diff options
author | Florian Westphal <fw@strlen.de> | 2022-01-25 00:09:15 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-02-08 20:34:14 +0300 |
commit | 3853c4e27149781dfdaf8b04f7b400b2a1b96e72 (patch) | |
tree | a4423a7ece0fa6a59be0f46f3a0d4d6849004d5e /Makefile | |
parent | b84753200e7971774243a55f28769e84bef4caf3 (diff) | |
download | linux-3853c4e27149781dfdaf8b04f7b400b2a1b96e72.tar.xz |
selftests: netfilter: check stateless nat udp checksum fixup
commit aad51ca71ad83273e8826d6cfdcf53c98748d1fa upstream.
Add a test that sends large udp packet (which is fragmented)
via a stateless nft nat rule, i.e. 'ip saddr set 10.2.3.4'
and check that the datagram is received by peer.
On kernels without
commit 4e1860a38637 ("netfilter: nft_payload: do not update layer 4 checksum when mangling fragments")',
this will fail with:
cmp: EOF on /tmp/tmp.V1q0iXJyQF which is empty
-rw------- 1 root root 4096 Jan 24 22:03 /tmp/tmp.Aaqnq4rBKS
-rw------- 1 root root 0 Jan 24 22:03 /tmp/tmp.V1q0iXJyQF
ERROR: in and output file mismatch when checking udp with stateless nat
FAIL: nftables v1.0.0 (Fearless Fosdick #2)
On patched kernels, this will show:
PASS: IP statless for ns2-PFp89amx
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions