selftests: netfilter: extend flowtable test script with dnat rule

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

NAT test currently covers snat (masquerade) only.

Also add a dnat rule and then check that a connecting to the
to-be-dnated address will work.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 6 years ago d05d5db8 c9b3b820

+34 -5

1 changed file

expand all

tools

testing

selftests

netfilter

nft_flowtable.sh

+34 -5

tools/testing/selftests/netfilter/nft_flowtable.sh

··· 226 226 return 0 227 227 } 228 228 229 - test_tcp_forwarding() 229 + test_tcp_forwarding_ip() 230 230 { 231 231 local nsa=$1 232 232 local nsb=$2 233 + local dstip=$3 234 + local dstport=$4 233 235 local lret=0 234 236 235 237 ip netns exec $nsb nc -w 5 -l -p 12345 < "$ns2in" > "$ns2out" & 236 238 lpid=$! 237 239 238 240 sleep 1 239 - ip netns exec $nsa nc -w 4 10.0.2.99 12345 < "$ns1in" > "$ns1out" & 241 + ip netns exec $nsa nc -w 4 "$dstip" "$dstport" < "$ns1in" > "$ns1out" & 240 242 cpid=$! 241 243 242 244 sleep 3 ··· 255 253 check_transfer "$ns2in" "$ns1out" "ns1 <- ns2" 256 254 if [ $? -ne 0 ];then 257 255 lret=1 256 + fi 257 + 258 + return $lret 259 + } 260 + 261 + test_tcp_forwarding() 262 + { 263 + test_tcp_forwarding_ip "$1" "$2" 10.0.2.99 12345 264 + 265 + return $? 266 + } 267 + 268 + test_tcp_forwarding_nat() 269 + { 270 + local lret 271 + 272 + test_tcp_forwarding_ip "$1" "$2" 10.0.2.99 12345 273 + lret=$? 274 + 275 + if [ $lret -eq 0 ] ; then 276 + test_tcp_forwarding_ip "$1" "$2" 10.6.6.6 1666 277 + lret=$? 258 278 fi 259 279 260 280 return $lret ··· 307 283 # Same, but with NAT enabled. 308 284 ip netns exec nsr1 nft -f - <<EOF 309 285 table ip nat { 286 + chain prerouting { 287 + type nat hook prerouting priority 0; policy accept; 288 + meta iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345 289 + } 290 + 310 291 chain postrouting { 311 292 type nat hook postrouting priority 0; policy accept; 312 - meta oifname "veth1" masquerade 293 + meta oifname "veth1" counter masquerade 313 294 } 314 295 } 315 296 EOF 316 297 317 - test_tcp_forwarding ns1 ns2 298 + test_tcp_forwarding_nat ns1 ns2 318 299 319 300 if [ $? -eq 0 ] ;then 320 301 echo "PASS: flow offloaded for ns1/ns2 with NAT" ··· 342 313 ip netns exec ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null 343 314 ip netns exec ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null 344 315 345 - test_tcp_forwarding ns1 ns2 316 + test_tcp_forwarding_nat ns1 ns2 346 317 if [ $? -eq 0 ] ;then 347 318 echo "PASS: flow offloaded for ns1/ns2 with NAT and pmtu discovery" 348 319 else