@@ -3,11 +3,7 @@
# Test insertion speed for packets with identical addresses/ports
# that are all placed in distinct conntrack zones.
-sfx=$(mktemp -u "XXXXXXXX")
-ns="ns-$sfx"
-
-# Kselftest framework requirement - SKIP code is 4.
-ksft_skip=4
+source lib.sh
zones=2000
have_ct_tool=0
@@ -15,35 +11,25 @@ ret=0
cleanup()
{
- ip netns del $ns
-}
-
-checktool (){
- if ! $1 > /dev/null 2>&1; then
- echo "SKIP: Could not $2"
- exit $ksft_skip
- fi
+ cleanup_all_ns
}
checktool "nft --version" "run test without nft tool"
-checktool "ip -Version" "run test without ip tool"
checktool "socat -V" "run test without socat tool"
-checktool "ip netns add $ns" "create net namespace"
+
+setup_ns ns1
trap cleanup EXIT
-conntrack -V > /dev/null 2>&1
-if [ $? -eq 0 ];then
+if conntrack -V > /dev/null 2>&1; then
have_ct_tool=1
fi
-ip -net "$ns" link set lo up
-
test_zones() {
local max_zones=$1
-ip netns exec $ns sysctl -q net.netfilter.nf_conntrack_udp_timeout=3600
-ip netns exec $ns nft -f /dev/stdin<<EOF
+ip netns exec "$ns1" sysctl -q net.netfilter.nf_conntrack_udp_timeout=3600
+ip netns exec "$ns1" nft -f /dev/stdin<<EOF
flush ruleset
table inet raw {
map rndzone {
@@ -56,29 +42,36 @@ table inet raw {
}
}
EOF
+if [ "$?" -ne 0 ];then
+ echo "SKIP: Cannot add nftables rules"
+ exit $ksft_skip
+fi
(
echo "add element inet raw rndzone {"
- for i in $(seq 1 $max_zones);do
+ for i in $(seq 1 "$max_zones");do
echo -n "$i : $i"
- if [ $i -lt $max_zones ]; then
+ if [ "$i" -lt "$max_zones" ]; then
echo ","
else
echo "}"
fi
done
- ) | ip netns exec $ns nft -f /dev/stdin
+ ) | ip netns exec "$ns1" nft -f /dev/stdin
local i=0
local j=0
- local outerstart=$(date +%s%3N)
- local stop=$outerstart
-
- while [ $i -lt $max_zones ]; do
- local start=$(date +%s%3N)
+ local outerstart
+ local stop
+ outerstart=$(date +%s%3N)
+ stop=$outerstart
+
+ while [ "$i" -lt "$max_zones" ]; do
+ local start
+ start=$(date +%s%3N)
i=$((i + 1000))
j=$((j + 1))
# nft rule in output places each packet in a different zone.
- dd if=/dev/zero of=/dev/stdout bs=8k count=1000 2>/dev/null | ip netns exec "$ns" socat STDIN UDP:127.0.0.1:12345,sourceport=12345
+ dd if=/dev/zero bs=8k count=1000 2>/dev/null | ip netns exec "$ns1" socat -u STDIN UDP:127.0.0.1:12345,sourceport=12345
if [ $? -ne 0 ] ;then
ret=1
break
@@ -89,14 +82,15 @@ EOF
echo "PASS: added 1000 entries in $duration ms (now $i total, loop $j)"
done
- if [ $have_ct_tool -eq 1 ]; then
- local count=$(ip netns exec "$ns" conntrack -C)
- local duration=$((stop-outerstart))
+ if [ "$have_ct_tool" -eq 1 ]; then
+ local count duration
+ count=$(ip netns exec "$ns1" conntrack -C)
+ duration=$((stop-outerstart))
- if [ $count -eq $max_zones ]; then
+ if [ "$count" -eq "$max_zones" ]; then
echo "PASS: inserted $count entries from packet path in $duration ms total"
else
- ip netns exec $ns conntrack -S 1>&2
+ ip netns exec "$ns1" conntrack -S 1>&2
echo "FAIL: inserted $count entries from packet path in $duration ms total, expected $max_zones entries"
ret=1
fi
@@ -110,18 +104,19 @@ EOF
test_conntrack_tool() {
local max_zones=$1
- ip netns exec $ns conntrack -F >/dev/null 2>/dev/null
+ ip netns exec "$ns1" conntrack -F >/dev/null 2>/dev/null
- local outerstart=$(date +%s%3N)
- local start=$(date +%s%3N)
- local stop=$start
- local i=0
- while [ $i -lt $max_zones ]; do
+ local outerstart start stop i
+ outerstart=$(date +%s%3N)
+ start=$(date +%s%3N)
+ stop="$start"
+ i=0
+ while [ "$i" -lt "$max_zones" ]; do
i=$((i + 1))
- ip netns exec "$ns" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \
+ ip netns exec "$ns1" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \
--timeout 3600 --state ESTABLISHED --sport 12345 --dport 1000 --zone $i >/dev/null 2>&1
if [ $? -ne 0 ];then
- ip netns exec "$ns" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \
+ ip netns exec "$ns1" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \
--timeout 3600 --state ESTABLISHED --sport 12345 --dport 1000 --zone $i > /dev/null
echo "FAIL: conntrack -I returned an error"
ret=1
@@ -137,13 +132,15 @@ test_conntrack_tool() {
fi
done
- local count=$(ip netns exec "$ns" conntrack -C)
- local duration=$((stop-outerstart))
+ local count
+ local duration
+ count=$(ip netns exec "$ns1" conntrack -C)
+ duration=$((stop-outerstart))
- if [ $count -eq $max_zones ]; then
+ if [ "$count" -eq "$max_zones" ]; then
echo "PASS: inserted $count entries via ctnetlink in $duration ms"
else
- ip netns exec $ns conntrack -S 1>&2
+ ip netns exec "$ns1" conntrack -S 1>&2
echo "FAIL: inserted $count entries via ctnetlink in $duration ms, expected $max_zones entries ($duration ms)"
ret=1
fi
@@ -151,7 +148,7 @@ test_conntrack_tool() {
test_zones $zones
-if [ $have_ct_tool -eq 1 ];then
+if [ "$have_ct_tool" -eq 1 ];then
test_conntrack_tool $zones
else
echo "SKIP: Could not run ctnetlink insertion test without conntrack tool"
Also do shellcheck cleanups here, no functional changes intended. When running tests via vng tool, the packetpath insertion test fails: dd: failed to open '/dev/stdout': Device or resource busy Just omit 'of=' and this will work as intended. Signed-off-by: Florian Westphal <fw@strlen.de> --- .../selftests/net/netfilter/nft_zones_many.sh | 93 +++++++++---------- 1 file changed, 45 insertions(+), 48 deletions(-)