diff options
-rw-r--r-- | interface-definitions/nat_cgnat.xml.in | 6 | ||||
-rwxr-xr-x | src/conf_mode/nat_cgnat.py | 30 |
2 files changed, 36 insertions, 0 deletions
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in index fce5e655d..71f4d67b0 100644 --- a/interface-definitions/nat_cgnat.xml.in +++ b/interface-definitions/nat_cgnat.xml.in @@ -8,6 +8,12 @@ <priority>221</priority> </properties> <children> + <leafNode name="log-allocation"> + <properties> + <help>Log IP address and port allocation</help> + <valueless/> + </properties> + </leafNode> <node name="pool"> <properties> <help>External and internal pool parameters</help> diff --git a/src/conf_mode/nat_cgnat.py b/src/conf_mode/nat_cgnat.py index 957b12c28..bd6855e8b 100755 --- a/src/conf_mode/nat_cgnat.py +++ b/src/conf_mode/nat_cgnat.py @@ -16,9 +16,11 @@ import ipaddress import jmespath +import logging import os from sys import exit +from logging.handlers import SysLogHandler from vyos.config import Config from vyos.template import render @@ -32,6 +34,18 @@ airbag.enable() nftables_cgnat_config = '/run/nftables-cgnat.nft' +# Logging +logger = logging.getLogger('cgnat') +logger.setLevel(logging.DEBUG) + +syslog_handler = SysLogHandler(address="/dev/log") +syslog_handler.setLevel(logging.INFO) + +formatter = logging.Formatter('%(name)s: %(message)s') +syslog_handler.setFormatter(formatter) + +logger.addHandler(syslog_handler) + class IPOperations: def __init__(self, ip_prefix: str): @@ -315,6 +329,22 @@ def apply(config): return None cmd(f'nft --file {nftables_cgnat_config}') + # Logging allocations + if 'log_allocation' in config: + allocations = config['proto_map_elements'] + allocations = allocations.split(',') + for allocation in allocations: + try: + # Split based on the delimiters used in the nft data format + internal_host, rest = allocation.split(' : ') + external_host, port_range = rest.split(' . ') + # Log the parsed data + logger.info( + f"Internal host: {internal_host.lstrip()}, external host: {external_host}, Port range: {port_range}") + except ValueError as e: + # Log error message + logger.error(f"Error processing line '{allocation}': {e}") + if __name__ == '__main__': try: |