using netcat for external loop-back test between two ports

Question

I am writing a test script to exercise processor boards for a burn-in cycle during manufacturing. I would like to use netcat to transfer files from one process, out one Ethernet port and back into another Ethernet port to a receiving process. It looks like netcat would be an easy tool to use for this.

The problem is that if I set up the ethernet ports with IP addresses on separate IP sub nets and attempt to transfer data from one to the other, the kernel's protocol stack detects an internal route and although the data transfer completes as expected, it does NOT go out over the wire. The packets are routed internally.

That's great for network optimization but it foils the test I want to do.

Is there easy way to make this work? Is there a trick with iptables that would work? Or maybe things you can do to the route table?

Answer 1

I use network name spaces to do this sort of thing. With each of the adapters in a different namespace the data traffic definitely goes through the wire instead of reflecting in the network stack. The separate namespaces also prevent reverse packet filters and such from getting in the way.

So presume eth0 and eth1, wiht iperf3 as the reflecting agent (ping server or whatever). [DISCLAIMER:text from memory, all typos are typos, YMMV]

ip netns add target
ip link set dev eth1 up netns target
ip netns exec target ip address add dev eth1 xxx.xxx.xxx.xxx/y 
ip netns exec target iperf3 --server

So now you've created the namespace "target", moved one of your adapters into that namespace. Set its IP address. And finally run your application in the that target namespace.

You can now run any (compatible) program in the native namespace, and if it references the xxx.xxx.xxx.xxx IP address (which clearly must be reachable with some route) will result in on-wire traffic that, with a proper loop-back path, will find the adapter within the other namespace as if it were a different computer all together.

Once finished, you kill the daemon server and delete the namespace by name and then the namespace members revert and you are back to vanilla.

killall iperf3
ip netns delete target

This also works with "virtual functions" of a single interface, but that example requires teasing out one or more virtual functions --- e.g. SR-IOV type adapters -- and handing out local mac addresses. So I haven't done that enough to have a sample code tidbit ready.

Answer 2

Internal routing is preferred because in the default routing behaviour you have all the internal routes marked as scope link in the local table. Check this out with:

ip rule show
ip route show table local

If your kernel supports multiple routing tables you can simply alter the local table to achieve your goal. You don't need iptables.

Let's say 192.168.1.1 is your target ip address and eth0 is the interface where you want to send your packets out to the wire.

ip route add 192.168.1.1/32 dev eth0 table local