[netfilter-cvslog] r3437 - trunk/nfsim-testsuite/02conntrack

rusty at netfilter.org rusty at netfilter.org
Sat Dec 18 14:16:43 CET 2004 

Author: rusty at netfilter.org
Date: 2004-12-18 14:16:42 +0100 (Sat, 18 Dec 2004)
New Revision: 3437

Added:
   trunk/nfsim-testsuite/02conntrack/11overload.sh
Log:
Test overloading connection tracking.


Added: trunk/nfsim-testsuite/02conntrack/11overload.sh
===================================================================
--- trunk/nfsim-testsuite/02conntrack/11overload.sh	2004-12-17 10:33:26 UTC (rev 3436)
+++ trunk/nfsim-testsuite/02conntrack/11overload.sh	2004-12-18 13:16:42 UTC (rev 3437)
@@ -0,0 +1,34 @@
+#! /bin/sh
+
+# Test overloading connection tracking.
+# Look at output of conntrack initialization to determine max.
+# eg. ip_conntrack version 2.1 (32 buckets, 256 max) - 332 bytes per conntrack
+MAX=$(echo "insmod ip_conntrack" | $NFSIM --no-modules 2>/dev/null | sed -n 's/.*, \([0-9]*\) max.*/\1/p')
+
+# Send MAX, and check they're all expected.
+(i=0; while [ $i -lt $MAX ]; do echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 192.168.0.`expr 2 + $i % 253` 192.168.1.`expr 2 + $i / 253` 0 3; i=$(($i + 1)); done; echo proc cat /proc/net/stat/ip_conntrack) | $NFSIM `echo $NFSIM_ARGS | sed 's/-q//'` > $TMPFILE
+CONNS=$(grep " 00000000 " $TMPFILE | cut -d" " -f1 | tail -1)
+if [ $((0x$CONNS)) -ne $MAX ]; then
+    echo Only found 0x$CONNS out of $MAX >&2
+    exit 1
+fi
+
+MAX_PLUS=$(($MAX + 1))
+# Now, send MAX + 1, and check only MAX of them.
+(i=0; while [ $i -lt $MAX_PLUS ]; do echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 192.168.0.`expr 2 + $i % 253` 192.168.1.`expr 2 + $i / 253` 0 3; i=$(($i + 1)); done; echo proc cat /proc/net/stat/ip_conntrack) | $NFSIM `echo $NFSIM_ARGS | sed 's/-q//'` > $TMPFILE
+CONNS=$(grep " 00000000 " $TMPFILE | cut -d" " -f1 | tail -1)
+if [ $((0x$CONNS)) -ne $MAX ]; then
+    echo 0x$CONNS after $MAX + 1 >&2
+    exit 1
+fi
+
+# Now, fill with replied TCP connections.
+(i=0; while [ $i -lt $MAX ]; do SRC=192.168.0.`expr 2 + $i % 253`; DST=192.168.1.`expr 2 + $i / 253`; echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 $SRC $DST 0 6 1 2 SYN; echo "expect gen_ip send:eth0 *"; echo gen_ip IF=eth1 $DST $SRC 0 6 2 1 SYN/ACK ACK=1; echo "expect gen_ip send:eth1 *"; echo gen_ip IF=eth0 $SRC $DST 0 6 1 2 ACK SEQ=1 ACK=1; i=$(($i + 1)); done) > $TMPFILE
+
+# This one will be dropped.
+SRC=192.168.0.`expr 2 + $MAX % 253`
+DST=192.168.1.`expr 2 + $MAX / 253`
+echo "expect gen_ip *table full*" >> $TMPFILE
+echo "expect gen_ip *NF_DROP*" >> $TMPFILE
+echo "gen_ip IF=eth0 $SRC $DST 0 6 1 2 SYN" >> $TMPFILE
+$NFSIM $NFSIM_ARGS < $TMPFILE


Property changes on: trunk/nfsim-testsuite/02conntrack/11overload.sh
___________________________________________________________________
Name: svn:executable
   + *

More information about the netfilter-cvslog mailing list