From c56af995b6e3d867c2a67deeb4be79e498f0a7cf Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Sun, 10 Sep 2023 22:24:27 +0000
Subject: T5559: Add static neighbor-proxy feature

Ability to set ip neigbhor proxy

set protocols static neighbor-proxy arp 192.0.2.1 interface 'eth0'
set protocols static neighbor-proxy arp 192.0.2.2 interface 'eth0'
set protocols static neighbor-proxy nd 2001:db8::1 interface 'eth1'
---
 .../protocols_static_neighbor-proxy.xml.in         | 48 +++++++++++
 src/conf_mode/protocols_static_neighbor-proxy.py   | 95 ++++++++++++++++++++++
 2 files changed, 143 insertions(+)
 create mode 100644 interface-definitions/protocols_static_neighbor-proxy.xml.in
 create mode 100755 src/conf_mode/protocols_static_neighbor-proxy.py

diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in
new file mode 100644
index 000000000..1c8433a39
--- /dev/null
+++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in
@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="protocols">
+    <children>
+      <node name="static">
+        <children>
+          <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py">
+            <properties>
+              <help>Neighbor proxy parameters</help>
+            </properties>
+            <children>
+              <tagNode name="arp">
+                <properties>
+                  <help>IP address for selective ARP proxy</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IPv4 destination address allowed for proxy-arp</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+                <children>
+                  #include <include/generic-interface-multi.xml.i>
+                </children>
+              </tagNode>
+              <tagNode name="nd">
+                <properties>
+                  <help>IPv6 address for selective NDP proxy</help>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 destination address</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                </properties>
+                <children>
+                  #include <include/generic-interface-multi.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/src/conf_mode/protocols_static_neighbor-proxy.py b/src/conf_mode/protocols_static_neighbor-proxy.py
new file mode 100755
index 000000000..10cc1e748
--- /dev/null
+++ b/src/conf_mode/protocols_static_neighbor-proxy.py
@@ -0,0 +1,95 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.configdict import node_changed
+from vyos.utils.process import call
+from vyos import ConfigError
+from vyos import airbag
+
+airbag.enable()
+
+
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
+
+    base = ['protocols', 'static', 'neighbor-proxy']
+    config = conf.get_config_dict(base, get_first_key=True)
+
+    return config
+
+
+def verify(config):
+
+    if 'arp' in config:
+        for neighbor, neighbor_conf in config['arp'].items():
+            if 'interface' not in neighbor_conf:
+                raise ConfigError(
+                    f"ARP neighbor-proxy for '{neighbor}' requires an interface to be set!"
+                )
+
+    if 'nd' in config:
+        for neighbor, neighbor_conf in config['nd'].items():
+            if 'interface' not in neighbor_conf:
+                raise ConfigError(
+                    f"ARP neighbor-proxy for '{neighbor}' requires an interface to be set!"
+                )
+
+
+def generate(config):
+    pass
+
+
+def apply(config):
+    if not config:
+        # Cleanup proxy
+        call('ip neighbor flush proxy')
+        call('ip -6 neighbor flush proxy')
+        return None
+
+    # Add proxy ARP
+    if 'arp' in config:
+        # Cleanup entries before config
+        call('ip neighbor flush proxy')
+        for neighbor, neighbor_conf in config['arp'].items():
+            for interface in neighbor_conf.get('interface'):
+                call(f'ip neighbor add proxy {neighbor} dev {interface}')
+
+    # Add proxy NDP
+    if 'nd' in config:
+        # Cleanup entries before config
+        call('ip -6 neighbor flush proxy')
+        for neighbor, neighbor_conf in config['nd'].items():
+            for interface in neighbor_conf['interface']:
+                call(f'ip -6 neighbor add proxy {neighbor} dev {interface}')
+
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)
-- 
cgit v1.2.3