From: Florian Westphal <fw@strlen.de>
To: Yi Chen <yiche@redhat.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2] tests: shell: Add a test case for FTP helper combined with NAT.
Date: Fri, 6 Jun 2025 15:49:19 +0200 [thread overview]
Message-ID: <aELx30qiSdDJ40vl@strlen.de> (raw)
In-Reply-To: <20250605104911.727026-1-yiche@redhat.com>
Yi Chen <yiche@redhat.com> wrote:
> This test verifies functionality of the FTP helper,
> for both passive, active FTP modes,
> and the functionality of the nf_nat_ftp module.
Thanks for this test case.
Some minor comments below.
> diff --git a/tests/shell/features/tcpdump.sh b/tests/shell/features/tcpdump.sh
> new file mode 100755
> index 00000000..70df9f68
> --- /dev/null
> +++ b/tests/shell/features/tcpdump.sh
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +# check whether tcpdump is installed
> +tcpdump -h >/dev/null 2>&1
Is tcpdump a requirement? AFAICS the dumps are only used
as a debug aid when something goes wrong?
> +INFILE=$(mktemp -p /var/ftp/pub/)
This directory might not be writeable.
Can you use a /tmp/ directory?
I suggest to do:
WORKDIR=$(mktemp -d)
mkdir "$WORKDIR/pub"
... and then place all files there.
> +dd if=/dev/urandom of="$INFILE" bs=4096 count=1 2>/dev/null
> +chmod 755 $INFILE
> +assert_pass "Prepare the file for FTP transmission"
Including this one
... and this config:
> +cat > ./vsftpd.conf <<-EOF
> +anonymous_enable=YES
> +local_enable=YES
> +connect_from_port_20=YES
> +listen=NO
> +listen_ipv6=YES
> +pam_service_name=vsftpd
> +background=YES
> +EOF
> +ip netns exec $S vsftpd ./vsftpd.conf
> +sleep 1
> +ip netns exec $S ss -6ltnp | grep -q '*:21'
> +assert_pass "start vsftpd server"
So no files are created outside of /tmp.
> +# test passive mode
> +reload_ruleset
> +ip netns exec $S tcpdump -q --immediate-mode -Ui s_r -w ${0##*/}.pcap 2> /dev/null & sleep 2
> +ip netns exec $C curl -s --connect-timeout 5 ftp://[${ip_rc}]:2121${INFILE#/var/ftp} -o $OUTFILE
> +assert_pass "curl ftp passive mode "
> +
> +pkill tcpdump
Can you do this instead?:
> +ip netns exec $S tcpdump -q --immediate-mode -Ui s_r -w ${0##*/}.pcap 2> /dev/null &
tcpdump_pid=$!
sleep 2
...
kill "$tcpdump_pid"
?
pkill will zap all tcpdump instances.
Since tests are executed in parallel, it might zap other tcpdump
instances as well and not just the one spawned by this script.
> +tcpdump -nnr ${0##*/}.pcap src ${ip_rs} and dst ${ip_sr} 2>&1 |grep -q FTP
Not sure why the above is needed. Isn't the 'cmp' enough to see
if the ftp xfer worked?
> +assert_pass "assert FTP traffic NATed"
> +
> +cmp "$INFILE" "$OUTFILE"
... because if there is a problem with the helper, then the cmp
ought to fail?
next prev parent reply other threads:[~2025-06-06 13:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-05 10:33 [PATCH] tests: shell: Add a test case for FTP helper combined with NAT Yi Chen
2025-06-05 10:49 ` [PATCH v2] " Yi Chen
2025-06-06 13:49 ` Florian Westphal [this message]
2025-06-06 16:47 ` Yi Chen
2025-06-09 8:37 ` Florian Westphal
2025-06-09 8:14 ` Yi Chen
2025-06-09 21:35 ` Florian Westphal
2025-06-10 4:05 ` Yi Chen
2025-06-10 6:02 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aELx30qiSdDJ40vl@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=yiche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.