From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 691571FF146 for ; Tue, 23 Jun 2026 14:57:06 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 684623442E; Tue, 23 Jun 2026 14:57:02 +0200 (CEST) From: Hannes Laimer To: pve-devel@lists.proxmox.com Subject: [PATCH proxmox-ve-rs v3 2/9] frr: add IPv6 router advertisement support Date: Tue, 23 Jun 2026 14:56:19 +0200 Message-ID: <20260623125626.1195681-3-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260623125626.1195681-1-h.laimer@proxmox.com> References: <20260623125626.1195681-1-h.laimer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1782219403597 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.087 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: WSARV3R3VE57OB65SGUEH5UQVBLRYW72 X-Message-ID-Hash: WSARV3R3VE57OB65SGUEH5UQVBLRYW72 X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Add typed configuration for emitting IPv6 Router Advertisements from FRR, alongside the existing per-protocol configs. The shape mirrors the protocol's two layers, keeping interface-level fields separate from per-prefix flags so neither overloads the other. Signed-off-by: Hannes Laimer --- Notes: v3: - keep prefix lifetimes on no-autoconfig prefixes (were dropped) - emit ra-interval before ra-lifetime - single prefix line instead of duplicated autoconfig branches .../templates/frr.conf.jinja | 1 + .../templates/nd_interfaces.jinja | 28 +++++++ proxmox-frr/src/ser/mod.rs | 6 ++ proxmox-frr/src/ser/nd.rs | 75 +++++++++++++++++++ proxmox-frr/src/ser/serializer.rs | 6 +- 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 proxmox-frr-templates/templates/nd_interfaces.jinja create mode 100644 proxmox-frr/src/ser/nd.rs diff --git a/proxmox-frr-templates/templates/frr.conf.jinja b/proxmox-frr-templates/templates/frr.conf.jinja index 1f98489..8b07088 100644 --- a/proxmox-frr-templates/templates/frr.conf.jinja +++ b/proxmox-frr-templates/templates/frr.conf.jinja @@ -10,3 +10,4 @@ {% include "route_maps.jinja" %} {% include "ip_routes.jinja" %} {% include "protocol_routemaps.jinja" %} +{% include "nd_interfaces.jinja" %} diff --git a/proxmox-frr-templates/templates/nd_interfaces.jinja b/proxmox-frr-templates/templates/nd_interfaces.jinja new file mode 100644 index 0000000..dd047a9 --- /dev/null +++ b/proxmox-frr-templates/templates/nd_interfaces.jinja @@ -0,0 +1,28 @@ +{% for name, iface in nd_interfaces|items %} +! +interface {{ name }} + no ipv6 nd suppress-ra +{% if iface.managed_config_flag %} + ipv6 nd managed-config-flag +{% endif %} +{% if iface.other_config_flag %} + ipv6 nd other-config-flag +{% endif %} +{% if iface.interval is not none %} + ipv6 nd ra-interval {{ iface.interval }} +{% endif %} +{% if iface.router_lifetime is not none %} + ipv6 nd ra-lifetime {{ iface.router_lifetime }} +{% endif %} +{% if iface.mtu is not none %} + ipv6 nd mtu {{ iface.mtu }} +{% endif %} +{% for rdnss in iface.rdnss %} + ipv6 nd rdnss {{ rdnss }} +{% endfor %} +{% for prefix in iface.prefixes %} + ipv6 nd prefix {{ prefix.cidr }} {{ prefix.valid }} {{ prefix.preferred }}{% if not prefix.autonomous %} no-autoconfig{% endif %}{% if not prefix.on_link %} off-link{% endif %} + +{% endfor %} +exit +{% endfor %} diff --git a/proxmox-frr/src/ser/mod.rs b/proxmox-frr/src/ser/mod.rs index b651121..a65ee46 100644 --- a/proxmox-frr/src/ser/mod.rs +++ b/proxmox-frr/src/ser/mod.rs @@ -1,5 +1,6 @@ pub mod bgp; pub mod isis; +pub mod nd; pub mod openfabric; pub mod ospf; pub mod route_map; @@ -234,6 +235,11 @@ pub struct FrrConfig { #[serde(default)] pub prefix_lists: BTreeMap>, + /// `interface / ipv6 nd ...` blocks emitted for subnets with Router + /// Advertisements enabled. Presence of an entry implies `no ipv6 nd suppress-ra`. + #[serde(default)] + pub nd_interfaces: BTreeMap, + #[serde(default)] pub custom_frr_config: Vec, } diff --git a/proxmox-frr/src/ser/nd.rs b/proxmox-frr/src/ser/nd.rs new file mode 100644 index 0000000..d9c5545 --- /dev/null +++ b/proxmox-frr/src/ser/nd.rs @@ -0,0 +1,75 @@ +use std::net::Ipv6Addr; + +use proxmox_network_types::ip_address::Ipv6Cidr; +use serde::{Deserialize, Serialize}; + +fn default_true() -> bool { + true +} + +/// A single prefix advertised in Router Advertisements on an interface. +/// +/// The valid and preferred lifetimes are always emitted; they apply to the prefix +/// information option independently of the autonomous flag. The caller must ensure +/// `preferred <= valid`, FRR rejects the prefix otherwise. +#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)] +pub struct NdPrefix { + pub cidr: Ipv6Cidr, + /// Autonomous (A) flag. Defaults to `true`. Clear to emit the prefix with the + /// no-autoconfig modifier so hosts use it for on-link/routing decisions but do not + /// derive addresses from it via SLAAC. + #[serde( + default = "default_true", + deserialize_with = "proxmox_serde::perl::deserialize_bool" + )] + pub autonomous: bool, + /// On-link (L) flag. Defaults to `true`. Clear to emit the prefix with the off-link + /// modifier so hosts reach addresses in the prefix only via the router rather than + /// directly on the link. + #[serde( + default = "default_true", + deserialize_with = "proxmox_serde::perl::deserialize_bool" + )] + pub on_link: bool, + /// Valid lifetime (seconds) of the prefix information. + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u32")] + pub valid: u32, + /// Preferred lifetime (seconds) of the prefix information. Must not exceed `valid`. + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u32")] + pub preferred: u32, +} + +/// IPv6 Neighbor Discovery / Router Advertisement configuration for an interface. +/// +/// Presence of an [`NdInterface`] for an interface implies RAs are enabled on it +/// (i.e. the generated config emits `no ipv6 nd suppress-ra`). The remaining fields map +/// 1:1 to FRR `ipv6 nd ...` interface commands. +#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize, Deserialize)] +pub struct NdInterface { + /// Sets the `M` bit in emitted RAs. Guests should obtain addresses via DHCPv6. + #[serde(default, deserialize_with = "proxmox_serde::perl::deserialize_bool")] + pub managed_config_flag: bool, + /// Sets the `O` bit in emitted RAs. Guests should obtain other configuration via DHCPv6. + #[serde(default, deserialize_with = "proxmox_serde::perl::deserialize_bool")] + pub other_config_flag: bool, + /// RDNSS entries to advertise. Each produces its own `ipv6 nd rdnss ` line. + #[serde(default)] + pub rdnss: Vec, + /// Default-router lifetime (seconds) advertised in RAs. `0` tells hosts the emitter is not + /// a default router. `None` lets FRR use its built-in default (1800s). + /// + /// Rendered after `interval`: FRR validates a non-zero lifetime against the interval + /// configured at that point (matching FRR's own config-write order), so a non-zero value + /// must be at least `interval` (or 600 if unset). + #[serde(default)] + pub router_lifetime: Option, + /// Maximum interval between unsolicited RAs (seconds). `None` keeps the FRR default (600s). + #[serde(default)] + pub interval: Option, + /// MTU advertised in the RA. `None` omits the MTU option from the RA. + #[serde(default)] + pub mtu: Option, + /// Prefix advertisements emitted on this interface, in declaration order. + #[serde(default)] + pub prefixes: Vec, +} diff --git a/proxmox-frr/src/ser/serializer.rs b/proxmox-frr/src/ser/serializer.rs index 2ac85d8..5b5d5a5 100644 --- a/proxmox-frr/src/ser/serializer.rs +++ b/proxmox-frr/src/ser/serializer.rs @@ -5,7 +5,7 @@ use crate::ser::FrrConfig; use proxmox_sortable_macro::sortable; #[sortable] -pub static TEMPLATES: [(&str, &str); 12] = sorted!([ +pub static TEMPLATES: [(&str, &str); 13] = sorted!([ ( "fabricd.jinja", include_str!("/usr/share/proxmox-frr/templates/fabricd.jinja"), @@ -50,6 +50,10 @@ pub static TEMPLATES: [(&str, &str); 12] = sorted!([ "protocol_routemaps.jinja", include_str!("/usr/share/proxmox-frr/templates/protocol_routemaps.jinja"), ), + ( + "nd_interfaces.jinja", + include_str!("/usr/share/proxmox-frr/templates/nd_interfaces.jinja"), + ), ( "frr.conf.jinja", include_str!("/usr/share/proxmox-frr/templates/frr.conf.jinja"), -- 2.47.3