[PATCH network] SNAT: fix test cases to only use IPv6-to-IPv6 SNAT

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH network] SNAT: fix test cases to only use IPv6-to-IPv6 SNAT
@ 2026-04-20 17:21 Lukas Sichert
  0 siblings, 0 replies; only message in thread
From: Lukas Sichert @ 2026-04-20 17:21 UTC (permalink / raw)
  To: pve-devel; +Cc: Lukas Sichert

It is not possible to NAT IPv6 to IPv4. Rules like
'ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j
SNAT --to-source 10.0.1.10'
fail with:
'Bad IP address "10.0.1.10"'
On a real system, the outgoing interface is resolved via 'ip route get
2001:4860:4860::8888'. 'ip route get' cannot output an
IPv4 address if querying for an IPv6 address. If the 'ip route get'
query is executed without an IPv6 address configured, the query fails.
However, the simulated wrapper function currently returns '(vmbr0,
192.168.0.1)'.

Extend the function simulating the 'ip route get' Perl wrapper to return
IPv6 addresses correctly. Then add corresponding IPv6 address fields to
the dummy interfaces config files and update the reference files.

Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---
 src/test/run_test_zones.pl                                | 4 ++++
 src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces | 4 ++--
 src/test/zones/evpn/exitnode_snat/interfaces              | 4 ++++
 src/test/zones/simple/ipv6snat/expected_sdn_interfaces    | 4 ++--
 src/test/zones/simple/ipv6snat/interfaces                 | 4 ++++
 5 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/test/run_test_zones.pl b/src/test/run_test_zones.pl
index 8986c5c..dd458b7 100755
--- a/src/test/run_test_zones.pl
+++ b/src/test/run_test_zones.pl
@@ -83,8 +83,12 @@ foreach my $test (@tests) {
     $pve_sdn_zones_plugin = Test::MockModule->new('PVE::Network::SDN::Zones::Plugin');
     $pve_sdn_zones_plugin->mock(
         get_local_route_ip => sub {
+            my ($targetip) = @_;
             my $outiface = "vmbr0";
             my $outip = $interfaces_config->{ifaces}->{$outiface}->{address};
+            if (Net::IP::ip_is_ipv6($targetip)) {
+                $outip = $interfaces_config->{ifaces}->{$outiface}->{address6};
+            }
             return ($outip, $outiface);
         },
         is_vlanaware => sub {
diff --git a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
index 47df77a..0d7d174 100644
--- a/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
+++ b/src/test/zones/evpn/exitnode_snat/expected_sdn_interfaces
@@ -18,8 +18,8 @@ iface myvnet
 auto myvnet2
 iface myvnet2
 	address 2a08:2142:302:3::1/64
-	post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
-	post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+	post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
+	post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
 	post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
 	post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
 	bridge_ports vxlan_myvnet2
diff --git a/src/test/zones/evpn/exitnode_snat/interfaces b/src/test/zones/evpn/exitnode_snat/interfaces
index 66bb826..bba7322 100644
--- a/src/test/zones/evpn/exitnode_snat/interfaces
+++ b/src/test/zones/evpn/exitnode_snat/interfaces
@@ -5,3 +5,7 @@ iface vmbr0 inet static
         bridge-ports eth0
         bridge-stp off
         bridge-fd 0
+
+iface vmbr0 inet6 static
+        address 2001:db8::2/64
+        gateway 2001:db8::1
diff --git a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
index d3adc24..5f6d40b 100644
--- a/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
+++ b/src/test/zones/simple/ipv6snat/expected_sdn_interfaces
@@ -3,8 +3,8 @@
 auto myvnet
 iface myvnet
 	address 2a08:2142:302:3::1/64
-	post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
-	post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+	post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
+	post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 2001:db8::2
 	post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
 	post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
 	bridge_ports none
diff --git a/src/test/zones/simple/ipv6snat/interfaces b/src/test/zones/simple/ipv6snat/interfaces
index 66bb826..68f1329 100644
--- a/src/test/zones/simple/ipv6snat/interfaces
+++ b/src/test/zones/simple/ipv6snat/interfaces
@@ -5,3 +5,7 @@ iface vmbr0 inet static
         bridge-ports eth0
         bridge-stp off
         bridge-fd 0
+
+iface vmbr0 inet6 static
+       address 2001:db8::2/64
+       gateway 2001:db8::1
-- 
2.47.3





^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-04-20 17:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-20 17:21 [PATCH network] SNAT: fix test cases to only use IPv6-to-IPv6 SNAT Lukas Sichert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal