diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/nat.py | 23 | ||||
| -rwxr-xr-x | src/conf_mode/nat66.py | 8 | ||||
| -rw-r--r-- | src/tests/test_jinja_filters.py | 69 | ||||
| -rw-r--r-- | src/tests/test_template.py | 44 |
4 files changed, 41 insertions, 103 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 44b13d413..20570da62 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -80,15 +80,13 @@ def verify_rule(config, err_msg, groups_dict): dict_search('source.port', config)): if config['protocol'] not in ['tcp', 'udp', 'tcp_udp']: - raise ConfigError(f'{err_msg}\n' \ - 'ports can only be specified when protocol is '\ - 'either tcp, udp or tcp_udp!') + raise ConfigError(f'{err_msg} ports can only be specified when '\ + 'protocol is either tcp, udp or tcp_udp!') if is_ip_network(dict_search('translation.address', config)): - raise ConfigError(f'{err_msg}\n' \ - 'Cannot use ports with an IPv4 network as translation address as it\n' \ - 'statically maps a whole network of addresses onto another\n' \ - 'network of addresses') + raise ConfigError(f'{err_msg} cannot use ports with an IPv4 network as '\ + 'translation address as it statically maps a whole network '\ + 'of addresses onto another network of addresses!') for side in ['destination', 'source']: if side in config: @@ -152,10 +150,10 @@ def verify(nat): if 'outbound_interface' in config: if 'name' in config['outbound_interface'] and 'group' in config['outbound_interface']: - raise ConfigError(f'{err_msg} - Cannot specify both interface group and interface name for nat source rule "{rule}"') + raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for nat source rule "{rule}"') elif 'name' in config['outbound_interface']: if config['outbound_interface']['name'] not in 'any' and config['outbound_interface']['name'] not in interfaces(): - Warning(f'{err_msg} - interface "{config["outbound_interface"]["name"]}" does not exist on this system') + Warning(f'NAT interface "{config["outbound_interface"]["name"]}" for source NAT rule "{rule}" does not exist!') if not dict_search('translation.address', config) and not dict_search('translation.port', config): if 'exclude' not in config and 'backend' not in config['load_balance']: @@ -176,10 +174,10 @@ def verify(nat): if 'inbound_interface' in config: if 'name' in config['inbound_interface'] and 'group' in config['inbound_interface']: - raise ConfigError(f'{err_msg} - Cannot specify both interface group and interface name for destination nat rule "{rule}"') + raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for destination nat rule "{rule}"') elif 'name' in config['inbound_interface']: if config['inbound_interface']['name'] not in 'any' and config['inbound_interface']['name'] not in interfaces(): - Warning(f'{err_msg} - interface "{config["inbound_interface"]["name"]}" does not exist on this system') + Warning(f'NAT interface "{config["inbound_interface"]["name"]}" for destination NAT rule "{rule}" does not exist!') if not dict_search('translation.address', config) and not dict_search('translation.port', config) and 'redirect' not in config['translation']: if 'exclude' not in config and 'backend' not in config['load_balance']: @@ -193,8 +191,7 @@ def verify(nat): err_msg = f'Static NAT configuration error in rule {rule}:' if 'inbound_interface' not in config: - raise ConfigError(f'{err_msg}\n' \ - 'inbound-interface not specified') + raise ConfigError(f'{err_msg} inbound-interface not specified') # common rule verification verify_rule(config, err_msg, nat['firewall_group']) diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py index dee1551fe..4c1ead258 100755 --- a/src/conf_mode/nat66.py +++ b/src/conf_mode/nat66.py @@ -64,10 +64,10 @@ def verify(nat): if 'outbound_interface' in config: if 'name' in config['outbound_interface'] and 'group' in config['outbound_interface']: - raise ConfigError(f'{err_msg} - Cannot specify both interface group and interface name for nat source rule "{rule}"') + raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for nat source rule "{rule}"') elif 'name' in config['outbound_interface']: if config['outbound_interface']['name'] not in 'any' and config['outbound_interface']['name'] not in interfaces(): - Warning(f'{err_msg} - interface "{config["outbound_interface"]["name"]}" does not exist on this system') + Warning(f'NAT66 interface "{config["outbound_interface"]["name"]}" for source NAT66 rule "{rule}" does not exist!') addr = dict_search('translation.address', config) if addr != None: @@ -88,10 +88,10 @@ def verify(nat): if 'inbound_interface' in config: if 'name' in config['inbound_interface'] and 'group' in config['inbound_interface']: - raise ConfigError(f'{err_msg} - Cannot specify both interface group and interface name for destination nat rule "{rule}"') + raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for destination nat rule "{rule}"') elif 'name' in config['inbound_interface']: if config['inbound_interface']['name'] not in 'any' and config['inbound_interface']['name'] not in interfaces(): - Warning(f'{err_msg} - interface "{config["inbound_interface"]["name"]}" does not exist on this system') + Warning(f'NAT66 interface "{config["inbound_interface"]["name"]}" for destination NAT66 rule "{rule}" does not exist!') return None diff --git a/src/tests/test_jinja_filters.py b/src/tests/test_jinja_filters.py deleted file mode 100644 index 8a7241fe3..000000000 --- a/src/tests/test_jinja_filters.py +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -from unittest import TestCase - -from ipaddress import ip_network -from vyos.template import address_from_cidr -from vyos.template import netmask_from_cidr -from vyos.template import is_ipv4 -from vyos.template import is_ipv6 -from vyos.template import first_host_address -from vyos.template import last_host_address -from vyos.template import inc_ip - -class TestTeamplteHelpers(TestCase): - def setUp(self): - pass - - def test_helpers_from_cidr(self): - network_v4 = '192.0.2.0/26' - self.assertEqual(address_from_cidr(network_v4), str(ip_network(network_v4).network_address)) - self.assertEqual(netmask_from_cidr(network_v4), str(ip_network(network_v4).netmask)) - - def test_helpers_ipv4(self): - self.assertTrue(is_ipv4('192.0.2.1')) - self.assertTrue(is_ipv4('192.0.2.0/24')) - self.assertTrue(is_ipv4('192.0.2.1/32')) - self.assertTrue(is_ipv4('10.255.1.2')) - self.assertTrue(is_ipv4('10.255.1.0/24')) - self.assertTrue(is_ipv4('10.255.1.2/32')) - self.assertFalse(is_ipv4('2001:db8::')) - self.assertFalse(is_ipv4('2001:db8::1')) - self.assertFalse(is_ipv4('2001:db8::/64')) - - def test_helpers_ipv6(self): - self.assertFalse(is_ipv6('192.0.2.1')) - self.assertFalse(is_ipv6('192.0.2.0/24')) - self.assertFalse(is_ipv6('192.0.2.1/32')) - self.assertFalse(is_ipv6('10.255.1.2')) - self.assertFalse(is_ipv6('10.255.1.0/24')) - self.assertFalse(is_ipv6('10.255.1.2/32')) - self.assertTrue(is_ipv6('2001:db8::')) - self.assertTrue(is_ipv6('2001:db8::1')) - self.assertTrue(is_ipv6('2001:db8::1/64')) - self.assertTrue(is_ipv6('2001:db8::/32')) - self.assertTrue(is_ipv6('2001:db8::/64')) - - def test_helpers_first_host_address(self): - self.assertEqual(first_host_address('10.0.0.0/24'), '10.0.0.1') - self.assertEqual(first_host_address('10.0.0.128/25'), '10.0.0.129') - self.assertEqual(first_host_address('10.0.0.200/29'), '10.0.0.201') - - self.assertEqual(first_host_address('2001:db8::/64'), '2001:db8::') - self.assertEqual(first_host_address('2001:db8::/112'), '2001:db8::') - self.assertEqual(first_host_address('2001:db8::10/112'), '2001:db8::10') - self.assertEqual(first_host_address('2001:db8::100/112'), '2001:db8::100') diff --git a/src/tests/test_template.py b/src/tests/test_template.py index 2d065f545..aba97015e 100644 --- a/src/tests/test_template.py +++ b/src/tests/test_template.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@ import os import vyos.template +from ipaddress import ip_network from unittest import TestCase class TestVyOSTemplate(TestCase): @@ -67,6 +68,9 @@ class TestVyOSTemplate(TestCase): # ValueError: 2001:db8::1/48 has host bits set self.assertEqual(vyos.template.address_from_cidr('2001:db8::1/48'), '2001:db8::1') + network_v4 = '192.0.2.0/26' + self.assertEqual(vyos.template.address_from_cidr(network_v4), str(ip_network(network_v4).network_address)) + def test_netmask_from_cidr(self): self.assertEqual(vyos.template.netmask_from_cidr('192.0.2.0/24'), '255.255.255.0') self.assertEqual(vyos.template.netmask_from_cidr('192.0.2.128/25'), '255.255.255.128') @@ -80,28 +84,35 @@ class TestVyOSTemplate(TestCase): # ValueError: 2001:db8:1:/64 has host bits set self.assertEqual(vyos.template.netmask_from_cidr('2001:db8:1:/64'), 'ffff:ffff:ffff:ffff::') + network_v4 = '192.0.2.0/26' + self.assertEqual(vyos.template.netmask_from_cidr(network_v4), str(ip_network(network_v4).netmask)) + def test_first_host_address(self): - self.assertEqual(vyos.template.first_host_address('10.0.0.0/24'), '10.0.0.1') - self.assertEqual(vyos.template.first_host_address('10.0.0.128/25'), '10.0.0.129') - self.assertEqual(vyos.template.first_host_address('2001:db8::/64'), '2001:db8::') + self.assertEqual(vyos.template.first_host_address('10.0.0.0/24'), '10.0.0.1') + self.assertEqual(vyos.template.first_host_address('10.0.0.10/24'), '10.0.0.1') + self.assertEqual(vyos.template.first_host_address('10.0.0.255/24'), '10.0.0.1') + self.assertEqual(vyos.template.first_host_address('10.0.0.128/25'), '10.0.0.129') + self.assertEqual(vyos.template.first_host_address('2001:db8::/64'), '2001:db8::1') + self.assertEqual(vyos.template.first_host_address('2001:db8::1000/64'), '2001:db8::1') + self.assertEqual(vyos.template.first_host_address('2001:db8::ffff:ffff:ffff:ffff/64'), '2001:db8::1') def test_last_host_address(self): - self.assertEqual(vyos.template.last_host_address('10.0.0.0/24'), '10.0.0.254') - self.assertEqual(vyos.template.last_host_address('10.0.0.128/25'), '10.0.0.254') - self.assertEqual(vyos.template.last_host_address('2001:db8::/64'), '2001:db8::ffff:ffff:ffff:ffff') + self.assertEqual(vyos.template.last_host_address('10.0.0.0/24'), '10.0.0.254') + self.assertEqual(vyos.template.last_host_address('10.0.0.128/25'), '10.0.0.254') + self.assertEqual(vyos.template.last_host_address('2001:db8::/64'), '2001:db8::ffff:ffff:ffff:ffff') def test_increment_ip(self): - self.assertEqual(vyos.template.inc_ip('10.0.0.0/24', '2'), '10.0.0.2') - self.assertEqual(vyos.template.inc_ip('10.0.0.0', '2'), '10.0.0.2') - self.assertEqual(vyos.template.inc_ip('10.0.0.0', '10'), '10.0.0.10') - self.assertEqual(vyos.template.inc_ip('2001:db8::/64', '2'), '2001:db8::2') - self.assertEqual(vyos.template.inc_ip('2001:db8::', '10'), '2001:db8::a') + self.assertEqual(vyos.template.inc_ip('10.0.0.0/24', '2'), '10.0.0.2') + self.assertEqual(vyos.template.inc_ip('10.0.0.0', '2'), '10.0.0.2') + self.assertEqual(vyos.template.inc_ip('10.0.0.0', '10'), '10.0.0.10') + self.assertEqual(vyos.template.inc_ip('2001:db8::/64', '2'), '2001:db8::2') + self.assertEqual(vyos.template.inc_ip('2001:db8::', '10'), '2001:db8::a') def test_decrement_ip(self): - self.assertEqual(vyos.template.dec_ip('10.0.0.100/24', '1'), '10.0.0.99') - self.assertEqual(vyos.template.dec_ip('10.0.0.90', '10'), '10.0.0.80') - self.assertEqual(vyos.template.dec_ip('2001:db8::b/64', '10'), '2001:db8::1') - self.assertEqual(vyos.template.dec_ip('2001:db8::f', '5'), '2001:db8::a') + self.assertEqual(vyos.template.dec_ip('10.0.0.100/24', '1'), '10.0.0.99') + self.assertEqual(vyos.template.dec_ip('10.0.0.90', '10'), '10.0.0.80') + self.assertEqual(vyos.template.dec_ip('2001:db8::b/64', '10'), '2001:db8::1') + self.assertEqual(vyos.template.dec_ip('2001:db8::f', '5'), '2001:db8::a') def test_is_network(self): self.assertFalse(vyos.template.is_ip_network('192.0.2.0')) @@ -181,4 +192,3 @@ class TestVyOSTemplate(TestCase): for group_name, group_config in data['ike_group'].items(): ciphers = vyos.template.get_esp_ike_cipher(group_config) self.assertIn(IKEv2_DEFAULT, ','.join(ciphers)) - |