Migrate vyatta-nat-translations.pl to Python
Closed, WontfixPublic
Actions

Assigned To

Authored By

	c-po
	May 14 2020, 4:31 PM

Description

The following Perl script needs a Python migration

https://github.com/vyos/vyatta-nat/blob/current/scripts/vyatta-nat-translations.pl
and should be placed here: https://github.com/vyos/vyos-1x/tree/current/src/op_mode

The output is as follows:

vyos@vyos:~$ show nat source translations | strip-private
Pre-NAT              Post-NAT             Prot  Timeout
xxx.xxx.33.164        xxx.xxx.192.202        tcp   72285
xxx.xxx.33.161        xxx.xxx.192.202        tcp   136553
xxx.xxx.33.164        xxx.xxx.192.202        tcp   72
xxx.xxx.36.40         xxx.xxx.192.202        udp   262
xxx.xxx.201.10        xxx.xxx.192.202        tcp   118
xxx.xxx.33.161        xxx.xxx.192.202        tcp   244450
xxx.xxx.33.161        xxx.xxx.192.202        tcp   136554
xxx.xxx.33.164        xxx.xxx.192.202        tcp   431995
xxx.xxx.33.161        xxx.xxx.192.202        tcp   136559
xxx.xxx.33.165        xxx.xxx.192.202        tcp   141720
xxx.xxx.33.165        xxx.xxx.192.202        tcp   214964
xxx.xxx.33.161        xxx.xxx.192.202        tcp   136537
xxx.xxx.33.164        xxx.xxx.192.202        tcp   431997
xxx.xxx.33.161        xxx.xxx.192.202        tcp   136554
xxx.xxx.35.23         xxx.xxx.192.202        tcp   431977
xxx.xxx.35.242        xxx.xxx.192.202        tcp   431620
xxx.xxx.33.161        xxx.xxx.192.202        tcp   216661
xxx.xxx.33.164        xxx.xxx.192.202        tcp   431980
xxx.xxx.33.161        xxx.xxx.192.202        tcp   216660
xxx.xxx.33.40         xxx.xxx.192.202        tcp   431997
xxx.xxx.33.164        xxx.xxx.192.202        tcp   431960
xxx.xxx.33.164:49408  xxx.xxx.192.202:1024   tcp   97238
xxx.xxx.33.164        xxx.xxx.192.202        tcp   431959
xxx.xxx.202.10        xxx.xxx.192.202        udp   201
xxx.xxx.202.10        xxx.xxx.192.202        udp   116

vyos@vyos:~$ show nat destination translations | strip-private
Pre-NAT              Post-NAT             Prot  Timeout
xxx.xxx.100.100       xxx.xxx.100.100       icmp  29
xxx.xxx.192.202        xxx.xxx.36.10         tcp   338243
xxx.xxx.192.202        xxx.xxx.36.10         tcp   338194
xxx.xxx.192.202        xxx.xxx.36.10         tcp   85
xxx.xxx.192.202        xxx.xxx.36.10         tcp   55
xxx.xxx.192.202        xxx.xxx.36.10         tcp   61
xxx.xxx.192.202        xxx.xxx.36.10         tcp   116
xxx.xxx.192.202        xxx.xxx.36.10         tcp   391797
xxx.xxx.192.202        xxx.xxx.36.10         tcp   299
xxx.xxx.192.202        xxx.xxx.36.10         tcp   338240
xxx.xxx.192.202        xxx.xxx.36.10         tcp   28
xxx.xxx.192.202        xxx.xxx.36.10         tcp   338216
xxx.xxx.192.202        xxx.xxx.36.10         tcp   338216
xxx.xxx.192.202        xxx.xxx.36.10         tcp   93

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Internal change (not visible to end users)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		c-po	T2198 Rewrite NAT in new XML/Python style
		Wontfix		c-po	T2460 Migrate vyatta-nat-translations.pl to Python

Event Timeline

c-po reassigned this task from c-po to thomas-mangin.May 14 2020, 4:31 PM

c-po triaged this task as Normal priority.

c-po created this task.

c-po created this object in space S1 VyOS Public.

c-po closed this task as Resolved.May 30 2020, 1:00 PM

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Jun 2 2020, 5:49 PM

erkin set Issue type to Internal change (not visible to end users).Aug 30 2021, 6:13 AM

erkin removed a subscriber: Active contributors.

I need to reopen this, because after T3781 op-mode CLI references were reverted as well, and now we are in the strange situation when show_nat_translations.py is in the system, but CLI still refers to the old vyatta-nat-translations.pl.
The old script uses too much CPU and RAM, and can even crash on big conntrack tables.
We should backport updates from sagitta to op-mode scripts and replace CLI references to use them.

zsdc reassigned this task from thomas-mangin to c-po.Aug 27 2022, 12:37 PM

zsdc added a subscriber: thomas-mangin.

In the 1.4 nat translations were rewritten, but I didn't delete the old python code yet https://github.com/vyos/vyos-1x/pull/1501

syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.Aug 29 2022, 7:04 AM

syncer moved this task from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.3) board.

1.3 and 1.4 NAT code should not be mixed. Also 1.4 makes use of the generic op-mode framework which is not present in 1.3 thus a backport is not possible.

The old script uses too much CPU and RAM, and can even crash on big conntrack tables.

As unfortunate as it might seem we need to fix that bug in the old script(s)

c-po closed this task as Wontfix.Jan 17 2023, 2:25 PM

syncer moved this task from Backlog to Finished on the VyOS 1.3 Equuleus (1.3.3) board.Jul 12 2023, 10:24 PM

Migrate vyatta-nat-translations.pl to PythonClosed, WontfixPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Migrate vyatta-nat-translations.pl to Python
Closed, WontfixPublic
Actions

Related Objects
Search...