From 1d07954e0c8949f6d48f6c2aa3b04f1a017092f7 Mon Sep 17 00:00:00 2001 From: Ildar Ibragimov Date: Tue, 24 Oct 2017 18:33:40 +0200 Subject: Fix protocol negation in NAT (like it is done in Vyatta::IpTables::Rule) --- lib/Vyatta/DstNatRule.pm | 6 ++++-- lib/Vyatta/SrcNatRule.pm | 8 +++++--- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm index e2aa483..bd54306 100644 --- a/lib/Vyatta/DstNatRule.pm +++ b/lib/Vyatta/DstNatRule.pm @@ -158,8 +158,10 @@ sub rule_str { if (defined($self->{_proto})) { my $str = $self->{_proto}; my $negate =""; - $negate = "!" if (m/^\!(.*)$/); - $str =~ s/^\!(.*)$/ $1/; + if ($str =~ /^\!(.*)$/) { + $str = $1; + $negate = "!"; + } if ($str eq 'tcp_udp') { $tcp_and_udp = 1; $rule_str .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm index 89623a4..52227a5 100644 --- a/lib/Vyatta/SrcNatRule.pm +++ b/lib/Vyatta/SrcNatRule.pm @@ -176,9 +176,11 @@ sub rule_str { if (defined($self->{_proto})) { my $str = $self->{_proto}; - my $negate =""; - $negate = "!" if (m/^\!(.*)$/); - $str =~ s/^\!(.*)$/ $1/; + my $negate = ""; + if ($str =~ /^\!(.*)$/) { + $str = $1; + $negate = "!"; + } if ($str eq 'tcp_udp') { $tcp_and_udp = 1; $rule_str .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later -- cgit v1.2.3 From 0b58083b29bff5bb4a2b16354a77a2794be7cc07 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 20 Feb 2018 06:52:57 +0100 Subject: Rename NPTv6 rule options for consistency with IPv4 NAT (fixes T554). --- lib/VyOS/Nptv6Rule.pm | 7 +++-- .../nat/nptv6/rule/node.tag/inside-prefix/node.def | 7 ----- .../rule/node.tag/outbound-interface/node.def | 30 ++++++++++++++++++++++ .../nptv6/rule/node.tag/outside-interface/node.def | 30 ---------------------- .../nptv6/rule/node.tag/outside-prefix/node.def | 7 ----- .../nat/nptv6/rule/node.tag/source/node.def | 1 + .../nat/nptv6/rule/node.tag/source/prefix/node.def | 7 +++++ .../nat/nptv6/rule/node.tag/translation/node.def | 1 + .../rule/node.tag/translation/prefix/node.def | 7 +++++ 9 files changed, 49 insertions(+), 48 deletions(-) delete mode 100644 templates-cfg/nat/nptv6/rule/node.tag/inside-prefix/node.def create mode 100644 templates-cfg/nat/nptv6/rule/node.tag/outbound-interface/node.def delete mode 100644 templates-cfg/nat/nptv6/rule/node.tag/outside-interface/node.def delete mode 100644 templates-cfg/nat/nptv6/rule/node.tag/outside-prefix/node.def create mode 100644 templates-cfg/nat/nptv6/rule/node.tag/source/node.def create mode 100644 templates-cfg/nat/nptv6/rule/node.tag/source/prefix/node.def create mode 100644 templates-cfg/nat/nptv6/rule/node.tag/translation/node.def create mode 100644 templates-cfg/nat/nptv6/rule/node.tag/translation/prefix/node.def (limited to 'lib') diff --git a/lib/VyOS/Nptv6Rule.pm b/lib/VyOS/Nptv6Rule.pm index 3166325..d469020 100644 --- a/lib/VyOS/Nptv6Rule.pm +++ b/lib/VyOS/Nptv6Rule.pm @@ -58,10 +58,9 @@ sub setup { $config->setLevel("$level"); $self->{_rule_number} = $config->returnParent(".."); - $self->{_inside_if} = $config->returnValue("inside-interface"); - $self->{_outside_if} = $config->returnValue("outside-interface"); - $self->{_inside_pfx} = $config->returnValue("inside-prefix"); - $self->{_outside_pfx} = $config->returnValue("outside-prefix"); + $self->{_outside_if} = $config->returnValue("outbound-interface"); + $self->{_inside_pfx} = $config->returnValue("source prefix"); + $self->{_outside_pfx} = $config->returnValue("translation prefix"); $self->{_disable} = $config->exists("disable"); diff --git a/templates-cfg/nat/nptv6/rule/node.tag/inside-prefix/node.def b/templates-cfg/nat/nptv6/rule/node.tag/inside-prefix/node.def deleted file mode 100644 index 7af7091..0000000 --- a/templates-cfg/nat/nptv6/rule/node.tag/inside-prefix/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt - -help: Inside prefix to be translated - -val_help: ipv6net; IPv6 prefix to match - -syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)" diff --git a/templates-cfg/nat/nptv6/rule/node.tag/outbound-interface/node.def b/templates-cfg/nat/nptv6/rule/node.tag/outbound-interface/node.def new file mode 100644 index 0000000..f7bf286 --- /dev/null +++ b/templates-cfg/nat/nptv6/rule/node.tag/outbound-interface/node.def @@ -0,0 +1,30 @@ +type: txt + +help: Outbound interface of NPTv6 traffic + +enumeration: existing-interfaces; echo "any" + +val_help: ; Interface name or "any" + +commit:expression: exec " + if [ \"any\" == \"$VAR(@)\" ] ; then + exit 0 + fi + intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)) + intf_array_len=${#intf_array[*]} + i=0 + while [ $i -lt $intf_array_len ]; do + temp=${intf_array[$i]%:*} + if [ \"$temp\" == \"$VAR(@)\" ] ; then + exit 0 + fi + let i++ + done + intf_group_name_array=\"eth+ bond+ br+ peth+ vtun+ tun+ wlm+ wlan+ vxlan+ vti+ l2tpeth+\" + i=0 + for i in $intf_group_name_array; do + if [ \"$i\" == \"$VAR(@)\" ]; then + exit 0 + fi + done + echo NPTv6 configuration warning: interface $VAR(@) does not exist on this system " diff --git a/templates-cfg/nat/nptv6/rule/node.tag/outside-interface/node.def b/templates-cfg/nat/nptv6/rule/node.tag/outside-interface/node.def deleted file mode 100644 index d0954ad..0000000 --- a/templates-cfg/nat/nptv6/rule/node.tag/outside-interface/node.def +++ /dev/null @@ -1,30 +0,0 @@ -type: txt - -help: Outside interface of NPTv6 traffic - -enumeration: existing-interfaces; echo "any" - -val_help: ; Interface name or "any" - -commit:expression: exec " - if [ \"any\" == \"$VAR(@)\" ] ; then - exit 0 - fi - intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev)) - intf_array_len=${#intf_array[*]} - i=0 - while [ $i -lt $intf_array_len ]; do - temp=${intf_array[$i]%:*} - if [ \"$temp\" == \"$VAR(@)\" ] ; then - exit 0 - fi - let i++ - done - intf_group_name_array=\"eth+ bond+ br+ peth+ vtun+ tun+ wlm+ wlan+\" - i=0 - for i in $intf_group_name_array; do - if [ \"$i\" == \"$VAR(@)\" ]; then - exit 0 - fi - done - echo NPTv6 configuration warning: interface $VAR(@) does not exist on this system " diff --git a/templates-cfg/nat/nptv6/rule/node.tag/outside-prefix/node.def b/templates-cfg/nat/nptv6/rule/node.tag/outside-prefix/node.def deleted file mode 100644 index 7af7091..0000000 --- a/templates-cfg/nat/nptv6/rule/node.tag/outside-prefix/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt - -help: Inside prefix to be translated - -val_help: ipv6net; IPv6 prefix to match - -syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)" diff --git a/templates-cfg/nat/nptv6/rule/node.tag/source/node.def b/templates-cfg/nat/nptv6/rule/node.tag/source/node.def new file mode 100644 index 0000000..5be9e47 --- /dev/null +++ b/templates-cfg/nat/nptv6/rule/node.tag/source/node.def @@ -0,0 +1 @@ +help: IPv6 source prefix options diff --git a/templates-cfg/nat/nptv6/rule/node.tag/source/prefix/node.def b/templates-cfg/nat/nptv6/rule/node.tag/source/prefix/node.def new file mode 100644 index 0000000..47df40d --- /dev/null +++ b/templates-cfg/nat/nptv6/rule/node.tag/source/prefix/node.def @@ -0,0 +1,7 @@ +type: txt + +help: IPv6 prefix to be translated + +val_help: ipv6net; IPv6 prefix to match + +syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)" diff --git a/templates-cfg/nat/nptv6/rule/node.tag/translation/node.def b/templates-cfg/nat/nptv6/rule/node.tag/translation/node.def new file mode 100644 index 0000000..741f9ab --- /dev/null +++ b/templates-cfg/nat/nptv6/rule/node.tag/translation/node.def @@ -0,0 +1 @@ +help: Translated IPv6 prefix options diff --git a/templates-cfg/nat/nptv6/rule/node.tag/translation/prefix/node.def b/templates-cfg/nat/nptv6/rule/node.tag/translation/prefix/node.def new file mode 100644 index 0000000..d9c7d5a --- /dev/null +++ b/templates-cfg/nat/nptv6/rule/node.tag/translation/prefix/node.def @@ -0,0 +1,7 @@ +type: txt + +help: Translated IPv6 prefix + +val_help: ipv6net; IPv6 prefix to match + +syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)" -- cgit v1.2.3