From 96778964422910e5d07cfa02b1edb01f6bd870e1 Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Thu, 23 Aug 2018 13:50:12 -0700
Subject: T793: fwmark implementation

---
 interface-definitions/wireguard.xml | 18 ++++++++++++------
 src/conf_mode/wireguard.py          | 11 ++++++++++-
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index 3b301fc3b..f025eb0da 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -16,12 +16,6 @@
           </valueHelp>
         </properties>
         <children>
-  <!--
-          <leafNode name="mtu">
-            <properties>
-              <help>set interface mtu (default: 1420)</help>
-          </leafNode>
-  -->
           <leafNode name="address">
             <properties>
               <help>IP address</help> 
@@ -56,6 +50,18 @@
               </constraint>
             </properties>
           </leafNode>
+          <leafNode name="fwmark">
+            <properties>
+              <help>A 32-bit fwmark value set on all outgoing packets</help>
+              <valueHelp>
+                <format>number</format>
+                <description>value which marks the packet for QoS/shaper</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-255"/>
+              </constraint>
+            </properties>
+          </leafNode>
           <tagNode name="peer">
             <properties>
               <help>peer alias</help>
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 032a407ca..4e83537bf 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -18,6 +18,7 @@
 #### TODO:
 # fwmark
 # preshared key
+# mtu
 ####
 
 
@@ -71,7 +72,8 @@ def get_config():
           'status'      : 'exists',
           'state'       : 'enabled',
           'mtu'         : 1420,
-          'peer'        : {}
+          'peer'        : {},
+          'fwmark'      : 0
           }
         }
     ) 
@@ -104,6 +106,9 @@ def get_config():
       ### mtu
       if c.exists(cnf + ' mtu'):
         config_data['interfaces'][intfc]['mtu'] = c.return_value(cnf + ' mtu')
+      ### fwmark
+      if c.exists(cnf + ' fwmark'):
+        config_data['interfaces'][intfc]['fwmark'] = c.return_value(cnf + ' fwmark')
       
       ### peers
       if c.exists(cnf + ' peer'):
@@ -259,10 +264,14 @@ def configure_interface(c, intf):
     ## persistent-keepalive
     if 'persistent-keepalive' in c['interfaces'][intf]['peer'][p]:
       wg_config['keepalive']  = c['interfaces'][intf]['peer'][p]['persistent-keepalive']
+  
+    ## fwmark
+    wg_config['fwmark'] = hex(int(c['interfaces'][intf]['fwmark']))
 
     ### assemble wg command
     cmd = "sudo wg set " + intf
     cmd += " listen-port " + str(wg_config['listen-port'])
+    cmd += " fwmark " + wg_config['fwmark'] 
     cmd += " private-key " + wg_config['private-key']
     cmd += " peer " + wg_config['peer']['pubkey']
     cmd += " allowed-ips "
-- 
cgit v1.2.3