diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-19 07:49:03 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-12-20 23:21:07 +0100 |
commit | 4d721a58020971d00ab854c37b68e88359999f9c (patch) | |
tree | 75bb9f8bdf08ccb5cdc793e434c374070704312b /interface-definitions | |
parent | b873112dd7253b64d323e183758dbabaa0f28b6e (diff) | |
download | vyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.tar.gz vyos-1x-4d721a58020971d00ab854c37b68e88359999f9c.zip |
T2898: add ndp-proxy service
VyOS CLI command
set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static'
Will generate the following NDP proxy configuration
$ cat /run/ndppd/ndppd.conf
# autogenerated by service_ndp-proxy.py
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
route-ttl 30000
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules
proxy eth0 {
# Turn on or off the router flag for Neighbor Advertisements
router no
# Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
timeout 500
# Control how long a valid or invalid entry remains in the cache (milliseconds)
ttl 30000
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:db8::/64 {
static
}
}
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/include/version/nat66-version.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/service_ndp-proxy.xml.in | 132 |
2 files changed, 133 insertions, 1 deletions
diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 478ca080f..43a54c969 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='2'></syntaxVersion> +<syntaxVersion component='nat66' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in new file mode 100644 index 000000000..9801c99ab --- /dev/null +++ b/interface-definitions/service_ndp-proxy.xml.in @@ -0,0 +1,132 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ndp-proxy" owner="${vyos_conf_scripts_dir}/service_ndp-proxy.py"> + <properties> + <help>Neighbor Discovery Protocol (NDP) Proxy</help> + </properties> + <children> + <leafNode name="route-refresh"> + <properties> + <help>Refresh interval for IPv6 routes</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>Route-refresh must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>NDP proxy listener interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="enable-router-bit"> + <properties> + <help>Enable router bit in Neighbor Advertisement messages</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout for Neighbor Advertisement after Neighbor Solicitation message</help> + <valueHelp> + <format>u32:500-120000</format> + <description>Timeout in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-120000"/> + </constraint> + <constraintErrorMessage>Timeout must be between 500 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>500</defaultValue> + </leafNode> + <leafNode name="ttl"> + <properties> + <help>Proxy entry cache Time-To-Live</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>TTL must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Prefix target addresses are matched against</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="mode"> + <properties> + <help>Specify the running mode of the rule</help> + <completionHelp> + <list>static auto interface</list> + </completionHelp> + <valueHelp> + <format>static</format> + <description>Immediately answer any Neighbor Solicitation Messages</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Check for a matching route in /proc/net/ipv6_route</description> + </valueHelp> + <valueHelp> + <format>interface</format> + <description>Forward Neighbor Solicitation message through specified interface</description> + </valueHelp> + <constraint> + <regex>(static|auto|interface)</regex> + </constraint> + <constraintErrorMessage>Mode must be either one of: static, auto or interface</constraintErrorMessage> + </properties> + <defaultValue>static</defaultValue> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to forward Neighbor Solicitation message through. Required for "iface" mode</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |