From c64d877d2a1fdf6a596a5c4036b3d045703b5931 Mon Sep 17 00:00:00 2001 From: Ryazanov Alexander Mihailovich Date: Sat, 18 May 2024 16:50:55 +0300 Subject: [PATCH 1/3] nat: T6365: remove warnings for negated interface selections by name (cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec) --- src/conf_mode/nat.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 4cd9b570d5..0563519869 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -149,8 +149,12 @@ def verify(nat): if 'name' in config['outbound_interface'] and 'group' in config['outbound_interface']: raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for nat source rule "{rule}"') elif 'name' in config['outbound_interface']: - if config['outbound_interface']['name'] not in 'any' and config['outbound_interface']['name'] not in interfaces(): - Warning(f'NAT interface "{config["outbound_interface"]["name"]}" for source NAT rule "{rule}" does not exist!') + interface_name = config['outbound_interface']['name'] + if interface_name not in 'any': + if interface_name[0] == '!': + interface_name = interface_name[1:] + if interface_name not in interfaces(): + Warning(f'NAT interface "{interface_name}" for source NAT rule "{rule}" does not exist!') else: group_name = config['outbound_interface']['group'] if group_name[0] == '!': @@ -182,8 +186,12 @@ def verify(nat): if 'name' in config['inbound_interface'] and 'group' in config['inbound_interface']: raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for destination nat rule "{rule}"') elif 'name' in config['inbound_interface']: - if config['inbound_interface']['name'] not in 'any' and config['inbound_interface']['name'] not in interfaces(): - Warning(f'NAT interface "{config["inbound_interface"]["name"]}" for destination NAT rule "{rule}" does not exist!') + interface_name = config['inbound_interface']['name'] + if interface_name not in 'any': + if interface_name[0] == '!': + interface_name = interface_name[1:] + if interface_name not in interfaces(): + Warning(f'NAT interface "{interface_name}" for destination NAT rule "{rule}" does not exist!') else: group_name = config['inbound_interface']['group'] if group_name[0] == '!': From 50e7577815ca2e2da80a0356815d421350df63f5 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 22 May 2024 19:46:46 +0200 Subject: [PATCH 2/3] nat: T6365: use string startswith() over [0] index access (cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b) --- src/conf_mode/nat.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 0563519869..db02ca66fb 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -151,7 +151,7 @@ def verify(nat): elif 'name' in config['outbound_interface']: interface_name = config['outbound_interface']['name'] if interface_name not in 'any': - if interface_name[0] == '!': + if interface_name.startswith('!'): interface_name = interface_name[1:] if interface_name not in interfaces(): Warning(f'NAT interface "{interface_name}" for source NAT rule "{rule}" does not exist!') @@ -188,7 +188,7 @@ def verify(nat): elif 'name' in config['inbound_interface']: interface_name = config['inbound_interface']['name'] if interface_name not in 'any': - if interface_name[0] == '!': + if interface_name.startswith('!'): interface_name = interface_name[1:] if interface_name not in interfaces(): Warning(f'NAT interface "{interface_name}" for destination NAT rule "{rule}" does not exist!') From a2293874c80d99c77930cfd47daffe9e6ab84d3a Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 22 May 2024 19:48:32 +0200 Subject: [PATCH 3/3] nat: T6365: use interface_exists() over netifaces.interfaces() (cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a) --- src/conf_mode/nat.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index db02ca66fb..f74bb217e5 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -17,7 +17,6 @@ import os from sys import exit -from netifaces import interfaces from vyos.base import Warning from vyos.config import Config @@ -30,6 +29,7 @@ from vyos.utils.process import cmd from vyos.utils.process import run from vyos.utils.network import is_addr_assigned +from vyos.utils.network import interface_exists from vyos import ConfigError from vyos import airbag @@ -153,8 +153,8 @@ def verify(nat): if interface_name not in 'any': if interface_name.startswith('!'): interface_name = interface_name[1:] - if interface_name not in interfaces(): - Warning(f'NAT interface "{interface_name}" for source NAT rule "{rule}" does not exist!') + if not interface_exists(interface_name): + Warning(f'Interface "{interface_name}" for source NAT rule "{rule}" does not exist!') else: group_name = config['outbound_interface']['group'] if group_name[0] == '!': @@ -190,8 +190,8 @@ def verify(nat): if interface_name not in 'any': if interface_name.startswith('!'): interface_name = interface_name[1:] - if interface_name not in interfaces(): - Warning(f'NAT interface "{interface_name}" for destination NAT rule "{rule}" does not exist!') + if not interface_exists(interface_name): + Warning(f'Interface "{interface_name}" for destination NAT rule "{rule}" does not exist!') else: group_name = config['inbound_interface']['group'] if group_name[0] == '!':