..6369dbdeb 100644
--- a/data/templates/ndppd/ndppd.conf.j2
+++ b/data/templates/ndppd/ndppd.conf.j2
@@ -1,44 +1,35 @@
-########################################################
-#
-# autogenerated by nat66.py
-#
-# The configuration file must define one upstream
-# interface.
-#
-# For some services, such as nat66, because it runs
-# stateless, it needs to rely on NDP Proxy to respond
-# to NDP requests.
-#
-# When using nat66 source rules, NDP Proxy needs
-# to be enabled
-#
-########################################################
+# autogenerated by service_ndp-proxy.py
-{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %}
-{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not defined %}
-{% if config.outbound_interface.name is vyos_defined %}
-{% if config.outbound_interface.name not in global.ndppd_interfaces %}
-{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface.name] %}
-{% endif %}
-{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %}
-{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface.name,'rule':config.translation.address}] %}
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endif %}
+# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
+route-ttl {{ route_refresh }}
+
+{% if interface is vyos_defined %}
+# This sets up a listener, that will listen for any Neighbor Solicitation
+# messages, and respond to them according to a set of rules
+{% for iface, iface_config in interface.items() if iface_config.disable is not vyos_defined %}
+proxy {{ iface }} {
+ # Turn on or off the router flag for Neighbor Advertisements
+ router {{ 'yes' if iface_config.enable_router_bit is vyos_defined else 'no' }}
+ # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
+ timeout {{ iface_config.timeout }}
+ # Control how long a valid or invalid entry remains in the cache (milliseconds)
+ ttl {{ iface_config.ttl }}
-{% for interface in global.ndppd_interfaces %}
-proxy {{ interface }} {
- router yes
- timeout 500
- ttl 30000
-{% for map in global.ndppd_prefixs %}
-{% if map.interface == interface %}
- rule {{ map.rule }} {
- static
+{% if iface_config.prefix is vyos_defined %}
+ # This is a rule that the target address is to match against. If no netmask
+ # is provided, /128 is assumed. You may have several rule sections, and the
+ # addresses may or may not overlap.
+{% for prefix, prefix_config in iface_config.prefix.items() if prefix_config.disable is not vyos_defined %}
+ rule {{ prefix }} {
+{% if prefix_config.mode is vyos_defined('interface') %}
+ iface {{ prefix_config.interface }}
+{% else %}
+ {{ prefix_config.mode }}
+{% endif %}
}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
}
-{% endfor %}
+
+{% endfor %}
+{% endif %}