conntrackd: add ip netns test script

This patch adds a script that creates a ip netns testbed. The network
topology looks like this:

          veth0---veth0
 host     nsr1     ns2
 veth0----veth0
 ns1      veth2
            |
          veth0
          nsr2

* ns1 and ns2 are clients to generate traffic
* nsr1 and nsr2 run conntrackd to synchronize states
* nsr1 is the primary gateway
  - veth2 is used to synchronize states
* nsr2 is the backup gateway
  - veth0 is used to synchronize states

To set up the testbed:

	% sudo ./conntrackd-netns-test.sh start

To test your testbed works, from ns2:

	% sudo ip netns exec ns2 nc -l -p 8080

From ns1:

	% sudo ip netns exec ns1 nc -vvv 10.0.1.2 8080

From nsr1:

	% sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr1.conf
	cache internal:
	current active connections:                1
	[...]
	cache external:
	current active connections:                0

From nsr2:

	% sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr2.conf
	cache internal:
	current active connections:                0
	[...]
	cache external:
	current active connections:                1

To stop it:

	% sudo ./conntrackd-netns-test.sh stop

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 6 insertions, 0 deletions

diff --git a/tests/conntrackd/netns/ruleset-nsr1.nft b/tests/conntrackd/netns/ruleset-nsr1.nft
new file mode 100644
index 0000000..bd6f1b4
--- /dev/null
+++ b/tests/conntrackd/netns/ruleset-nsr1.nft
@@ -0,0 +1,6 @@
+table ip filter {
+	chain postrouting {
+		type nat hook postrouting priority srcnat; policy accept;
+		oif veth0 masquerade
+	}
+}