hello, I am trying to find where filtering is done in order to drop packets randomly there (eg.10%of them) for a testing purpose in a school project. I want to do this after packet is filtered and before being sent. I d aprreciate if you could help or suggest. Thanks.
filtering is done right at the place where your packet leaves qdisc and gets read to go out of the outbound interface. Before a packet leaves the interface it is requested from the qdisc where it is residing. As it traverses the virtual tree in the qdisc it checks what filters are attached to that packet and applies those filter and then lets them out. The link below might a give a clear picture of how traffic control works http://www.mnis.fr/en/support/doc/rtos/x1252.html Kiruthika On 6/23/05, Fatih Düzova <fduzova@gmail.com> wrote:> hello, > I am trying to find where filtering is done in order to drop packets > randomly there (eg.10%of them) for a testing purpose in a school > project. > I want to do this after packet is filtered and before being sent. I d > aprreciate if you could help or suggest. > Thanks. > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Thu, Jun 23, 2005 at 07:07:28PM +0300, Fatih D?zova wrote:> hello, > I am trying to find where filtering is done in order to drop packets > randomly there (eg.10%of them) for a testing purpose in a school > project. > I want to do this after packet is filtered and before being sent. I d > aprreciate if you could help or suggest.I guess you could do that with iptables. I didnt try, but `man iptables'' told me about iptables ... --match random --average <percent> ... I use iptables-1.2.11. (Also ''--match nth --every <value>'' is there)> Thanks.-- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk
Thank you for the suggestion you gave. Could you give me a simple example of "iptables ... --match random --average <percent> ..." ?, because I could not understand how to implement it.. Thank you, FD On 6/24/05, Dmytro O. Redchuk <dor@ldc.net> wrote:> On Thu, Jun 23, 2005 at 07:07:28PM +0300, Fatih D?zova wrote: > > hello, > > I am trying to find where filtering is done in order to drop packets > > randomly there (eg.10%of them) for a testing purpose in a school > > project. > > I want to do this after packet is filtered and before being sent. I d > > aprreciate if you could help or suggest. > I guess you could do that with iptables. > > I didnt try, but `man iptables'' told me about > iptables ... --match random --average <percent> ... > > I use iptables-1.2.11. (Also ''--match nth --every <value>'' is there) > > > Thanks. > > -- > _,-=._ /|_/| > `-.} `=._,.-=-._., @ @._, > `._ _,-. ) _,.-'' > ` G.m-"^m`m'' Dmytro O. Redchuk > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Fri, Jun 24, 2005 at 01:40:50PM +0300, Fatih D?zova wrote:> Thank you for the suggestion you gave. > Could you give me a simple example of "iptables ... --match random > --average <percent> ..." ?, because I could not understand how to > implement it.. > Thank you,Mmmm... Let me try... Oh sorry... My distro lacks libipt_random.so %) Anyway I would try something like: # iptables -A INPUT --match random --average 10 \ --protocol icmp --icmp-type echo-reply -j DROP or # iptables -A OUTPUT --match random --average 10 \ --protocol icmp --icmp-type echo-request -j DROP ... to achieve 10% drop of echo replies for local machine. Sorry, I must submit a bug to bugzilla :-) see you..> > FD-- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk
Thank you! you are really great. I m sure I m getting make u bored with my questions due to being a newbie in iptables tool, but I wonder whether it could be done on a determined IP address or a port such as 80, instead of icmp packets? Thanks, FD On 6/24/05, Dmytro O. Redchuk <dor@ldc.net> wrote:> On Fri, Jun 24, 2005 at 01:40:50PM +0300, Fatih D?zova wrote: > > Thank you for the suggestion you gave. > > Could you give me a simple example of "iptables ... --match random > > --average <percent> ..." ?, because I could not understand how to > > implement it.. > > Thank you, > Mmmm... Let me try... > > Oh sorry... My distro lacks libipt_random.so %) > > Anyway I would try something like: > > # iptables -A INPUT --match random --average 10 \ > --protocol icmp --icmp-type echo-reply -j DROP > > or > > # iptables -A OUTPUT --match random --average 10 \ > --protocol icmp --icmp-type echo-request -j DROP > > > ... to achieve 10% drop of echo replies for local machine. > > > > Sorry, I must submit a bug to bugzilla :-) see you.. > > > > > FD > > -- > _,-=._ /|_/| > `-.} `=._,.-=-._., @ @._, > `._ _,-. ) _,.-'' > ` G.m-"^m`m'' Dmytro O. Redchuk > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Fri, Jun 24, 2005 at 02:28:26PM +0300, Fatih D?zova wrote:> Thank you! you are really great. I m sure I m getting make u bored > with my questions due to being a newbie in iptables tool, but I wonder > whether it could be done on a determined IP address or a port such as > 80, instead of icmp packets? > Thanks,:-) Surely. (Have you ever read man iptables? Or any iptables tutorial? Would be very helpful, really) [-s source_addr]|[-d dest_addr] -p tcp [--sport www]|[--dport www] instead of --protocol icmp --icmp-type [echo-reply]|[echo-request] To drop some packets which are going outside to remote www from local machine: # iptables -A OUTPUT \ -d <remote_IP> --dport www \ --match random --average 10 \ -j DROP ps linux is great :-) -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk
You saved my life!! I ve just read an iptables tutorial after I sent u the e-mail, and seen how wonderful it can be. I will use it in my project for a testing purpose on the queues created with htb. Thank you very much! FD On 6/24/05, Dmytro O. Redchuk <dor@ldc.net> wrote:> On Fri, Jun 24, 2005 at 02:28:26PM +0300, Fatih D?zova wrote: > > Thank you! you are really great. I m sure I m getting make u bored > > with my questions due to being a newbie in iptables tool, but I wonder > > whether it could be done on a determined IP address or a port such as > > 80, instead of icmp packets? > > Thanks, > :-) > Surely. > > (Have you ever read man iptables? Or any iptables tutorial? Would be very > helpful, really) > > [-s source_addr]|[-d dest_addr] -p tcp [--sport www]|[--dport www] > instead of > --protocol icmp --icmp-type [echo-reply]|[echo-request] > > To drop some packets which are going outside to remote www from local > machine: > > # iptables -A OUTPUT \ > -d <remote_IP> --dport www \ > --match random --average 10 \ > -j DROP > > > ps linux is great :-) > > -- > _,-=._ /|_/| > `-.} `=._,.-=-._., @ @._, > `._ _,-. ) _,.-'' > ` G.m-"^m`m'' Dmytro O. Redchuk > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >