From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 7366A1FF13C
	for <inbox@lore.proxmox.com>; Thu, 30 Apr 2026 16:31:01 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 89052C413;
	Thu, 30 Apr 2026 16:30:31 +0200 (CEST)
From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-ve-rs v2 01/11] frr: add IPv6 router advertisement
 support
Date: Thu, 30 Apr 2026 16:29:43 +0200
Message-ID: <20260430142953.315412-2-h.laimer@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260430142953.315412-1-h.laimer@proxmox.com>
References: <20260430142953.315412-1-h.laimer@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1777559296656
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.080 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: M5F6DJI6DQUMKHC6FRJYRI6FSAT36ED4
X-Message-ID-Hash: M5F6DJI6DQUMKHC6FRJYRI6FSAT36ED4
X-MailFrom: h.laimer@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

Add typed configuration for emitting IPv6 Router Advertisements from
FRR, alongside the existing per-protocol configs. The shape mirrors
the protocol's two layers, keeping interface-level fields separate
from per-prefix flags so neither overloads the other.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 .../templates/frr.conf.jinja                  |  1 +
 .../templates/nd_interfaces.jinja             | 33 +++++++++
 proxmox-frr/src/ser/mod.rs                    |  6 ++
 proxmox-frr/src/ser/nd.rs                     | 71 +++++++++++++++++++
 proxmox-frr/src/ser/serializer.rs             |  6 +-
 5 files changed, 116 insertions(+), 1 deletion(-)
 create mode 100644 proxmox-frr-templates/templates/nd_interfaces.jinja
 create mode 100644 proxmox-frr/src/ser/nd.rs

diff --git a/proxmox-frr-templates/templates/frr.conf.jinja b/proxmox-frr-templates/templates/frr.conf.jinja
index 1f98489..8b07088 100644
--- a/proxmox-frr-templates/templates/frr.conf.jinja
+++ b/proxmox-frr-templates/templates/frr.conf.jinja
@@ -10,3 +10,4 @@
 {% include "route_maps.jinja" %}
 {% include "ip_routes.jinja" %}
 {% include "protocol_routemaps.jinja" %}
+{% include "nd_interfaces.jinja" %}
diff --git a/proxmox-frr-templates/templates/nd_interfaces.jinja b/proxmox-frr-templates/templates/nd_interfaces.jinja
new file mode 100644
index 0000000..79cc16b
--- /dev/null
+++ b/proxmox-frr-templates/templates/nd_interfaces.jinja
@@ -0,0 +1,33 @@
+{% for name, iface in nd_interfaces|items %}
+!
+interface {{ name }}
+ no ipv6 nd suppress-ra
+{% if iface.managed_config_flag %}
+ ipv6 nd managed-config-flag
+{% endif %}
+{% if iface.other_config_flag %}
+ ipv6 nd other-config-flag
+{% endif %}
+{% if iface.router_lifetime is not none %}
+ ipv6 nd ra-lifetime {{ iface.router_lifetime }}
+{% endif %}
+{% if iface.interval is not none %}
+ ipv6 nd ra-interval {{ iface.interval }}
+{% endif %}
+{% if iface.mtu is not none %}
+ ipv6 nd mtu {{ iface.mtu }}
+{% endif %}
+{% for rdnss in iface.rdnss %}
+ ipv6 nd rdnss {{ rdnss }}
+{% endfor %}
+{% for prefix in iface.prefixes %}
+{% if prefix.mode.kind == "autoconfig" %}
+ ipv6 nd prefix {{ prefix.cidr }} {{ prefix.mode.valid }} {{ prefix.mode.preferred }}{% if not prefix.on_link %} off-link{% endif %}
+
+{% elif prefix.mode.kind == "no-autoconfig" %}
+ ipv6 nd prefix {{ prefix.cidr }} no-autoconfig{% if not prefix.on_link %} off-link{% endif %}
+
+{% endif %}
+{% endfor %}
+exit
+{% endfor %}
diff --git a/proxmox-frr/src/ser/mod.rs b/proxmox-frr/src/ser/mod.rs
index cf7ae19..70a08b6 100644
--- a/proxmox-frr/src/ser/mod.rs
+++ b/proxmox-frr/src/ser/mod.rs
@@ -1,5 +1,6 @@
 pub mod bgp;
 pub mod isis;
+pub mod nd;
 pub mod openfabric;
 pub mod ospf;
 pub mod route_map;
@@ -234,6 +235,11 @@ pub struct FrrConfig {
     #[serde(default)]
     pub prefix_lists: BTreeMap<PrefixListName, Vec<PrefixListRule>>,
 
+    /// `interface <name> / ipv6 nd ...` blocks emitted for subnets with Router
+    /// Advertisements enabled. Presence of an entry implies `no ipv6 nd suppress-ra`.
+    #[serde(default)]
+    pub nd_interfaces: BTreeMap<InterfaceName, nd::NdInterface>,
+
     #[serde(default)]
     pub custom_frr_config: Vec<String>,
 }
diff --git a/proxmox-frr/src/ser/nd.rs b/proxmox-frr/src/ser/nd.rs
new file mode 100644
index 0000000..baa6210
--- /dev/null
+++ b/proxmox-frr/src/ser/nd.rs
@@ -0,0 +1,71 @@
+use std::net::Ipv6Addr;
+
+use proxmox_network_types::ip_address::Ipv6Cidr;
+use serde::{Deserialize, Serialize};
+
+/// Per-prefix advertisement mode.
+///
+/// `Autoconfig` sets the autonomous flag on the prefix and carries the valid and preferred
+/// lifetimes. `NoAutoconfig` announces the prefix with the autonomous flag cleared, so
+/// hosts use it for routing decisions but do not derive addresses from it via SLAAC.
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "kebab-case", tag = "kind")]
+pub enum NdPrefixMode {
+    Autoconfig {
+        #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u32")]
+        valid: u32,
+        #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u32")]
+        preferred: u32,
+    },
+    NoAutoconfig,
+}
+
+fn default_true() -> bool {
+    true
+}
+
+/// A single prefix advertised in Router Advertisements on an interface.
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct NdPrefix {
+    pub cidr: Ipv6Cidr,
+    /// On-link (L) flag. Defaults to `true`. Clear to emit the prefix with the off-link
+    /// modifier so hosts reach addresses in the prefix only via the router rather than
+    /// directly on the link.
+    #[serde(
+        default = "default_true",
+        deserialize_with = "proxmox_serde::perl::deserialize_bool"
+    )]
+    pub on_link: bool,
+    pub mode: NdPrefixMode,
+}
+
+/// IPv6 Neighbor Discovery / Router Advertisement configuration for an interface.
+///
+/// Presence of an [`NdInterface`] for an interface implies RAs are enabled on it
+/// (i.e. the generated config emits `no ipv6 nd suppress-ra`). The remaining fields map
+/// 1:1 to FRR `ipv6 nd ...` interface commands.
+#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize, Deserialize)]
+pub struct NdInterface {
+    /// Sets the `M` bit in emitted RAs. Guests should obtain addresses via DHCPv6.
+    #[serde(default, deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+    pub managed_config_flag: bool,
+    /// Sets the `O` bit in emitted RAs. Guests should obtain other configuration via DHCPv6.
+    #[serde(default, deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+    pub other_config_flag: bool,
+    /// RDNSS entries to advertise. Each produces its own `ipv6 nd rdnss <addr>` line.
+    #[serde(default)]
+    pub rdnss: Vec<Ipv6Addr>,
+    /// Default-router lifetime (seconds) advertised in RAs. `0` tells hosts the emitter is not
+    /// a default router. `None` lets FRR use its built-in default (1800s).
+    #[serde(default)]
+    pub router_lifetime: Option<u32>,
+    /// Maximum interval between unsolicited RAs (seconds). `None` keeps the FRR default (600s).
+    #[serde(default)]
+    pub interval: Option<u32>,
+    /// MTU advertised in the RA. `None` omits the MTU option from the RA.
+    #[serde(default)]
+    pub mtu: Option<u32>,
+    /// Prefix advertisements emitted on this interface, in declaration order.
+    #[serde(default)]
+    pub prefixes: Vec<NdPrefix>,
+}
diff --git a/proxmox-frr/src/ser/serializer.rs b/proxmox-frr/src/ser/serializer.rs
index 2ac85d8..5b5d5a5 100644
--- a/proxmox-frr/src/ser/serializer.rs
+++ b/proxmox-frr/src/ser/serializer.rs
@@ -5,7 +5,7 @@ use crate::ser::FrrConfig;
 use proxmox_sortable_macro::sortable;
 
 #[sortable]
-pub static TEMPLATES: [(&str, &str); 12] = sorted!([
+pub static TEMPLATES: [(&str, &str); 13] = sorted!([
     (
         "fabricd.jinja",
         include_str!("/usr/share/proxmox-frr/templates/fabricd.jinja"),
@@ -50,6 +50,10 @@ pub static TEMPLATES: [(&str, &str); 12] = sorted!([
         "protocol_routemaps.jinja",
         include_str!("/usr/share/proxmox-frr/templates/protocol_routemaps.jinja"),
     ),
+    (
+        "nd_interfaces.jinja",
+        include_str!("/usr/share/proxmox-frr/templates/nd_interfaces.jinja"),
+    ),
     (
         "frr.conf.jinja",
         include_str!("/usr/share/proxmox-frr/templates/frr.conf.jinja"),
-- 
2.47.3