IPtable 与 TC都是服务器端开发和测试人员经常使用的工具,先简单比较这两个工具,然后阐述一下TC Tool的强大之处
- Iptable: A user space application program that allows asystem administrator to configure the tables forpacketfilter rules provided by the Linux kernel firewall and the chains andrules it stores
-
TC: trafficcontrol in the iproute2 package.NETEM: net emulator, anextension of TC
Compare
-
概念基本比较
Function differences | (1) Can drop whole packages: YES (2) Can drop some packages with rate: No (3) Can delaying, dropping, duplicating, or corrupting? NO (4) Can control priority or bandwidth? NO Summary: only can be used as firewall: Nat/drop/accept package. | (1) YES (2) YES (3) YES (4) YES Summary: with more functions to control traffic. |
Use steps | Configure rules according to followed elements:
| Configure one queue for net interface -> [setup classes base on the queue (should be class full queue) -> setup sub class with sub queue-> setup filter to route to the class]. | ||||||||||
Typical use | Rough control (1) Block connection (2) NAT | Better for traffic detail control (1) Limit bandwidth (2) Emulator delaying, dropping, duplicating, or corrupting packages |
-
具体用法比较
一. IpTable Detail Command Show:
Drop
Drop发往目的地址端口的数据(SYN)
iptables -t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口-j DROP
或者Drop目的地址返回的数据(ACK)
iptables -t filter -p tcp -A INPUT -s 目标IP --sport 目标端口-j DROP
Reject
iptables-t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口 -j REJECT
Thentelnet can’t success Src to 目标
限速
通过iptables限制单位时间通过的数据包数,例如每分钟只能通过一个数据包:
iptables -A INPUT -p tcp --dport 目标端口 -m limit --limit 1/m --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 目标端口 -j DROP
二 .TC Detail Command Show:
1. 延时
(1)设置延时
# tc qdisc add dev eth0 root netem delay 30ms
上面的命令实现了给 eth0 口发包时添加 30ms 的延时。
(2)显示延时的设置
# tc qdisc show
(3)修改延时
# tc qdisc change dev eth0 root netem delay 40ms
(4)删除延时的配置
# tc qdisc del dev eth0 root netem delay 40ms
2. 丢包
设置丢包命令如下:
# tc qdisc add dev eth0 root netem loss 10%
删除丢包恢复tc qdisc del dev eth0 root netem loss 10%
3.破坏包
tc qdisc add dev eth0 root netem corrupt 0.1%
tc qdisc del dev eth0 root netem corrupt 0.1% * *
4.重发包
tc qdisc add dev eth0 root netem duplicate 1%
tc qdisc del dev eth0 root netem duplicate 1%
5.包的乱序
tc qdisc add dev eth0 root netem gap 5 delay 10ms
tc qdisc add dev eth0 root netem delay 10ms reorder 25% 50%
tc qdisc add dev eth0 root netem delay 100ms 75ms* *
Notes:鉴于项目的需要,测试Server 到Server 内部的异常pdu可以考虑用一台机器作为 破坏包的出口,然后转发到另外一台被测试的Server,达到测试的目的!
check 日常工作中发现的一个Bug
Step1.Launch the C++ multiThread Tool on 10.224.**** ./multiThreadTool -C Ip -T 10 -N 200000000 -U ***** -S
Step2. Select one node to return the Bad Pdu to Server2
one Node Server 1
:wdhf1wco003:root > tc qdisc add dev eth0 root netem corrupt 0.5%
:wdhf1wco003:root > tc qdisc show
qdisc netem 8001: dev eth0 limit 1000 corrupt 0.5%
except Result: Server will run normally and no memory leak happened
infact Result Server have memory leak
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
Memory Leak:
Mar 2 15:04:04 wdhf1wco001 kernel: Free swap: 0kB
Mar 2 15:04:04 wdhf1wco001 kernel: 8650752 pages of RAM
Mar 2 15:04:04 wdhf1wco001 kernel: 413345 reserved pages
Mar 2 15:04:04 wdhf1wco001 kernel: 27401 pages shared
Mar 2 15:04:04 wdhf1wco001 kernel: 251 pages swap cached
Mar 2 15:04:04 wdhf1wco001 kernel: Out of memory: Killed process 14058 (*****).
Mar 2 15:04:04 wdhf1wco001 kernel: ******: page allocation failure. order:0, mode:0x850
Mar 2 15:04:04 wdhf1wco001 kernel: