diff options
author | Florian Westphal <fw@strlen.de> | 2022-01-24 22:09:15 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-02-08 18:35:20 +0100 |
commit | 0efb43eb32a19a28f61b3543a11dc33ef43419e0 (patch) | |
tree | 6e6ef348ca0ded6706ad3d5a6b39898205c5ddb2 /samples/hidraw | |
parent | aa8fa75e15b29cd8fe8d76b7958c4bd6b3136e0b (diff) |
selftests: netfilter: check stateless nat udp checksum fixup
commit aad51ca71ad83273e8826d6cfdcf53c98748d1fa upstream.
Add a test that sends large udp packet (which is fragmented)
via a stateless nft nat rule, i.e. 'ip saddr set 10.2.3.4'
and check that the datagram is received by peer.
On kernels without
commit 4e1860a38637 ("netfilter: nft_payload: do not update layer 4 checksum when mangling fragments")',
this will fail with:
cmp: EOF on /tmp/tmp.V1q0iXJyQF which is empty
-rw------- 1 root root 4096 Jan 24 22:03 /tmp/tmp.Aaqnq4rBKS
-rw------- 1 root root 0 Jan 24 22:03 /tmp/tmp.V1q0iXJyQF
ERROR: in and output file mismatch when checking udp with stateless nat
FAIL: nftables v1.0.0 (Fearless Fosdick #2)
On patched kernels, this will show:
PASS: IP statless for ns2-PFp89amx
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'samples/hidraw')
0 files changed, 0 insertions, 0 deletions