[26-06-22 06:38:08] START switch_namespace_snat scenario: cases/switch_namespace_snat.sh header : verify namespace snat source rewriting and non-snat isolation topology: ac1 -> sw2 example [vrf-snat] -- UDP output --> sw1 VIP 10.242.2.11 | acb -> sw2 network b (no VRF) ----------------x same VIP topology: # Topology: topology: # - Diagram: topology: # ac1 -> sw2 example [vrf-snat] -- UDP output --> sw1 VIP 10.242.2.11 topology: # acb -> sw2 network b (no VRF) ----------------x same VIP topology: # SNAT changes source from ac1 address to sw2 overlay address topology: # - Docker mgmt network: 100.100.0.0/24 topology: # sw1=100.100.0.241, sw2=100.100.0.242. topology: # - OpenLAN service network "example": 192.64.0.0/24 topology: # sw1=192.64.0.1, sw2=192.64.0.2. topology: # - sw2 service network L3 device is enslaved to VRF "vrf-snat"; sw1 is not. topology: # - Non-namespace network "b": 192.66.0.0/24 topology: # sw2=192.66.0.1. topology: # - Access clients: topology: # ac1=192.64.0.11, connected to sw2 and forwarding 10.242.2.11/32. topology: # acb=192.66.0.11, connected to sw2 network b and forwarding 10.242.2.11/32. topology: # - sw1 VIP: topology: # lo=10.242.2.11/32, HTTP service listens on 10.242.2.11:8081. topology: # - Forwarding link: topology: # sw2 -> sw1 over UDP output. topology: # Validation: topology: # when SNAT is disabled, the VIP HTTP service sees ac1 address 192.64.0.11. topology: # when SNAT is enabled, the VIP HTTP service sees sw2 overlay address 192.64.0.2. topology: # network b is not in the namespace, so acb cannot access the VIP HTTP service topology: # even when example SNAT is enabled. Started switch pause container: tests-sw-namespace-snat1-pause Started switch frr container: tests-sw-namespace-snat1-frr Started switch ipsec container: tests-sw-namespace-snat1-ipsec Started switch container: tests-sw-namespace-snat1 [26-06-22 06:38:09][ASSERT#0001][expect] at cases/switch_namespace_snat.sh:83 fn=setup_sw1 retry=30 cmd="docker logs -f tests-sw-namespace-snat1" expect="Http.Start" 2026/06/22 06:38:10 INFO|root|Http.LoadToken: file:/etc/openlan/switch/token does not exist 2026/06/22 06:38:10 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/22 06:38:10 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/22 06:38:10 INFO|root|Http.Start 0.0.0.0:10000 [26-06-22 06:38:10][ASSERT#0001][OK] cost=1.031s [26-06-22 06:38:10][ASSERT#0002][cmd] at cases/switch_namespace_snat.sh:85 fn=setup_sw1 cmd="docker exec tests-sw-namespace-snat1 openlan network --name example add --address 192.64.0.1/24" [26-06-22 06:38:10][ASSERT#0002][OK] cost=0.231s [26-06-22 06:38:10][ASSERT#0003][cmd] at cases/switch_namespace_snat.sh:86 fn=setup_sw1 cmd="docker exec tests-sw-namespace-snat1 openlan router address add --device lo --address 10.242.2.11/32" [26-06-22 06:38:11][ASSERT#0003][OK] cost=0.053s [26-06-22 06:38:11][ASSERT#0004][cmd] at cases/switch_namespace_snat.sh:87 fn=setup_sw1 cmd="docker exec tests-sw-namespace-snat1 openlan user add --name t1@example --password 123456" # total 1 username password role lease t1@example 123456 guest 2027-06-22T06 [26-06-22 06:38:11][ASSERT#0004][OK] cost=0.062s Started switch pause container: tests-sw-namespace-snat2-pause Started switch frr container: tests-sw-namespace-snat2-frr Started switch ipsec container: tests-sw-namespace-snat2-ipsec Started switch container: tests-sw-namespace-snat2 [26-06-22 06:38:11][ASSERT#0005][expect] at cases/switch_namespace_snat.sh:96 fn=setup_sw2 retry=30 cmd="docker logs -f tests-sw-namespace-snat2" expect="Http.Start" 2026/06/22 06:38:12 INFO|root|Wait: ... 2026/06/22 06:38:12 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/22 06:38:12 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/22 06:38:12 INFO|root|Http.Start 0.0.0.0:10000 [26-06-22 06:38:12][ASSERT#0005][OK] cost=1.027s [26-06-22 06:38:12][ASSERT#0006][cmd] at cases/switch_namespace_snat.sh:98 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example add --address 192.64.0.2/24 --namespace vrf-snat" [26-06-22 06:38:13][ASSERT#0006][OK] cost=0.270s [26-06-22 06:38:13][ASSERT#0007][match] at cases/switch_namespace_snat.sh:99 fn=setup_sw2 retry=1 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example" expect="namespace: vrf-snat" address: 192.64.0.2/24 name: br-example name: example namespace: vrf-snat snat: enable subnet: netmask: 255.255.255.0 [26-06-22 06:38:13][ASSERT#0007][OK] cost=0.066s [26-06-22 06:38:13][ASSERT#0008][cmd] at cases/switch_namespace_snat.sh:100 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 ip link show vrf-snat" 9: vrf-snat: mtu 65575 qdisc noqueue state UP mode DEFAULT group default link/ether 0e:61:e1:09:1d:ae brd ff:ff:ff:ff:ff:ff [26-06-22 06:38:13][ASSERT#0008][OK] cost=0.056s [26-06-22 06:38:13][ASSERT#0009][match] at cases/switch_namespace_snat.sh:101 fn=setup_sw2 retry=5 cmd="docker exec tests-sw-namespace-snat2 ip link show hi-example" expect="master vrf-snat" 8: hi-example@bi-example: mtu 1500 qdisc noqueue master vrf-snat state UP mode DEFAULT group default link/ether 92:1b:59:c6:5b:de brd ff:ff:ff:ff:ff:ff [26-06-22 06:38:13][ASSERT#0009][OK] cost=0.059s [26-06-22 06:38:13][ASSERT#0010][cmd] at cases/switch_namespace_snat.sh:102 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan network --name b add --address 192.66.0.1/24" [26-06-22 06:38:13][ASSERT#0010][OK] cost=0.249s [26-06-22 06:38:13][ASSERT#0011][cmd] at cases/switch_namespace_snat.sh:103 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example snat disable" [26-06-22 06:38:13][ASSERT#0011][OK] cost=0.082s [26-06-22 06:38:13][ASSERT#0012][cmd] at cases/switch_namespace_snat.sh:104 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example route add --prefix 10.242.2.11/32 --nexthop 192.64.0.1" [26-06-22 06:38:13][ASSERT#0012][OK] cost=0.068s [26-06-22 06:38:13][ASSERT#0013][cmd] at cases/switch_namespace_snat.sh:105 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan user add --name ac1@example --password 123456" # total 1 username password role lease ac1@example 123456 guest 2027-06-22T06 [26-06-22 06:38:13][ASSERT#0013][OK] cost=0.070s [26-06-22 06:38:13][ASSERT#0014][cmd] at cases/switch_namespace_snat.sh:106 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan user add --name acb@b --password 123456" # total 1 username password role lease acb@b 123456 guest 2027-06-22T06 [26-06-22 06:38:13][ASSERT#0014][OK] cost=0.069s [26-06-22 06:38:13][ASSERT#0015][cmd] at cases/switch_namespace_snat.sh:107 fn=setup_sw2 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example output add --remote 100.100.0.241 --protocol udp --secret t1:123456 --crypt aes-128:ea64d5b0c96c" [26-06-22 06:38:13][ASSERT#0015][OK] cost=0.082s Started access container: tests-sw-namespace-snat.ac1 [26-06-22 06:38:14][ASSERT#0016][expect] at cases/switch_namespace_snat.sh:128 fn=setup_ac1 retry=30 cmd="docker logs -f tests-sw-namespace-snat.ac1" expect="onLogin: success" 2026/06/22 06:38:14 INFO|100.100.0.242:10002|example|Worker.OnSuccess 2026/06/22 06:38:14 INFO|100.100.0.242:10002|example|Access.AddAddr: 192.64.0.11/24 via 2026/06/22 06:38:14 INFO|100.100.0.242:10002|example|Access.AddRoute: 10.242.2.11/32 via 192.64.0.2 2026/06/22 06:38:14 INFO|udp:100.100.0.242:10002|example|SocketWorker.onLogin: success 2026/06/22 06:38:14 INFO|100.100.0.242:10002|example|Worker.OnIpAddr: name:example gateway:192.64.0.2 address:192.64.0.11 netmask:255.255.255.0 routes:[] 2026/06/22 06:38:14 WARN|100.100.0.242:10002|example|Access.AddAddr.SetLinkIp: file exists 2026/06/22 06:38:14 INFO|100.100.0.242:10002|example|Access.AddAddr: 192.64.0.11/24 via 192.64.0.2 [26-06-22 06:38:15][ASSERT#0016][OK] cost=1.035s Started access container: tests-sw-namespace-snat.acb [26-06-22 06:38:15][ASSERT#0017][expect] at cases/switch_namespace_snat.sh:149 fn=setup_acb retry=30 cmd="docker logs -f tests-sw-namespace-snat.acb" expect="onLogin: success" 2026/06/22 06:38:15 INFO|100.100.0.242:10002|b|Worker.OnSuccess 2026/06/22 06:38:15 INFO|100.100.0.242:10002|b|Access.AddAddr: 192.66.0.11/24 via 2026/06/22 06:38:15 INFO|100.100.0.242:10002|b|Access.AddRoute: 10.242.2.11/32 via 192.66.0.1 2026/06/22 06:38:15 INFO|udp:100.100.0.242:10002|b|SocketWorker.onLogin: success 2026/06/22 06:38:15 INFO|100.100.0.242:10002|b|Worker.OnIpAddr: name:b gateway:192.66.0.1 address:192.66.0.11 netmask:255.255.255.0 routes:[] 2026/06/22 06:38:15 WARN|100.100.0.242:10002|b|Access.AddAddr.SetLinkIp: file exists 2026/06/22 06:38:15 INFO|100.100.0.242:10002|b|Access.AddAddr: 192.66.0.11/24 via 192.66.0.1 [26-06-22 06:38:16][ASSERT#0017][OK] cost=1.035s [26-06-22 06:38:16][ASSERT#0018][cmd] at cases/switch_namespace_snat.sh:153 fn=setup_vip_http cmd="docker exec tests-sw-namespace-snat1 sh -c cat > /tmp/namespace-snat-http.sh <<'EOF' #!/bin/sh printf 'HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nsrc=%s\n' "$SOCAT_PEERADDR" EOF chmod +x /tmp/namespace-snat-http.sh nohup socat TCP-LISTEN:8081,bind=10.242.2.11,reuseaddr,fork EXEC:/tmp/namespace-snat-http.sh >/tmp/namespace-snat-http.log 2>&1 &" [26-06-22 06:38:16][ASSERT#0018][OK] cost=0.072s [26-06-22 06:38:16][ASSERT#0019][match] at cases/switch_namespace_snat.sh:188 fn=test_namespace_snat retry=15 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example output ls" expect="state: authenticated" protocol: udp remote: 100.100.0.241 secret: t1:123456 state: authenticated [26-06-22 06:38:16][ASSERT#0019][OK] cost=0.076s [26-06-22 06:38:16][ASSERT#0020][cmd] at cases/switch_namespace_snat.sh:190 fn=test_namespace_snat cmd="docker exec tests-sw-namespace-snat2 openlan network --name example snat disable" [26-06-22 06:38:16][ASSERT#0020][OK] cost=0.066s [26-06-22 06:38:16][ASSERT#0021][match] at cases/switch_namespace_snat.sh:174 fn=assert_ping_target retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 ping -c 3 10.242.2.11" expect="bytes from" PING 10.242.2.11 (10.242.2.11) 56(84) bytes of data. 64 bytes from 10.242.2.11: icmp_seq=1 ttl=64 time=2064 ms 64 bytes from 10.242.2.11: icmp_seq=2 ttl=64 time=1030 ms 64 bytes from 10.242.2.11: icmp_seq=3 ttl=64 time=5.79 ms --- 10.242.2.11 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2059ms [26-06-22 06:38:18][ASSERT#0021][OK] cost=2.117s [26-06-22 06:38:18][ASSERT#0022][match] at cases/switch_namespace_snat.sh:164 fn=assert_http_source retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 wget -qO- -T 3 -t 1 http://10.242.2.11:8081" expect="src=192.64.0.11" src=192.64.0.11 [26-06-22 06:38:18][ASSERT#0022][OK] cost=0.070s [26-06-22 06:38:18][ASSERT#0023][cmd] at cases/switch_namespace_snat.sh:194 fn=test_namespace_snat cmd="docker exec tests-sw-namespace-snat2 openlan network --name example snat enable --scope enable" [26-06-22 06:38:19][ASSERT#0023][OK] cost=0.075s [26-06-22 06:38:19][ASSERT#0024][match] at cases/switch_namespace_snat.sh:174 fn=assert_ping_target retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 ping -c 3 10.242.2.11" expect="bytes from" PING 10.242.2.11 (10.242.2.11) 56(84) bytes of data. 64 bytes from 10.242.2.11: icmp_seq=1 ttl=63 time=1.13 ms 64 bytes from 10.242.2.11: icmp_seq=2 ttl=63 time=2.42 ms 64 bytes from 10.242.2.11: icmp_seq=3 ttl=63 time=2.57 ms --- 10.242.2.11 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms [26-06-22 06:38:21][ASSERT#0024][OK] cost=2.064s [26-06-22 06:38:21][ASSERT#0025][match] at cases/switch_namespace_snat.sh:164 fn=assert_http_source retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 wget -qO- -T 3 -t 1 http://10.242.2.11:8081" expect="src=192.64.0.2" src=192.64.0.2 [26-06-22 06:38:21][ASSERT#0025][OK] cost=0.068s [26-06-22 06:38:21][ASSERT#0026][unmatch] at cases/switch_namespace_snat.sh:179 fn=assert_ping_target_fail retry=3 cmd="docker exec tests-sw-namespace-snat.acb ping -c 3 10.242.2.11" unexpected="bytes from" Last output: PING 10.242.2.11 (10.242.2.11) 56(84) bytes of data. --- 10.242.2.11 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2056ms [26-06-22 06:39:00][ASSERT#0026][OK] cost=39.351s [26-06-22 06:39:00][ASSERT#0027][unmatch] at cases/switch_namespace_snat.sh:169 fn=assert_http_unreachable retry=3 cmd="docker exec tests-sw-namespace-snat.acb wget -qO- -T 3 -t 1 http://10.242.2.11:8081" unexpected="src=" Last output: [26-06-22 06:39:12][ASSERT#0027][OK] cost=12.212s [26-06-22 06:39:12][ASSERT#0028][cmd] at cases/switch_namespace_snat.sh:202 fn=test_reload_persistence cmd="docker exec tests-sw-namespace-snat1 openlan reload --save" Save configuraion ... success # reloading pid:45 .... PID 45 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:561 ... PID 561 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:39:13][ASSERT#0028][OK] cost=1.078s [26-06-22 06:39:13][ASSERT#0029][cmd] at cases/switch_namespace_snat.sh:203 fn=test_reload_persistence cmd="docker exec tests-sw-namespace-snat2 openlan reload --save" Save configuraion ... success # reloading pid:45 .... PID 45 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:813 ... PID 813 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:39:14][ASSERT#0029][OK] cost=1.069s [26-06-22 06:39:14][ASSERT#0030][match] at cases/switch_namespace_snat.sh:205 fn=test_reload_persistence retry=10 cmd="docker exec tests-sw-namespace-snat2 openlan network --name example" expect="namespace: vrf-snat" address: 192.64.0.2/24 name: br-example name: example namespace: vrf-snat outputs: - crypt: aes-128:ea64d5b0c96c link: udp:100.100.0.241:t1 [26-06-22 06:39:15][ASSERT#0030][OK] cost=0.071s [26-06-22 06:39:15][ASSERT#0031][match] at cases/switch_namespace_snat.sh:206 fn=test_reload_persistence retry=10 cmd="docker exec tests-sw-namespace-snat2 ip link show hi-example" expect="master vrf-snat" 8: hi-example@bi-example: mtu 1500 qdisc noqueue master vrf-snat state UP mode DEFAULT group default link/ether 92:1b:59:c6:5b:de brd ff:ff:ff:ff:ff:ff [26-06-22 06:39:15][ASSERT#0031][OK] cost=0.058s [26-06-22 06:39:15][ASSERT#0032][match] at cases/switch_namespace_snat.sh:174 fn=assert_ping_target retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 ping -c 3 10.242.2.11" expect="bytes from" PING 10.242.2.11 (10.242.2.11) 56(84) bytes of data. 64 bytes from 10.242.2.11: icmp_seq=1 ttl=63 time=2.02 ms 64 bytes from 10.242.2.11: icmp_seq=2 ttl=63 time=2.21 ms 64 bytes from 10.242.2.11: icmp_seq=3 ttl=63 time=1.58 ms --- 10.242.2.11 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms [26-06-22 06:39:30][ASSERT#0032][OK] cost=15.179s [26-06-22 06:39:30][ASSERT#0033][match] at cases/switch_namespace_snat.sh:164 fn=assert_http_source retry=20 cmd="docker exec tests-sw-namespace-snat.ac1 wget -qO- -T 3 -t 1 http://10.242.2.11:8081" expect="src=192.64.0.2" src=192.64.0.2 [26-06-22 06:39:30][ASSERT#0033][OK] cost=0.075s [26-06-22 06:39:30][ASSERT#0034][unmatch] at cases/switch_namespace_snat.sh:179 fn=assert_ping_target_fail retry=3 cmd="docker exec tests-sw-namespace-snat.acb ping -c 3 10.242.2.11" unexpected="bytes from" Last output: PING 10.242.2.11 (10.242.2.11) 56(84) bytes of data. --- 10.242.2.11 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2053ms [26-06-22 06:40:09][ASSERT#0034][OK] cost=39.385s [26-06-22 06:40:09][ASSERT#0035][unmatch] at cases/switch_namespace_snat.sh:169 fn=assert_http_unreachable retry=3 cmd="docker exec tests-sw-namespace-snat.acb wget -qO- -T 3 -t 1 http://10.242.2.11:8081" unexpected="src=" Last output: [26-06-22 06:40:21][ASSERT#0035][OK] cost=12.220s [26-06-22 06:40:22] END switch_namespace_snat status=PASS cost=133.957s