diff options
Diffstat (limited to '2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex')
-rw-r--r-- | 2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex new file mode 100644 index 0000000..4e7eb0f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex @@ -0,0 +1,36 @@ + +% Registration nfsim: Untested code is buggy code +% [2]Register/Submit Rusty Russell (rusty@rustcorp.com.au) +% Co-Author: Jeremy Kerr (jk@ozlabs.org) + +The netfilter simulation environment (nfsim) allows +netfilter developers to build, run, and test their code +without having to touch a real network, or being root. +On top of this, we built a regression testsuite for +netfilter and iptables. + +Nfsim provides an emulated kernel environment in +userspace, with a simulated IPv4 stack, as well as +enhanced versions of standard kernel primitives such as +locking and a proc filesystem. The kernel code is +sucked into the nfsim environment, and run as a +userspace application with a scriptable command-line +interface which can load and unload modules, add a +route, inject a packet or run iptables, control time, +inspect proc, etc. + +More importantly we can test every single permutation +of external failures automatically: packet drops, +kmalloc failures, timer deletion races, etc. This makes +it possible to check error paths that never happen in +real life. + +This paper will discuss some of our experiences with +nfsim and the progression of the netfilter testsuite as +new features became available in the simulator, and the +amazing effect on development. We will also show the +techniques we used for exhaustive testing, and why +these should be a part of every project. + + + |