net/ndp-proxy-go: Add ratelimit for pfctl operations (#5096)

2026-05-28 04:34:15 -04:00 · 2025-12-19 13:43:52 +01:00 · 2025-12-19 13:43:52 +01:00 · 809f2ae9d8
commit 809f2ae9d8
parent d987a7e53e
5 changed files with 20 additions and 3 deletions
--- a/net/ndp-proxy-go/Makefile
+++ b/net/ndp-proxy-go/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=		ndp-proxy-go
-PLUGIN_VERSION=		1.2
+PLUGIN_VERSION=		1.3
 PLUGIN_COMMENT=		IPv6 Neighbor Discovery Protocol (NDP) Proxy
 PLUGIN_MAINTAINER=	cedrik@pischem.com
 PLUGIN_DEPENDS=		ndp-proxy-go
--- a/net/ndp-proxy-go/pkg-descr
+++ b/net/ndp-proxy-go/pkg-descr
@ -6,6 +6,10 @@ DOC: https://docs.opnsense.org/manual/ndp-proxy-go.html
 Plugin Changelog
 ================

+1.3
+
+* Add ratelimit for pfctl operations
+
 1.2

 * Add firewall alias support
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@ -50,7 +50,7 @@
    </field>
    <field>
        <id>ndpproxy.general.cache_max</id>
-        <label>Maximum learned neighbors</label>
+        <label>Max learned neighbors</label>
        <type>text</type>
        <hint>4096</hint>
        <help>Maximum learned neighbors, increase for large networks.</help>
@ -66,7 +66,14 @@
        <label>Max route operations</label>
        <type>text</type>
        <hint>50</hint>
-        <help>Max route operations per second, increase for large networks.</help>
+        <help>Maximum route operations per second. Limits how fast routes are applied; excess operations are queued, not dropped.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.pf_qps</id>
+        <label>Max alias operations</label>
+        <type>text</type>
+        <hint>50</hint>
+        <help>Maximum firewall alias operations per second. Limits how fast aliases are populated; excess operations are queued, not dropped.</help>
    </field>
    <field>
        <id>ndpproxy.general.pcap_timeout</id>
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@ -33,6 +33,9 @@
            <route_qps type="IntegerField">
                <MinimumValue>1</MinimumValue>
            </route_qps>
+            <pf_qps type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </pf_qps>
            <pcap_timeout type="IntegerField">
                <MinimumValue>1</MinimumValue>
            </pcap_timeout>
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@ -30,6 +30,9 @@ ndp_proxy_go_cache_file="/var/db/ndpproxy/cache.json"
 {%     if general.route_qps %}
 {%         do flags.append('--route-qps ' ~ general.route_qps) %}
 {%     endif %}
+{%     if general.pf_qps %}
+{%         do flags.append('--pf-qps ' ~ general.pf_qps) %}
+{%     endif %}
 {%     if general.pcap_timeout %}
 {%         do flags.append('--pcap-timeout ' ~ general.pcap_timeout ~ 'ms') %}
 {%     endif %}