From: Lukas Sichert <l.sichert@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Lukas Sichert <l.sichert@proxmox.com>
Subject: [PATCH network] SNAT: fix test cases to only use IPv6-to-IPv6 SNAT
Date: Mon, 20 Apr 2026 19:21:45 +0200 [thread overview]
Message-ID: <20260420172208.140310-1-l.sichert@proxmox.com> (raw)
It is not possible to NAT IPv6 to IPv4. Rules like
'ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j
SNAT --to-source 10.0.1.10'
fail with:
'Bad IP address "10.0.1.10"'
On a real system, the outgoing interface is resolved via 'ip route get
2001:4860:4860::8888'. 'ip route get' cannot output an
IPv4 address if querying for an IPv6 address. If the 'ip route get'
query is executed without an IPv6 address configured, the query fails.
However, the simulated wrapper function currently returns '(vmbr0,
192.168.0.1)'.
Extend the function simulating the 'ip route get' Perl wrapper to return
IPv6 addresses correctly. Then add corresponding IPv6 address fields to
the dummy interfaces config files and update the reference files.
Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---
src/test/run_test_zones.pl | 4 ++++
src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces | 4 ++--
src/test/zones/evpn/exitnode_snat/interfaces | 4 ++++
src/test/zones/simple/ipv6snat/expected_sdn_interfaces | 4 ++--
src/test/zones/simple/ipv6snat/interfaces | 4 ++++
5 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/test/run_test_zones.pl b/src/test/run_test_zones.pl
index 8986c5c..dd458b7 100755
--- a/src/test/run_test_zones.pl
+++ b/src/test/run_test_zones.pl
@@ -83,8 +83,12 @@ foreach my $test (@tests) {
$pve_sdn_zones_plugin = Test::MockModule->new('PVE::Network::SDN::Zones::Plugin');
$pve_sdn_zones_plugin->mock(
get_local_route_ip => sub {
+ my ($targetip) = @_;
my $outiface = "vmbr0";
my $outip = $interfaces_config->{ifaces}->{$outiface}->{address};
+ if (Net::IP::ip_is_ipv6($targetip)) {
+ $outip = $interfaces_config->{ifaces}->{$outiface}->{address6};
+ }
return ($outip, $outiface);
},
is_vlanaware => sub {
diff --git a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index 47df77a..0d7d174 100644
--- a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -18,8 +18,8 @@ iface myvnet
auto myvnet2
iface myvnet2
address 2a08:2142:302:3::1/64
- post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
- post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
bridge_ports vxlan_myvnet2
diff --git a/src/test/zones/evpn/exitnode_snat/interfaces b/src/test/zones/evpn/exitnode_snat/interfaces
index 66bb826..bba7322 100644
--- a/src/test/zones/evpn/exitnode_snat/interfaces
+++ b/src/test/zones/evpn/exitnode_snat/interfaces
@@ -5,3 +5,7 @@ iface vmbr0 inet static
bridge-ports eth0
bridge-stp off
bridge-fd 0
+
+iface vmbr0 inet6 static
+ address 2001:db8::2/64
+ gateway 2001:db8::1
diff --git a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
index d3adc24..5f6d40b 100644
--- a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
+++ b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
@@ -3,8 +3,8 @@
auto myvnet
iface myvnet
address 2a08:2142:302:3::1/64
- post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
- post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+ post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
+ post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
bridge_ports none
diff --git a/src/test/zones/simple/ipv6snat/interfaces b/src/test/zones/simple/ipv6snat/interfaces
index 66bb826..68f1329 100644
--- a/src/test/zones/simple/ipv6snat/interfaces
+++ b/src/test/zones/simple/ipv6snat/interfaces
@@ -5,3 +5,7 @@ iface vmbr0 inet static
bridge-ports eth0
bridge-stp off
bridge-fd 0
+
+iface vmbr0 inet6 static
+ address 2001:db8::2/64
+ gateway 2001:db8::1
--
2.47.3
reply other threads:[~2026-04-20 17:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420172208.140310-1-l.sichert@proxmox.com \
--to=l.sichert@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox