From c9ad82ef583a1f44f84c7e69124f2a5d868da857 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 18 Aug 2021 09:30:33 +0200
Subject: nat66: ndppd: T2518: rename Jinja2 template folder to match common
 naming convention

---
 src/conf_mode/nat66.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/conf_mode/nat66.py')

diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index e2bd6417d..2314b6623 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2021 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -55,7 +55,7 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
-    
+
     base = ['nat66']
     nat = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
 
@@ -90,7 +90,7 @@ def get_config(config=None):
     # be done only once
     if not get_handler(condensed_json, 'PREROUTING', 'NAT_CONNTRACK'):
         nat['helper_functions'] = 'add'
-        
+
         # Retrieve current table handler positions
         nat['pre_ct_ignore'] = get_handler(condensed_json, 'PREROUTING', 'VYATTA_CT_IGNORE')
         nat['pre_ct_conntrack'] = get_handler(condensed_json, 'PREROUTING', 'VYATTA_CT_PREROUTING_HOOK')
@@ -109,7 +109,7 @@ def verify(nat):
     if 'helper_functions' in nat and nat['helper_functions'] != 'has':
         if not (nat['pre_ct_conntrack'] or nat['out_ct_conntrack']):
             raise Exception('could not determine nftable ruleset handlers')
-    
+
     if dict_search('source.rule', nat):
         for rule, config in dict_search('source.rule', nat).items():
             err_msg = f'Source NAT66 configuration error in rule {rule}:'
@@ -145,7 +145,7 @@ def verify(nat):
 
 def generate(nat):
     render(iptables_nat_config, 'firewall/nftables-nat66.tmpl', nat, permission=0o755)
-    render(ndppd_config, 'proxy-ndp/ndppd.conf.tmpl', nat, permission=0o755)
+    render(ndppd_config, 'ndppd/ndppd.conf.tmpl', nat, permission=0o755)
     return None
 
 def apply(nat):
-- 
cgit v1.2.3


From 6b2c3906c3ef1e8a72d6923fcea9cc340e59dd82 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 18 Aug 2021 09:51:29 +0200
Subject: nptv6: T2518: add missing verify() stage for mandatory translation
 address

---
 src/conf_mode/nat66.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/conf_mode/nat66.py')

diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index 2314b6623..8a3adc807 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -124,6 +124,8 @@ def verify(nat):
             if addr != None:
                 if addr != 'masquerade' and not is_ipv6(addr):
                     raise ConfigError(f'Warning: IPv6 address {addr} is not a valid address')
+            else:
+                raise ConfigError(f'{err_msg} translation address not specified')
 
             prefix = dict_search('source.prefix', config)
             if prefix != None:
-- 
cgit v1.2.3


From 39ba9c31853838739659f4842d02a7e931107710 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 18 Aug 2021 09:52:40 +0200
Subject: nptv6: T2518: remove superfluous else clause on missing
 outbound-interface

---
 src/conf_mode/nat66.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'src/conf_mode/nat66.py')

diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index 8a3adc807..f8bc073bb 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -114,11 +114,10 @@ def verify(nat):
         for rule, config in dict_search('source.rule', nat).items():
             err_msg = f'Source NAT66 configuration error in rule {rule}:'
             if 'outbound_interface' not in config:
-                raise ConfigError(f'{err_msg}\n' \
-                                  'outbound-interface not specified')
-            else:
-                if config['outbound_interface'] not in interfaces():
-                    print(f'WARNING: rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
+                raise ConfigError(f'{err_msg} outbound-interface not specified')
+
+            if config['outbound_interface'] not in interfaces():
+                print(f'WARNING: rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
 
             addr = dict_search('translation.address', config)
             if addr != None:
-- 
cgit v1.2.3


From 17dc7cd0aaca5c4ae14d3dc843de7a5b612ab5ed Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 27 Sep 2021 20:53:57 +0200
Subject: nat66: T3863: ndppd requires interfaces to be present

---
 src/conf_mode/nat66.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/conf_mode/nat66.py')

diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index f8bc073bb..fb376a434 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -117,7 +117,7 @@ def verify(nat):
                 raise ConfigError(f'{err_msg} outbound-interface not specified')
 
             if config['outbound_interface'] not in interfaces():
-                print(f'WARNING: rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
+                raise ConfigError(f'WARNING: rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
 
             addr = dict_search('translation.address', config)
             if addr != None:
-- 
cgit v1.2.3