4 files changed, 116 insertions, 36 deletions

diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py
index 18b32edab..53df006a4 100755
--- a/src/conf_mode/service_monitoring_telegraf.py
+++ b/src/conf_mode/service_monitoring_telegraf.py
@@ -40,23 +40,6 @@ custom_scripts_dir = '/etc/telegraf/custom_scripts'
 syslog_telegraf = '/etc/rsyslog.d/50-telegraf.conf'
 systemd_override = '/etc/systemd/system/telegraf.service.d/10-override.conf'
 
-def get_interfaces(type='', vlan=True):
-    """
-    get_interfaces()
-    ['dum0', 'eth0', 'eth1', 'eth1.5', 'lo', 'tun0']
-
-    get_interfaces("dummy")
-    ['dum0']
-    """
-    interfaces = []
-    ifaces = Section.interfaces(type)
-    for iface in ifaces:
-        if vlan == False and '.' in iface:
-            continue
-        interfaces.append(iface)
-
-    return interfaces
-
 def get_nft_filter_chains():
     """ Get nft chains for table filter """
     nft = cmd('nft --json list table ip filter')
@@ -70,7 +53,6 @@ def get_nft_filter_chains():
 
     return chain_list
 
-
 def get_config(config=None):
     if config:
         conf = config
@@ -93,7 +75,7 @@ def get_config(config=None):
     monitoring = dict_merge(default_values, monitoring)
 
     monitoring['custom_scripts_dir'] = custom_scripts_dir
-    monitoring['interfaces_ethernet'] = get_interfaces('ethernet', vlan=False)
+    monitoring['interfaces_ethernet'] = Section.interfaces('ethernet', vlan=False)
     monitoring['nft_chains'] = get_nft_filter_chains()
 
     # Redefine azure group-metrics 'single-table' and 'table-per-metric'
diff --git a/src/etc/opennhrp/opennhrp-script.py b/src/etc/opennhrp/opennhrp-script.py
index a5293c97e..bf25a7331 100755
--- a/src/etc/opennhrp/opennhrp-script.py
+++ b/src/etc/opennhrp/opennhrp-script.py
@@ -81,7 +81,13 @@ def vici_ike_terminate(list_ikeid: list[str]) -> bool:
         session = vici.Session()
         for ikeid in list_ikeid:
             logger.info(f'Terminating IKE SA with id {ikeid}')
-            session.terminate({'ike-id': ikeid, 'timeout': '-1'})
+            session_generator = session.terminate(
+                {'ike-id': ikeid, 'timeout': '-1'})
+            # a dummy `for` loop is required because of requirements
+            # from vici. Without a full iteration on the output, the
+            # command to vici may not be executed completely
+            for _ in session_generator:
+                pass
         return True
     except Exception as err:
         logger.error(f'Failed to terminate SA for IKE ids {list_ikeid}: {err}')
@@ -175,13 +181,18 @@ def vici_initiate(conn: str, child_sa: str, src_addr: str,
         f'src_addr: {src_addr}, dst_addr: {dest_addr}')
     try:
         session = vici.Session()
-        session.initiate({
+        session_generator = session.initiate({
             'ike': conn,
             'child': child_sa,
             'timeout': '-1',
             'my-host': src_addr,
             'other-host': dest_addr
         })
+        # a dummy `for` loop is required because of requirements
+        # from vici. Without a full iteration on the output, the
+        # command to vici may not be executed completely
+        for _ in session_generator:
+            pass
         return True
     except Exception as err:
         logger.error(f'Unable to initiate connection {err}')
diff --git a/src/etc/telegraf/custom_scripts/show_interfaces_input_filter.py b/src/etc/telegraf/custom_scripts/show_interfaces_input_filter.py
index 0c7474156..6f14d6a8e 100755
--- a/src/etc/telegraf/custom_scripts/show_interfaces_input_filter.py
+++ b/src/etc/telegraf/custom_scripts/show_interfaces_input_filter.py
@@ -5,20 +5,6 @@ from vyos.ifconfig import Interface
 
 import time
 
-def get_interfaces(type='', vlan=True):
-    """
-    Get interfaces:
-    ['dum0', 'eth0', 'eth1', 'eth1.5', 'lo', 'tun0']
-    """
-    interfaces = []
-    ifaces = Section.interfaces(type)
-    for iface in ifaces:
-        if vlan == False and '.' in iface:
-            continue
-        interfaces.append(iface)
-
-    return interfaces
-
 def get_interface_addresses(iface, link_local_v6=False):
     """
     Get IP and IPv6 addresses from interface in one string
@@ -77,7 +63,7 @@ def get_interface_oper_state(iface):
 
     return oper_state
 
-interfaces = get_interfaces()
+interfaces = Section.interfaces('')
 
 for iface in interfaces:
     print(f'show_interfaces,interface={iface} '
diff --git a/src/op_mode/nat.py b/src/op_mode/nat.py
index dec04aa48..1339d5b92 100755
--- a/src/op_mode/nat.py
+++ b/src/op_mode/nat.py
@@ -17,6 +17,7 @@
 import jmespath
 import json
 import sys
+import xmltodict
 
 from sys import exit
 from tabulate import tabulate
@@ -27,6 +28,29 @@ from vyos.util import dict_search
 import vyos.opmode
 
 
+def _get_xml_translation(direction, family):
+    """
+    Get conntrack XML output --src-nat|--dst-nat
+    """
+    if direction == 'source':
+        opt = '--src-nat'
+    if direction == 'destination':
+        opt = '--dst-nat'
+    return cmd(f'sudo conntrack --dump --family {family} {opt} --output xml')
+
+
+def _xml_to_dict(xml):
+    """
+    Convert XML to dictionary
+    Return: dictionary
+    """
+    parse = xmltodict.parse(xml, attr_prefix='')
+    # If only one conntrack entry we must change dict
+    if 'meta' in parse['conntrack']['flow']:
+        return dict(conntrack={'flow': [parse['conntrack']['flow']]})
+    return parse
+
+
 def _get_json_data(direction, family):
     """
     Get NAT format JSON
@@ -52,6 +76,22 @@ def _get_raw_data_rules(direction, family):
     return rules
 
 
+def _get_raw_translation(direction, family):
+    """
+    Return: dictionary
+    """
+    xml = _get_xml_translation(direction, family)
+    if len(xml) == 0:
+        output = {'conntrack':
+            {
+                'error': True,
+                'reason': 'entries not found'
+            }
+        }
+        return output
+    return _xml_to_dict(xml)
+
+
 def _get_formatted_output_rules(data, direction, family):
     # Add default values before loop
     sport, dport, proto = 'any', 'any', 'any'
@@ -180,6 +220,58 @@ def _get_formatted_output_statistics(data, direction):
     return output
 
 
+def _get_formatted_translation(dict_data, nat_direction, family):
+    data_entries = []
+    if 'error' in dict_data['conntrack']:
+        return 'Entries not found'
+    for entry in dict_data['conntrack']['flow']:
+        orig_src, orig_dst, orig_sport, orig_dport = {}, {}, {}, {}
+        reply_src, reply_dst, reply_sport, reply_dport = {}, {}, {}, {}
+        proto = {}
+        for meta in entry['meta']:
+            direction = meta['direction']
+            if direction in ['original']:
+                if 'layer3' in meta:
+                    orig_src = meta['layer3']['src']
+                    orig_dst = meta['layer3']['dst']
+                if 'layer4' in meta:
+                    if meta.get('layer4').get('sport'):
+                        orig_sport = meta['layer4']['sport']
+                    if meta.get('layer4').get('dport'):
+                        orig_dport = meta['layer4']['dport']
+                    proto = meta['layer4']['protoname']
+            if direction in ['reply']:
+                if 'layer3' in meta:
+                    reply_src = meta['layer3']['src']
+                    reply_dst = meta['layer3']['dst']
+                if 'layer4' in meta:
+                    if meta.get('layer4').get('sport'):
+                        reply_sport = meta['layer4']['sport']
+                    if meta.get('layer4').get('dport'):
+                        reply_dport = meta['layer4']['dport']
+                    proto = meta['layer4']['protoname']
+            if direction == 'independent':
+                conn_id = meta['id']
+                timeout = meta['timeout']
+                orig_src = f'{orig_src}:{orig_sport}' if orig_sport else orig_src
+                orig_dst = f'{orig_dst}:{orig_dport}' if orig_dport else orig_dst
+                reply_src = f'{reply_src}:{reply_sport}' if reply_sport else reply_src
+                reply_dst = f'{reply_dst}:{reply_dport}' if reply_dport else reply_dst
+                state = meta['state'] if 'state' in meta else ''
+                mark = meta['mark']
+                zone = meta['zone'] if 'zone' in meta else ''
+                if nat_direction == 'source':
+                    data_entries.append(
+                        [orig_src, reply_dst, proto, timeout, mark, zone])
+                elif nat_direction == 'destination':
+                    data_entries.append(
+                        [orig_dst, reply_src, proto, timeout, mark, zone])
+
+    headers = ["Pre-NAT", "Post-NAT", "Proto", "Timeout", "Mark", "Zone"]
+    output = tabulate(data_entries, headers, numalign="left")
+    return output
+
+
 def show_rules(raw: bool, direction: str, family: str):
     nat_rules = _get_raw_data_rules(direction, family)
     if raw:
@@ -196,6 +288,15 @@ def show_statistics(raw: bool, direction: str, family: str):
         return _get_formatted_output_statistics(nat_statistics, direction)
 
 
+def show_translations(raw: bool, direction: str, family: str):
+    family = 'ipv6' if family == 'inet6' else 'ipv4'
+    nat_translation = _get_raw_translation(direction, family)
+    if raw:
+        return nat_translation
+    else:
+        return _get_formatted_translation(nat_translation, direction, family)
+
+
 if __name__ == '__main__':
     try:
         res = vyos.opmode.run(sys.modules[__name__])