diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-24 13:03:21 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-27 11:46:01 +0100 |
| commit | 7f1fb5dad90f04caa94f4fcefd1340aeb2c2f0e3 (patch) | |
| tree | 24ffd73b49c176c57e88c9bb311b84dd944b2610 /tests/conntrackd/netns/conntrackd-netns-test.sh | |
| parent | b031cd2102d9bc2b6ce20a880068022fac9e2d87 (diff) | |
conntrackd: add ip netns test script
This patch adds a script that creates a ip netns testbed. The network
topology looks like this:
veth0---veth0
host nsr1 ns2
veth0----veth0
ns1 veth2
|
veth0
nsr2
* ns1 and ns2 are clients to generate traffic
* nsr1 and nsr2 run conntrackd to synchronize states
* nsr1 is the primary gateway
- veth2 is used to synchronize states
* nsr2 is the backup gateway
- veth0 is used to synchronize states
To set up the testbed:
% sudo ./conntrackd-netns-test.sh start
To test your testbed works, from ns2:
% sudo ip netns exec ns2 nc -l -p 8080
From ns1:
% sudo ip netns exec ns1 nc -vvv 10.0.1.2 8080
From nsr1:
% sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr1.conf
cache internal:
current active connections: 1
[...]
cache external:
current active connections: 0
From nsr2:
% sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr2.conf
cache internal:
current active connections: 0
[...]
cache external:
current active connections: 1
To stop it:
% sudo ./conntrackd-netns-test.sh stop
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/conntrackd/netns/conntrackd-netns-test.sh')
| -rwxr-xr-x | tests/conntrackd/netns/conntrackd-netns-test.sh | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/tests/conntrackd/netns/conntrackd-netns-test.sh b/tests/conntrackd/netns/conntrackd-netns-test.sh new file mode 100755 index 0000000..6f16587 --- /dev/null +++ b/tests/conntrackd/netns/conntrackd-netns-test.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +if [ $UID -ne 0 ] +then + echo "You must be root to run this test script" + exit 0 +fi + +start () { + ip netns add ns1 + ip netns add ns2 + ip netns add nsr1 + ip netns add nsr2 + + ip link add veth0 netns ns1 type veth peer name veth1 netns nsr1 + ip link add veth0 netns nsr1 type veth peer name veth0 netns ns2 + ip link add veth2 netns nsr1 type veth peer name veth0 netns nsr2 + + ip -net ns1 addr add 192.168.10.2/24 dev veth0 + ip -net ns1 link set up dev veth0 + ip -net ns1 ro add 10.0.1.0/24 via 192.168.10.1 dev veth0 + + ip -net nsr1 addr add 10.0.1.1/24 dev veth0 + ip -net nsr1 addr add 192.168.10.1/24 dev veth1 + ip -net nsr1 link set up dev veth0 + ip -net nsr1 link set up dev veth1 + ip -net nsr1 route add default via 192.168.10.2 + ip netns exec nsr1 sysctl net.ipv4.ip_forward=1 + + ip -net nsr1 addr add 192.168.100.2/24 dev veth2 + ip -net nsr1 link set up dev veth2 + ip -net nsr2 addr add 192.168.100.3/24 dev veth0 + ip -net nsr2 link set up dev veth0 + + ip -net ns2 addr add 10.0.1.2/24 dev veth0 + ip -net ns2 link set up dev veth0 + ip -net ns2 route add default via 10.0.1.1 + + echo 1 > /proc/sys/net/netfilter/nf_log_all_netns + + ip netns exec nsr1 nft -f ruleset-nsr1.nft + ip netns exec nsr1 conntrackd -C conntrackd-nsr1.conf -d + ip netns exec nsr2 conntrackd -C conntrackd-nsr2.conf -d +} + +stop () { + ip netns del ns1 + ip netns del ns2 + ip netns del nsr1 + ip netns del nsr2 + killall -15 conntrackd +} + +case $1 in +start) + start + ;; +stop) + stop + ;; +*) + echo "$0 [start|stop]" + ;; +esac + +exit 0 |