iptables-1.8.8-2.el9
- tests: shell: Check overhead in iptables-save and -restore Related: rhbz#2065330
This commit is contained in:
Phil Sutter
parent
08d57e3b00
commit
73cb621bac
|
|
@ -0,0 +1,61 @@
|
|||
From e7a2e0f70ed69c7b1ed1b4e6474ccf0924f81b23 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 2 Jun 2022 13:44:45 +0200
|
||||
Subject: [PATCH] tests: shell: Check overhead in iptables-save and -restore
|
||||
|
||||
Some repeated calls have been reduced recently, assert this in a test
|
||||
evaluating strace output.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 0416ae5dea134b33e22c97e68b64010d679debe1)
|
||||
---
|
||||
.../shell/testcases/ipt-save/0007-overhead_0 | 37 +++++++++++++++++++
|
||||
1 file changed, 37 insertions(+)
|
||||
create mode 100755 iptables/tests/shell/testcases/ipt-save/0007-overhead_0
|
||||
|
||||
diff --git a/iptables/tests/shell/testcases/ipt-save/0007-overhead_0 b/iptables/tests/shell/testcases/ipt-save/0007-overhead_0
|
||||
new file mode 100755
|
||||
index 0000000000000..b86d71f209471
|
||||
--- /dev/null
|
||||
+++ b/iptables/tests/shell/testcases/ipt-save/0007-overhead_0
|
||||
@@ -0,0 +1,37 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+# Test recent performance improvements in iptables-save due to reduced
|
||||
+# overhead.
|
||||
+
|
||||
+strace --version >/dev/null || { echo "skip for missing strace"; exit 0; }
|
||||
+
|
||||
+RULESET=$(
|
||||
+ echo "*filter"
|
||||
+ for ((i = 0; i < 100; i++)); do
|
||||
+ echo ":mychain$i -"
|
||||
+ echo "-A FORWARD -p tcp --dport 22 -j mychain$i"
|
||||
+ done
|
||||
+ echo "COMMIT"
|
||||
+)
|
||||
+
|
||||
+RESTORE_STRACE=$(strace $XT_MULTI iptables-restore <<< "$RULESET" 2>&1 >/dev/null)
|
||||
+SAVE_STRACE=$(strace $XT_MULTI iptables-save 2>&1 >/dev/null)
|
||||
+
|
||||
+do_grep() { # (name, threshold, pattern)
|
||||
+ local cnt=$(grep -c "$3")
|
||||
+ [[ $cnt -le $2 ]] && return 0
|
||||
+ echo "ERROR: Too many $3 lookups for $1: $cnt > $2"
|
||||
+ exit 1
|
||||
+}
|
||||
+
|
||||
+# iptables prefers hard-coded protocol names instead of looking them up first
|
||||
+
|
||||
+do_grep "$XT_MULTI iptables-restore" 0 /etc/protocols <<< "$RESTORE_STRACE"
|
||||
+do_grep "$XT_MULTI iptables-save" 0 /etc/protocols <<< "$SAVE_STRACE"
|
||||
+
|
||||
+# iptables-nft-save pointlessly checked whether chain jumps are targets
|
||||
+
|
||||
+do_grep "$XT_MULTI iptables-restore" 10 libxt_ <<< "$RESTORE_STRACE"
|
||||
+do_grep "$XT_MULTI iptables-save" 10 libxt_ <<< "$SAVE_STRACE"
|
||||
+
|
||||
+exit 0
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
|
@ -16,7 +16,7 @@ Name: iptables
|
|||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||
URL: https://www.netfilter.org/projects/iptables
|
||||
Version: 1.8.8
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Source: %{url}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: iptables.init
|
||||
Source2: iptables-config
|
||||
|
|
@ -32,6 +32,7 @@ Source10: ebtables-config
|
|||
Patch01: 0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch
|
||||
Patch02: 0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch
|
||||
Patch03: 0003-xshared-Fix-build-for-Werror-format-security.patch
|
||||
patch04: 0004-tests-shell-Check-overhead-in-iptables-save-and-rest.patch
|
||||
|
||||
# pf.os: ISC license
|
||||
# iptables-apply: Artistic 2.0
|
||||
|
|
@ -447,6 +448,9 @@ fi
|
|||
%ghost %{_mandir}/man8/ebtables.8.gz
|
||||
|
||||
%changelog
|
||||
* Thu Jun 02 2022 Phil Sutter <psutter@redhat.com> - 1.8.8-2
|
||||
- tests: shell: Check overhead in iptables-save and -restore
|
||||
|
||||
* Fri May 13 2022 Phil Sutter <psutter@redhat.com> - 1.8.8-1
|
||||
- new version
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue