1 /* simple tool to generate random of flow entries to fill hard the 2 conntrack table. Early drop will not save our day then, because 3 the table will be plenty of assured flows. If things go well, 4 we hit ENOMEM at some point. 5 6 You have to use conntrack_events_reliable together with this tool. 7 */ 8 9 #include <stdio.h> 10 #include <stdlib.h> 11 #include <string.h> 12 #include <errno.h> 13 #include <arpa/inet.h> 14 #include <time.h> 15 16 #include <libnetfilter_conntrack/libnetfilter_conntrack.h> 17 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> 18 19 int main(int argc, char *argv[]) 20 { 21 time_t t; 22 int ret, i, j, r; 23 struct nfct_handle *h; 24 struct nf_conntrack *ct; 25 26 if (argc < 2) { 27 fprintf(stderr, "Usage: %s [ct_table_size]\n", argv[0]); 28 exit(EXIT_FAILURE); 29 } 30 31 time(&t); 32 srandom(t); 33 r = random(); 34 35 ct = nfct_new(); 36 if (!ct) { 37 perror("nfct_new"); 38 return 0; 39 } 40 41 h = nfct_open(CONNTRACK, 0); 42 if (!h) { 43 perror("nfct_open"); 44 nfct_destroy(ct); 45 return -1; 46 } 47 48 for (i = r, j = 0;i < (r + atoi(argv[1]) * 2); i++, j++) { 49 nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); 50 nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1") + i); 51 nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2") + i); 52 53 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); 54 nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(10)); 55 nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(20)); 56 57 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); 58 59 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED); 60 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 1000); 61 nfct_set_attr_u32(ct, ATTR_STATUS, IPS_ASSURED); 62 63 if (i % 10000 == 0) 64 printf("added %d flow entries\n", j); 65 66 ret = nfct_query(h, NFCT_Q_CREATE, ct); 67 if (ret == -1) 68 perror("nfct_query: "); 69 } 70 nfct_close(h); 71 72 nfct_destroy(ct); 73 74 exit(EXIT_SUCCESS); 75 } 76