On Thu, Apr 17, 2025 at 05:14:28PM +0200, Florian Westphal wrote: > Add a new test case to check: > - conntrack_max limit is effective > - conntrack_max limit cannot be exceeded from within a netns > - resizing the hash table while packets are inflight works > - removal of all conntrack rules disables conntrack in netns > - conntrack tool dump (conntrack -L) returns expected number > of (unique) entries > - procfs interface - if available - has same number of entries > as conntrack -L dump > > Expected output with selftest framework: > selftests: net/netfilter: conntrack_resize.sh > PASS: got 1 connections: netns conntrack_max is pernet bound > PASS: got 100 connections: netns conntrack_max is init_net bound > PASS: dump in netns had same entry count (-C 1778, -L 1778, -p 1778, /proc 0) > PASS: dump in netns had same entry count (-C 2000, -L 2000, -p 2000, /proc 0) > PASS: test parallel conntrack dumps > PASS: resize+flood > PASS: got 0 connections: conntrack disabled > PASS: got 1 connections: conntrack enabled > ok 1 selftests: net/netfilter: conntrack_resize.sh Applied to nf-next, thanks.
