diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver
index 8c9a4ef158..2271386860 100644
--- a/src/libnm-client-impl/libnm.ver
+++ b/src/libnm-client-impl/libnm.ver
@@ -1896,6 +1896,7 @@ global:
nm_range_unref;
nm_setting_ip_config_get_dhcp_iaid;
nm_setting_ip_config_get_dhcp_iaid;
+ nm_setting_ip_tunnel_get_fwmark;
nm_setting_loopback_get_mtu;
nm_setting_loopback_get_type;
nm_setting_loopback_new;
diff --git a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
index 6e4347b915..c0868afb22 100644
--- a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
+++ b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
@@ -1422,6 +1422,10 @@
dbus-type="u"
gprop-type="guint"
/>
+
flow_label;
}
+/**
+ * nm_setting_ip_tunnel_get_fwmark:
+ * @setting: the #NMSettingIPTunnel
+ *
+ * Returns the #NMSettingIPTunnel:fwmark property of the setting.
+ *
+ * Returns: the fwmark value
+ *
+ * Since: 1.42
+ **/
+guint32
+nm_setting_ip_tunnel_get_fwmark(NMSettingIPTunnel *setting)
+{
+ g_return_val_if_fail(NM_IS_SETTING_IP_TUNNEL(setting), 0);
+
+ return NM_SETTING_IP_TUNNEL_GET_PRIVATE(setting)->fwmark;
+}
+
/**
* nm_setting_ip_tunnel_get_mtu:
* @setting: the #NMSettingIPTunnel
@@ -411,11 +431,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
NM_IP_TUNNEL_MODE_GRE,
NM_IP_TUNNEL_MODE_GRETAP,
NM_IP_TUNNEL_MODE_IP6GRE,
- NM_IP_TUNNEL_MODE_IP6GRETAP)) {
+ NM_IP_TUNNEL_MODE_IP6GRETAP,
+ NM_IP_TUNNEL_MODE_VTI,
+ NM_IP_TUNNEL_MODE_VTI6)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("tunnel keys can only be specified for GRE tunnels"));
+ _("tunnel keys can only be specified for GRE and VTI tunnels"));
return FALSE;
}
}
@@ -484,6 +506,18 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
+ if (priv->fwmark && !NM_IN_SET(priv->mode, NM_IP_TUNNEL_MODE_VTI, NM_IP_TUNNEL_MODE_VTI6)) {
+ g_set_error_literal(error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _("can be set only on VTI tunnels"));
+ g_prefix_error(error,
+ "%s.%s: ",
+ NM_SETTING_IP_TUNNEL_SETTING_NAME,
+ NM_SETTING_IP_TUNNEL_FWMARK);
+ return FALSE;
+ }
+
if (nm_connection_get_setting_wired(connection) && !_nm_ip_tunnel_mode_is_layer2(priv->mode)) {
g_set_error(error,
NM_CONNECTION_ERROR,
@@ -727,6 +761,25 @@ nm_setting_ip_tunnel_class_init(NMSettingIPTunnelClass *klass)
NMSettingIPTunnelPrivate,
flow_label);
+ /**
+ * NMSettingIPTunnel:fwmark:
+ *
+ * The fwmark value to assign to tunnel packets. This property can be set
+ * to a non zero value only on VTI and VTI6 tunnels.
+ *
+ * Since: 1.42
+ **/
+ _nm_setting_property_define_direct_uint32(properties_override,
+ obj_properties,
+ NM_SETTING_IP_TUNNEL_FWMARK,
+ PROP_FWMARK,
+ 0,
+ G_MAXUINT32,
+ 0,
+ NM_SETTING_PARAM_INFERRABLE,
+ NMSettingIPTunnelPrivate,
+ fwmark);
+
/**
* NMSettingIPTunnel:mtu:
*
diff --git a/src/libnm-core-public/nm-setting-ip-tunnel.h b/src/libnm-core-public/nm-setting-ip-tunnel.h
index 7aa48281b3..bcb3eab6e2 100644
--- a/src/libnm-core-public/nm-setting-ip-tunnel.h
+++ b/src/libnm-core-public/nm-setting-ip-tunnel.h
@@ -38,6 +38,7 @@ G_BEGIN_DECLS
#define NM_SETTING_IP_TUNNEL_OUTPUT_KEY "output-key"
#define NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT "encapsulation-limit"
#define NM_SETTING_IP_TUNNEL_FLOW_LABEL "flow-label"
+#define NM_SETTING_IP_TUNNEL_FWMARK "fwmark"
#define NM_SETTING_IP_TUNNEL_MTU "mtu"
#define NM_SETTING_IP_TUNNEL_FLAGS "flags"
@@ -98,6 +99,8 @@ NM_AVAILABLE_IN_1_42
guint nm_setting_ip_tunnel_get_encapsulation_limit(NMSettingIPTunnel *setting);
NM_AVAILABLE_IN_1_42
guint nm_setting_ip_tunnel_get_flow_label(NMSettingIPTunnel *setting);
+NM_AVAILABLE_IN_1_42
+guint32 nm_setting_ip_tunnel_get_fwmark(NMSettingIPTunnel *setting);
NM_AVAILABLE_IN_1_2
guint nm_setting_ip_tunnel_get_mtu(NMSettingIPTunnel *setting);
NM_AVAILABLE_IN_1_12
diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c
index d5a92d9821..7173ea85d1 100644
--- a/src/libnmc-setting/nm-meta-setting-desc.c
+++ b/src/libnmc-setting/nm-meta-setting-desc.c
@@ -6592,6 +6592,12 @@ static const NMMetaPropertyInfo *const property_infos_IP_TUNNEL[] = {
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_FLOW_LABEL,
.property_type = &_pt_gobject_int,
),
+ PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_FWMARK,
+ .property_type = &_pt_gobject_int,
+ .property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE (gobject_int,
+ .base = 16,
+ ),
+ ),
PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_MTU,
.property_type = &_pt_gobject_mtu,
),
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 6905a1793d..bfc5793680 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -215,6 +215,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLAGS N_("Tunnel flags. Currently, the following values are supported: NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT (0x1), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_TCLASS (0x2), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FLOWLABEL (0x4), NM_IP_TUNNEL_FLAG_IP6_MIP6_DEV (0x8), NM_IP_TUNNEL_FLAG_IP6_RCV_DSCP_COPY (0x10), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FWMARK (0x20). They are valid only for IPv6 tunnels.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLOW_LABEL N_("The flow label to assign to tunnel packets. This property applies only to IPv6 tunnels.")
+#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FWMARK N_("The fwmark value to assign to tunnel packets. This property can be set to a non zero value only on VTI and VTI6 tunnels.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_INPUT_KEY N_("The key used for tunnel input packets; the property is valid only for certain tunnel modes (GRE, IP6GRE). If empty, no key is used.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_LOCAL N_("The local endpoint of the tunnel; the value can be empty, otherwise it must contain an IPv4 or IPv6 address.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_MODE N_("The tunneling mode, for example NM_IP_TUNNEL_MODE_IPIP (1) or NM_IP_TUNNEL_MODE_GRE (2).")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index 8b1ee61ebf..edbd6ed6c3 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -643,6 +643,8 @@
description="How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels." />
+