Page MenuHomeVyOS Platform
Create Task
Maniphest T4764

NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat
Closed, ResolvedPublicBUG
Actions

Description

NAT tables vyos_nat and vyos_static_nat not delete after deleting nat
To reproduce

vyos@r14:~$ sudo nft list tables | match nat
table ip nat
vyos@r14:~$ 
vyos@r14:~$ conf
[edit]
vyos@r14# set nat source rule 100
[edit]
vyos@r14# set nat source rule 100 outbound-interface eth0
[edit]
vyos@r14# set nat source rule 100 translation address masquerade 
[edit]
vyos@r14# commit
[edit]
vyos@r14# delete nat 
[edit]
vyos@r14# commit
[edit]
vyos@r14# exit
Warning: configuration changes have not been saved.
exit
vyos@r14:~$ 
vyos@r14:~$ sudo nft list tables | match nat
table ip nat
table ip vyos_nat
table ip vyos_static_nat
vyos@r14:~$

I noticed when testing "op-mode" as nft shows the different output when tables exist and do not exist
Not exist:

vyos@r14:~$ sudo nft -j list table ip vyos_nat
Error: No such file or directory
list table ip vyos_nat
              ^^^^^^^^
vyos@r14:~$

Exist:

vyos@r14:~$ sudo nft -j list table ip vyos_nat | json_pp
{
   "nftables" : [
      {
         "metainfo" : {
            "json_schema_version" : 1,
            "release_name" : "Lester Gooch #4",
            "version" : "1.0.5"
         }
      },
      {
         "table" : {
            "family" : "ip",
            "handle" : 25,
            "name" : "vyos_nat"
         }
      },
      {
         "chain" : {
            "family" : "ip",
            "handle" : 1,
            "hook" : "prerouting",
            "name" : "PREROUTING",
            "policy" : "accept",
            "prio" : -100,
            "table" : "vyos_nat",
            "type" : "nat"
         }
      },
      {
         "chain" : {
            "family" : "ip",
            "handle" : 2,
            "hook" : "postrouting",
            "name" : "POSTROUTING",
            "policy" : "accept",
            "prio" : 100,
            "table" : "vyos_nat",
            "type" : "nat"
         }
      },
      {
         "chain" : {
            "family" : "ip",
            "handle" : 3,
            "name" : "VYOS_PRE_DNAT_HOOK",
            "table" : "vyos_nat"
         }
      },
      {
         "chain" : {
            "family" : "ip",
            "handle" : 4,
            "name" : "VYOS_PRE_SNAT_HOOK",
            "table" : "vyos_nat"
         }
      },
      {
         "rule" : {
            "chain" : "PREROUTING",
            "expr" : [
               {
                  "counter" : {
                     "bytes" : 0,
                     "packets" : 0
                  }
               },
               {
                  "jump" : {
                     "target" : "VYOS_PRE_DNAT_HOOK"
                  }
               }
            ],
            "family" : "ip",
            "handle" : 5,
            "table" : "vyos_nat"
         }
      },
      {
         "rule" : {
            "chain" : "POSTROUTING",
            "expr" : [
               {
                  "counter" : {
                     "bytes" : 0,
                     "packets" : 0
                  }
               },
               {
                  "jump" : {
                     "target" : "VYOS_PRE_SNAT_HOOK"
                  }
               }
            ],
            "family" : "ip",
            "handle" : 6,
            "table" : "vyos_nat"
         }
      },
      {
         "rule" : {
            "chain" : "POSTROUTING",
            "comment" : "SRC-NAT-100",
            "expr" : [
               {
                  "match" : {
                     "left" : {
                        "meta" : {
                           "key" : "oifname"
                        }
                     },
                     "op" : "==",
                     "right" : "eth0"
                  }
               },
               {
                  "counter" : {
                     "bytes" : 0,
                     "packets" : 0
                  }
               },
               {
                  "masquerade" : null
               }
            ],
            "family" : "ip",
            "handle" : 7,
            "table" : "vyos_nat"
         }
      },
      {
         "rule" : {
            "chain" : "VYOS_PRE_DNAT_HOOK",
            "expr" : [
               {
                  "return" : null
               }
            ],
            "family" : "ip",
            "handle" : 8,
            "table" : "vyos_nat"
         }
      },
      {
         "rule" : {
            "chain" : "VYOS_PRE_SNAT_HOOK",
            "expr" : [
               {
                  "return" : null
               }
            ],
            "family" : "ip",
            "handle" : 9,
            "table" : "vyos_nat"
         }
      }
   ]
}
vyos@r14:~$

I think we should delete tables vyos_nat and vyos_static_nat if nat configuration does not exist

Details

Version
VyOS 1.4-rolling-202210180800
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Viacheslav created this task.Oct 20 2022, 11:14 AM
Viacheslav renamed this task from NAT tables vyos_nat and vyos_static_nat not delete after deleting nat to NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat.
zsdc updated the task description. (Show Details)Oct 20 2022, 12:47 PM
pasik subscribed.Oct 20 2022, 1:00 PM
sarthurdev changed the task status from Open to In progress.Oct 25 2022, 10:29 AM
sarthurdev claimed this task.
sarthurdev changed the task status from In progress to Needs testing.Oct 25 2022, 10:02 PM

PR: https://github.com/vyos/vyos-1x/pull/1618

Restricted Repository Identity mentioned this in rVYOSONEXa61e1a78fe11: Merge pull request #1618 from sarthurdev/T4764.Oct 26 2022, 2:58 PM
sarthurdev mentioned this in rVYOSONEX2a5273e650ce: nat: T4764: Remove tables on NAT deletion.Oct 26 2022, 2:58 PM
sarthurdev moved this task from Open to In Progress on the VyOS 1.4 Sagitta board.Oct 29 2022, 5:54 PM
sarthurdev closed this task as Resolved.Nov 1 2022, 9:19 AM
sarthurdev moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.