From 80bdd7f93430769ea5cda32d1925dfcd43df5107 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Tue, 14 Mar 2023 18:07:39 +0000
Subject: T5055: NAT: extend packet-type match option which was previously
 introduced in firewall, to NAT

---
 interface-definitions/include/nat-rule.xml.i | 27 +++++++++++++++++++++++++++
 python/vyos/nat.py                           |  3 +++
 smoketest/scripts/cli/test_nat.py            |  3 ++-
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i
index 8f2029388..7b3b8804e 100644
--- a/interface-definitions/include/nat-rule.xml.i
+++ b/interface-definitions/include/nat-rule.xml.i
@@ -31,6 +31,33 @@
         <valueless/>
       </properties>
     </leafNode>
+    <leafNode name="packet-type">
+      <properties>
+        <help>Packet type</help>
+        <completionHelp>
+          <list>broadcast host multicast other</list>
+        </completionHelp>
+        <valueHelp>
+          <format>broadcast</format>
+          <description>Match broadcast packet type</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host</format>
+          <description>Match host packet type, addressed to local host</description>
+        </valueHelp>
+        <valueHelp>
+          <format>multicast</format>
+          <description>Match multicast packet type</description>
+        </valueHelp>
+        <valueHelp>
+          <format>other</format>
+          <description>Match packet addressed to another host</description>
+        </valueHelp>
+        <constraint>
+          <regex>(broadcast|host|multicast|other)</regex>
+        </constraint>
+      </properties>
+    </leafNode>
     <leafNode name="protocol">
       <properties>
         <help>Protocol to NAT</help>
diff --git a/python/vyos/nat.py b/python/vyos/nat.py
index 8a311045a..53fd7fb33 100644
--- a/python/vyos/nat.py
+++ b/python/vyos/nat.py
@@ -47,6 +47,9 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
             protocol = '{ tcp, udp }'
         output.append(f'meta l4proto {protocol}')
 
+    if 'packet_type' in rule_conf:
+        output.append(f'pkttype ' + rule_conf['packet_type'])
+
     if 'exclude' in rule_conf:
         translation_str = 'return'
         log_suffix = '-EXCL'
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index 9f4e3b831..1f2b777a8 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -194,12 +194,13 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):
         self.cli_set(dst_path + ['rule', '1', 'inbound-interface', 'eth1'])
         self.cli_set(dst_path + ['rule', '1', 'destination', 'port', '443'])
         self.cli_set(dst_path + ['rule', '1', 'protocol', 'tcp'])
+        self.cli_set(dst_path + ['rule', '1', 'packet-type', 'host'])
         self.cli_set(dst_path + ['rule', '1', 'translation', 'port', '443'])
 
         self.cli_commit()
 
         nftables_search = [
-            ['iifname "eth1"', 'tcp dport 443', 'dnat to :443']
+            ['iifname "eth1"', 'tcp dport 443', 'pkttype host', 'dnat to :443']
         ]
 
         self.verify_nftables(nftables_search, 'ip vyos_nat')
-- 
cgit v1.2.3