From 9207897983a3bfafa0ec3e436c1ad67790f09f06 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 19 Jan 2021 21:01:20 +0100
Subject: nat: T2947: add many-many translation

Support a 1:1 or 1:n prefix translation. The following configuration will NAT
source addresses from the 10.2.0.0/16 range to an address from 192.0.2.0/29.

For this feature to work a Linux Kernel 5.8 or higher is required!

vyos@vyos# show nat
 source {
     rule 100 {
         outbound-interface eth1
         source {
             address 10.2.0.0/16
         }
         translation {
             address 192.0.2.0/29
         }
     }
 }

This results in the nftables configuration:

chain POSTROUTING {
    type nat hook postrouting priority srcnat; policy accept;
    oifname "eth1" counter packets 0 bytes 0 snat ip prefix to ip saddr map
        { 10.2.0.0/16 : 192.0.2.0/29 } comment "SRC-NAT-100"
}
---
 src/tests/test_template.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src/tests')

diff --git a/src/tests/test_template.py b/src/tests/test_template.py
index 544755692..7800d007f 100644
--- a/src/tests/test_template.py
+++ b/src/tests/test_template.py
@@ -93,3 +93,22 @@ class TestVyOSTemplate(TestCase):
         self.assertEqual(vyos.template.dec_ip('2001:db8::b/64', '10'),  '2001:db8::1')
         self.assertEqual(vyos.template.dec_ip('2001:db8::f', '5'),  '2001:db8::a')
 
+    def test_is_network(self):
+        self.assertFalse(vyos.template.is_ip_network('192.0.2.0'))
+        self.assertFalse(vyos.template.is_ip_network('192.0.2.1/24'))
+        self.assertTrue(vyos.template.is_ip_network('192.0.2.0/24'))
+
+        self.assertFalse(vyos.template.is_ip_network('2001:db8::'))
+        self.assertFalse(vyos.template.is_ip_network('2001:db8::ffff'))
+        self.assertTrue(vyos.template.is_ip_network('2001:db8::/48'))
+        self.assertTrue(vyos.template.is_ip_network('2001:db8:1000::/64'))
+
+    def test_is_network(self):
+        self.assertTrue(vyos.template.compare_netmask('10.0.0.0/8', '20.0.0.0/8'))
+        self.assertTrue(vyos.template.compare_netmask('10.0.0.0/16', '20.0.0.0/16'))
+        self.assertFalse(vyos.template.compare_netmask('10.0.0.0/8', '20.0.0.0/16'))
+        self.assertFalse(vyos.template.compare_netmask('10.0.0.1', '20.0.0.0/16'))
+
+        self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/48'))
+        self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/64', '2001:db8:2000::/64'))
+        self.assertFalse(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/64'))
-- 
cgit v1.2.3