From b2917fbbe02d463143fe5d97bbe7b38a92f6c83a Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Sun, 28 Dec 2025 09:05:48 +0100
Subject: [PATCH 1/8] net/ndp-proxy-go: Add depend on CARP syshook

---
 .../src/etc/rc.syshook.d/carp/20-ndpproxy     | 50 +++++++++++++++++++
 .../OPNsense/NdpProxy/forms/general.xml       |  6 +++
 .../app/models/OPNsense/NdpProxy/NdpProxy.xml |  6 ++-
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100755 net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy

diff --git a/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy b/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy
new file mode 100755
index 0000000000..54bc8420be
--- /dev/null
+++ b/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy
@@ -0,0 +1,50 @@
+#!/usr/local/bin/php
+<?php
+
+/*
+ * Copyright (C) 2025 Cedrik Pischem
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once('config.inc');
+require_once('util.inc');
+
+$subsystem = $argv[1] ?? '';
+$type = $argv[2] ?? '';
+
+if (
+    (!in_array($type, ['MASTER', 'BACKUP'], true)) ||  /* exclude INIT */
+    strpos($subsystem, '@') === false ||  /* only react to real CARP events */
+    empty($config['OPNsense']['ndpproxy']['general']['enabled']) ||
+    empty($config['OPNsense']['ndpproxy']['general']['carp_depend_on'])
+) {
+    exit(0);
+}
+
+$actions = [
+    'MASTER' => 'start',
+    'BACKUP' => 'stop',
+];
+
+mwexecfm('/usr/local/etc/rc.d/ndp-proxy-go ' . $actions[$type]);
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 5d6c3372d8..8e41ee59c5 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -9,6 +9,12 @@
         <type>checkbox</type>
         <help>Enable or disable this service.</help>
     </field>
+    <field>
+        <id>ndpproxy.general.carp_depend_on</id>
+        <label>Depend on (CARP)</label>
+        <type>checkbox</type>
+        <help>If any CARP VHID on this node is in BACKUP state, the service will be stopped. As NDP is stateless, a short interruption of IPv6 connectivity must be expected during CARP transitions.</help>
+    </field>
     <field>
         <type>header</type>
         <label>Proxy Settings</label>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
index b71d385129..9f02e11462 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/ndpproxy</mount>
     <description>NDP Proxy model</description>
-    <version>1.0</version>
+    <version>1.1</version>
     <items>
         <general>
             <enabled type="BooleanField">
@@ -43,6 +43,10 @@
                 <Default>0</Default>
                 <Required>Y</Required>
             </debug>
+            <carp_depend_on type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </carp_depend_on>
         </general>
         <aliases>
             <alias type="ArrayField">

From cbe57aad500f40b6488077ed63d9498a7ef90ae5 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Mon, 29 Dec 2025 11:27:29 +0100
Subject: [PATCH 2/8] net/ndp-proxy-go: When carp_depend_on is enabled, prevent
 service start on BACKUP

---
 .../opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
index f5131e9af2..fe0a277293 100644
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -2,6 +2,9 @@
 {% set general = helpers.getNodeByTag('OPNsense.ndpproxy.general') %}
 {% if general.enabled|default("0") == "1" and general.upstream and general.downstream %}
 ndp_proxy_go_enable="YES"
+{%     if general.carp_depend_on %}
+start_precmd="ifconfig | grep -q 'carp: MASTER'"
+{%     endif %}
 ndp_proxy_go_upstream="{{ helpers.physical_interface(general.upstream) }}"
 {%     set downstream_interfaces = [] %}
 {%     for interface in general.downstream.split(',') %}

From 6b1b3be13b9c29b6a7ca1352a25676a6ff361302 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Mon, 29 Dec 2025 14:50:19 +0100
Subject: [PATCH 3/8] changelog

---
 net/ndp-proxy-go/pkg-descr | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ndp-proxy-go/pkg-descr b/net/ndp-proxy-go/pkg-descr
index 73d314b14a..252389f1d0 100644
--- a/net/ndp-proxy-go/pkg-descr
+++ b/net/ndp-proxy-go/pkg-descr
@@ -9,6 +9,7 @@ Plugin Changelog
 1.3
 
 * Add ratelimit for pfctl operations
+* Add depend on CARP
 
 1.2
 

From 82f7a051972648d136646e7ba411d0f0299a5a12 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Sat, 3 Jan 2026 20:55:56 +0100
Subject: [PATCH 4/8] Depend on CARP is advanced mode, sort other more advanced
 options under headers

---
 .../OPNsense/NdpProxy/forms/general.xml            | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 8e41ee59c5..1683e746f3 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -13,6 +13,7 @@
         <id>ndpproxy.general.carp_depend_on</id>
         <label>Depend on (CARP)</label>
         <type>checkbox</type>
+        <advanced>true</advanced>
         <help>If any CARP VHID on this node is in BACKUP state, the service will be stopped. As NDP is stateless, a short interruption of IPv6 connectivity must be expected during CARP transitions.</help>
     </field>
     <field>
@@ -45,7 +46,8 @@
     </field>
     <field>
         <type>header</type>
-        <label>Performance Settings</label>
+        <label>Neighbor Settings</label>
+        <collapse>true</collapse>
     </field>
     <field>
         <id>ndpproxy.general.cache_ttl</id>
@@ -67,6 +69,11 @@
         <type>checkbox</type>
         <help>Persist cache to file on service stop and load it on service start. Only neighbors with a valid cache lifetime are loaded. This helps on system reboots to minimize downtime of individual clients.</help>
     </field>
+    <field>
+        <type>header</type>
+        <label>Performance Settings</label>
+        <collapse>true</collapse>
+    </field>
     <field>
         <id>ndpproxy.general.route_qps</id>
         <label>Max route operations</label>
@@ -88,6 +95,11 @@
         <hint>50</hint>
         <help>Controls CPU usage vs. NDP responsiveness. Lower values (e.g., 25 ms) minimize latency during cache refresh at the cost of more CPU. Higher values (100–250 ms) reduce CPU use but may introduce small latency spikes.</help>
     </field>
+    <field>
+        <type>header</type>
+        <label>Log Settings</label>
+        <collapse>true</collapse>
+    </field>
     <field>
         <id>ndpproxy.general.debug</id>
         <label>Debug log</label>

From 31836283820f72818b90f854039d174dc3d521c0 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Sat, 3 Jan 2026 21:37:50 +0100
Subject: [PATCH 5/8] Use model instead of global config

---
 net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy b/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy
index 54bc8420be..8ec0ccb33b 100755
--- a/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy
+++ b/net/ndp-proxy-go/src/etc/rc.syshook.d/carp/20-ndpproxy
@@ -27,17 +27,20 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-require_once('config.inc');
+require_once('script/load_phalcon.php');
 require_once('util.inc');
 
+use OPNsense\NdpProxy\NdpProxy;
+
 $subsystem = $argv[1] ?? '';
 $type = $argv[2] ?? '';
+$model = new NdpProxy();
 
 if (
     (!in_array($type, ['MASTER', 'BACKUP'], true)) ||  /* exclude INIT */
     strpos($subsystem, '@') === false ||  /* only react to real CARP events */
-    empty($config['OPNsense']['ndpproxy']['general']['enabled']) ||
-    empty($config['OPNsense']['ndpproxy']['general']['carp_depend_on'])
+    $model->general->enabled->isEmpty() ||
+    $model->general->carp_depend_on->isEmpty()
 ) {
     exit(0);
 }

From bc4059b4ebc768f737b3e5c9b1e055c41c273e90 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Mon, 5 Jan 2026 15:31:01 +0100
Subject: [PATCH 6/8] Use custom variable for carp check

---
 .../opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
index fe0a277293..61b7c01f2b 100644
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -3,7 +3,7 @@
 {% if general.enabled|default("0") == "1" and general.upstream and general.downstream %}
 ndp_proxy_go_enable="YES"
 {%     if general.carp_depend_on %}
-start_precmd="ifconfig | grep -q 'carp: MASTER'"
+ndp_proxy_go_check_carp="YES"
 {%     endif %}
 ndp_proxy_go_upstream="{{ helpers.physical_interface(general.upstream) }}"
 {%     set downstream_interfaces = [] %}

From 0629032f63d7613e60a808258bb2661a6a9fe4b8 Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Mon, 5 Jan 2026 15:58:20 +0100
Subject: [PATCH 7/8] Change label and adjust help text

---
 .../mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index 1683e746f3..596c7b1af4 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -11,10 +11,10 @@
     </field>
     <field>
         <id>ndpproxy.general.carp_depend_on</id>
-        <label>Depend on (CARP)</label>
+        <label>Enable CARP failover</label>
         <type>checkbox</type>
         <advanced>true</advanced>
-        <help>If any CARP VHID on this node is in BACKUP state, the service will be stopped. As NDP is stateless, a short interruption of IPv6 connectivity must be expected during CARP transitions.</help>
+        <help>If any CARP VHID on this node is in MASTER state the service will be started, otherwise stopped. As NDP is stateless, a short interruption of IPv6 connectivity must be expected during CARP transitions.</help>
     </field>
     <field>
         <type>header</type>

From 24660a6e22f62b1c2502243b365a99eb77feebae Mon Sep 17 00:00:00 2001
From: Monviech <gitacc@pischem.com>
Date: Mon, 5 Jan 2026 16:00:22 +0100
Subject: [PATCH 8/8] Adjust changelog

---
 net/ndp-proxy-go/pkg-descr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ndp-proxy-go/pkg-descr b/net/ndp-proxy-go/pkg-descr
index 252389f1d0..161f8684eb 100644
--- a/net/ndp-proxy-go/pkg-descr
+++ b/net/ndp-proxy-go/pkg-descr
@@ -9,7 +9,7 @@ Plugin Changelog
 1.3
 
 * Add ratelimit for pfctl operations
-* Add depend on CARP
+* Add CARP failover
 
 1.2