From 9a8b16ac9573e9bd83c6cd9ac58eb108e5822c5c Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Sat, 25 Oct 2025 12:43:15 +0200
Subject: [PATCH 01/12] net/ndp-proxy-go: Add initial plugin version

---
 net/ndp-proxy-go/Makefile                     |  6 ++
 net/ndp-proxy-go/pkg-descr                    |  8 ++
 .../src/etc/inc/plugins.inc.d/ndpproxy.inc    | 66 ++++++++++++++
 .../NdpProxy/Api/GeneralController.php        | 40 +++++++++
 .../NdpProxy/Api/ServiceController.php        | 41 +++++++++
 .../OPNsense/NdpProxy/GeneralController.php   | 42 +++++++++
 .../OPNsense/NdpProxy/forms/general.xml       | 90 +++++++++++++++++++
 .../app/models/OPNsense/NdpProxy/ACL/ACL.xml  | 10 +++
 .../models/OPNsense/NdpProxy/Menu/Menu.xml    |  8 ++
 .../app/models/OPNsense/NdpProxy/NdpProxy.php | 59 ++++++++++++
 .../app/models/OPNsense/NdpProxy/NdpProxy.xml | 26 ++++++
 .../app/views/OPNsense/NdpProxy/general.volt  | 50 +++++++++++
 .../conf/actions.d/actions_ndpproxy.conf      | 23 +++++
 .../templates/OPNsense/NdpProxy/+TARGETS      |  1 +
 .../templates/OPNsense/NdpProxy/ndp_proxy_go  | 44 +++++++++
 .../OPNsense/Syslog/local/ndpproxy.conf       |  6 ++
 16 files changed, 520 insertions(+)
 create mode 100644 net/ndp-proxy-go/Makefile
 create mode 100644 net/ndp-proxy-go/pkg-descr
 create mode 100644 net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/GeneralController.php
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/ServiceController.php
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/GeneralController.php
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/Menu/Menu.xml
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
 create mode 100644 net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
 create mode 100644 net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
 create mode 100644 net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/+TARGETS
 create mode 100644 net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
 create mode 100644 net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/Syslog/local/ndpproxy.conf

diff --git a/net/ndp-proxy-go/Makefile b/net/ndp-proxy-go/Makefile
new file mode 100644
index 0000000000..879a8ece12
--- /dev/null
+++ b/net/ndp-proxy-go/Makefile
@@ -0,0 +1,6 @@
+PLUGIN_NAME=		ndp-proxy-go
+PLUGIN_VERSION=		0.1
+PLUGIN_COMMENT=		Neighbor Discovery Protocol Proxy
+PLUGIN_MAINTAINER=	cedrik@pischem.com
+
+.include "../../Mk/plugins.mk"
diff --git a/net/ndp-proxy-go/pkg-descr b/net/ndp-proxy-go/pkg-descr
new file mode 100644
index 0000000000..458bfea7df
--- /dev/null
+++ b/net/ndp-proxy-go/pkg-descr
@@ -0,0 +1,8 @@
+IPv6 Neighbor Discovery (ND), Router Advertisement (RA) and Duplicate Address Detection (DAD) Proxy
+
+Plugin Changelog
+================
+
+0.1
+
+* Initial Release
diff --git a/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc b/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
new file mode 100644
index 0000000000..7dcb3ed72b
--- /dev/null
+++ b/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
@@ -0,0 +1,66 @@
+<?php
+
+/*
+ * Copyright (C) 2025 Cedrik Pischem
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+function ndpproxy_services()
+{
+    global $config;
+
+    $services = [];
+
+    if (
+        isset($config['OPNsense']['ndpproxy']['general']['enabled']) &&
+        $config['OPNsense']['ndpproxy']['general']['enabled'] == 1
+    ) {
+        $services[] = [
+            'description' => gettext('NDP Proxy'),
+            'configd' => [
+                'start' => ['ndp-proxy-go start'],
+                'restart' => ['ndp-proxy-go restart'],
+                'stop' => ['ndp-proxy-go stop'],
+            ],
+            'name' => 'ndpproxy',
+            'pidfile' => '/var/run/ndp-proxy-go.pid'
+        ];
+    }
+
+    return $services;
+}
+
+function ndpproxy_xmlrpc_sync()
+{
+    $result = [];
+
+    $result[] = array(
+        'description' => gettext('NDP Proxy'),
+        'section' => 'OPNsense.ndpproxy',
+        'id' => 'ndpproxy',
+        'services' => ["ndpproxy"],
+    );
+
+    return $result;
+}
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/GeneralController.php b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/GeneralController.php
new file mode 100644
index 0000000000..34d1fb3fe5
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/GeneralController.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Cedrik Pischem
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\NdpProxy\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+use OPNsense\Core\Config;
+
+class GeneralController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelName = 'ndpproxy';
+    protected static $internalModelClass = 'OPNsense\NdpProxy\NdpProxy';
+}
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/ServiceController.php b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/ServiceController.php
new file mode 100644
index 0000000000..1430b910ac
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/Api/ServiceController.php
@@ -0,0 +1,41 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Cedrik Pischem
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\NdpProxy\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+
+class ServiceController extends ApiMutableServiceControllerBase
+{
+    protected static $internalServiceClass = '\OPNsense\NdpProxy\NdpProxy';
+    protected static $internalServiceTemplate = 'OPNsense/NdpProxy';
+    protected static $internalServiceEnabled = 'general.enabled';
+    protected static $internalServiceName = 'ndpproxy';
+}
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/GeneralController.php b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/GeneralController.php
new file mode 100644
index 0000000000..cb1038617f
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/GeneralController.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Cedrik Pischem
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\NdpProxy;
+
+use OPNsense\Base\IndexController;
+
+class GeneralController extends IndexController
+{
+    public function indexAction()
+    {
+        $this->view->pick('OPNsense/NdpProxy/general');
+        $this->view->generalForm = $this->getForm("general");
+    }
+}
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
new file mode 100644
index 0000000000..9e16ea5130
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -0,0 +1,90 @@
+<form>
+    <field>
+        <type>header</type>
+        <label>General Settings</label>
+    </field>
+    <field>
+        <id>ndpproxy.general.enabled</id>
+        <label>Enable</label>
+        <type>checkbox</type>
+        <help>Enable or disable this service.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.upstream</id>
+        <label>Upstream interface</label>
+        <type>dropdown</type>
+        <help>Choose the uplink interface which receives the external IPv6 prefix from the ISP. Usually, this is the WAN interface.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.downstream</id>
+        <label>Downstream interfaces</label>
+        <type>select_multiple</type>
+        <help>Choose one or multiple downlink interfaces which should proxy the upstream IPv6 prefix.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.no_ra</id>
+        <label>Disable RA proxy</label>
+        <type>checkbox</type>
+        <help>Do not proxy upstream Router Advertisements (RA) to downstream interfaces. With this enabled, you can use your own RA daemon.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.no_dad</id>
+        <label>Disable DAD proxy</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Do not proxy Duplicate Address Detection (DAD) between interfaces. This can cause conflicts and should only be used for debugging purposes.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.no_routes</id>
+        <label>Disable host route installation</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Do not automatically create host routes for discovered clients. You must manually handle all routing decisions.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.cache_ttl</id>
+        <label>Neighbor cache lifetime</label>
+        <type>text</type>
+        <hint>10</hint>
+        <advanced>true</advanced>
+        <help>Neighbor cache lifetime in minutes.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.cache_max</id>
+        <label>Maximum learned neighbors</label>
+        <type>text</type>
+        <hint>4096</hint>
+        <advanced>true</advanced>
+        <help>Maximum learned neighbors, increase for large networks.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.route_qps</id>
+        <label>Max route operations</label>
+        <type>text</type>
+        <hint>50</hint>
+        <advanced>true</advanced>
+        <help>Max route operations per second, increase for large networks.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.route_burst</id>
+        <label>Max burst route operations</label>
+        <type>text</type>
+        <hint>50</hint>
+        <advanced>true</advanced>
+        <help>Burst of route operations before limiting, increase for large networks.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.pcap_timeout</id>
+        <label>Packet capture timeout</label>
+        <type>text</type>
+        <hint>50</hint>
+        <advanced>true</advanced>
+        <help>Controls CPU usage vs. NDP responsiveness. Lower values (e.g., 25 ms) minimize latency during cache refresh at the cost of more CPU. Higher values (100–250 ms) reduce CPU use but may introduce small latency spikes.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.debug</id>
+        <label>Debug logging</label>
+        <type>checkbox</type>
+        <help>Enable debug logging.</help>
+    </field>
+</form>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
new file mode 100644
index 0000000000..4939184cf6
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
@@ -0,0 +1,10 @@
+<acl>
+    <page-ndp-proxy-go-general>
+        <name>Services: NDP Proxy: General Settings</name>
+        <description>Allow access to NDP Proxy General Settings</description>
+        <patterns>
+            <pattern>ui/ndpproxy/general/*</pattern>
+            <pattern>api/ndpproxy/general/*</pattern>
+        </patterns>
+    </page-ndp-proxy-go-general>
+</acl>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/Menu/Menu.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/Menu/Menu.xml
new file mode 100644
index 0000000000..7efc570587
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/Menu/Menu.xml
@@ -0,0 +1,8 @@
+<menu>
+    <Services>
+        <ndpproxy VisibleName="NDP Proxy" cssClass="fa fa-bullseye fa-fw">
+            <Settings order="10" url="/ui/ndpproxy/general"/>
+            <Log VisibleName="Log File" order="20" url="/ui/diagnostics/log/core/ndpproxy"/>
+        </ndpproxy>
+    </Services>
+</menu>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
new file mode 100644
index 0000000000..cc14435ae6
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
@@ -0,0 +1,59 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Cedrik Pischem
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\NdpProxy;
+
+use OPNsense\Base\BaseModel;
+use OPNsense\Base\Messages\Message;
+
+class NdpProxy extends BaseModel
+{
+    private function checkConfiguration($messages)
+    {
+        if ((string)$this->general->enabled === '1') {
+            $requiredFields = ['upstream', 'downstream'];
+            foreach ($requiredFields as $field) {
+                if (empty((string)$this->general->$field)) {
+                    $messages->appendMessage(new Message(
+                        gettext('Interface is required.'),
+                        "general." . $field
+                    ));
+                }
+            }
+        }
+    }
+
+    public function performValidation($validateFullModel = false)
+    {
+        $messages = parent::performValidation($validateFullModel);
+        $this->checkConfiguration($messages);
+        return $messages;
+    }
+}
\ No newline at end of file
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
new file mode 100644
index 0000000000..3fb7228228
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -0,0 +1,26 @@
+<model>
+    <mount>//OPNsense/ndpproxy</mount>
+    <description>NDP Proxy model</description>
+    <version>0.1</version>
+    <items>
+        <general>
+            <enabled type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enabled>
+            <upstream type="InterfaceField"/>
+            <downstream type="InterfaceField">
+                <Multiple>Y</Multiple>
+            </downstream>
+            <no_ra type="BooleanField"/>
+            <no_dad type="BooleanField"/>
+            <no_routes type="BooleanField"/>
+            <cache_ttl type="IntegerField"/>
+            <cache_max type="IntegerField"/>
+            <route_qps type="IntegerField"/>
+            <route_burst type="IntegerField"/>
+            <pcap_timeout type="IntegerField"/>
+            <debug type="BooleanField"/>
+        </general>
+    </items>
+</model>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
new file mode 100644
index 0000000000..7b7552667a
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
@@ -0,0 +1,50 @@
+{#
+ # Copyright (c) 2025 Cedrik Pischem
+ # All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or without modification,
+ # are permitted provided that the following conditions are met:
+ #
+ # 1. Redistributions of source code must retain the above copyright notice,
+ #    this list of conditions and the following disclaimer.
+ #
+ # 2. Redistributions in binary form must reproduce the above copyright notice,
+ #    this list of conditions and the following disclaimer in the documentation
+ #    and/or other materials provided with the distribution.
+ #
+ # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ # AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ # POSSIBILITY OF SUCH DAMAGE.
+ #}
+
+<script>
+    $(document).ready(function() {
+        mapDataToFormUI({'frm_GeneralSettings': "/api/ndpproxy/general/get"}).done(function() {
+            formatTokenizersUI();
+            $('.selectpicker').selectpicker('refresh');
+            updateServiceControlUI('ndpproxy');
+        });
+
+        $("#reconfigureAct").SimpleActionButton({
+            onPreAction: function() {
+                const dfObj = $.Deferred();
+                saveFormToEndpoint("/api/ndpproxy/general/set", 'frm_GeneralSettings', dfObj.resolve, true, dfObj.reject);
+                return dfObj;
+            },
+        });
+
+        updateServiceControlUI('ndpproxy');
+    });
+</script>
+
+<div class="content-box __mb">
+    {{ partial("layout_partials/base_form", ['fields': generalForm, 'id': 'frm_GeneralSettings']) }}
+</div>
+{{ partial('layout_partials/base_apply_button', {'data_endpoint': '/api/ndpproxy/service/reconfigure', 'data_service_widget': 'ndpproxy'}) }}
\ No newline at end of file
diff --git a/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
new file mode 100644
index 0000000000..6f7e37d164
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
@@ -0,0 +1,23 @@
+[start]
+command:service ndp-proxy-go start
+parameters:
+type:script
+message:Starting NDP Proxy service
+
+[stop]
+command:service ndp-proxy-go stop
+parameters:
+type:script
+message:Stopping NDP Proxy service
+
+[restart]
+command:service ndp-proxy-go restart
+parameters:
+type:script
+message:Restarting NDP Proxy service
+
+[status]
+command:service ndp-proxy-go status
+parameters:
+type:script_output
+message:Request NDP Proxy status
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/+TARGETS b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/+TARGETS
new file mode 100644
index 0000000000..a75c8d5120
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/+TARGETS
@@ -0,0 +1 @@
+ndp_proxy_go:/etc/rc.conf.d/ndp_proxy_go
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
new file mode 100644
index 0000000000..ec8cddb4d9
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -0,0 +1,44 @@
+# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
+{% set general = helpers.getNodeByTag('OPNsense.ndpproxy.general') %}
+{% if general.enabled|default("0") == "1" and general.upstream and general.downstream %}
+ndp_proxy_go_enable="YES"
+ndp_proxy_go_upstream="{{ helpers.physical_interface(general.upstream) }}"
+{%     set downstream_interfaces = [] %}
+{%     for interface in general.downstream.split(',') %}
+{%         do downstream_interfaces.append(helpers.physical_interface(interface)) %}
+{%     endfor %}
+ndp_proxy_go_downstream="{{ downstream_interfaces|join(' ') }}"
+{%     set flags = [] %}
+{%     if general.debug|default("0") == "1" %}
+{%         do flags.append('--debug') %}
+{%     endif %}
+{%     if general.no_ra|default("0") == "1" %}
+{%         do flags.append('--no-ra') %}
+{%     endif %}
+{%     if general.no_dad|default("0") == "1" %}
+{%         do flags.append('--no-dad') %}
+{%     endif %}
+{%     if general.no_routes|default("0") == "1" %}
+{%         do flags.append('--no-routes') %}
+{%     endif %}
+{%     if general.cache_ttl %}
+{%         do flags.append('--cache-ttl ' ~ general.cache_ttl ~ 'm') %}
+{%     endif %}
+{%     if general.cache_max %}
+{%         do flags.append('--cache-max ' ~ general.cache_max) %}
+{%     endif %}
+{%     if general.route_qps %}
+{%         do flags.append('--route-qps ' ~ general.route_qps) %}
+{%     endif %}
+{%     if general.route_burst %}
+{%         do flags.append('--route-burst ' ~ general.route_burst) %}
+{%     endif %}
+{%     if general.pcap_timeout %}
+{%         do flags.append('--pcap-timeout ' ~ general.pcap_timeout ~ 'ms') %}
+{%     endif %}
+{%     if flags|length > 0 %}
+ndp_proxy_go_flags="{{ flags|join(' ') }}"
+{%     endif %}
+{% else %}
+ndp_proxy_go_enable="NO"
+{% endif %}
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/Syslog/local/ndpproxy.conf b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/Syslog/local/ndpproxy.conf
new file mode 100644
index 0000000000..302335e1c9
--- /dev/null
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/Syslog/local/ndpproxy.conf
@@ -0,0 +1,6 @@
+###################################################################
+# Local syslog-ng configuration [ndpproxy].
+###################################################################
+filter f_local_ndpproxy {
+    program("ndpproxy");
+};

From 43e9829bbd632ba5e433ae1a69af8ec30b9a7a32 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 08:30:16 +0100
Subject: [PATCH 02/12] net/ndp-proxy-go: Streamline enable/disable logic, add
 validations, fix service name

---
 net/ndp-proxy-go/Makefile                     |  3 +-
 .../src/etc/inc/plugins.inc.d/ndpproxy.inc    |  8 ++--
 .../OPNsense/NdpProxy/forms/general.xml       | 27 ++++++-----
 .../app/models/OPNsense/NdpProxy/NdpProxy.php | 12 ++++-
 .../app/models/OPNsense/NdpProxy/NdpProxy.xml | 46 +++++++++++++++----
 .../templates/OPNsense/NdpProxy/ndp_proxy_go  | 11 +++--
 6 files changed, 76 insertions(+), 31 deletions(-)

diff --git a/net/ndp-proxy-go/Makefile b/net/ndp-proxy-go/Makefile
index 879a8ece12..a1375b02b7 100644
--- a/net/ndp-proxy-go/Makefile
+++ b/net/ndp-proxy-go/Makefile
@@ -1,6 +1,7 @@
 PLUGIN_NAME=		ndp-proxy-go
 PLUGIN_VERSION=		0.1
-PLUGIN_COMMENT=		Neighbor Discovery Protocol Proxy
+PLUGIN_COMMENT=		IPv6 Neighbor Discovery Protocol Proxy
 PLUGIN_MAINTAINER=	cedrik@pischem.com
+PLUGIN_DEPENDS=		ndp-proxy-go
 
 .include "../../Mk/plugins.mk"
diff --git a/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc b/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
index 7dcb3ed72b..52b0f5b251 100644
--- a/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
+++ b/net/ndp-proxy-go/src/etc/inc/plugins.inc.d/ndpproxy.inc
@@ -39,12 +39,12 @@ function ndpproxy_services()
         $services[] = [
             'description' => gettext('NDP Proxy'),
             'configd' => [
-                'start' => ['ndp-proxy-go start'],
-                'restart' => ['ndp-proxy-go restart'],
-                'stop' => ['ndp-proxy-go stop'],
+                'start' => ['ndpproxy start'],
+                'restart' => ['ndpproxy restart'],
+                'stop' => ['ndpproxy stop'],
             ],
             'name' => 'ndpproxy',
-            'pidfile' => '/var/run/ndp-proxy-go.pid'
+            'pidfile' => '/var/run/ndp_proxy_go.pid'
         ];
     }
 
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 9e16ea5130..04392441b7 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -22,24 +22,30 @@
         <help>Choose one or multiple downlink interfaces which should proxy the upstream IPv6 prefix.</help>
     </field>
     <field>
-        <id>ndpproxy.general.no_ra</id>
-        <label>Disable RA proxy</label>
+        <id>ndpproxy.general.rewrite_lla</id>
+        <label>Rewrite LLA</label>
         <type>checkbox</type>
-        <help>Do not proxy upstream Router Advertisements (RA) to downstream interfaces. With this enabled, you can use your own RA daemon.</help>
+        <advanced>true</advanced>
+        <help>Rewrite SLLA/TLLA options. Disable this only for debugging purposes.</help>
     </field>
     <field>
-        <id>ndpproxy.general.no_dad</id>
-        <label>Disable DAD proxy</label>
+        <id>ndpproxy.general.ra</id>
+        <label>Proxy RA</label>
         <type>checkbox</type>
-        <advanced>true</advanced>
-        <help>Do not proxy Duplicate Address Detection (DAD) between interfaces. This can cause conflicts and should only be used for debugging purposes.</help>
+        <help>Proxy upstream Router Advertisements (RA) to downstream interfaces. Disable this if you use your own RA daemon.</help>
     </field>
     <field>
-        <id>ndpproxy.general.no_routes</id>
-        <label>Disable host route installation</label>
+        <id>ndpproxy.general.dad</id>
+        <label>Proxy DAD</label>
         <type>checkbox</type>
         <advanced>true</advanced>
-        <help>Do not automatically create host routes for discovered clients. You must manually handle all routing decisions.</help>
+        <help>Proxy Duplicate Address Detection (DAD) between interfaces. Disabling this can cause conflicts and should only be used for debugging purposes.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.routes</id>
+        <label>Install host routes</label>
+        <type>checkbox</type>
+        <help>Automatically create host routes for discovered clients. Disabling this means you must manually handle all routing decisions.</help>
     </field>
     <field>
         <id>ndpproxy.general.cache_ttl</id>
@@ -78,7 +84,6 @@
         <label>Packet capture timeout</label>
         <type>text</type>
         <hint>50</hint>
-        <advanced>true</advanced>
         <help>Controls CPU usage vs. NDP responsiveness. Lower values (e.g., 25 ms) minimize latency during cache refresh at the cost of more CPU. Higher values (100–250 ms) reduce CPU use but may introduce small latency spikes.</help>
     </field>
     <field>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
index cc14435ae6..fe8e32796e 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
@@ -47,6 +47,16 @@ private function checkConfiguration($messages)
                     ));
                 }
             }
+
+            $upstream = trim((string)$this->general->upstream);
+            $downstreamList = array_filter(array_map('trim', explode(',', (string)$this->general->downstream)));
+
+            if (!empty($upstream) && in_array($upstream, $downstreamList, true)) {
+                $messages->appendMessage(new Message(
+                    gettext('Downstream interfaces cannot contain upstream interface.'),
+                    'general.downstream'
+                ));
+            }
         }
     }
 
@@ -56,4 +66,4 @@ public function performValidation($validateFullModel = false)
         $this->checkConfiguration($messages);
         return $messages;
     }
-}
\ No newline at end of file
+}
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
index 3fb7228228..89bafa8383 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/ndpproxy</mount>
     <description>NDP Proxy model</description>
-    <version>0.1</version>
+    <version>0.2</version>
     <items>
         <general>
             <enabled type="BooleanField">
@@ -12,15 +12,41 @@
             <downstream type="InterfaceField">
                 <Multiple>Y</Multiple>
             </downstream>
-            <no_ra type="BooleanField"/>
-            <no_dad type="BooleanField"/>
-            <no_routes type="BooleanField"/>
-            <cache_ttl type="IntegerField"/>
-            <cache_max type="IntegerField"/>
-            <route_qps type="IntegerField"/>
-            <route_burst type="IntegerField"/>
-            <pcap_timeout type="IntegerField"/>
-            <debug type="BooleanField"/>
+            <rewrite_lla type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </rewrite_lla>
+            <ra type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </ra>
+            <dad type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </dad>
+            <routes type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </routes>
+            <cache_ttl type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </cache_ttl>
+            <cache_max type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </cache_max>
+            <route_qps type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </route_qps>
+            <route_burst type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </route_burst>
+            <pcap_timeout type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </pcap_timeout>
+            <debug type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </debug>
         </general>
     </items>
 </model>
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
index ec8cddb4d9..83e5a393e6 100644
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -9,16 +9,19 @@ ndp_proxy_go_upstream="{{ helpers.physical_interface(general.upstream) }}"
 {%     endfor %}
 ndp_proxy_go_downstream="{{ downstream_interfaces|join(' ') }}"
 {%     set flags = [] %}
-{%     if general.debug|default("0") == "1" %}
+{%     if general.debug == "1" %}
 {%         do flags.append('--debug') %}
 {%     endif %}
-{%     if general.no_ra|default("0") == "1" %}
+{%     if general.rewrite_lla == "0" %}
+{%         do flags.append('--no-rewrite-lla') %}
+{%     endif %}
+{%     if general.ra == "0" %}
 {%         do flags.append('--no-ra') %}
 {%     endif %}
-{%     if general.no_dad|default("0") == "1" %}
+{%     if general.dad == "0" %}
 {%         do flags.append('--no-dad') %}
 {%     endif %}
-{%     if general.no_routes|default("0") == "1" %}
+{%     if general.routes == "0" %}
 {%         do flags.append('--no-routes') %}
 {%     endif %}
 {%     if general.cache_ttl %}

From 02c6161b1c0186739c6a48978f3829d62a8057ff Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 08:33:37 +0100
Subject: [PATCH 03/12] Add newline

---
 .../src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
index 7b7552667a..22421e00d9 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
@@ -47,4 +47,5 @@
 <div class="content-box __mb">
     {{ partial("layout_partials/base_form", ['fields': generalForm, 'id': 'frm_GeneralSettings']) }}
 </div>
-{{ partial('layout_partials/base_apply_button', {'data_endpoint': '/api/ndpproxy/service/reconfigure', 'data_service_widget': 'ndpproxy'}) }}
\ No newline at end of file
+{{ partial('layout_partials/base_apply_button', {'data_endpoint': '/api/ndpproxy/service/reconfigure', 'data_service_widget': 'ndpproxy'}) }}
+

From ae28a11ee6223ec4f74dd3e1f5711b647a2acc7f Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 08:39:44 +0100
Subject: [PATCH 04/12] Fix ACL

---
 .../mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml      | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
index 4939184cf6..b70514587e 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/ACL/ACL.xml
@@ -1,10 +1,17 @@
 <acl>
-    <page-ndp-proxy-go-general>
+    <page-ndp-proxy-general>
         <name>Services: NDP Proxy: General Settings</name>
         <description>Allow access to NDP Proxy General Settings</description>
         <patterns>
             <pattern>ui/ndpproxy/general/*</pattern>
             <pattern>api/ndpproxy/general/*</pattern>
         </patterns>
-    </page-ndp-proxy-go-general>
+    </page-ndp-proxy-general>
+    <page-ndp-proxy-log>
+        <name>Services: NDP Proxy: Log File</name>
+        <patterns>
+            <pattern>ui/diagnostics/log/core/ndpproxy/*</pattern>
+            <pattern>api/diagnostics/log/core/ndpproxy/*</pattern>
+        </patterns>
+    </page-ndp-proxy-log>
 </acl>

From 4b3525c1344013c99c19dca2cb03a4053873f23a Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 11:14:29 +0100
Subject: [PATCH 05/12] Use BaseField functions instead of manual casting

---
 .../mvc/app/models/OPNsense/NdpProxy/NdpProxy.php   | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
index fe8e32796e..5831f6887a 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php
@@ -37,19 +37,18 @@ class NdpProxy extends BaseModel
 {
     private function checkConfiguration($messages)
     {
-        if ((string)$this->general->enabled === '1') {
-            $requiredFields = ['upstream', 'downstream'];
-            foreach ($requiredFields as $field) {
-                if (empty((string)$this->general->$field)) {
+        if ($this->general->enabled->isEqual('1')) {
+            foreach (['upstream', 'downstream'] as $field) {
+                if ($this->general->$field->isEmpty()) {
                     $messages->appendMessage(new Message(
                         gettext('Interface is required.'),
-                        "general." . $field
+                        "general.$field"
                     ));
                 }
             }
 
-            $upstream = trim((string)$this->general->upstream);
-            $downstreamList = array_filter(array_map('trim', explode(',', (string)$this->general->downstream)));
+            $upstream = $this->general->upstream->getValue();
+            $downstreamList = array_filter(explode(',', $this->general->downstream->getValue()));
 
             if (!empty($upstream) && in_array($upstream, $downstreamList, true)) {
                 $messages->appendMessage(new Message(

From 1c66eead80c10e983e261502aae13f304bed6517 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 13:14:09 +0100
Subject: [PATCH 06/12] Shuffle some options around, most are advanced anyway

---
 .../OPNsense/NdpProxy/forms/general.xml       | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 04392441b7..ab20b9e8d8 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -21,17 +21,11 @@
         <type>select_multiple</type>
         <help>Choose one or multiple downlink interfaces which should proxy the upstream IPv6 prefix.</help>
     </field>
-    <field>
-        <id>ndpproxy.general.rewrite_lla</id>
-        <label>Rewrite LLA</label>
-        <type>checkbox</type>
-        <advanced>true</advanced>
-        <help>Rewrite SLLA/TLLA options. Disable this only for debugging purposes.</help>
-    </field>
     <field>
         <id>ndpproxy.general.ra</id>
         <label>Proxy RA</label>
         <type>checkbox</type>
+        <advanced>true</advanced>
         <help>Proxy upstream Router Advertisements (RA) to downstream interfaces. Disable this if you use your own RA daemon.</help>
     </field>
     <field>
@@ -45,8 +39,16 @@
         <id>ndpproxy.general.routes</id>
         <label>Install host routes</label>
         <type>checkbox</type>
+        <advanced>true</advanced>
         <help>Automatically create host routes for discovered clients. Disabling this means you must manually handle all routing decisions.</help>
     </field>
+    <field>
+        <id>ndpproxy.general.rewrite_lla</id>
+        <label>Rewrite LLA</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Rewrite SLLA/TLLA options. Disable this only for debugging purposes.</help>
+    </field>
     <field>
         <id>ndpproxy.general.cache_ttl</id>
         <label>Neighbor cache lifetime</label>
@@ -84,12 +86,13 @@
         <label>Packet capture timeout</label>
         <type>text</type>
         <hint>50</hint>
+        <advanced>true</advanced>
         <help>Controls CPU usage vs. NDP responsiveness. Lower values (e.g., 25 ms) minimize latency during cache refresh at the cost of more CPU. Higher values (100–250 ms) reduce CPU use but may introduce small latency spikes.</help>
     </field>
     <field>
         <id>ndpproxy.general.debug</id>
         <label>Debug logging</label>
         <type>checkbox</type>
-        <help>Enable debug logging.</help>
+        <help>Enable verbose debug logging.</help>
     </field>
 </form>

From 4351f907fa9ff81326b1f88299000077dd62bfed Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 13:28:12 +0100
Subject: [PATCH 07/12] Add description to actions

---
 .../opnsense/service/conf/actions.d/actions_ndpproxy.conf   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
index 6f7e37d164..a74b722efd 100644
--- a/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
+++ b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
@@ -3,21 +3,25 @@ command:service ndp-proxy-go start
 parameters:
 type:script
 message:Starting NDP Proxy service
+description:Start NDP Proxy service
 
 [stop]
 command:service ndp-proxy-go stop
 parameters:
 type:script
 message:Stopping NDP Proxy service
+description:Stop NDP Proxy service
 
 [restart]
 command:service ndp-proxy-go restart
 parameters:
 type:script
 message:Restarting NDP Proxy service
+description:Restart NDP Proxy service
 
 [status]
 command:service ndp-proxy-go status
 parameters:
 type:script_output
-message:Request NDP Proxy status
+message:Requesting NDP Proxy status
+description:Request NDP Proxy status

From ced531bcec9029d5c85ec823c2a6be8ae1edf452 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Thu, 30 Oct 2025 17:44:39 +0100
Subject: [PATCH 08/12] Fix review comments

---
 .../mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml    | 2 +-
 .../src/opnsense/service/conf/actions.d/actions_ndpproxy.conf  | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index ab20b9e8d8..38dd8756c6 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -93,6 +93,6 @@
         <id>ndpproxy.general.debug</id>
         <label>Debug logging</label>
         <type>checkbox</type>
-        <help>Enable verbose debug logging.</help>
+        <help>Enable debug logging.</help>
     </field>
 </form>
diff --git a/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
index a74b722efd..f5fcf8731d 100644
--- a/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
+++ b/net/ndp-proxy-go/src/opnsense/service/conf/actions.d/actions_ndpproxy.conf
@@ -3,14 +3,12 @@ command:service ndp-proxy-go start
 parameters:
 type:script
 message:Starting NDP Proxy service
-description:Start NDP Proxy service
 
 [stop]
 command:service ndp-proxy-go stop
 parameters:
 type:script
 message:Stopping NDP Proxy service
-description:Stop NDP Proxy service
 
 [restart]
 command:service ndp-proxy-go restart
@@ -24,4 +22,3 @@ command:service ndp-proxy-go status
 parameters:
 type:script_output
 message:Requesting NDP Proxy status
-description:Request NDP Proxy status

From 6fe2546d635a798adb3e86c2f81b3380e3508cd4 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Fri, 31 Oct 2025 21:50:06 +0100
Subject: [PATCH 09/12] Remove some options that should not be tampered with,
 last shuffle around for UX

---
 .../OPNsense/NdpProxy/forms/general.xml       | 39 +++++--------------
 .../app/models/OPNsense/NdpProxy/NdpProxy.xml | 11 ------
 .../templates/OPNsense/NdpProxy/ndp_proxy_go  |  9 -----
 3 files changed, 10 insertions(+), 49 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 38dd8756c6..2e9fcb2e27 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -9,6 +9,10 @@
         <type>checkbox</type>
         <help>Enable or disable this service.</help>
     </field>
+    <field>
+        <type>header</type>
+        <label>Proxy Settings</label>
+    </field>
     <field>
         <id>ndpproxy.general.upstream</id>
         <label>Upstream interface</label>
@@ -23,38 +27,26 @@
     </field>
     <field>
         <id>ndpproxy.general.ra</id>
-        <label>Proxy RA</label>
-        <type>checkbox</type>
-        <advanced>true</advanced>
-        <help>Proxy upstream Router Advertisements (RA) to downstream interfaces. Disable this if you use your own RA daemon.</help>
-    </field>
-    <field>
-        <id>ndpproxy.general.dad</id>
-        <label>Proxy DAD</label>
+        <label>Proxy router advertisements</label>
         <type>checkbox</type>
-        <advanced>true</advanced>
-        <help>Proxy Duplicate Address Detection (DAD) between interfaces. Disabling this can cause conflicts and should only be used for debugging purposes.</help>
+        <help>Proxy upstream RAs to downstream interfaces. Disable this if you use your own RA daemon.</help>
     </field>
     <field>
         <id>ndpproxy.general.routes</id>
         <label>Install host routes</label>
         <type>checkbox</type>
-        <advanced>true</advanced>
         <help>Automatically create host routes for discovered clients. Disabling this means you must manually handle all routing decisions.</help>
     </field>
     <field>
-        <id>ndpproxy.general.rewrite_lla</id>
-        <label>Rewrite LLA</label>
-        <type>checkbox</type>
-        <advanced>true</advanced>
-        <help>Rewrite SLLA/TLLA options. Disable this only for debugging purposes.</help>
+        <type>header</type>
+        <label>Performance Settings</label>
+        <collapse>true</collapse>
     </field>
     <field>
         <id>ndpproxy.general.cache_ttl</id>
         <label>Neighbor cache lifetime</label>
         <type>text</type>
         <hint>10</hint>
-        <advanced>true</advanced>
         <help>Neighbor cache lifetime in minutes.</help>
     </field>
     <field>
@@ -62,7 +54,6 @@
         <label>Maximum learned neighbors</label>
         <type>text</type>
         <hint>4096</hint>
-        <advanced>true</advanced>
         <help>Maximum learned neighbors, increase for large networks.</help>
     </field>
     <field>
@@ -70,28 +61,18 @@
         <label>Max route operations</label>
         <type>text</type>
         <hint>50</hint>
-        <advanced>true</advanced>
         <help>Max route operations per second, increase for large networks.</help>
     </field>
-    <field>
-        <id>ndpproxy.general.route_burst</id>
-        <label>Max burst route operations</label>
-        <type>text</type>
-        <hint>50</hint>
-        <advanced>true</advanced>
-        <help>Burst of route operations before limiting, increase for large networks.</help>
-    </field>
     <field>
         <id>ndpproxy.general.pcap_timeout</id>
         <label>Packet capture timeout</label>
         <type>text</type>
         <hint>50</hint>
-        <advanced>true</advanced>
         <help>Controls CPU usage vs. NDP responsiveness. Lower values (e.g., 25 ms) minimize latency during cache refresh at the cost of more CPU. Higher values (100–250 ms) reduce CPU use but may introduce small latency spikes.</help>
     </field>
     <field>
         <id>ndpproxy.general.debug</id>
-        <label>Debug logging</label>
+        <label>Debug log</label>
         <type>checkbox</type>
         <help>Enable debug logging.</help>
     </field>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
index 89bafa8383..3b88f7605d 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -12,18 +12,10 @@
             <downstream type="InterfaceField">
                 <Multiple>Y</Multiple>
             </downstream>
-            <rewrite_lla type="BooleanField">
-                <Default>1</Default>
-                <Required>Y</Required>
-            </rewrite_lla>
             <ra type="BooleanField">
                 <Default>1</Default>
                 <Required>Y</Required>
             </ra>
-            <dad type="BooleanField">
-                <Default>1</Default>
-                <Required>Y</Required>
-            </dad>
             <routes type="BooleanField">
                 <Default>1</Default>
                 <Required>Y</Required>
@@ -37,9 +29,6 @@
             <route_qps type="IntegerField">
                 <MinimumValue>1</MinimumValue>
             </route_qps>
-            <route_burst type="IntegerField">
-                <MinimumValue>1</MinimumValue>
-            </route_burst>
             <pcap_timeout type="IntegerField">
                 <MinimumValue>1</MinimumValue>
             </pcap_timeout>
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
index 83e5a393e6..c75534e6a0 100644
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -12,15 +12,9 @@ ndp_proxy_go_downstream="{{ downstream_interfaces|join(' ') }}"
 {%     if general.debug == "1" %}
 {%         do flags.append('--debug') %}
 {%     endif %}
-{%     if general.rewrite_lla == "0" %}
-{%         do flags.append('--no-rewrite-lla') %}
-{%     endif %}
 {%     if general.ra == "0" %}
 {%         do flags.append('--no-ra') %}
 {%     endif %}
-{%     if general.dad == "0" %}
-{%         do flags.append('--no-dad') %}
-{%     endif %}
 {%     if general.routes == "0" %}
 {%         do flags.append('--no-routes') %}
 {%     endif %}
@@ -33,9 +27,6 @@ ndp_proxy_go_downstream="{{ downstream_interfaces|join(' ') }}"
 {%     if general.route_qps %}
 {%         do flags.append('--route-qps ' ~ general.route_qps) %}
 {%     endif %}
-{%     if general.route_burst %}
-{%         do flags.append('--route-burst ' ~ general.route_burst) %}
-{%     endif %}
 {%     if general.pcap_timeout %}
 {%         do flags.append('--pcap-timeout ' ~ general.pcap_timeout ~ 'ms') %}
 {%     endif %}

From d1517617fa4479597cb86d64d48f275d1c9cce1b Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Fri, 31 Oct 2025 21:52:02 +0100
Subject: [PATCH 10/12] tokenizer is not used, remove duplicate
 updateServiceControlUI()

---
 .../src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt   | 2 --
 1 file changed, 2 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
index 22421e00d9..5601b92bd5 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/views/OPNsense/NdpProxy/general.volt
@@ -27,7 +27,6 @@
 <script>
     $(document).ready(function() {
         mapDataToFormUI({'frm_GeneralSettings': "/api/ndpproxy/general/get"}).done(function() {
-            formatTokenizersUI();
             $('.selectpicker').selectpicker('refresh');
             updateServiceControlUI('ndpproxy');
         });
@@ -40,7 +39,6 @@
             },
         });
 
-        updateServiceControlUI('ndpproxy');
     });
 </script>
 

From 8f7b9040e6e0a308312d2551e7810d74f9dbf16d Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Fri, 31 Oct 2025 21:53:59 +0100
Subject: [PATCH 11/12] Fix upstream downstream terminology

---
 .../mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 2e9fcb2e27..1d8422d653 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -17,13 +17,13 @@
         <id>ndpproxy.general.upstream</id>
         <label>Upstream interface</label>
         <type>dropdown</type>
-        <help>Choose the uplink interface which receives the external IPv6 prefix from the ISP. Usually, this is the WAN interface.</help>
+        <help>Choose the upstream interface which receives the external IPv6 prefix from the ISP. Usually, this is the WAN interface.</help>
     </field>
     <field>
         <id>ndpproxy.general.downstream</id>
         <label>Downstream interfaces</label>
         <type>select_multiple</type>
-        <help>Choose one or multiple downlink interfaces which should proxy the upstream IPv6 prefix.</help>
+        <help>Choose one or multiple downstream interfaces which should proxy the upstream IPv6 prefix.</help>
     </field>
     <field>
         <id>ndpproxy.general.ra</id>

From b5cfb756d6a554be6148eee3cd95033400903c15 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Fri, 31 Oct 2025 21:56:39 +0100
Subject: [PATCH 12/12] Debug log shouldnt be on by default

---
 .../src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
index 3b88f7605d..c9239abfc1 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -33,7 +33,7 @@
                 <MinimumValue>1</MinimumValue>
             </pcap_timeout>
             <debug type="BooleanField">
-                <Default>1</Default>
+                <Default>0</Default>
                 <Required>Y</Required>
             </debug>
         </general>