Merge pull request #3621 from sever-sever/T6442

T6442: CGNAT add log for address allocation
vyos · Jun 10, 2024 · f118452 · f118452
2 parents 50a5a29 + d6108d6
commit f118452
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in
@@ -8,6 +8,12 @@
           <priority>221</priority>
         </properties>
         <children>
+          <leafNode name="log-allocation">
+            <properties>
+              <help>Log IP address and port allocation</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <node name="pool">
             <properties>
               <help>External and internal pool parameters</help>

diff --git a/src/conf_mode/nat_cgnat.py b/src/conf_mode/nat_cgnat.py
@@ -16,9 +16,11 @@
 
 import ipaddress
 import jmespath
+import logging
 import os
 
 from sys import exit
+from logging.handlers import SysLogHandler
 
 from vyos.config import Config
 from vyos.template import render
@@ -32,6 +34,18 @@
 
 nftables_cgnat_config = '/run/nftables-cgnat.nft'
 
+# Logging
+logger = logging.getLogger('cgnat')
+logger.setLevel(logging.DEBUG)
+
+syslog_handler = SysLogHandler(address="/dev/log")
+syslog_handler.setLevel(logging.INFO)
+
+formatter = logging.Formatter('%(name)s: %(message)s')
+syslog_handler.setFormatter(formatter)
+
+logger.addHandler(syslog_handler)
+
 
 class IPOperations:
     def __init__(self, ip_prefix: str):
@@ -356,6 +370,22 @@ def apply(config):
         return None
     cmd(f'nft --file {nftables_cgnat_config}')
 
+    # Logging allocations
+    if 'log_allocation' in config:
+        allocations = config['proto_map_elements']
+        allocations = allocations.split(',')
+        for allocation in allocations:
+            try:
+                # Split based on the delimiters used in the nft data format
+                internal_host, rest = allocation.split(' : ')
+                external_host, port_range = rest.split(' . ')
+                # Log the parsed data
+                logger.info(
+                    f"Internal host: {internal_host.lstrip()}, external host: {external_host}, Port range: {port_range}")
+            except ValueError as e:
+                # Log error message
+                logger.error(f"Error processing line '{allocation}': {e}")
+
 
 if __name__ == '__main__':
     try: