Merge pull request #2681 from vyos/mergify/bp/sagitta/pr-2677

T160: NAT64 add match firewall mark feature (backport #2677)
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-12-24 12:23:26 +0200
committer: GitHub <noreply@github.com> 2023-12-24 12:23:26 +0200
commit: 111da0019bd6dd0f418e7aba77de49876b873389 (patch)
tree: f11ccdf29a76cb6944fb51f59a8cf5b3d42925e9
parent: 04e24e89623620466b56b432c36f727768e5dcb7 (diff)
parent: cd3cfd2ad5c3201b0a1f9acc283ba2631420e723 (diff)
download: vyos-1x-111da0019bd6dd0f418e7aba77de49876b873389.tar.gz
vyos-1x-111da0019bd6dd0f418e7aba77de49876b873389.zip
2 files changed, 26 insertions, 0 deletions
diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in
index baf13e6cb..dfdd295d2 100644
--- a/interface-definitions/nat64.xml.in
+++ b/interface-definitions/nat64.xml.in
@@ -26,6 +26,25 @@
             <children>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
+              <node name="match">
+                <properties>
+                  <help>Match</help>
+                </properties>
+                <children>
+                  <leafNode name="mark">
+                    <properties>
+                      <help>Match fwmark value</help>
+                      <valueHelp>
+                        <format>u32:1-2147483647</format>
+                        <description>Fwmark value to match against</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-2147483647"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
               <node name="source">
                 <properties>
                   <help>IPv6 source prefix options</help>
diff --git a/src/conf_mode/nat64.py b/src/conf_mode/nat64.py
index a8b90fb11..6026c61d0 100755
--- a/src/conf_mode/nat64.py
+++ b/src/conf_mode/nat64.py
@@ -148,6 +148,11 @@ def generate(nat64) -> None:
 
             if dict_search("translation.pool", instance):
                 pool4 = []
+                # mark
+                mark = ''
+                if dict_search("match.mark", instance):
+                    mark = instance["match"]["mark"]
+
                 for pool in instance["translation"]["pool"].values():
                     if "disable" in pool:
                         continue
@@ -159,6 +164,8 @@ def generate(nat64) -> None:
                             "prefix": pool["address"],
                             "port range": pool["port"],
                         }
+                        if mark:
+                            obj["mark"] = int(mark)
                         if "description" in pool:
                             obj["comment"] = pool["description"]
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-12-24 12:23:26 +0200
committer	GitHub <noreply@github.com>	2023-12-24 12:23:26 +0200
commit	111da0019bd6dd0f418e7aba77de49876b873389 (patch)
tree	f11ccdf29a76cb6944fb51f59a8cf5b3d42925e9
parent	04e24e89623620466b56b432c36f727768e5dcb7 (diff)
parent	cd3cfd2ad5c3201b0a1f9acc283ba2631420e723 (diff)
download	vyos-1x-111da0019bd6dd0f418e7aba77de49876b873389.tar.gz vyos-1x-111da0019bd6dd0f418e7aba77de49876b873389.zip