summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-19 21:01:20 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-19 21:04:28 +0100
commit9207897983a3bfafa0ec3e436c1ad67790f09f06 (patch)
tree48d3291319fc113eda2c0effe866df154d7e8e21 /python/vyos
parent75e947ccc72d1532e1bf9c2f5011060a1043a14e (diff)
downloadvyos-1x-9207897983a3bfafa0ec3e436c1ad67790f09f06.tar.gz
vyos-1x-9207897983a3bfafa0ec3e436c1ad67790f09f06.zip
nat: T2947: add many-many translation
Support a 1:1 or 1:n prefix translation. The following configuration will NAT source addresses from the 10.2.0.0/16 range to an address from 192.0.2.0/29. For this feature to work a Linux Kernel 5.8 or higher is required! vyos@vyos# show nat source { rule 100 { outbound-interface eth1 source { address 10.2.0.0/16 } translation { address 192.0.2.0/29 } } } This results in the nftables configuration: chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "eth1" counter packets 0 bytes 0 snat ip prefix to ip saddr map { 10.2.0.0/16 : 192.0.2.0/29 } comment "SRC-NAT-100" }
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/template.py43
1 files changed, 42 insertions, 1 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index bf087c223..527384d0b 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -149,7 +149,9 @@ def netmask_from_ipv4(address):
Example:
- 172.18.201.10 -> 255.255.255.128
"""
- from netifaces import interfaces, ifaddresses, AF_INET
+ from netifaces import interfaces
+ from netifaces import ifaddresses
+ from netifaces import AF_INET
for interface in interfaces():
tmp = ifaddresses(interface)
if AF_INET in tmp:
@@ -160,6 +162,30 @@ def netmask_from_ipv4(address):
raise ValueError
+@register_filter('is_ip_network')
+def is_ip_network(addr):
+ """ Take IP(v4/v6) address and validate if the passed argument is a network
+ or a host address.
+
+ Example:
+ - 192.0.2.0 -> False
+ - 192.0.2.10/24 -> False
+ - 192.0.2.0/24 -> True
+ - 2001:db8:: -> False
+ - 2001:db8::100 -> False
+ - 2001:db8::/48 -> True
+ - 2001:db8:1000::/64 -> True
+ """
+ try:
+ from ipaddress import ip_network
+ # input variables must contain a / to indicate its CIDR notation
+ if len(addr.split('/')) != 2:
+ raise ValueError()
+ ip_network(addr)
+ return True
+ except:
+ return False
+
@register_filter('network_from_ipv4')
def network_from_ipv4(address):
""" Take IP address and search all attached interface IP addresses for the
@@ -248,6 +274,21 @@ def dec_ip(address, decrement):
from ipaddress import ip_interface
return str(ip_interface(address).ip - int(decrement))
+@register_filter('compare_netmask')
+def compare_netmask(netmask1, netmask2):
+ """
+ Compare two IP netmask if they have the exact same size.
+
+ compare_netmask('10.0.0.0/8', '20.0.0.0/8') -> True
+ compare_netmask('10.0.0.0/8', '20.0.0.0/16') -> False
+ """
+ from ipaddress import ip_network
+ try:
+ return ip_network(netmask1).netmask == ip_network(netmask2).netmask
+ except:
+ return False
+
+
@register_filter('isc_static_route')
def isc_static_route(subnet, router):
# https://ercpe.de/blog/pushing-static-routes-with-isc-dhcp-server