This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Testing on hosts with firewalls


I'm finally porting my resolv tests, using and enhancing the support/ framework. Unfortunately, I hit a major roadblock along the way: netfilter connection tracking.

resolv testing uses many short-lived UDP and TCP flows. It's not clear how to reduce the number of these flows. For TCP, the TIME_WAIT state gets us (which is a bit silly for localhost traffic). For UDP, we might slash the timeout by 1/6 if we change the stub resolver so that it never sends more than one query over one UDP socket. This means that A/AAAA parallel queries need two flows instead of one, so the overall reduction in table load is 1/3.

But with a typical default netfilter table size of 64K entries, this will not really help all that much.

We could start fixing the test server ports. The default dynamic port range includes 28232 ports. This would mean that the number of flows per test server port would be bounded by that. But the TIME_WAIT state will still conspire against us, I fear.

I will experiment with SO_LINGER, but I hesitate to set this option for the stub resolver. Maybe we could do so for localhost only.

I would prefer if the resolv tests weren't xtests. Can we require that the testing is done without a firewall connection tracking, or sufficiently large table sizes?

Thanks,
Florian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]