[PATCH nft] tests: shell: update packetpath/flowtables after flow teardown changes

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Tue, 19 Mar 2024 21:21:46 +0100

Update timeout according to:

  ("netfilter: flowtable: infer TCP state and timeout before flow teardown")

which sets TCP state to established and it uses unack timeout as
specified by nf_conntrack_tcp_timeout_unacknowledged.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
to be applied once kernel patch:

  ("netfilter: flowtable: infer TCP state and timeout before flow teardown")

reaches upstream.

 tests/shell/testcases/packetpath/flowtables | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/shell/testcases/packetpath/flowtables b/tests/shell/testcases/packetpath/flowtables
index 852a05c6d0ab..9c885d152fb6 100755
--- a/tests/shell/testcases/packetpath/flowtables
+++ b/tests/shell/testcases/packetpath/flowtables
@@ -70,7 +70,7 @@ ip netns exec $R sysctl -w net.netfilter.nf_flowtable_tcp_timeout=5 || {
 	echo "E: set net.netfilter.nf_flowtable_tcp_timeout fail, skipping" >&2
         exit 77
 }
-ip netns exec $R sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=86400 || {
+ip netns exec $R sysctl -w net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=250 || {
         echo "E: set net.netfilter.nf_conntrack_tcp_timeout_established fail, skipping" >&2
         exit 77
 
@@ -85,7 +85,7 @@ ip netns exec $R grep 'OFFLOAD' /proc/net/nf_conntrack   || { echo "check [OFFLO
 ip netns exec $R cat /proc/net/nf_conntrack
 sleep 6
 ip netns exec $R grep 'OFFLOAD' /proc/net/nf_conntrack   && { echo "CT OFFLOAD timeout, fail back to classical path (failed)"; exit 1; }
-ip netns exec $R grep '8639[0-9]' /proc/net/nf_conntrack || { echo "check nf_conntrack_tcp_timeout_established (failed)"; exit 1; }
+ip netns exec $R grep '24[0-9].*ESTABLISHED' /proc/net/nf_conntrack || { echo "check ESTABLISHED and nf_conntrack_tcp_timeout_unack (failed)"; exit 1; }
 ip netns exec $C echo "send sth" >> pipefile
 ip netns exec $R grep 'OFFLOAD' /proc/net/nf_conntrack   || { echo "traffic seen, back to OFFLOAD path (failed)"; exit 1; }
 ip netns exec $C sleep 3
-- 
2.30.2








