4 files changed, 146 insertions, 0 deletions

diff --git a/tests/conntrackd/netns/conntrackd-netns-test.sh b/tests/conntrackd/netns/conntrackd-netns-test.sh
new file mode 100755
index 0000000..6f16587
--- /dev/null
+++ b/tests/conntrackd/netns/conntrackd-netns-test.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+if [ $UID -ne 0 ]
+then
+	echo "You must be root to run this test script"
+	exit 0
+fi
+
+start () {
+	ip netns add ns1
+	ip netns add ns2
+	ip netns add nsr1
+	ip netns add nsr2
+
+	ip link add veth0 netns ns1 type veth peer name veth1 netns nsr1
+	ip link add veth0 netns nsr1 type veth peer name veth0 netns ns2
+	ip link add veth2 netns nsr1 type veth peer name veth0 netns nsr2
+
+	ip -net ns1 addr add 192.168.10.2/24 dev veth0
+	ip -net ns1 link set up dev veth0
+	ip -net ns1 ro add 10.0.1.0/24 via 192.168.10.1 dev veth0
+
+	ip -net nsr1 addr add 10.0.1.1/24 dev veth0
+	ip -net nsr1 addr add 192.168.10.1/24 dev veth1
+	ip -net nsr1 link set up dev veth0
+	ip -net nsr1 link set up dev veth1
+	ip -net nsr1 route add default via 192.168.10.2
+	ip netns exec nsr1 sysctl net.ipv4.ip_forward=1
+
+	ip -net nsr1 addr add 192.168.100.2/24 dev veth2
+	ip -net nsr1 link set up dev veth2
+	ip -net nsr2 addr add 192.168.100.3/24 dev veth0
+	ip -net nsr2 link set up dev veth0
+
+	ip -net ns2 addr add 10.0.1.2/24 dev veth0
+	ip -net ns2 link set up dev veth0
+	ip -net ns2 route add default via 10.0.1.1
+
+	echo 1 > /proc/sys/net/netfilter/nf_log_all_netns
+
+	ip netns exec nsr1 nft -f ruleset-nsr1.nft
+	ip netns exec nsr1 conntrackd -C conntrackd-nsr1.conf -d
+	ip netns exec nsr2 conntrackd -C conntrackd-nsr2.conf -d
+}
+
+stop () {
+	ip netns del ns1
+	ip netns del ns2
+	ip netns del nsr1
+	ip netns del nsr2
+	killall -15 conntrackd
+}
+
+case $1 in
+start)
+	start
+	;;
+stop)
+	stop
+	;;
+*)
+	echo "$0 [start|stop]"
+	;;
+esac
+
+exit 0
diff --git a/tests/conntrackd/netns/conntrackd-nsr1.conf b/tests/conntrackd/netns/conntrackd-nsr1.conf
new file mode 100644
index 0000000..c79eff5
--- /dev/null
+++ b/tests/conntrackd/netns/conntrackd-nsr1.conf
@@ -0,0 +1,37 @@
+Sync {
+	Mode FTFW {
+	}
+	Multicast {
+		IPv4_address 225.0.0.50
+		Group 3780
+		IPv4_interface 192.168.100.2
+		Interface veth2
+		SndSocketBuffer 1249280
+		RcvSocketBuffer 1249280
+		Checksum on
+	}
+}
+General {
+	HashSize 32768
+	HashLimit 131072
+	LogFile on
+	LockFile /var/lock/conntrack-nsr1.lock
+	UNIX {
+		Path /var/run/conntrackd-nsr1.ctl
+	}
+	NetlinkBufferSize 2097152
+	NetlinkBufferSizeMaxGrowth 8388608
+	Filter From Userspace {
+		Protocol Accept {
+			TCP
+			SCTP
+			DCCP
+		}
+		Address Ignore {
+			IPv4_address 127.0.0.1
+			IPv4_address 192.168.10.1
+			IPv4_address 10.0.10.1
+			IPv4_address 192.168.100.2
+		}
+	}
+}
diff --git a/tests/conntrackd/netns/conntrackd-nsr2.conf b/tests/conntrackd/netns/conntrackd-nsr2.conf
new file mode 100644
index 0000000..65fa0d6
--- /dev/null
+++ b/tests/conntrackd/netns/conntrackd-nsr2.conf
@@ -0,0 +1,37 @@
+Sync {
+	Mode FTFW {
+	}
+	Multicast {
+		IPv4_address 225.0.0.50
+		Group 3780
+		IPv4_interface 192.168.100.3
+		Interface veth0
+		SndSocketBuffer 1249280
+		RcvSocketBuffer 1249280
+		Checksum on
+	}
+}
+General {
+	HashSize 32768
+	HashLimit 131072
+	LogFile on
+	LockFile /var/lock/conntrack-nsr2.lock
+	UNIX {
+		Path /var/run/conntrackd-nsr2.ctl
+	}
+	NetlinkBufferSize 2097152
+	NetlinkBufferSizeMaxGrowth 8388608
+	Filter From Userspace {
+		Protocol Accept {
+			TCP
+			SCTP
+			DCCP
+		}
+		Address Ignore {
+			IPv4_address 127.0.0.1
+			IPv4_address 192.168.10.1
+			IPv4_address 10.0.10.1
+			IPv4_address 192.168.100.2
+		}
+	}
+}
diff --git a/tests/conntrackd/netns/ruleset-nsr1.nft b/tests/conntrackd/netns/ruleset-nsr1.nft
new file mode 100644
index 0000000..bd6f1b4
--- /dev/null
+++ b/tests/conntrackd/netns/ruleset-nsr1.nft
@@ -0,0 +1,6 @@
+table ip filter {
+	chain postrouting {
+		type nat hook postrouting priority srcnat; policy accept;
+		oif veth0 masquerade
+	}
+}