diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-06-25 22:56:02 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-25 22:56:02 +0200 |
commit | 037aa93f493648f6e99b796fce920ec63dbc994e (patch) | |
tree | 530591a5ae0efc1d4346a4ec29fa61b246800ae2 /src/op_mode | |
parent | 05a7114a4a9713521faed4145a8bf0f4c35020bb (diff) | |
parent | e2561b55c66c9a7d3d043b5974c78b67c79321f8 (diff) | |
download | vyos-1x-037aa93f493648f6e99b796fce920ec63dbc994e.tar.gz vyos-1x-037aa93f493648f6e99b796fce920ec63dbc994e.zip |
Merge pull request #899 from jack9603301/T3648
nat: nat66: T3648: Fix script logic errors and missing logic handling
Diffstat (limited to 'src/op_mode')
-rwxr-xr-x | src/op_mode/show_nat66_rules.py | 19 | ||||
-rwxr-xr-x | src/op_mode/show_nat_rules.py | 54 |
2 files changed, 48 insertions, 25 deletions
diff --git a/src/op_mode/show_nat66_rules.py b/src/op_mode/show_nat66_rules.py index a25e146a7..967ec9d37 100755 --- a/src/op_mode/show_nat66_rules.py +++ b/src/op_mode/show_nat66_rules.py @@ -68,7 +68,7 @@ if args.source or args.destination: rule = comment.replace('SRC-NAT66-','') rule = rule.replace('DST-NAT66-','') chain = data['chain'] - if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'): + if not ((args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING')): continue interface = dict_search('match.right', data['expr'][0]) srcdest = dict_search('match.right.prefix.addr', data['expr'][2]) @@ -79,16 +79,19 @@ if args.source or args.destination: else: srcdest = dict_search('match.right', data['expr'][2]) - tran_addr = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3]) - if tran_addr: - addr_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3]) - if addr_tmp: - srcdest = srcdest + '/' + str(addr_tmp) + tran_addr_json = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) + if tran_addr_json: + if isinstance(srcdest_json,str): + tran_addr = tran_addr_json + + if 'prefix' in tran_addr_json: + addr_tmp = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3]) + len_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3]) + if addr_tmp: + tran_addr = addr_tmp + '/' + str(len_tmp) else: if 'masquerade' in data['expr'][3]: tran_addr = 'masquerade' - else: - tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) print(format_nat66_rule.format(rule, srcdest, tran_addr, interface)) diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index 4b7e40d1f..0f40ecabe 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -33,7 +33,7 @@ if args.source or args.destination: tmp = cmd('sudo nft -j list table ip nat') tmp = json.loads(tmp) - format_nat66_rule = '{0: <10} {1: <50} {2: <50} {3: <10}' + format_nat_rule = '{0: <10} {1: <50} {2: <50} {3: <10}' print(format_nat_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) print(format_nat_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) @@ -63,29 +63,49 @@ if args.source or args.destination: rule = int(''.join(list(filter(str.isdigit, comment)))) chain = data['chain'] - if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'): + if not ((args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING')): continue interface = dict_search('match.right', data['expr'][0]) - srcdest = dict_search('match.right.prefix.addr', data['expr'][1]) - if srcdest: - addr_tmp = dict_search('match.right.prefix.len', data['expr'][1]) - if addr_tmp: - srcdest = srcdest + '/' + str(addr_tmp) - else: - srcdest = dict_search('match.right', data['expr'][1]) - tran_addr = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3]) - if tran_addr: - addr_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3]) - if addr_tmp: - srcdest = srcdest + '/' + str(addr_tmp) + srcdest = '' + for i in [1, 2]: + srcdest_json = dict_search('match.right', data['expr'][i]) + if not srcdest_json: + continue + + if isinstance(srcdest_json,str): + srcdest += srcdest_json + ' ' + elif 'prefix' in srcdest_json: + addr_tmp = dict_search('match.right.prefix.addr', data['expr'][i]) + len_tmp = dict_search('match.right.prefix.len', data['expr'][i]) + if addr_tmp and len_tmp: + srcdest = addr_tmp + '/' + str(len_tmp) + ' ' + elif 'set' in srcdest_json: + if isinstance(srcdest_json['set'][0],str): + srcdest += 'port ' + str(srcdest_json['set'][0]) + ' ' + else: + port_range = srcdest_json['set'][0]['range'] + srcdest += 'port ' + str(port_range[0]) + '-' + str(port_range[1]) + ' ' + + tran_addr = '' + tran_addr_json = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) + if tran_addr_json: + if isinstance(tran_addr_json,str): + tran_addr = tran_addr_json + elif 'prefix' in tran_addr_json: + addr_tmp = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3]) + len_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3]) + if addr_tmp and len_tmp: + tran_addr = addr_tmp + '/' + str(len_tmp) else: if 'masquerade' in data['expr'][3]: tran_addr = 'masquerade' elif 'log' in data['expr'][3]: continue - else: - tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - + + tran_port = dict_search('snat.port' if args.source else 'dnat.port', data['expr'][3]) + if tran_port: + tran_addr += ' port ' + str(tran_port) + print(format_nat_rule.format(rule, srcdest, tran_addr, interface)) exit(0) |