diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-07-30 08:10:24 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-30 08:10:24 +0200 |
| commit | 8b0f36ea908f12525512b7408e60da9508fcd6bd (patch) | |
| tree | 5228b3ef3c66fd6fa78678d71b5b4ef1d8c7dde3 /python | |
| parent | ad0acad65051a449432f882edb60246cdfeeb8e5 (diff) | |
| parent | 9b99a01653e3315b1abc9ef98824ca71bd283047 (diff) | |
| download | vyos-1x-8b0f36ea908f12525512b7408e60da9508fcd6bd.tar.gz vyos-1x-8b0f36ea908f12525512b7408e60da9508fcd6bd.zip | |
Merge pull request #3740 from talmakion/feature/T6430-vrf-direct
pbr: T6430: Allow forwarding into VRFs by name as well as route table IDs
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/defaults.py | 10 | ||||
| -rw-r--r-- | python/vyos/firewall.py | 14 |
2 files changed, 23 insertions, 1 deletions
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index 9ccd925ce..25ee45391 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -50,3 +50,13 @@ commit_lock = os.path.join(directories['vyos_configdir'], '.lock') component_version_json = os.path.join(directories['data'], 'component-versions.json') config_default = os.path.join(directories['data'], 'config.boot.default') + +rt_symbolic_names = { + # Standard routing tables for Linux & reserved IDs for VyOS + 'default': 253, # Confusingly, a final fallthru, not the default. + 'main': 254, # The actual global table used by iproute2 unless told otherwise. + 'local': 255, # Special kernel loopback table. +} + +rt_global_vrf = rt_symbolic_names['main'] +rt_global_table = rt_symbolic_names['main'] diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 40399f481..facd498ca 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -30,6 +30,9 @@ from vyos.utils.dict import dict_search_args from vyos.utils.dict import dict_search_recursive from vyos.utils.process import cmd from vyos.utils.process import run +from vyos.utils.network import get_vrf_tableid +from vyos.defaults import rt_global_table +from vyos.defaults import rt_global_vrf # Conntrack def conntrack_required(conf): @@ -473,11 +476,20 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): if 'mark' in rule_conf['set']: mark = rule_conf['set']['mark'] output.append(f'meta mark set {mark}') + if 'vrf' in rule_conf['set']: + set_table = True + vrf_name = rule_conf['set']['vrf'] + if vrf_name == 'default': + table = rt_global_vrf + else: + # NOTE: VRF->table ID lookup depends on the VRF iface already existing. + table = get_vrf_tableid(vrf_name) if 'table' in rule_conf['set']: set_table = True table = rule_conf['set']['table'] if table == 'main': - table = '254' + table = rt_global_table + if set_table: mark = 0x7FFFFFFF - int(table) output.append(f'meta mark set {mark}') if 'tcp_mss' in rule_conf['set']: |