#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Testing For TCP/UDP/SCTP(4/6) NAT. # TOPO: CLIENT_NS (link0)<--->(link1) HOST/ROUTER (link2)<--->(link3) SERVER_NS CLIENT_NS="client-ns" CLIENT_IP4="198.51.100.1" CLIENT_GW4="198.51.100.2" CLIENT_IP6="2001:db8:1::1" CLIENT_GW6="2001:db8:1::2" SERVER_NS="server-ns" SERVER_IP4="203.0.113.1" SERVER_GW4="203.0.113.2" SERVER_IP6="2001:db8:2::1" SERVER_GW6="2001:db8:2::2" setup() { ip netns add $CLIENT_NS ip netns add $SERVER_NS ip link add link1 type veth peer name link0 netns $CLIENT_NS ip link add link2 type veth peer name link3 netns $SERVER_NS ip net exec $CLIENT_NS ip link set link0 up ip net exec $CLIENT_NS ip addr add $CLIENT_IP4/24 dev link0 ip net exec $CLIENT_NS ip addr add $CLIENT_IP6/64 dev link0 nodad ip net exec $CLIENT_NS ip route add $SERVER_IP4 dev link0 via $CLIENT_GW4 ip net exec $CLIENT_NS ip route add $SERVER_IP6 dev link0 via $CLIENT_GW6 ip link set link1 up ip link set link2 up ip addr add $CLIENT_GW4/24 dev link1 ip addr add $CLIENT_GW6/64 dev link1 nodad ip addr add $SERVER_GW4/24 dev link2 ip addr add $SERVER_GW6/64 dev link2 nodad iptables -t nat -A POSTROUTING -o link2 -j MASQUERADE ip6tables -t nat -A POSTROUTING -o link2 -j MASQUERADE ip net exec $SERVER_NS ip link set link3 up ip net exec $SERVER_NS ip addr add $SERVER_IP4/24 dev link3 ip net exec $SERVER_NS ip addr add $SERVER_IP6/64 dev link3 nodad IP4_FWD=`cat /proc/sys/net/ipv4/ip_forward` IP6_FWD=`cat /proc/sys/net/ipv6/conf/all/forwarding` sysctl -w net.ipv4.ip_forward=1 2>&1 >/dev/null sysctl -w net.ipv6.conf.all.forwarding=1 2>&1 >/dev/null modprobe sctp } cleanup() { sysctl -w net.ipv4.ip_forward=$IP4_FWD 2>&1 >/dev/null sysctl -w net.ipv6.conf.all.forwarding=$IP6_FWD 2>&1 >/dev/null ip link del link1 ip link del link2 ip netns del "$CLIENT_NS" ip netns del "$SERVER_NS" } testup() { local ipaddr="$1" local proto="$2" ip net exec $SERVER_NS nc -l $proto -p 1234 2>&1 >/dev/null & disown echo -n "msg1" | ip net exec $CLIENT_NS nc $ipaddr 1234 -p 4321 $proto ip net exec $SERVER_NS nc -l $proto -p 1234 2>&1 >/dev/null & disown echo -n "msg2" | ip net exec $CLIENT_NS nc $ipaddr 1234 -p 4321 $proto RET=$? ip net exec $SERVER_NS pkill nc return $RET } if ! nc --version &> /dev/null; then echo "SKIP: Could not run test without nc tool" exit 4 fi trap cleanup EXIT setup && testup $SERVER_IP4 && echo "TCP4 NAT: PASS" && testup $SERVER_IP6 && echo "TCP6 NAT: PASS" && testup $SERVER_IP4 "--udp" && echo "UDP4 NAT: PASS" && testup $SERVER_IP6 "--udp" && echo "UDP6 NAT: PASS" && testup $SERVER_IP4 "--sctp" && echo "SCTP4 NAT: PASS" && testup $SERVER_IP6 "--sctp" && echo "SCTP6 NAT: PASS" exit $?