selftests: nft_nat: switch port shadow test cases to socat

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

There are now at least three distinct flavours of netcat/nc tool:
'original' version, one version ported from openbsd and nmap-ncat.

The script only works with original because it sets SOREUSEPORT option.

Other nc versions return 'port already in use' error and port shadow test fails:

PASS: inet IPv6 redirection for ns2-hMHcaRvx
nc: bind failed: Address already in use
ERROR: portshadow test default: got reply from "ROUTER", not CLIENT as intended

Switch to socat instead.

Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 4 years ago a2acf0c0 39f6eed4

+19 -7

1 changed file

expand all

tools

testing

selftests

netfilter

nft_nat.sh

+19 -7

tools/testing/selftests/netfilter/nft_nat.sh

··· 760 760 local logmsg="" 761 761 762 762 # make shadow entry, from client (ns2), going to (ns1), port 41404, sport 1405. 763 - echo "fake-entry" | ip netns exec "$ns2" nc -w 1 -p 1405 -u "$daddrc" 41404 > /dev/null 763 + echo "fake-entry" | ip netns exec "$ns2" timeout 1 socat -u STDIN UDP:"$daddrc":41404,sourceport=1405 764 764 765 - echo ROUTER | ip netns exec "$ns0" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 & 766 - nc_r=$! 765 + echo ROUTER | ip netns exec "$ns0" timeout 5 socat -u STDIN UDP4-LISTEN:1405 & 766 + sc_r=$! 767 767 768 - echo CLIENT | ip netns exec "$ns2" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 & 769 - nc_c=$! 768 + echo CLIENT | ip netns exec "$ns2" timeout 5 socat -u STDIN UDP4-LISTEN:1405,reuseport & 769 + sc_c=$! 770 770 771 771 sleep 0.3 772 772 773 773 # ns1 tries to connect to ns0:1405. With default settings this should connect 774 774 # to client, it matches the conntrack entry created above. 775 775 776 - result=$(echo "" | ip netns exec "$ns1" nc -w 1 -p 41404 -u "$daddrs" 1405) 776 + result=$(echo "data" | ip netns exec "$ns1" timeout 1 socat - UDP:"$daddrs":1405,sourceport=41404) 777 777 778 778 if [ "$result" = "$expect" ] ;then 779 779 echo "PASS: portshadow test $test: got reply from ${expect}${logmsg}" ··· 782 782 ret=1 783 783 fi 784 784 785 - kill $nc_r $nc_c 2>/dev/null 785 + kill $sc_r $sc_c 2>/dev/null 786 786 787 787 # flush udp entries for next test round, if any 788 788 ip netns exec "$ns0" conntrack -F >/dev/null 2>&1 ··· 851 851 test_port_shadowing() 852 852 { 853 853 local family="ip" 854 + 855 + conntrack -h >/dev/null 2>&1 856 + if [ $? -ne 0 ];then 857 + echo "SKIP: Could not run nat port shadowing test without conntrack tool" 858 + return 859 + fi 860 + 861 + socat -h > /dev/null 2>&1 862 + if [ $? -ne 0 ];then 863 + echo "SKIP: Could not run nat port shadowing test without socat tool" 864 + return 865 + fi 854 866 855 867 ip netns exec "$ns0" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null 856 868 ip netns exec "$ns0" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null