1 /* simple tool to generate random of flow entries to fill hard the
2 conntrack table. Early drop will not save our day then, because
3 the table will be plenty of assured flows. If things go well,
4 we hit ENOMEM at some point.
5
6 You have to use conntrack_events_reliable together with this tool.
7 */
8
9 #include <stdio.h>
10 #include <stdlib.h>
11 #include <string.h>
12 #include <errno.h>
13 #include <arpa/inet.h>
14 #include <time.h>
15
16 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
17 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
18
main(int argc,char * argv[])19 int main(int argc, char *argv[])
20 {
21 time_t t;
22 int ret, i, j, r;
23 struct nfct_handle *h;
24 struct nf_conntrack *ct;
25
26 if (argc < 2) {
27 fprintf(stderr, "Usage: %s [ct_table_size]\n", argv[0]);
28 exit(EXIT_FAILURE);
29 }
30
31 time(&t);
32 srandom(t);
33 r = random();
34
35 ct = nfct_new();
36 if (!ct) {
37 perror("nfct_new");
38 return 0;
39 }
40
41 h = nfct_open(CONNTRACK, 0);
42 if (!h) {
43 perror("nfct_open");
44 nfct_destroy(ct);
45 return -1;
46 }
47
48 for (i = r, j = 0;i < (r + atoi(argv[1]) * 2); i++, j++) {
49 nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
50 nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1") + i);
51 nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2") + i);
52
53 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
54 nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(10));
55 nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(20));
56
57 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
58
59 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
60 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 1000);
61 nfct_set_attr_u32(ct, ATTR_STATUS, IPS_ASSURED);
62
63 if (i % 10000 == 0)
64 printf("added %d flow entries\n", j);
65
66 ret = nfct_query(h, NFCT_Q_CREATE, ct);
67 if (ret == -1)
68 perror("nfct_query: ");
69 }
70 nfct_close(h);
71
72 nfct_destroy(ct);
73
74 exit(EXIT_SUCCESS);
75 }
76