[netfilter-cvslog] r3437 - trunk/nfsim-testsuite/02conntrack
rusty at netfilter.org
rusty at netfilter.org
Sat Dec 18 14:16:43 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-18 14:16:42 +0100 (Sat, 18 Dec 2004)
New Revision: 3437
Added:
trunk/nfsim-testsuite/02conntrack/11overload.sh
Log:
Test overloading connection tracking.
Added: trunk/nfsim-testsuite/02conntrack/11overload.sh
===================================================================
--- trunk/nfsim-testsuite/02conntrack/11overload.sh 2004-12-17 10:33:26 UTC (rev 3436)
+++ trunk/nfsim-testsuite/02conntrack/11overload.sh 2004-12-18 13:16:42 UTC (rev 3437)
@@ -0,0 +1,34 @@
+#! /bin/sh
+
+# Test overloading connection tracking.
+# Look at output of conntrack initialization to determine max.
+# eg. ip_conntrack version 2.1 (32 buckets, 256 max) - 332 bytes per conntrack
+MAX=$(echo "insmod ip_conntrack" | $NFSIM --no-modules 2>/dev/null | sed -n 's/.*, \([0-9]*\) max.*/\1/p')
+
+# Send MAX, and check they're all expected.
+(i=0; while [ $i -lt $MAX ]; do echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 192.168.0.`expr 2 + $i % 253` 192.168.1.`expr 2 + $i / 253` 0 3; i=$(($i + 1)); done; echo proc cat /proc/net/stat/ip_conntrack) | $NFSIM `echo $NFSIM_ARGS | sed 's/-q//'` > $TMPFILE
+CONNS=$(grep " 00000000 " $TMPFILE | cut -d" " -f1 | tail -1)
+if [ $((0x$CONNS)) -ne $MAX ]; then
+ echo Only found 0x$CONNS out of $MAX >&2
+ exit 1
+fi
+
+MAX_PLUS=$(($MAX + 1))
+# Now, send MAX + 1, and check only MAX of them.
+(i=0; while [ $i -lt $MAX_PLUS ]; do echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 192.168.0.`expr 2 + $i % 253` 192.168.1.`expr 2 + $i / 253` 0 3; i=$(($i + 1)); done; echo proc cat /proc/net/stat/ip_conntrack) | $NFSIM `echo $NFSIM_ARGS | sed 's/-q//'` > $TMPFILE
+CONNS=$(grep " 00000000 " $TMPFILE | cut -d" " -f1 | tail -1)
+if [ $((0x$CONNS)) -ne $MAX ]; then
+ echo 0x$CONNS after $MAX + 1 >&2
+ exit 1
+fi
+
+# Now, fill with replied TCP connections.
+(i=0; while [ $i -lt $MAX ]; do SRC=192.168.0.`expr 2 + $i % 253`; DST=192.168.1.`expr 2 + $i / 253`; echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 $SRC $DST 0 6 1 2 SYN; echo "expect gen_ip send:eth0 *"; echo gen_ip IF=eth1 $DST $SRC 0 6 2 1 SYN/ACK ACK=1; echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 $SRC $DST 0 6 1 2 ACK SEQ=1 ACK=1; i=$(($i + 1)); done) > $TMPFILE
+
+# This one will be dropped.
+SRC=192.168.0.`expr 2 + $MAX % 253`
+DST=192.168.1.`expr 2 + $MAX / 253`
+echo "expect gen_ip *table full*" >> $TMPFILE
+echo "expect gen_ip *NF_DROP*" >> $TMPFILE
+echo "gen_ip IF=eth0 $SRC $DST 0 6 1 2 SYN" >> $TMPFILE
+$NFSIM $NFSIM_ARGS < $TMPFILE
Property changes on: trunk/nfsim-testsuite/02conntrack/11overload.sh
___________________________________________________________________
Name: svn:executable
+ *
More information about the netfilter-cvslog
mailing list