* [PATCH nf] selftests: nft_nat: switch port shadow test cases to socat
@ 2021-11-11 17:23 Florian Westphal
2021-11-15 11:02 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2021-11-11 17:23 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal, kernel test robot
There are now at least three distinct flavours of netcat/nc tool:
'original' version, one version ported from openbsd and nmap-ncat.
The script only works with original because it sets SOREUSEPORT option.
Other nc versions return 'port already in use' error and port shadow test fails:
PASS: inet IPv6 redirection for ns2-hMHcaRvx
nc: bind failed: Address already in use
ERROR: portshadow test default: got reply from "ROUTER", not CLIENT as intended
Switch to socat instead.
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tools/testing/selftests/netfilter/nft_nat.sh | 26 ++++++++++++++------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/netfilter/nft_nat.sh b/tools/testing/selftests/netfilter/nft_nat.sh
index c62e4e26252c..d88867d2fed7 100755
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@ -760,20 +760,20 @@ test_port_shadow()
local logmsg=""
# make shadow entry, from client (ns2), going to (ns1), port 41404, sport 1405.
- echo "fake-entry" | ip netns exec "$ns2" nc -w 1 -p 1405 -u "$daddrc" 41404 > /dev/null
+ echo "fake-entry" | ip netns exec "$ns2" timeout 1 socat -u STDIN UDP:"$daddrc":41404,sourceport=1405
- echo ROUTER | ip netns exec "$ns0" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 &
- nc_r=$!
+ echo ROUTER | ip netns exec "$ns0" timeout 5 socat -u STDIN UDP4-LISTEN:1405 &
+ sc_r=$!
- echo CLIENT | ip netns exec "$ns2" nc -w 5 -u -l -p 1405 >/dev/null 2>&1 &
- nc_c=$!
+ echo CLIENT | ip netns exec "$ns2" timeout 5 socat -u STDIN UDP4-LISTEN:1405,reuseport &
+ sc_c=$!
sleep 0.3
# ns1 tries to connect to ns0:1405. With default settings this should connect
# to client, it matches the conntrack entry created above.
- result=$(echo "" | ip netns exec "$ns1" nc -w 1 -p 41404 -u "$daddrs" 1405)
+ result=$(echo "data" | ip netns exec "$ns1" timeout 1 socat - UDP:"$daddrs":1405,sourceport=41404)
if [ "$result" = "$expect" ] ;then
echo "PASS: portshadow test $test: got reply from ${expect}${logmsg}"
@@ -782,7 +782,7 @@ test_port_shadow()
ret=1
fi
- kill $nc_r $nc_c 2>/dev/null
+ kill $sc_r $sc_c 2>/dev/null
# flush udp entries for next test round, if any
ip netns exec "$ns0" conntrack -F >/dev/null 2>&1
@@ -852,6 +852,18 @@ test_port_shadowing()
{
local family="ip"
+ conntrack -h >/dev/null 2>&1
+ if [ $? -ne 0 ];then
+ echo "SKIP: Could not run nat port shadowing test without conntrack tool"
+ return
+ fi
+
+ socat -h > /dev/null 2>&1
+ if [ $? -ne 0 ];then
+ echo "SKIP: Could not run nat port shadowing test without socat tool"
+ return
+ fi
+
ip netns exec "$ns0" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
ip netns exec "$ns0" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null
--
2.32.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf] selftests: nft_nat: switch port shadow test cases to socat
2021-11-11 17:23 [PATCH nf] selftests: nft_nat: switch port shadow test cases to socat Florian Westphal
@ 2021-11-15 11:02 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-15 11:02 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel, kernel test robot
On Thu, Nov 11, 2021 at 06:23:30PM +0100, Florian Westphal wrote:
> There are now at least three distinct flavours of netcat/nc tool:
> 'original' version, one version ported from openbsd and nmap-ncat.
>
> The script only works with original because it sets SOREUSEPORT option.
>
> Other nc versions return 'port already in use' error and port shadow test fails:
>
> PASS: inet IPv6 redirection for ns2-hMHcaRvx
> nc: bind failed: Address already in use
> ERROR: portshadow test default: got reply from "ROUTER", not CLIENT as intended
>
> Switch to socat instead.
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-15 11:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-11 17:23 [PATCH nf] selftests: nft_nat: switch port shadow test cases to socat Florian Westphal
2021-11-15 11:02 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.