T6100: Added NAT migration from IP/Netmask to Network/Netmask

Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
vyos · Apr 11, 2024 · 27c541f · 27c541f
1 parent 5d89003
commit 27c541f
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 1 deletion.
diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/nat-version.xml.i -->
-<syntaxVersion component='nat' version='7'></syntaxVersion>
+<syntaxVersion component='nat' version='8'></syntaxVersion>
 <!-- include end -->
diff --git a/src/migration-scripts/nat/7-to-8 b/src/migration-scripts/nat/7-to-8
@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T6100: Migration from 1.3.X to 1.4
+# Change IP/netmask to Network/netmask in
+#   'set nat [source|destination] rule X [source| destination| translation] address <IP/Netmask| !IP/Netmask>'
+
+import ipaddress
+from sys import argv,exit
+from vyos.configtree import ConfigTree
+
+if len(argv) < 2:
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+if not config.exists(['nat']):
+    # Nothing to do
+    exit(0)
+
+for direction in ['source', 'destination']:
+    # If a node doesn't exist, we obviously have nothing to do.
+    if not config.exists(['nat', direction]):
+        continue
+
+    # However, we also need to handle the case when a 'source' or 'destination' sub-node does exist,
+    # but there are no rules under it.
+    if not config.list_nodes(['nat', direction]):
+        continue
+
+    for rule in config.list_nodes(['nat', direction, 'rule']):
+        base = ['nat', direction, 'rule', rule]
+        for addr_type in ['source', 'destination', 'translation']:
+            base_addr_type = base + [addr_type]
+            if not config.exists(base_addr_type) or not config.exists(
+                    base_addr_type + ['address']):
+                continue
+
+            address = config.return_value(base_addr_type + ['address'])
+
+            if not address or '/' not in address:
+                continue
+
+            negative = ''
+            network = address
+            if '!' in address:
+                negative = '!'
+                network = str(address.split(negative)[1])
+
+            network_ip = ipaddress.ip_network(network, strict=False)
+            if str(network_ip) != network:
+                network = f'{negative}{str(network_ip)}'
+                config.set(base_addr_type + ['address'], value=network)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)