Open Source IP Testing Tool? 12
winter@ES asks: "I'm looking for some "IP impairment" software for Linux. What I'd like is the ability to write some scripts that filtered/routed all traffic flowing through a box, with rules like 'For all traffic going to IP x.x.x.x, delay all frames by 400 miliseconds; reorder every 5th frame, and drop every 3rd frame.' There are remarkably few hardware/software solutions out there that I've been able to find to do this kind of thing, and the solutions that do exist are mostly targeted at backbone ATM-based networks. Anyone know of a nice open source tool for simulating poor network conditions?"
Just hire a few gnomes (Score:1)
We used to do this (Score:2)
The software was capable of imposing rate limits on packet streams to or from a host (emulate many of the effects of dialup or DSL or whatever kind of access you were interested in), could drop packets at random, could insert variable network delays. Some of the impairments could be applied to a multicast stream being bridged across two interfaces. The software could deal with multiple interfaces. It was also capable of some address substitutions on packets. Such address translation is sometimes necessary in order to get unmodified client/server software to behave in the proper fashion on a test network. There were some simple GUI front- and back-ends that went with the main emulation engine that provided manual control of several of the settings, and stripchart recordings of packet and data rates. The stripcharts were very useful in demonstration situations so that, for example, people could "see" what a rate limit did.
I am in the process of working with our "new" intellectual property lawyers to try and get permission to restart distribution. This is complicated by the fact that MediaOne Labs is now part of AT&T Labs, but may be moved to AT&T Broadband as part of AT&T's announced divestiture. It's not clear who has jurisdiction.
In the meantime, you may be able to use NISTNet, a tool developed by NIST (a US government organization) or DummyNet, a similar capability written by someone in Italy. IIRC, NISTNet is a Linux tool and DummyNet is a FreeBSD tool. I believe that both of them require kernel modifications. My tool (NETSIM) uses Ethernet-level sockets and runs entirely in user space, which was an advantage in my situation.
Michael Cain
AT&T Labs - Broadband
mcain@broadband.att.com
Dummynet does this (Score:3)
dummynet is a system facility that permits the control of traffic going through the various network interfaces, by applying bandwidth and queue size limitations, and simulating delays and losses.
Check out the man page:
http://www.freebsd.org/cgi/man.cgi?query=dummynet
I want one as well. (Score:2)
Some of my tests involve simulating various fail conditions, and these tests need to be improved. Currently I terminate my process abruptly, or have my process ignore all messages for a set period of time - neither test is enough. Adding random line noise would be an extra test.
Re:Just hire a few gnomes (Score:1)
Doesn't Windows already do this? (Score:1)
What about IP Chains (Score:1)
Can't IP Chains do that? I know it can certainly filter the from here or to there packets. But, I thought you could also have it filter through your own functions. If so, that could drop what you need. I just haven't used IP chains in a few months.
Re:Doesn't Windows already do this? (Score:1)
NetFilter (Score:2)
Take a look at NetFilter/Iptables. It is the new firewall code for linux 2.4.
It is supposed to be an extensible framework that modules for various types of filtering can be written for. For example, you can filter outgoing messages by uid.
Using this, it shouldn't be too difficult to write a library to do this.
Re:We used to do this (Score:2)
Re:We used to do this (Score:2)
OmniOrb I have barely played with - not being a Corba developer (or any sort of developer these days) but it seems a good, stable implimentation and if we ever need to support Corba on my network, will be my first choice.
--
Firewall (Score:1)
I'm not an expert (actually only 15)
but couldn't it be set up to drop access at random or periodically not alow access to certain ranges of addresses.
Also, just run the firewall in a old 8086 with a 1-megabit network card or something