Menu
▾
▴
[Audit-test-developer] [PATCH 05/26] netfilter, netfilebt: reduce long 90sec waits on accept
|
From: Jiri J. <jja...@re...> - 2013-10-07 11:29:55
|
The lblnet_tst_server is launched from xinetd with explicit
`-t 10' option, which caused the server to give up after 10 seconds.
It therefore doesn't make sense to wait 90 seconds for a timeout.
Removing $alarmv altogether makes do_accept use its default timer
of 15 seconds, which is already used by the network bucket.
This change saves approximately 23*(90-15) seconds (~29 minutes)
when running netfilter/netfilebt buckets.
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/netfilebt/run.conf | 38 +++++++++++++++++++-------------------
audit-test/netfilter/run.conf | 8 ++++----
2 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/audit-test/netfilebt/run.conf b/audit-test/netfilebt/run.conf
index f8676bd..f2cff0d 100644
--- a/audit-test/netfilebt/run.conf
+++ b/audit-test/netfilebt/run.conf
@@ -989,7 +989,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=8 alarmv=90 '$ipv $port $alarmv'
+ tnum=8 '$ipv $port'
## TESTCASE: Test #8 tnum 9
## Table Rule no blocking
## Input remote server sends udp packets to bridge ipv4 address
@@ -1024,7 +1024,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=12 alarmv=90 '$ipv $port $alarmv'
+ tnum=12 '$ipv $port'
## TESTCASE: Test #12 tnum 13
## Table Rule INPUT chain policy set to DROP, ACCEPT TCP packets to
## port destination port (tst_port1) and log in audit.log
@@ -1034,7 +1034,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=13 alarmv=90 '$ipv $port $alarmv'
+ tnum=13 '$ipv $port'
## TESTCASE: Test #13 tnum 14
## Table Rule INPUT chain policy set to DROP no other rule
## Input remote server sends tcp connect to bridge ipv4 address
@@ -1044,7 +1044,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=14 alarmv=90 '$ipv $port $alarmv'
+ tnum=14 '$ipv $port'
## TESTCASE: Test #14 tnum 15
## Table Rule accept packets to logical bridge device (BRIDGE_FILTER)
## Input remote server sends tcp connect to bridge ipv4 address
@@ -1052,7 +1052,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=15 alarmv=90 '$ipv $port $alarmv'
+ tnum=15 '$ipv $port'
## TESTCASE: Test #15 tnum 16
## Table Rule drop packets to logical bridge device (BRIDGE_FILTER)
## Input remote server sends tcp connect to bridge ipv4 address
@@ -1060,7 +1060,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=16 alarmv=90 '$ipv $port $alarmv'
+ tnum=16 '$ipv $port'
## TESTCASE: Test #16 tnum 17
## Table Rule accepts packets from mac address of remote server eth1
## Input remote server sends tcp connect to bridge ipv4 address
@@ -1068,7 +1068,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=17 alarmv=90 '$ipv $port $alarmv'
+ tnum=17 '$ipv $port'
## TESTCASE: Test #17 tnum 18
## Table Rule drop packets from mac address of remote server
## Input remote server sends tcp connect to bridge ipv4 address
@@ -1076,7 +1076,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=18 alarmv=90 '$ipv $port $alarmv'
+ tnum=18 '$ipv $port'
## TESTCASE: Test #18 tnum 19
## Table Rule accepts packets to mac address of TOE device enslaved
## to bridge
@@ -1085,7 +1085,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=19 alarmv=90 '$ipv $port $alarmv'
+ tnum=19 '$ipv $port'
## TESTCASE: Test #19 tnum 20
## Table Rule drop packets to mac address of TOE device enslaved
## to bridge
@@ -1094,7 +1094,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=20 alarmv=90 '$ipv $port $alarmv'
+ tnum=20 '$ipv $port'
## TESTCASE: Test #20 tnum 21
## Table Rule no blocking
## Input TOE sends tcp connect (ipv6) to remote server over bridge
@@ -1168,7 +1168,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=28 alarmv=90 '$ipv $port $alarmv'
+ tnum=28 '$ipv $port'
## TESTCASE: Test #28 tnum 29
## Table Rule no blocking
## Input remote server sends udp packets to bridge ipv6 address
@@ -1202,7 +1202,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=32 alarmv=90 '$ipv $port $alarmv'
+ tnum=32 '$ipv $port'
## TESTCASE: Test #32 tnum 33
## Table Rule INPUT chain policy set to DROP, tcp (ipv6) packets to
## TOE port tst_port1 allowed. log of accepted packets to
@@ -1213,7 +1213,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=33 alarmv=90 '$ipv $port $alarmv'
+ tnum=33 '$ipv $port'
## TESTCASE: Test #33 tnum 34
## Table Rule INPUT chain policy set to DROP, only port 22 allowed.
## Input remote server sends tcp connect (ipv6) to TOE port
@@ -1222,7 +1222,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=34 alarmv=90 '$ipv $port $alarmv'
+ tnum=34 '$ipv $port'
## TESTCASE: Test #34 tnum 35
## Table Rule logical bridge device accepts traffic and logs
## to audit.log
@@ -1232,7 +1232,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=35 alarmv=90 '$ipv $port $alarmv'
+ tnum=35 '$ipv $port'
## TESTCASE: Test #35 tnum 36
## Table Rule logical bridge device drops packets and logs to audit.log
## Input remote server sends tcp connect (ipv6) to TOE bridge
@@ -1241,7 +1241,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR\
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=36 alarmv=90 '$ipv $port $alarmv'
+ tnum=36 '$ipv $port'
## TESTCASE: Test #36 tnum 37
## Table Rule accept packets (ipv6) from mac address of remote server
## and log to audit.log
@@ -1259,7 +1259,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=38 alarmv=90 '$ipv $port $alarmv'
+ tnum=38 '$ipv $port'
## TESTCASE: Test #38 tnum 39
## Table Rule accept packets (ipv6) to mac address of TOE device
## enslaved to bridge and log to audit.log
@@ -1268,7 +1268,7 @@ done
+ accept \
mlsop=eq expres=success \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=39 alarmv=90 '$ipv $port $alarmv'
+ tnum=39 '$ipv $port'
## TESTCASE: Test #39 tnum 40
## Table Rule drop packets (ipv6) to mac address of TOE device
## enslaved to bridge and log to audit.log
@@ -1277,7 +1277,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=40 alarmv=90 '$ipv $port $alarmv'
+ tnum=40 '$ipv $port'
## TESTCASE Test #40 tnum 41
## No Table Rule This test insures a normal user does not have
## permision to modify the ebtables
diff --git a/audit-test/netfilter/run.conf b/audit-test/netfilter/run.conf
index 762b516..23740c6 100644
--- a/audit-test/netfilter/run.conf
+++ b/audit-test/netfilter/run.conf
@@ -1444,7 +1444,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=10 alarmv=90 '$ipv $port $alarmv'
+ tnum=10 '$ipv $port'
## TESTCASE Test #10 tnum 11
## Table Rule no blocking
## Input tcp connection request sent (ipv6) from netserver to port
@@ -1463,7 +1463,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=12 alarmv=90 '$ipv $port $alarmv'
+ tnum=12 '$ipv $port'
## TESTCASE Test #12 tnum 13
## Table Rule no blocking
## Input udp packets (ipv4) sent over local loopback device
@@ -1987,7 +1987,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv4 port=$tst_port1 \
- tnum=60 alarmv=90 '$ipv $port $alarmv'
+ tnum=60 '$ipv $port'
## TESTCASE Test #60 tnum 61
## Table Rule no blocking
## Input tcp connect request (ipv6) sent from remote
@@ -2007,7 +2007,7 @@ done
+ accept \
mlsop=eq expres=fail err=EINTR \
host=remote type=unlabeled op=sendrand_tcp ipv=ipv6 port=$tst_port1 \
- tnum=62 alarmv=90 '$ipv $port $alarmv'
+ tnum=62 '$ipv $port'
## TESTCASE Test #62 tnum 63
## No Table Rule This test insures a normal user does not have
## permision to modify the iptables
--
1.8.3.1
|
