From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1DE291FF136 for ; Mon, 20 Apr 2026 19:22:21 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 67713BCD7; Mon, 20 Apr 2026 19:22:20 +0200 (CEST) From: Lukas Sichert To: pve-devel@lists.proxmox.com Subject: [PATCH network] SNAT: fix test cases to only use IPv6-to-IPv6 SNAT Date: Mon, 20 Apr 2026 19:21:45 +0200 Message-ID: <20260420172208.140310-1-l.sichert@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776705650061 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.910 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: VSKC5HOC2TDKZJHPURMA7ROGYFTU6P6S X-Message-ID-Hash: VSKC5HOC2TDKZJHPURMA7ROGYFTU6P6S X-MailFrom: l.sichert@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Lukas Sichert X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: It is not possible to NAT IPv6 to IPv4. Rules like 'ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 10.0.1.10' fail with: 'Bad IP address "10.0.1.10"' On a real system, the outgoing interface is resolved via 'ip route get 2001:4860:4860::8888'. 'ip route get' cannot output an IPv4 address if querying for an IPv6 address. If the 'ip route get' query is executed without an IPv6 address configured, the query fails. However, the simulated wrapper function currently returns '(vmbr0, 192.168.0.1)'. Extend the function simulating the 'ip route get' Perl wrapper to return IPv6 addresses correctly. Then add corresponding IPv6 address fields to the dummy interfaces config files and update the reference files. Signed-off-by: Lukas Sichert --- src/test/run_test_zones.pl | 4 ++++ src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces | 4 ++-- src/test/zones/evpn/exitnode_snat/interfaces | 4 ++++ src/test/zones/simple/ipv6snat/expected_sdn_interfaces | 4 ++-- src/test/zones/simple/ipv6snat/interfaces | 4 ++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/test/run_test_zones.pl b/src/test/run_test_zones.pl index 8986c5c..dd458b7 100755 --- a/src/test/run_test_zones.pl +++ b/src/test/run_test_zones.pl @@ -83,8 +83,12 @@ foreach my $test (@tests) { $pve_sdn_zones_plugin = Test::MockModule->new('PVE::Network::SDN::Zones::Plugin'); $pve_sdn_zones_plugin->mock( get_local_route_ip => sub { + my ($targetip) = @_; my $outiface = "vmbr0"; my $outip = $interfaces_config->{ifaces}->{$outiface}->{address}; + if (Net::IP::ip_is_ipv6($targetip)) { + $outip = $interfaces_config->{ifaces}->{$outiface}->{address6}; + } return ($outip, $outiface); }, is_vlanaware => sub { diff --git a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces index 47df77a..0d7d174 100644 --- a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces +++ b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces @@ -18,8 +18,8 @@ iface myvnet auto myvnet2 iface myvnet2 address 2a08:2142:302:3::1/64 - post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1 - post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1 + post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2 + post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2 post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1 bridge_ports vxlan_myvnet2 diff --git a/src/test/zones/evpn/exitnode_snat/interfaces b/src/test/zones/evpn/exitnode_snat/interfaces index 66bb826..bba7322 100644 --- a/src/test/zones/evpn/exitnode_snat/interfaces +++ b/src/test/zones/evpn/exitnode_snat/interfaces @@ -5,3 +5,7 @@ iface vmbr0 inet static bridge-ports eth0 bridge-stp off bridge-fd 0 + +iface vmbr0 inet6 static + address 2001:db8::2/64 + gateway 2001:db8::1 diff --git a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces index d3adc24..5f6d40b 100644 --- a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces +++ b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces @@ -3,8 +3,8 @@ auto myvnet iface myvnet address 2a08:2142:302:3::1/64 - post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1 - post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1 + post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2 + post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2 post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1 bridge_ports none diff --git a/src/test/zones/simple/ipv6snat/interfaces b/src/test/zones/simple/ipv6snat/interfaces index 66bb826..68f1329 100644 --- a/src/test/zones/simple/ipv6snat/interfaces +++ b/src/test/zones/simple/ipv6snat/interfaces @@ -5,3 +5,7 @@ iface vmbr0 inet static bridge-ports eth0 bridge-stp off bridge-fd 0 + +iface vmbr0 inet6 static + address 2001:db8::2/64 + gateway 2001:db8::1 -- 2.47.3