Merge pull request #2677 from sever-sever/T160

T160: NAT64 add match firewall mark feature
author: Christian Breunig <christian@breunig.cc> 2023-12-24 11:08:44 +0100
committer: GitHub <noreply@github.com> 2023-12-24 11:08:44 +0100
commit: 6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca (patch)
tree: 58c1c9b6c187add1d588f6f3e93e03ad6488df89
parent: 89cd75b8dbe5cc145a4423bf10faa76fd6bdcdbf (diff)
parent: 8e1e79cfa24c155c8d504822fbbd3c20f890fb70 (diff)
download: vyos-1x-6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca.tar.gz
vyos-1x-6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca.zip
2 files changed, 26 insertions, 0 deletions
diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in
index baf13e6cb..dfdd295d2 100644
--- a/interface-definitions/nat64.xml.in
+++ b/interface-definitions/nat64.xml.in
@@ -26,6 +26,25 @@
             <children>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
+              <node name="match">
+                <properties>
+                  <help>Match</help>
+                </properties>
+                <children>
+                  <leafNode name="mark">
+                    <properties>
+                      <help>Match fwmark value</help>
+                      <valueHelp>
+                        <format>u32:1-2147483647</format>
+                        <description>Fwmark value to match against</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-2147483647"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
               <node name="source">
                 <properties>
                   <help>IPv6 source prefix options</help>
diff --git a/src/conf_mode/nat64.py b/src/conf_mode/nat64.py
index a8b90fb11..6026c61d0 100755
--- a/src/conf_mode/nat64.py
+++ b/src/conf_mode/nat64.py
@@ -148,6 +148,11 @@ def generate(nat64) -> None:
 
             if dict_search("translation.pool", instance):
                 pool4 = []
+                # mark
+                mark = ''
+                if dict_search("match.mark", instance):
+                    mark = instance["match"]["mark"]
+
                 for pool in instance["translation"]["pool"].values():
                     if "disable" in pool:
                         continue
@@ -159,6 +164,8 @@ def generate(nat64) -> None:
                             "prefix": pool["address"],
                             "port range": pool["port"],
                         }
+                        if mark:
+                            obj["mark"] = int(mark)
                         if "description" in pool:
                             obj["comment"] = pool["description"]
author	Christian Breunig <christian@breunig.cc>	2023-12-24 11:08:44 +0100
committer	GitHub <noreply@github.com>	2023-12-24 11:08:44 +0100
commit	6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca (patch)
tree	58c1c9b6c187add1d588f6f3e93e03ad6488df89
parent	89cd75b8dbe5cc145a4423bf10faa76fd6bdcdbf (diff)
parent	8e1e79cfa24c155c8d504822fbbd3c20f890fb70 (diff)
download	vyos-1x-6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca.tar.gz vyos-1x-6173c3f6d0b84636d0d3a2c5d65edd7b7f0aadca.zip