From f8e91ecebb69328300ddc3d863005209541b1225 Mon Sep 17 00:00:00 2001 From: jack9603301 Date: Tue, 16 Mar 2021 17:00:47 +0800 Subject: nat66: T2518: Correct the wrong logic For nat66, the previous processing of f0d0a572 (NAT: nat66: t2518: support operation...) has errors. If there is no index 3, we think that this is not the record we need --- src/op_mode/show_nat66_rules.py | 14 ++++++++++---- src/op_mode/show_nat66_statistics.py | 2 +- src/op_mode/show_nat_rules.py | 7 +++++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/op_mode/show_nat66_rules.py b/src/op_mode/show_nat66_rules.py index cbab2d03b..736ba2063 100755 --- a/src/op_mode/show_nat66_rules.py +++ b/src/op_mode/show_nat66_rules.py @@ -40,10 +40,17 @@ if args.source or args.destination: data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp) for idx in range(0, len(data_json)): data = data_json[idx] + + # If there is no index 3, we don't think this is the record we need to check + if len(data['expr']) <= 3: + continue + comment = data['comment'] + rule = comment.replace('SRC-NAT66-','') + rule = rule.replace('DST-NAT66-','') chain = data['chain'] if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'): - exit(0) + continue interface = dict_search('match.right', data['expr'][0]) srcdest = dict_search('match.right.prefix.addr', data['expr'][2]) if srcdest: @@ -52,6 +59,7 @@ if args.source or args.destination: srcdest = srcdest + '/' + str(addr_tmp) else: srcdest = dict_search('match.right', data['expr'][2]) + tran_addr = dict_search('snat.addr.prefix.addr' if args.source else 'dnat.addr.prefix.addr', data['expr'][3]) if tran_addr: addr_tmp = dict_search('snat.addr.prefix.len' if args.source else 'dnat.addr.prefix.len', data['expr'][3]) @@ -60,12 +68,10 @@ if args.source or args.destination: else: if 'masquerade' in data['expr'][3]: tran_addr = 'masquerade' - elif 'log' in data['expr'][3]: - continue else: tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - print(format_nat66_rule % (comment, srcdest, tran_addr, interface)) + print(format_nat66_rule % (rule, srcdest, tran_addr, interface)) exit(0) else: diff --git a/src/op_mode/show_nat66_statistics.py b/src/op_mode/show_nat66_statistics.py index 0f0b05978..bc81692ae 100755 --- a/src/op_mode/show_nat66_statistics.py +++ b/src/op_mode/show_nat66_statistics.py @@ -31,7 +31,7 @@ rule pkts bytes interface {% set bytes = r.counter.bytes %} {% set interface = r.interface %} {# remove rule comment prefix #} -{% set comment = r.comment | replace('SRC-NAT-', '') | replace('DST-NAT-', '') | replace(' tcp_udp', '') %} +{% set comment = r.comment | replace('SRC-NAT66-', '') | replace('DST-NAT66-', '') %} {{ "%-4s" | format(comment) }} {{ "%9s" | format(packets) }} {{ "%12s" | format(bytes) }} {{ interface }} {% endif %} {% endfor %} diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index 0ddb7ddd4..1a02f6602 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -41,9 +41,12 @@ if args.source or args.destination: for idx in range(0, len(data_json)): data = data_json[idx] comment = data['comment'] + rule = comment.replace('SRC-NAT-','') + rule = rule.replace('DST-NAT-','') + rule = rule.replace(' tcp_udp','') chain = data['chain'] if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'): - exit(0) + continue interface = dict_search('match.right', data['expr'][0]) srcdest = dict_search('match.right.prefix.addr', data['expr'][1]) if srcdest: @@ -65,7 +68,7 @@ if args.source or args.destination: else: tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - print(format_nat66_rule % (comment, srcdest, tran_addr, interface)) + print(format_nat66_rule % (rule, srcdest, tran_addr, interface)) exit(0) else: -- cgit v1.2.3 From 2ee759f3cbd698ac53fcb0a87c095eb3ef9bbe85 Mon Sep 17 00:00:00 2001 From: jack9603301 Date: Wed, 17 Mar 2021 02:06:17 +0800 Subject: nat66: T2518: use Python3 format identifiers --- src/op_mode/show_nat66_rules.py | 8 ++++---- src/op_mode/show_nat_rules.py | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/op_mode/show_nat66_rules.py b/src/op_mode/show_nat66_rules.py index 736ba2063..fe5113015 100755 --- a/src/op_mode/show_nat66_rules.py +++ b/src/op_mode/show_nat66_rules.py @@ -33,9 +33,9 @@ if args.source or args.destination: tmp = cmd('sudo nft -j list table ip6 nat') tmp = json.loads(tmp) - format_nat66_rule = '%-10s %-50s %-50s %-10s' - print(format_nat66_rule % ("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) - print(format_nat66_rule % ("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) + format_nat66_rule = '{0: <10} {1: <50} {2: <50} {3: <10}' + print(format_nat66_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) + print(format_nat66_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp) for idx in range(0, len(data_json)): @@ -71,7 +71,7 @@ if args.source or args.destination: else: tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - print(format_nat66_rule % (rule, srcdest, tran_addr, interface)) + print(format_nat66_rule.format(rule, srcdest, tran_addr, interface)) exit(0) else: diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index 1a02f6602..511c33610 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -33,9 +33,9 @@ if args.source or args.destination: tmp = cmd('sudo nft -j list table ip nat') tmp = json.loads(tmp) - format_nat66_rule = '%-10s %-50s %-50s %-10s' - print(format_nat66_rule % ("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) - print(format_nat66_rule % ("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) + format_nat66_rule = '{0: <10} {1: <50} {2: <50} {3: <10}' + print(format_nat66_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) + print(format_nat66_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp) for idx in range(0, len(data_json)): @@ -68,7 +68,7 @@ if args.source or args.destination: else: tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - print(format_nat66_rule % (rule, srcdest, tran_addr, interface)) + print(format_nat66_rule.format(rule, srcdest, tran_addr, interface)) exit(0) else: -- cgit v1.2.3 From 5995f83eded2169cb710070c89f067ac6e28f6af Mon Sep 17 00:00:00 2001 From: jack9603301 Date: Wed, 17 Mar 2021 02:20:59 +0800 Subject: nat66: T2518: Modify NAT ruleid acquisition method --- src/op_mode/show_nat_rules.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index 511c33610..a98fbef8c 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -41,9 +41,7 @@ if args.source or args.destination: for idx in range(0, len(data_json)): data = data_json[idx] comment = data['comment'] - rule = comment.replace('SRC-NAT-','') - rule = rule.replace('DST-NAT-','') - rule = rule.replace(' tcp_udp','') + rule = int(''.join(list(filter(str.isdigit, comment)))) chain = data['chain'] if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'): continue -- cgit v1.2.3