Commit a2acf0c0 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

selftests: nft_nat: switch port shadow test cases to socat 



There are now at least three distinct flavours of netcat/nc tool:
'original' version, one version ported from openbsd and nmap-ncat.

The script only works with original because it sets SOREUSEPORT option.

Other nc versions return 'port already in use' error and port shadow test fails:

PASS: inet IPv6 redirection for ns2-hMHcaRvx
nc: bind failed: Address already in use
ERROR: portshadow test default: got reply from "ROUTER", not CLIENT as intended

Switch to socat instead.

Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 39f6eed4

tools/testing/selftests/netfilter/nft_nat.sh

+19 −7
Original line number Diff line number Diff line
@@ -760,20 +760,20 @@ test_port_shadow() 
	local logmsg=""



	# make shadow entry, from client (ns2), going to (ns1), port 41404, sport 1405.

	echo "fake-entry" | ip netns exec "$ns2" nc -w 1 -p 1405 -u "$daddrc" 41404 > /dev/null

	echo "fake-entry" | ip netns exec "$ns2" timeout 1 socat -u STDIN UDP:"$daddrc":41404,sourceport=1405



	echo ROUTER | ip netns exec "$ns0" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 &

	nc_r=$!

	echo ROUTER | ip netns exec "$ns0" timeout 5 socat -u STDIN UDP4-LISTEN:1405 &

	sc_r=$!



	echo CLIENT | ip netns exec "$ns2" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 &

	nc_c=$!

	echo CLIENT | ip netns exec "$ns2" timeout 5 socat -u STDIN UDP4-LISTEN:1405,reuseport &

	sc_c=$!



	sleep 0.3



	# ns1 tries to connect to ns0:1405.  With default settings this should connect

	# to client, it matches the conntrack entry created above.



	result=$(echo "" | ip netns exec "$ns1" nc -w 1 -p 41404 -u "$daddrs" 1405)

	result=$(echo "data" | ip netns exec "$ns1" timeout 1 socat - UDP:"$daddrs":1405,sourceport=41404)



	if [ "$result" = "$expect" ] ;then

		echo "PASS: portshadow test $test: got reply from ${expect}${logmsg}"
@@ -782,7 +782,7 @@ test_port_shadow() 
		ret=1

	fi



	kill $nc_r $nc_c 2>/dev/null

	kill $sc_r $sc_c 2>/dev/null



	# flush udp entries for next test round, if any

	ip netns exec "$ns0" conntrack -F >/dev/null 2>&1
@@ -852,6 +852,18 @@ test_port_shadowing() 
{

	local family="ip"



	conntrack -h >/dev/null 2>&1

	if [ $? -ne 0 ];then

		echo "SKIP: Could not run nat port shadowing test without conntrack tool"

		return

	fi



	socat -h > /dev/null 2>&1

	if [ $? -ne 0 ];then

		echo "SKIP: Could not run nat port shadowing test without socat tool"

		return

	fi



	ip netns exec "$ns0" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null

	ip netns exec "$ns0" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null