diff options
author | jack9603301 <jack9603301@163.com> | 2021-03-26 19:00:13 +0800 |
---|---|---|
committer | jack9603301 <jack9603301@163.com> | 2021-04-04 17:44:37 +0800 |
commit | 6dcdb233eae6a909d2899a5f3d8dc5791a846745 (patch) | |
tree | ed05e1cf98a0ea8a829fe0aa4b3ef53ae06ca240 | |
parent | 6330708f7ad50e56b16e1c7bc671eaddcd758bdb (diff) | |
download | vyos-1x-6dcdb233eae6a909d2899a5f3d8dc5791a846745.tar.gz vyos-1x-6dcdb233eae6a909d2899a5f3d8dc5791a846745.zip |
nat: op-mode: T3435: Filter extra rules that should not be processed
-rwxr-xr-x | src/op_mode/show_nat66_rules.py | 7 | ||||
-rwxr-xr-x | src/op_mode/show_nat_rules.py | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/op_mode/show_nat66_rules.py b/src/op_mode/show_nat66_rules.py index fe5113015..cd4c35b8a 100755 --- a/src/op_mode/show_nat66_rules.py +++ b/src/op_mode/show_nat66_rules.py @@ -42,9 +42,16 @@ if args.source or args.destination: data = data_json[idx] # If there is no index 3, we don't think this is the record we need to check + # We need to filter the rule for Len (expr) <= 3 first, which is not what we should be concerned with if len(data['expr']) <= 3: continue + # The following key values must exist + # When the rule JSON does not have some keys, this is not a rule we can work with + for keys in ['comment', 'chain', 'expr']: + if keys not in data: + continue + comment = data['comment'] rule = comment.replace('SRC-NAT66-','') rule = rule.replace('DST-NAT66-','') diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index a98fbef8c..4bf9ff3b5 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -40,6 +40,16 @@ if args.source or args.destination: data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp) for idx in range(0, len(data_json)): data = data_json[idx] + + # If there is no index 3, we don't think this is the record we need to check + if len(data['expr']) <= 3: + continue + + # The following key values must exist + for keys in ['comment', 'chain', 'expr']: + if keys not in data: + continue + comment = data['comment'] rule = int(''.join(list(filter(str.isdigit, comment)))) chain = data['chain'] |