summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-06-25 22:56:02 +0200
committerGitHub <noreply@github.com>2021-06-25 22:56:02 +0200
commit037aa93f493648f6e99b796fce920ec63dbc994e (patch)
tree530591a5ae0efc1d4346a4ec29fa61b246800ae2 /src/op_mode
parent05a7114a4a9713521faed4145a8bf0f4c35020bb (diff)
parente2561b55c66c9a7d3d043b5974c78b67c79321f8 (diff)
downloadvyos-1x-037aa93f493648f6e99b796fce920ec63dbc994e.tar.gz
vyos-1x-037aa93f493648f6e99b796fce920ec63dbc994e.zip
Merge pull request #899 from jack9603301/T3648
nat: nat66: T3648: Fix script logic errors and missing logic handling
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/show_nat66_rules.py19
-rwxr-xr-xsrc/op_mode/show_nat_rules.py54
2 files changed, 48 insertions, 25 deletions
diff --git a/src/op_mode/show_nat66_rules.py b/src/op_mode/show_nat66_rules.py
index a25e146a7..967ec9d37 100755
--- a/src/op_mode/show_nat66_rules.py
+++ b/src/op_mode/show_nat66_rules.py
@@ -68,7 +68,7 @@ if args.source or args.destination:
rule = comment.replace('SRC-NAT66-','')
rule = rule.replace('DST-NAT66-','')
chain = data['chain']
- if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'):
+ if not ((args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING')):
continue
interface = dict_search('match.right', data['expr'][0])
srcdest = dict_search('match.right.prefix.addr', data['expr'][2])
@@ -79,16 +79,19 @@ if args.source or args.destination:
else:
srcdest = dict_search('match.right', data['expr'][2])
- tran_addr = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3])
- if tran_addr:
- addr_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3])
- if addr_tmp:
- srcdest = srcdest + '/' + str(addr_tmp)
+ tran_addr_json = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3])
+ if tran_addr_json:
+ if isinstance(srcdest_json,str):
+ tran_addr = tran_addr_json
+
+ if 'prefix' in tran_addr_json:
+ addr_tmp = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3])
+ len_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3])
+ if addr_tmp:
+ tran_addr = addr_tmp + '/' + str(len_tmp)
else:
if 'masquerade' in data['expr'][3]:
tran_addr = 'masquerade'
- else:
- tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3])
print(format_nat66_rule.format(rule, srcdest, tran_addr, interface))
diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py
index 4b7e40d1f..0f40ecabe 100755
--- a/src/op_mode/show_nat_rules.py
+++ b/src/op_mode/show_nat_rules.py
@@ -33,7 +33,7 @@ if args.source or args.destination:
tmp = cmd('sudo nft -j list table ip nat')
tmp = json.loads(tmp)
- format_nat66_rule = '{0: <10} {1: <50} {2: <50} {3: <10}'
+ format_nat_rule = '{0: <10} {1: <50} {2: <50} {3: <10}'
print(format_nat_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface"))
print(format_nat_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------"))
@@ -63,29 +63,49 @@ if args.source or args.destination:
rule = int(''.join(list(filter(str.isdigit, comment))))
chain = data['chain']
- if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'):
+ if not ((args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING')):
continue
interface = dict_search('match.right', data['expr'][0])
- srcdest = dict_search('match.right.prefix.addr', data['expr'][1])
- if srcdest:
- addr_tmp = dict_search('match.right.prefix.len', data['expr'][1])
- if addr_tmp:
- srcdest = srcdest + '/' + str(addr_tmp)
- else:
- srcdest = dict_search('match.right', data['expr'][1])
- tran_addr = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3])
- if tran_addr:
- addr_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3])
- if addr_tmp:
- srcdest = srcdest + '/' + str(addr_tmp)
+ srcdest = ''
+ for i in [1, 2]:
+ srcdest_json = dict_search('match.right', data['expr'][i])
+ if not srcdest_json:
+ continue
+
+ if isinstance(srcdest_json,str):
+ srcdest += srcdest_json + ' '
+ elif 'prefix' in srcdest_json:
+ addr_tmp = dict_search('match.right.prefix.addr', data['expr'][i])
+ len_tmp = dict_search('match.right.prefix.len', data['expr'][i])
+ if addr_tmp and len_tmp:
+ srcdest = addr_tmp + '/' + str(len_tmp) + ' '
+ elif 'set' in srcdest_json:
+ if isinstance(srcdest_json['set'][0],str):
+ srcdest += 'port ' + str(srcdest_json['set'][0]) + ' '
+ else:
+ port_range = srcdest_json['set'][0]['range']
+ srcdest += 'port ' + str(port_range[0]) + '-' + str(port_range[1]) + ' '
+
+ tran_addr = ''
+ tran_addr_json = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3])
+ if tran_addr_json:
+ if isinstance(tran_addr_json,str):
+ tran_addr = tran_addr_json
+ elif 'prefix' in tran_addr_json:
+ addr_tmp = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3])
+ len_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3])
+ if addr_tmp and len_tmp:
+ tran_addr = addr_tmp + '/' + str(len_tmp)
else:
if 'masquerade' in data['expr'][3]:
tran_addr = 'masquerade'
elif 'log' in data['expr'][3]:
continue
- else:
- tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3])
-
+
+ tran_port = dict_search('snat.port' if args.source else 'dnat.port', data['expr'][3])
+ if tran_port:
+ tran_addr += ' port ' + str(tran_port)
+
print(format_nat_rule.format(rule, srcdest, tran_addr, interface))
exit(0)