From 255b248f6ae3135c984bf6559d4b75078e837250 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 10 Nov 2025 12:06:22 +0100 Subject: conntrackd: update netns test to support IPv6 Extend test to support for IPv6: - Add IPv6 address and route. - Use inet instead of ip table for masquerading. - Annotate the IPv6 multicast address for IPv6_address in conntrackd.conf files. Signed-off-by: Pablo Neira Ayuso --- tests/conntrackd/netns/conntrackd-netns-test.sh | 10 ++++++++++ tests/conntrackd/netns/conntrackd-nsr1.conf | 1 + tests/conntrackd/netns/conntrackd-nsr2.conf | 1 + tests/conntrackd/netns/ruleset-nsr1.nft | 2 +- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/conntrackd/netns/conntrackd-netns-test.sh b/tests/conntrackd/netns/conntrackd-netns-test.sh index 6f16587..f6b11e2 100755 --- a/tests/conntrackd/netns/conntrackd-netns-test.sh +++ b/tests/conntrackd/netns/conntrackd-netns-test.sh @@ -17,24 +17,34 @@ start () { ip link add veth2 netns nsr1 type veth peer name veth0 netns nsr2 ip -net ns1 addr add 192.168.10.2/24 dev veth0 + ip -6 -net ns1 addr add bbbb::2/64 dev veth0 ip -net ns1 link set up dev veth0 ip -net ns1 ro add 10.0.1.0/24 via 192.168.10.1 dev veth0 + ip -6 -net ns1 ro add aaaa::/64 via bbbb::1 dev veth0 ip -net nsr1 addr add 10.0.1.1/24 dev veth0 ip -net nsr1 addr add 192.168.10.1/24 dev veth1 + ip -6 -net nsr1 addr add aaaa::1/64 dev veth0 + ip -6 -net nsr1 addr add bbbb::1/64 dev veth1 ip -net nsr1 link set up dev veth0 ip -net nsr1 link set up dev veth1 ip -net nsr1 route add default via 192.168.10.2 + ip -6 -net nsr1 route add default via bbbb::2 ip netns exec nsr1 sysctl net.ipv4.ip_forward=1 + ip netns exec nsr1 sysctl net.ipv6.conf.all.forwarding=1 ip -net nsr1 addr add 192.168.100.2/24 dev veth2 + ip -6 -net nsr1 addr add cccc::2/96 dev veth2 ip -net nsr1 link set up dev veth2 ip -net nsr2 addr add 192.168.100.3/24 dev veth0 + ip -6 -net nsr2 addr add cccc::3/96 dev veth0 ip -net nsr2 link set up dev veth0 ip -net ns2 addr add 10.0.1.2/24 dev veth0 + ip -6 -net ns2 addr add aaaa::2/64 dev veth0 ip -net ns2 link set up dev veth0 ip -net ns2 route add default via 10.0.1.1 + ip -6 -net ns2 route add default via aaaa::1 echo 1 > /proc/sys/net/netfilter/nf_log_all_netns diff --git a/tests/conntrackd/netns/conntrackd-nsr1.conf b/tests/conntrackd/netns/conntrackd-nsr1.conf index c79eff5..d37e102 100644 --- a/tests/conntrackd/netns/conntrackd-nsr1.conf +++ b/tests/conntrackd/netns/conntrackd-nsr1.conf @@ -3,6 +3,7 @@ Sync { } Multicast { IPv4_address 225.0.0.50 + #IPv6_address ff08::123 Group 3780 IPv4_interface 192.168.100.2 Interface veth2 diff --git a/tests/conntrackd/netns/conntrackd-nsr2.conf b/tests/conntrackd/netns/conntrackd-nsr2.conf index 65fa0d6..aab6083 100644 --- a/tests/conntrackd/netns/conntrackd-nsr2.conf +++ b/tests/conntrackd/netns/conntrackd-nsr2.conf @@ -3,6 +3,7 @@ Sync { } Multicast { IPv4_address 225.0.0.50 + #IPv6_address ff08::123 Group 3780 IPv4_interface 192.168.100.3 Interface veth0 diff --git a/tests/conntrackd/netns/ruleset-nsr1.nft b/tests/conntrackd/netns/ruleset-nsr1.nft index bd6f1b4..5ba6d6f 100644 --- a/tests/conntrackd/netns/ruleset-nsr1.nft +++ b/tests/conntrackd/netns/ruleset-nsr1.nft @@ -1,4 +1,4 @@ -table ip filter { +table inet filter { chain postrouting { type nat hook postrouting priority srcnat; policy accept; oif veth0 masquerade -- cgit v1.2.3