git.kernel.dk Git - linux-block.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 17 Apr 2025 15:14:28 +0000 (17:14 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 5 May 2025 11:14:10 +0000 (13:14 +0200)
commit	d33f889fd80c91e0250874e910fc58918eb660db
tree	e28cfdf52f1d0afd14608da15f320b84ca36724a	tree
parent	aa04c6f45b9224b949aa35d4fa5f8d0ba07b23d4	commit \| diff

selftests: netfilter: add conntrack stress test

Add a new test case to check:
- conntrack_max limit is effective
- conntrack_max limit cannot be exceeded from within a netns
- resizing the hash table while packets are inflight works
- removal of all conntrack rules disables conntrack in netns
- conntrack tool dump (conntrack -L) returns expected number
of (unique) entries
- procfs interface - if available - has same number of entries
as conntrack -L dump

Expected output with selftest framework:
selftests: net/netfilter: conntrack_resize.sh
PASS: got 1 connections: netns conntrack_max is pernet bound
PASS: got 100 connections: netns conntrack_max is init_net bound
PASS: dump in netns had same entry count (-C 1778, -L 1778, -p 1778, /proc 0)
PASS: dump in netns had same entry count (-C 2000, -L 2000, -p 2000, /proc 0)
PASS: test parallel conntrack dumps
PASS: resize+flood
PASS: got 0 connections: conntrack disabled
PASS: got 1 connections: conntrack enabled
ok 1 selftests: net/netfilter: conntrack_resize.sh

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

tools/testing/selftests/net/netfilter/Makefile		diff \| blob \| blame \| history
tools/testing/selftests/net/netfilter/config		diff \| blob \| blame \| history
tools/testing/selftests/net/netfilter/conntrack_resize.sh	[new file with mode: 0755]	blob