Make ACC route into nftables
Change-Id: I6f8bdb2677134731f5ca9590358a955643b96c81
diff --git a/scripts/nbhelper/device.py b/scripts/nbhelper/device.py
index 05f7ee0..1a1e385 100644
--- a/scripts/nbhelper/device.py
+++ b/scripts/nbhelper/device.py
@@ -305,10 +305,17 @@
)
# Only management server needs to be configured the whitelist netrange of
- # internal interface
+ # internal interface, this code will config the nftables parameters
+ # the nftables will do the SNAT for both UE ranges and Aether Central ranges
if self.data.device_role.name == "Router":
ret["interface_subnets"] = dict()
+
+ ret["acc_routing"] = dict()
+ ret["acc_routing"]["acc_subnets"] = self.data.config_context.pop(
+ "acc_subnets"
+ )
+
ret["ue_routing"] = dict()
ret["ue_routing"]["ue_subnets"] = self.data.config_context.pop("ue_subnets")
@@ -344,12 +351,17 @@
neighbor.subnet
)
+ # Build data which needs by nftables, the UE subnets and ACC subnets
for prefix in PrefixContainer().all():
+ # The subnet in this site which needs the redirecting
if "fab" in prefix.data.description:
ret["ue_routing"].setdefault("src_subnets", [])
ret["ue_routing"]["src_subnets"].append(prefix.data.prefix)
+ ret["acc_routing"].setdefault("src_subnets", [])
+ ret["acc_routing"]["src_subnets"].append(prefix.data.prefix)
+ # mgmtserver do the SNAT for fabric network on FAB interface
if (
not ret["ue_routing"].get("snat_addr")
and "fab" in prefix.data.description
@@ -362,6 +374,19 @@
)
break
+ # mgmtserver do the SNAT for mgmt network on mgmt interface
+ if (
+ not ret["acc_routing"].get("snat_addr")
+ and "mgmt" in prefix.data.description
+ ):
+ for interface in self.interfaces.values():
+ for address in interface["addresses"]:
+ if address in netaddr.IPSet([prefix.subnet]):
+ ret["acc_routing"]["snat_addr"] = str(
+ netaddr.IPNetwork(address).ip
+ )
+ break
+
return ret
def generate_extra_config(self):