Skip to content

Commit d05d5db

Browse files
Florian Westphalummakynes
Florian Westphal
authored and
ummakynes
committed
selftests: netfilter: extend flowtable test script with dnat rule
NAT test currently covers snat (masquerade) only. Also add a dnat rule and then check that a connecting to the to-be-dnated address will work. Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent c9b3b82 commit d05d5db

File tree

1 file changed

+34
-5
lines changed

1 file changed

+34
-5
lines changed

tools/testing/selftests/netfilter/nft_flowtable.sh

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -226,17 +226,19 @@ check_transfer()
226226
return 0
227227
}
228228

229-
test_tcp_forwarding()
229+
test_tcp_forwarding_ip()
230230
{
231231
local nsa=$1
232232
local nsb=$2
233+
local dstip=$3
234+
local dstport=$4
233235
local lret=0
234236

235237
ip netns exec $nsb nc -w 5 -l -p 12345 < "$ns2in" > "$ns2out" &
236238
lpid=$!
237239

238240
sleep 1
239-
ip netns exec $nsa nc -w 4 10.0.2.99 12345 < "$ns1in" > "$ns1out" &
241+
ip netns exec $nsa nc -w 4 "$dstip" "$dstport" < "$ns1in" > "$ns1out" &
240242
cpid=$!
241243

242244
sleep 3
@@ -258,6 +260,28 @@ test_tcp_forwarding()
258260
return $lret
259261
}
260262

263+
test_tcp_forwarding()
264+
{
265+
test_tcp_forwarding_ip "$1" "$2" 10.0.2.99 12345
266+
267+
return $?
268+
}
269+
270+
test_tcp_forwarding_nat()
271+
{
272+
local lret
273+
274+
test_tcp_forwarding_ip "$1" "$2" 10.0.2.99 12345
275+
lret=$?
276+
277+
if [ $lret -eq 0 ] ; then
278+
test_tcp_forwarding_ip "$1" "$2" 10.6.6.6 1666
279+
lret=$?
280+
fi
281+
282+
return $lret
283+
}
284+
261285
make_file "$ns1in" "ns1"
262286
make_file "$ns2in" "ns2"
263287

@@ -283,14 +307,19 @@ ip -net ns2 route add 192.168.10.1 via 10.0.2.1
283307
# Same, but with NAT enabled.
284308
ip netns exec nsr1 nft -f - <<EOF
285309
table ip nat {
310+
chain prerouting {
311+
type nat hook prerouting priority 0; policy accept;
312+
meta iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
313+
}
314+
286315
chain postrouting {
287316
type nat hook postrouting priority 0; policy accept;
288-
meta oifname "veth1" masquerade
317+
meta oifname "veth1" counter masquerade
289318
}
290319
}
291320
EOF
292321

293-
test_tcp_forwarding ns1 ns2
322+
test_tcp_forwarding_nat ns1 ns2
294323

295324
if [ $? -eq 0 ] ;then
296325
echo "PASS: flow offloaded for ns1/ns2 with NAT"
@@ -313,7 +342,7 @@ fi
313342
ip netns exec ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null
314343
ip netns exec ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null
315344

316-
test_tcp_forwarding ns1 ns2
345+
test_tcp_forwarding_nat ns1 ns2
317346
if [ $? -eq 0 ] ;then
318347
echo "PASS: flow offloaded for ns1/ns2 with NAT and pmtu discovery"
319348
else

0 commit comments

Comments
 (0)