From d5c4b758ba466119782887a73f5c2701b227c1a6 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Thu, 16 May 2024 18:37:34 +0000 Subject: T6350: CGNAT add op-mode to show allocation Add op-mode command `show nat cgnat allocation` to get CGNAT allocations (internal address, external address, port-range) --- data/op-mode-standardized.json | 1 + op-mode-definitions/nat.xml.in | 13 ++++++++ src/op_mode/cgnat.py | 75 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100755 src/op_mode/cgnat.py diff --git a/data/op-mode-standardized.json b/data/op-mode-standardized.json index a4ed2bcf4..eea8244ec 100644 --- a/data/op-mode-standardized.json +++ b/data/op-mode-standardized.json @@ -3,6 +3,7 @@ "bgp.py", "bonding.py", "bridge.py", +"cgnat.py", "config_mgmt.py", "conntrack.py", "container.py", diff --git a/op-mode-definitions/nat.xml.in b/op-mode-definitions/nat.xml.in index 307a91337..6398c0e07 100644 --- a/op-mode-definitions/nat.xml.in +++ b/op-mode-definitions/nat.xml.in @@ -7,6 +7,19 @@ Show IPv4 Network Address Translation (NAT) information + + + Show Carrier-Grade Network Address Translation (CGNAT) + + + + + Show allocated CGNAT parameters + + sudo ${vyos_op_scripts_dir}/cgnat.py show_allocation + + + Show source IPv4 to IPv4 Network Address Translation (NAT) information diff --git a/src/op_mode/cgnat.py b/src/op_mode/cgnat.py new file mode 100755 index 000000000..a98269a15 --- /dev/null +++ b/src/op_mode/cgnat.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import json +import sys +import typing + +from tabulate import tabulate + +import vyos.opmode + +from vyos.configquery import ConfigTreeQuery +from vyos.utils.process import cmd + +CGNAT_TABLE = 'cgnat' + + +def _get_raw_data(): + """ Get CGNAT dictionary + """ + cmd_output = cmd(f'nft --json list table ip {CGNAT_TABLE}') + data = json.loads(cmd_output) + return data + + +def _get_formatted_output(data): + elements = data['nftables'][2]['map']['elem'] + allocations = [] + for elem in elements: + internal = elem[0] # internal + external = elem[1]['concat'][0] # external + start_port = elem[1]['concat'][1]['range'][0] + end_port = elem[1]['concat'][1]['range'][1] + port_range = f'{start_port}-{end_port}' + allocations.append((internal, external, port_range)) + + headers = ['Internal IP', 'External IP', 'Port range'] + output = tabulate(allocations, headers, numalign="left") + return output + + +def show_allocation(raw: bool): + config = ConfigTreeQuery() + if not config.exists('nat cgnat'): + raise vyos.opmode.UnconfiguredSubsystem('CGNAT is not configured') + + if raw: + return _get_raw_data() + + else: + raw_data = _get_raw_data() + return _get_formatted_output(raw_data) + + +if __name__ == '__main__': + try: + res = vyos.opmode.run(sys.modules[__name__]) + if res: + print(res) + except (ValueError, vyos.opmode.Error) as e: + print(e) + sys.exit(1) -- cgit v1.2.3