blob: 798d9ebafece9f93cce749a774441121f996ea28 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
- name: simple_stats
start:
- rm -f /var/lock/conntrack.lock
- |
cat << EOF > /tmp/conntrackd_test_simple_stats
General {
HashSize 8192
LockFile /var/lock/conntrack.lock
UNIX { Path /var/run/conntrackd.ctl }
}
Stats {
LogFile on
}
EOF
- $CONNTRACKD -C /tmp/conntrackd_test_simple_stats -d
stop:
- $CONNTRACKD -C /tmp/conntrackd_test_simple_stats -k
- rm -f /var/lock/conntrack.lock
- rm -f /tmp/conntrackd_test_simple_stats
- name: basic_2_peer_network_tcp_notrack
start:
- ip netns add ns1
- ip netns add ns2
- ip netns add nsr1
- ip netns add nsr2
- ip link add veth0 netns ns1 type veth peer name veth1 netns nsr1
- ip link add veth0 netns nsr1 type veth peer name veth0 netns ns2
- ip link add veth2 netns nsr1 type veth peer name veth0 netns nsr2
- ip -net ns1 addr add 192.168.10.2/24 dev veth0
- ip -net ns1 link set up dev veth0
- ip -net ns1 ro add 10.0.1.0/24 via 192.168.10.1 dev veth0
- ip -net nsr1 addr add 10.0.1.1/24 dev veth0
- ip -net nsr1 addr add 192.168.10.1/24 dev veth1
- ip -net nsr1 link set up dev veth0
- ip -net nsr1 link set up dev veth1
- ip -net nsr1 route add default via 192.168.10.2
- ip netns exec nsr1 sysctl -q net.ipv4.ip_forward=1
- ip -net nsr1 addr add 192.168.100.2/24 dev veth2
- ip -net nsr1 link set up dev veth2
- ip -net nsr2 addr add 192.168.100.3/24 dev veth0
- ip -net nsr2 link set up dev veth0
- ip -net ns2 addr add 10.0.1.2/24 dev veth0
- ip -net ns2 link set up dev veth0
- ip -net ns2 route add default via 10.0.1.1
- |
cat << EOF > /tmp/ruleset.nft
table ip filter {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oif veth0 masquerade
}
}
EOF
- ip netns exec nsr1 nft -f /tmp/ruleset.nft
- |
cat << EOF > /tmp/nsr1.conf
Sync {
Mode NOTRACK {
DisableExternalCache on
DisableInternalCache on
}
TCP {
IPv4_address 192.168.100.2
IPv4_Destination_Address 192.168.100.3
Interface veth2
Port 3780
}
}
General {
LogFile on
LockFile /var/lock/conntrack-nsr1.lock
UNIX { Path /var/run/conntrackd-nsr1.ctl }
}
EOF
- |
cat << EOF > /tmp/nsr2.conf
Sync {
Mode NOTRACK {
DisableExternalCache on
DisableInternalCache on
}
TCP {
IPv4_address 192.168.100.3
IPv4_Destination_Address 192.168.100.2
Interface veth0
Port 3780
}
}
General {
LogFile on
LockFile /var/lock/conntrack-nsr2.lock
UNIX { Path /var/run/conntrackd-nsr2.ctl }
}
EOF
# finally run the daemons
- ip netns exec nsr1 $CONNTRACKD -C /tmp/nsr1.conf -d
- ip netns exec nsr2 $CONNTRACKD -C /tmp/nsr2.conf -d
# make sure they are alive and connected before considering the scenario started
- timeout 5 bash -c -- '
while ! ip netns exec nsr1 $CONNTRACKD -C /tmp/nsr1.conf -s | grep -q "server=connected"
; do sleep 0.5 ; done'
- timeout 5 bash -c -- '
while ! ip netns exec nsr1 $CONNTRACKD -C /tmp/nsr1.conf -s | grep -q "client=connected"
; do sleep 0.5 ; done'
- timeout 5 bash -c -- '
while ! ip netns exec nsr2 $CONNTRACKD -C /tmp/nsr2.conf -s | grep -q "server=connected"
; do sleep 0.5 ; done'
- timeout 5 bash -c -- '
while ! ip netns exec nsr2 $CONNTRACKD -C /tmp/nsr2.conf -s | grep -q "client=connected"
; do sleep 0.5 ; done'
stop:
- $CONNTRACKD -C /tmp/nsr1.conf -k 2>/dev/null
- $CONNTRACKD -C /tmp/nsr2.conf -k 2>/dev/null
- rm -f /tmp/ruleset.nft /tmp/nsr2.conf /tmp/nsr1.conf
- rm -f /var/lock/conntrack-nsr1.lock /var/lock/conntrack-nsr2.lock
- ip netns del ns1 || true
- ip netns del ns2 || true
- ip netns del nsr1 || true
- ip netns del nsr2 || true
|
