summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/op-mode-standardized.json1
-rw-r--r--op-mode-definitions/nat.xml.in13
-rwxr-xr-xsrc/conf_mode/nat_cgnat.py13
-rwxr-xr-xsrc/op_mode/cgnat.py75
4 files changed, 102 insertions, 0 deletions
diff --git a/data/op-mode-standardized.json b/data/op-mode-standardized.json
index 911869d09..c14133127 100644
--- a/data/op-mode-standardized.json
+++ b/data/op-mode-standardized.json
@@ -3,6 +3,7 @@
"bgp.py",
"bonding.py",
"bridge.py",
+"cgnat.py",
"config_mgmt.py",
"conntrack.py",
"container.py",
diff --git a/op-mode-definitions/nat.xml.in b/op-mode-definitions/nat.xml.in
index 307a91337..6398c0e07 100644
--- a/op-mode-definitions/nat.xml.in
+++ b/op-mode-definitions/nat.xml.in
@@ -7,6 +7,19 @@
<help>Show IPv4 Network Address Translation (NAT) information</help>
</properties>
<children>
+ <node name="cgnat">
+ <properties>
+ <help>Show Carrier-Grade Network Address Translation (CGNAT)</help>
+ </properties>
+ <children>
+ <node name="allocation">
+ <properties>
+ <help>Show allocated CGNAT parameters</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/cgnat.py show_allocation</command>
+ </node>
+ </children>
+ </node>
<node name="source">
<properties>
<help>Show source IPv4 to IPv4 Network Address Translation (NAT) information</help>
diff --git a/src/conf_mode/nat_cgnat.py b/src/conf_mode/nat_cgnat.py
index 8292f23a4..9a20a3c54 100755
--- a/src/conf_mode/nat_cgnat.py
+++ b/src/conf_mode/nat_cgnat.py
@@ -203,6 +203,11 @@ def verify(config):
f'Range for "{pool} pool {pool_name}" must be defined!'
)
+ external_pools_query = "keys(pool.external)"
+ external_pools: list = jmespath.search(external_pools_query, config)
+ internal_pools_query = "keys(pool.internal)"
+ internal_pools: list = jmespath.search(internal_pools_query, config)
+
for rule, rule_config in config['rule'].items():
if 'source' not in rule_config:
raise ConfigError(f'Rule "{rule}" source pool must be defined!')
@@ -212,6 +217,14 @@ def verify(config):
if 'translation' not in rule_config:
raise ConfigError(f'Rule "{rule}" translation pool must be defined!')
+ internal_pool = rule_config['source']['pool']
+ if internal_pool not in internal_pools:
+ raise ConfigError(f'Internal pool "{internal_pool}" does not exist!')
+
+ external_pool = rule_config['translation']['pool']
+ if external_pool not in external_pools:
+ raise ConfigError(f'External pool "{external_pool}" does not exist!')
+
def generate(config):
if not config:
diff --git a/src/op_mode/cgnat.py b/src/op_mode/cgnat.py
new file mode 100755
index 000000000..a98269a15
--- /dev/null
+++ b/src/op_mode/cgnat.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import json
+import sys
+import typing
+
+from tabulate import tabulate
+
+import vyos.opmode
+
+from vyos.configquery import ConfigTreeQuery
+from vyos.utils.process import cmd
+
+CGNAT_TABLE = 'cgnat'
+
+
+def _get_raw_data():
+ """ Get CGNAT dictionary
+ """
+ cmd_output = cmd(f'nft --json list table ip {CGNAT_TABLE}')
+ data = json.loads(cmd_output)
+ return data
+
+
+def _get_formatted_output(data):
+ elements = data['nftables'][2]['map']['elem']
+ allocations = []
+ for elem in elements:
+ internal = elem[0] # internal
+ external = elem[1]['concat'][0] # external
+ start_port = elem[1]['concat'][1]['range'][0]
+ end_port = elem[1]['concat'][1]['range'][1]
+ port_range = f'{start_port}-{end_port}'
+ allocations.append((internal, external, port_range))
+
+ headers = ['Internal IP', 'External IP', 'Port range']
+ output = tabulate(allocations, headers, numalign="left")
+ return output
+
+
+def show_allocation(raw: bool):
+ config = ConfigTreeQuery()
+ if not config.exists('nat cgnat'):
+ raise vyos.opmode.UnconfiguredSubsystem('CGNAT is not configured')
+
+ if raw:
+ return _get_raw_data()
+
+ else:
+ raw_data = _get_raw_data()
+ return _get_formatted_output(raw_data)
+
+
+if __name__ == '__main__':
+ try:
+ res = vyos.opmode.run(sys.modules[__name__])
+ if res:
+ print(res)
+ except (ValueError, vyos.opmode.Error) as e:
+ print(e)
+ sys.exit(1)