git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 24 Jun 2021 10:36:41 +0000 (12:36 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 2 Jul 2021 00:05:59 +0000 (02:05 +0200)
commit	3f0a16b084df2939faf129a007f1cb3af34a67b9
tree	a5f08597cfca3fc37f7704bf713dcc56b2482250	tree \| snapshot
parent	450524c96f93baa3c3c574e88798faf9c224c8b4	commit \| diff

selftest: netfilter: add test case for unreplied tcp connections

TCP connections in UNREPLIED state (only SYN seen) can be kept alive
indefinitely, as each SYN re-sets the timeout.

This means that even if a peer has closed its socket the entry
never times out.

This also prevents re-evaluation of configured NAT rules.
Add a test case that sets SYN timeout to 10 seconds, then check
that the nat redirection added later eventually takes effect.

This is based off a repro script from Antonio Ojea.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

tools/testing/selftests/netfilter/Makefile		diff \| blob \| history
tools/testing/selftests/netfilter/conntrack_tcp_unreplied.sh	[new file with mode: 0755]	blob