Hi Pablo,
On Fri, May 10, 2024 at 02:13:11AM +0200, Pablo Neira Ayuso wrote:
> Before taking a closer look: Would it be possible to have a torture
> test to exercise this path from userspace?
Please kindly find my torture script attached. It does the following:
1) Create three netns connected by VETH pairs:
client [cr0]<->[rc0] router [rs0]<->[sr0] server
2) In router ns, add an nftables ruleset with:
- A netdev chain for each interface rcN and rsN (N e [0,9])
- A flowtable for each interface pair (rcN, rsN) (N e [0,9])
- A base chain in forward hook with ten rules adding traffic to
the respective flowtable.
3) Run iperf3 between client and server ns for a minute
4) While iperf runs, rename rcN -> rc((N+1)%10) (same for rsN) in a busy
loop.
I extended my series meanwhile by an extra patch adding notifications
for each hook update and had (a patched) 'nft monitor' running in
parallel.
WDYT, is something still missing I could add to the test? Also, I'm not
sure whether I should add it to netfilter selftests as it doesn't have a
defined failure outcome.
Cheers, Phil
Attachment:
nft_interface_stress.sh
Description: Bourne shell script
