The ndproxy(4) kernel module implements IPv6 Neighbor Discovery

proxying with many options to handle several use-cases.

It replies to a neighbor solicitation with a specific neighbor
advertisement, in order to let the PE uplink router send further
packets to a CPE downlink router, that may or may not be the same
node that the one which runs ndproxy.

The main difference with the ndp(8) command-line tool is that, with
ndproxy(4), the host running ndp can be used only to redirect
packets to another IPv6 internal router, for instance a dedicated
one with hardware support of IPv6 routing processes.

WWW: http://www.fenyo.net/newweb/ndproxy.html

PR:		219622
Submitted by:	Alexandre Fenyo (maintainer)
Reviewed by:	matthew (mentor), mat
Approved by:	matthew (mentor)
Differential Revision:	https://reviews.freebsd.org/D11892

net/Makefile

@@ -446,6 +446,7 @@
     SUBDIR += ncp
     SUBDIR += ndisc6
     SUBDIR += ndpi
+    SUBDIR += ndproxy
     SUBDIR += nepenthes
     SUBDIR += nepim
     SUBDIR += net6

net/ndproxy/Makefile

@@ -0,0 +1,30 @@
+# $FreeBSD$
+
+PORTNAME=	ndproxy
+PORTVERSION=	2.0
+DISTVERSIONPREFIX=	v
+CATEGORIES=	net ipv6
+
+MAINTAINER=	fbsd.bugzilla@fenyo.net
+COMMENT=	Implementation of IPv6 Neighbor Discovery proxy
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+SUB_FILES=	pkg-message
+
+USES=		kmod
+USE_RC_SUBR=	ndproxy
+USE_GITHUB=	yes
+GH_ACCOUNT=	AlexandreFenyo
+
+PLIST_FILES=	${KMODDIR}/${PORTNAME}.ko man/man4/${PORTNAME}.4.gz
+
+pre-build:
+	(cd ${BUILD_WRKSRC}; ${MAKE} depend)
+
+do-install:
+	${INSTALL_KLD} ${WRKSRC}/${PORTNAME}.ko ${STAGEDIR}${KMODDIR}
+	${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.4 ${STAGEDIR}${PREFIX}/man/man4/
+
+.include <bsd.port.mk>

net/ndproxy/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1502146291
+SHA256 (AlexandreFenyo-ndproxy-v2.0_GH0.tar.gz) = 29c626355d91fef9c13281d668b2a1f79618758c44c4aaf4b0434977ceb38588
+SIZE (AlexandreFenyo-ndproxy-v2.0_GH0.tar.gz) = 8274107

net/ndproxy/files/ndproxy.in

@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ndproxy
+# REQUIRE: NETWORKING sysctl
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ndproxy"
+rcvar=ndproxy_enable
+start_cmd="ndproxy_start"
+stop_cmd="ndproxy_stop"
+
+ndproxy_start()
+{
+    echo "Starting ndproxy:"
+    if ! sysctl net.inet6.ndproxyconf_uplink_interface > /dev/null 2>&1; then
+	if ! kldload ndproxy > /dev/null 2>&1; then
+	    echo Failure loading ndproxy.
+	    return;
+	fi
+    fi
+
+    sysctl net.inet6.ndproxycount=0
+
+    if [ -z "${ndproxy_uplink_interface}" ]; then
+	echo "Warning: ndproxy_uplink_interface should be defined in rc.conf (see ndproxy(4))."
+    fi
+    sysctl net.inet6.ndproxyconf_uplink_interface=${ndproxy_uplink_interface}
+
+    if [ -z "${ndproxy_downlink_mac_address}" ]; then
+	echo "Warning: ndproxy_downlink_mac_address should be defined in rc.conf (see ndproxy(4))."
+    fi
+    sysctl net.inet6.ndproxyconf_downlink_mac_address=${ndproxy_downlink_mac_address}
+
+    if [ -z "${ndproxy_uplink_ipv6_addresses}" ]; then
+	echo "Warning: ndproxy_uplink_ipv6_addresses should be defined in rc.conf (see ndproxy(4))."
+    fi
+    sysctl net.inet6.ndproxyconf_exception_ipv6_addresses=${ndproxy_exception_ipv6_addresses}
+
+    # Note that ndproxy_exception_ipv6_addresses may be left empty.
+
+    if [ -n "${ndproxy_uplink_interface}" ]; then
+	if ! ifconfig ${ndproxy_uplink_interface} | head -1 | grep -q PPROMISC; then
+	    echo "Putting interface ${ndproxy_uplink_interface} into permanently promiscuous mode."
+	    ifconfig ${ndproxy_uplink_interface} promisc
+	fi
+    fi
+    sysctl net.inet6.ndproxyconf_uplink_ipv6_addresses=${ndproxy_uplink_ipv6_addresses}
+
+    echo Done.
+}
+
+ndproxy_stop()
+{
+    echo "Stopping ndproxy:"
+
+    if ! sysctl net.inet6.ndproxyconf_uplink_interface > /dev/null 2>&1; then
+	echo Failure unloading ndproxy.
+    else
+	if ! kldunload ndproxy > /dev/null 2>&1; then
+	    echo Failure unloading ndproxy.
+	else
+	    echo Done.
+	fi
+    fi
+}
+
+load_rc_config $name
+run_rc_command "$1"

net/ndproxy/files/pkg-message.in

@@ -0,0 +1,22 @@
+-------------------------------------------------------------------------------
+IMPORTANT! MAKE SURE TO READ THE FOLLOWING!
+
+Please remember to reinstall this port after kernel source update.
+
+ndproxy is configured using four sysctl kernel states. The boot script
+(%%PREFIX%%/etc/rc.d/ndproxy) can set those states using rc.conf variables.
+
+Here is the corresponding rc.conf variable to each sysctl kernel state:
+
+sysctl kernel state                            rc.conf corresponding variable
+-------------------------------------------------------------------------------
+net.inet6.ndproxyconf_uplink_interface         ndproxy_uplink_interface
+net.inet6.ndproxyconf_downlink_mac_address     ndproxy_downlink_mac_address
+net.inet6.ndproxyconf_exception_ipv6_addresses ndproxy_exception_ipv6_addresses
+net.inet6.ndproxyconf_uplink_ipv6_addresses    ndproxy_uplink_ipv6_addresses
+
+The network interface set in ndproxy_uplink_interface will be put into
+permanently promiscuous mode.
+
+IMPORTANT! MAKE SURE TO READ THE ABOVE!
+-------------------------------------------------------------------------------

net/ndproxy/pkg-descr

@@ -0,0 +1,14 @@
+The ndproxy(4) kernel module implements IPv6 Neighbor Discovery
+proxying with many options to handle several use-cases.
+
+It replies to a neighbor solicitation with a specific neighbor
+advertisement, in order to let the PE uplink router send further
+packets to a CPE downlink router, that may or may not be the same
+node that the one which runs ndproxy.
+
+The main difference with the ndp(8) command-line tool is that, with
+ndproxy(4), the host running ndp can be used only to redirect
+packets to another IPv6 internal router, for instance a dedicated
+one with hardware support of IPv6 routing processes.
+
+WWW: http://www.fenyo.net/newweb/ndproxy.html