~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/netfilter/nf_nat_edemux.sh

Version: ~ [ linux-6.0-rc6 ] ~ [ linux-5.19.10 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.69 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.144 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.214 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.259 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.294 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.329 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 #!/bin/bash
  2 # SPDX-License-Identifier: GPL-2.0
  3 #
  4 # Test NAT source port clash resolution
  5 #
  6 
  7 # Kselftest framework requirement - SKIP code is 4.
  8 ksft_skip=4
  9 ret=0
 10 
 11 sfx=$(mktemp -u "XXXXXXXX")
 12 ns1="ns1-$sfx"
 13 ns2="ns2-$sfx"
 14 
 15 cleanup()
 16 {
 17         ip netns del $ns1
 18         ip netns del $ns2
 19 }
 20 
 21 iperf3 -v > /dev/null 2>&1
 22 if [ $? -ne 0 ];then
 23         echo "SKIP: Could not run test without iperf3"
 24         exit $ksft_skip
 25 fi
 26 
 27 iptables --version > /dev/null 2>&1
 28 if [ $? -ne 0 ];then
 29         echo "SKIP: Could not run test without iptables"
 30         exit $ksft_skip
 31 fi
 32 
 33 ip -Version > /dev/null 2>&1
 34 if [ $? -ne 0 ];then
 35         echo "SKIP: Could not run test without ip tool"
 36         exit $ksft_skip
 37 fi
 38 
 39 ip netns add "$ns1"
 40 if [ $? -ne 0 ];then
 41         echo "SKIP: Could not create net namespace $ns1"
 42         exit $ksft_skip
 43 fi
 44 
 45 trap cleanup EXIT
 46 
 47 ip netns add $ns2
 48 
 49 # Connect the namespaces using a veth pair
 50 ip link add name veth2 type veth peer name veth1
 51 ip link set netns $ns1 dev veth1
 52 ip link set netns $ns2 dev veth2
 53 
 54 ip netns exec $ns1 ip link set up dev lo
 55 ip netns exec $ns1 ip link set up dev veth1
 56 ip netns exec $ns1 ip addr add 192.168.1.1/24 dev veth1
 57 
 58 ip netns exec $ns2 ip link set up dev lo
 59 ip netns exec $ns2 ip link set up dev veth2
 60 ip netns exec $ns2 ip addr add 192.168.1.2/24 dev veth2
 61 
 62 # Create a server in one namespace
 63 ip netns exec $ns1 iperf3 -s > /dev/null 2>&1 &
 64 iperfs=$!
 65 
 66 # Restrict source port to just one so we don't have to exhaust
 67 # all others.
 68 ip netns exec $ns2 sysctl -q net.ipv4.ip_local_port_range="10000 10000"
 69 
 70 # add a virtual IP using DNAT
 71 ip netns exec $ns2 iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:5201
 72 
 73 # ... and route it to the other namespace
 74 ip netns exec $ns2 ip route add 10.96.0.1 via 192.168.1.1
 75 
 76 sleep 1
 77 
 78 # add a persistent connection from the other namespace
 79 ip netns exec $ns2 nc -q 10 -w 10 192.168.1.1 5201 > /dev/null &
 80 
 81 sleep 1
 82 
 83 # ip daddr:dport will be rewritten to 192.168.1.1 5201
 84 # NAT must reallocate source port 10000 because
 85 # 192.168.1.2:10000 -> 192.168.1.1:5201 is already in use
 86 echo test | ip netns exec $ns2 nc -w 3 -q 3 10.96.0.1 443 >/dev/null
 87 ret=$?
 88 
 89 kill $iperfs
 90 
 91 # Check nc can connect to 10.96.0.1:443 (aka 192.168.1.1:5201).
 92 if [ $ret -eq 0 ]; then
 93         echo "PASS: nc can connect via NAT'd address"
 94 else
 95         echo "FAIL: nc cannot connect via NAT'd address"
 96         exit 1
 97 fi
 98 
 99 exit 0

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp