selftests: netfilter: add flowtable test script
authorFlorian Westphal <fw@strlen.de>
Tue, 21 May 2019 11:24:34 +0000 (13:24 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 May 2019 08:56:11 +0000 (10:56 +0200)
commit2de03b45236f3af1800755614fd434d347adf046
treeaf23bcda60b6d577fc5c568e532e3884a88a808c
parent69aeb538587e087bfc81dd1f465eab3558ff3158
selftests: netfilter: add flowtable test script

Exercises 3 cases:

1. no pmtu discovery (need to frag)
2. no PMTUd + NAT (don't flag packets as invalid from conntrack)
3. PMTU + NAT (need to send icmp error)

The first two cases make sure we handle fragments correctly, i.e.
pass them to classic forwarding path.

Third case checks we offload everything (in the test case,
PMTUd will kick in so all packets should be within link mtu).

Nftables rules will filter packets that are supposed to be
handled by the fast-path.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tools/testing/selftests/netfilter/Makefile
tools/testing/selftests/netfilter/nft_flowtable.sh [new file with mode: 0755]