1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4source lib.sh 5 6cleanup() 7{ 8 cleanup_all_ns 9} 10 11checktool "nft --version" "run test without nft" 12checktool "conntrack --version" "run test without conntrack" 13 14trap cleanup EXIT 15 16setup_ns ns0 17 18# make loopback connections get nat null bindings assigned 19ip netns exec "$ns0" nft -f - <<EOF 20table ip nat { 21 chain POSTROUTING { 22 type nat hook postrouting priority srcnat; policy accept; 23 oifname "nomatch" counter packets 0 bytes 0 masquerade 24 } 25} 26EOF 27 28do_flush() 29{ 30 local end 31 local now 32 33 now=$(date +%s) 34 end=$((now + 5)) 35 36 while [ $now -lt $end ];do 37 ip netns exec "$ns0" conntrack -F 2>/dev/null 38 now=$(date +%s) 39 done 40} 41 42do_flush & 43 44if ip netns exec "$ns0" ./conntrack_reverse_clash; then 45 echo "PASS: No SNAT performed for null bindings" 46else 47 echo "ERROR: SNAT performed without any matching snat rule" 48 exit 1 49fi 50 51exit 0 52