1 files changed, 75 insertions, 0 deletions

diff --git a/qa/ct_stress.c b/qa/ct_stress.c
new file mode 100644
index 0000000..36aa1a0
--- /dev/null
+++ b/qa/ct_stress.c
@@ -0,0 +1,75 @@
+/* simple tool to generate random of flow entries to fill hard the
+   conntrack table. Early drop will not save our day then, because
+   the table will be plenty of assured flows. If things go well,
+   we hit ENOMEM at some point.
+
+   You have to use conntrack_events_reliable together with this tool.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <time.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
+
+int main(int argc, char *argv[])
+{
+	time_t t;
+	int ret, i, r;
+	struct nfct_handle *h;
+	struct nf_conntrack *ct;
+
+	if (argc < 2) {
+		fprintf(stderr, "Usage: %s [ct_table_size]\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	time(&t);
+	srandom(t);
+	r = random();
+
+	ct = nfct_new();
+	if (!ct) {
+		perror("nfct_new");
+		return 0;
+	}
+
+	h = nfct_open(CONNTRACK, 0);
+	if (!h) {
+		perror("nfct_open");
+		nfct_destroy(ct);
+		return -1;
+	}
+
+	for (i = r;i < (r + atoi(argv[1]) * 2); i++) {
+		nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+		nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1") + i);
+		nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2") + i);
+
+		nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+		nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(10));
+		nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(20));
+
+		nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
+
+		nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
+		nfct_set_attr_u32(ct, ATTR_TIMEOUT, 1000);
+		nfct_set_attr_u32(ct, ATTR_STATUS, IPS_ASSURED);
+
+		if (i % 10000 == 0)
+			printf("added %d flow entries\n", i);
+
+		ret = nfct_query(h, NFCT_Q_CREATE, ct);
+		if (ret == -1)
+			perror("nfct_query: ");
+	}
+	nfct_close(h);
+
+	nfct_destroy(ct);
+
+	exit(EXIT_SUCCESS);
+}