diff options
| author | Florian Westphal <fw@strlen.de> | 2021-09-08 14:28:38 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-21 03:46:55 +0200 |
| commit | 0f1148abb226f3639845738cdf3d2534ceb1d059 (patch) | |
| tree | c8fac922a8d0cc231f51501cfe85fd997580969c /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | d2966dc77ba7b2678f7aee97bf9a65702ec8e2b6 (diff) | |
selftests: netfilter: add selftest for directional zone support
Add a script to exercise NAT port clash resolution with directional zones.
Add net namespaces that use the same IP address and connect them to a
gateway.
Gateway uses policy routing based on iif/mark and conntrack zones to
isolate the client namespaces. In server direction, same zone with NAT
to single address is used.
Then, connect to a server from each client netns, using identical
connection id, i.e. saddr:sport -> daddr:dport.
Expectation is for all connections to succeeed: NAT gatway is
supposed to do port reallocation for each of the (clashing) connections.
This is based on the description/use case provided in the commit message of
deedb59039f111 ("netfilter: nf_conntrack: add direction support for zones").
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')
0 files changed, 0 insertions, 0 deletions