4 files changed, 56 insertions, 3 deletions

diff --git a/interface-definitions/include/interface/base-reachable-time.xml.i b/interface-definitions/include/interface/base-reachable-time.xml.i
new file mode 100644
index 000000000..fb0d70101
--- /dev/null
+++ b/interface-definitions/include/interface/base-reachable-time.xml.i
@@ -0,0 +1,16 @@
+<!-- include start from interface/base-reachable-time.xml.i -->
+<leafNode name="base-reachable-time">
+  <properties>
+    <help>Base reachable time in seconds</help>
+    <valueHelp>
+      <format>u32:1-86400</format>
+      <description>Base reachable time in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-86400"/>
+    </constraint>
+    <constraintErrorMessage>Base reachable time must be between 1 and 86400 seconds</constraintErrorMessage>
+  </properties>
+  <defaultValue>30</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i
index edb4a74f9..ec6ec64ee 100644
--- a/interface-definitions/include/interface/ipv6-options.xml.i
+++ b/interface-definitions/include/interface/ipv6-options.xml.i
@@ -5,6 +5,7 @@
   </properties>
   <children>
     #include <include/interface/adjust-mss.xml.i>
+    #include <include/interface/base-reachable-time.xml.i>
     #include <include/interface/disable-forwarding.xml.i>
     #include <include/interface/ipv6-accept-dad.xml.i>
     #include <include/interface/ipv6-address.xml.i>
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 6710cdbb0..f295c1066 100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -1,4 +1,4 @@
-# Copyright 2019-2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2024 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -194,6 +194,9 @@ class Interface(Control):
             'validate': assert_positive,
             'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits',
         },
+        'ipv6_cache_tmo': {
+            'location': '/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms',
+        },
         'path_cost': {
             # XXX: we should set a maximum
             'validate': assert_positive,
@@ -262,6 +265,9 @@ class Interface(Control):
         'ipv6_dad_transmits': {
             'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits',
         },
+        'ipv6_cache_tmo': {
+            'location': '/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms',
+        },
         'proxy_arp': {
             'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp',
         },
@@ -603,6 +609,21 @@ class Interface(Control):
             return None
         return self.set_interface('arp_cache_tmo', tmo)
 
+    def set_ipv6_cache_tmo(self, tmo):
+        """
+        Set IPv6 cache timeout value in seconds. Internal Kernel representation
+        is in milliseconds.
+
+        Example:
+        >>> from vyos.ifconfig import Interface
+        >>> Interface('eth0').set_ipv6_cache_tmo(40)
+        """
+        tmo = str(int(tmo) * 1000)
+        tmp = self.get_interface('ipv6_cache_tmo')
+        if tmp == tmo:
+            return None
+        return self.set_interface('ipv6_cache_tmo', tmo)
+
     def _cleanup_mss_rules(self, table, ifname):
         commands = []
         results = self._cmd(f'nft -a list chain {table} VYOS_TCP_MSS').split("\n")
@@ -1656,6 +1677,11 @@ class Interface(Control):
             for addr in tmp:
                 self.add_ipv6_eui64_address(addr)
 
+        # Configure IPv6 base time in milliseconds - has default value
+        tmp = dict_search('ipv6.base_reachable_time', config)
+        value = tmp if (tmp != None) else '30'
+        self.set_ipv6_cache_tmo(value)
+
         # re-add ourselves to any bridge we might have fallen out of
         if 'is_bridge_member' in config:
             tmp = config.get('is_bridge_member')
diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py
index 09c3be8df..d450d11ca 100755
--- a/src/conf_mode/protocols_pim.py
+++ b/src/conf_mode/protocols_pim.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -16,6 +16,7 @@
 
 import os
 
+from ipaddress import IPv4Address
 from ipaddress import IPv4Network
 from signal import SIGTERM
 from sys import exit
@@ -32,6 +33,9 @@ from vyos import frr
 from vyos import airbag
 airbag.enable()
 
+RESERVED_MC_NET = '224.0.0.0/24'
+
+
 def get_config(config=None):
     if config:
         conf = config
@@ -92,9 +96,15 @@ def verify(pim):
     if 'interface' not in pim:
         raise ConfigError('PIM require defined interfaces!')
 
-    for interface in pim['interface']:
+    for interface, interface_config in pim['interface'].items():
         verify_interface_exists(interface)
 
+        # Check join group in reserved net
+        if 'igmp' in interface_config and 'join' in interface_config['igmp']:
+            for join_addr in interface_config['igmp']['join']:
+                if IPv4Address(join_addr) in IPv4Network(RESERVED_MC_NET):
+                    raise ConfigError(f'Groups within {RESERVED_MC_NET} are reserved and cannot be joined!')
+
     if 'rp' in pim:
         if 'address' not in pim['rp']:
             raise ConfigError('PIM rendezvous point needs to be defined!')