vpp: T7972: Improve nat44 no-forwarding feature name and description in CLI

natali-rs1985 · natali-rs1985 · commit 5f920df3571b · 2025-11-28T18:44:10.000+02:00
diff --git a/interface-definitions/include/version/vpp-version.xml.i b/interface-definitions/include/version/vpp-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/vpp-version.xml.i -->
-<syntaxVersion component='vpp' version='3'></syntaxVersion>
+<syntaxVersion component='vpp' version='4'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/vpp.xml.in b/interface-definitions/vpp.xml.in
@@ -1033,11 +1033,25 @@
                 <multi/>
               </properties>
             </leafNode>
-            <leafNode name="no-forwarding">
+            <leafNode name="processing-mode">
               <properties>
-                <help>Do not forward packets which do not match existing NAT translations (static or dynamic)</help>
-                <valueless/>
+                <help>Processing mode for NAT</help>
+                <completionHelp>
+                  <list>static-dynamic static-bypass</list>
+                </completionHelp>
+                <valueHelp>
+                  <format>static-dynamic</format>
+                  <description>Process traffic by both static rules and dynamic NAT</description>
+                </valueHelp>
+                <valueHelp>
+                  <format>static-bypass</format>
+                  <description>Process traffic by static NAT rules only, pass without NAT if not matched</description>
+                </valueHelp>
+                <constraint>
+                  <regex>(static-dynamic|static-bypass)</regex>
+                </constraint>
               </properties>
+              <defaultValue>static-dynamic</defaultValue>
             </leafNode>
           </children>
         </node>
diff --git a/smoketest/scripts/cli/test_vpp.py b/smoketest/scripts/cli/test_vpp.py
@@ -1386,7 +1386,6 @@ def test_16_vpp_nat(self):
             base_nat + ['static', 'rule', '100', 'local', 'address', static_local_addr]
         )
 
-        self.cli_set(base_nat_settings + ['no-forwarding'])
         self.cli_set(base_nat_settings + ['session-limit', sess_limit])
         self.cli_set(base_nat_settings + ['timeout', 'icmp', timeout_icmp])
         self.cli_set(
@@ -1426,6 +1425,19 @@ def test_16_vpp_nat(self):
         _, out = rc_cmd('sudo vppctl show nat44 summary')
         self.assertIn(f'max translations per thread: {sess_limit} fib 0', out)
 
+        # Forwarding
+        # By default forwarding is disabled ('vpp settings nat44 processing-mode static-dynamic')
+        vpp = VPPControl()
+        out = vpp.api.nat44_show_running_config().forwarding_enabled
+        self.assertFalse(out)
+
+        # Enable forwarding
+        self.cli_set(base_nat_settings + ['processing-mode', 'static-bypass'])
+        self.cli_commit()
+        vpp = VPPControl()
+        out = vpp.api.nat44_show_running_config().forwarding_enabled
+        self.assertTrue(out)
+
     def test_17_vpp_sflow(self):
         base_sflow = ['system', 'sflow']
         sampling_rate = '1500'
diff --git a/src/conf_mode/vpp_nat.py b/src/conf_mode/vpp_nat.py
@@ -440,9 +440,7 @@ def apply(config):
     n.enable_nat44_ed()
 
     # Enable/disable forwarding
-    enable_forwarding = True
-    if 'no_forwarding' in config:
-        enable_forwarding = False
+    enable_forwarding = config['processing_mode'] == 'static-bypass'
     n.enable_disable_nat44_forwarding(enable_forwarding)
 
     # Add inside interfaces
diff --git a/src/migration-scripts/vpp/3-to-4 b/src/migration-scripts/vpp/3-to-4
@@ -0,0 +1,33 @@
+# Copyright VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+# Migrate "vpp settings nat44 no-forwarding"
+# to "vpp settings nat44 processing-mode <static+dynamic|static+bypass>"
+
+from vyos.configtree import ConfigTree
+
+base = ['vpp', 'settings', 'nat44']
+
+def migrate(config: ConfigTree) -> None:
+    if not config.exists(['vpp']):
+        # Nothing to do
+        return
+
+    if config.exists(base + ['no-forwarding']):
+        # Delete no-forwarding option from NAT44 settings
+        config.delete(base + ['no-forwarding'])
+        config.set(base + ['processing-mode'], value='static-dynamic')
+    else:
+        config.set(base + ['processing-mode'], value='static-bypass')
