From cd3cfd2ad5c3201b0a1f9acc283ba2631420e723 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Sat, 23 Dec 2023 13:21:43 +0000 Subject: T160: NAT64 add match firewall mark feature Match mark allows to use firewall marks of packet to use a specific pool Example of instance config /run/jool/instance-100.json ``` ... "pool4": [ { "protocol": "TCP", "prefix": "192.0.2.10", "port range": "1-65535", "mark": 23 }, ... ``` (cherry picked from commit 8e1e79cfa24c155c8d504822fbbd3c20f890fb70) --- interface-definitions/nat64.xml.in | 19 +++++++++++++++++++ src/conf_mode/nat64.py | 7 +++++++ 2 files changed, 26 insertions(+) diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in index baf13e6cb..dfdd295d2 100644 --- a/interface-definitions/nat64.xml.in +++ b/interface-definitions/nat64.xml.in @@ -26,6 +26,25 @@ #include #include + + + Match + + + + + Match fwmark value + + u32:1-2147483647 + Fwmark value to match against + + + + + + + + IPv6 source prefix options diff --git a/src/conf_mode/nat64.py b/src/conf_mode/nat64.py index a8b90fb11..6026c61d0 100755 --- a/src/conf_mode/nat64.py +++ b/src/conf_mode/nat64.py @@ -148,6 +148,11 @@ def generate(nat64) -> None: if dict_search("translation.pool", instance): pool4 = [] + # mark + mark = '' + if dict_search("match.mark", instance): + mark = instance["match"]["mark"] + for pool in instance["translation"]["pool"].values(): if "disable" in pool: continue @@ -159,6 +164,8 @@ def generate(nat64) -> None: "prefix": pool["address"], "port range": pool["port"], } + if mark: + obj["mark"] = int(mark) if "description" in pool: obj["comment"] = pool["description"] -- cgit v1.2.3