LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Do Iptables support jitter simulation? (https://www.linuxquestions.org/questions/linux-newbie-8/do-iptables-support-jitter-simulation-4175540901/)

Icculus 04-27-2015 11:31 AM
Do Iptables support jitter simulation?
 
I'm trying to find out if Iptables supports creating jitter, like it does for packet loss. I'm using 'iptables -A INPUT -m statistic --mode random --probability 0.02 -j DROP' to simulate packet loss, but can I do something similar to create jitter? I think TC will do it, but our firmware does not support it. If there is an alternate solution, any advice would be greatly appreciated.

unSpawn 04-27-2015 02:47 PM
Quote:
Originally Posted by Icculus (Post 5353897)
I'm trying to find out if Iptables supports creating jitter
If you are trying to find out all by yourself then searching the Netfilter framework code and web site should be your first stop, right?


Quote:
Originally Posted by Icculus (Post 5353897)
I think TC will do it, but our firmware does not support it.
Then put a machine in front of it that can make use of 'tc'?

Icculus 04-27-2015 03:02 PM
I've already proposed that, but since these devices have 3 logical zones, each having it's own IP Address, sharing/crossing an internal switch on the MB, going out one shared interface, and our firmware does not support TC, we cannot test between each zone's IP Address, unless we come up with another solution, like iptables doing delay/jitter, like it simulates packet loss. The only thing I've found, is somehow writing a script that that will support using iptables to simulate delay/jitter. I've tried to explain to my Boss, that it doesn't matter testing from zone to zone, and an inline device simulating packet loss & jitter between the devices interfaces will be fine. I'm sure he just wants to be extra sure. Can you see any reason why it would be necessary to test from IP to IP, when it's all one shared interface? Thanks for you help!

unSpawn 04-27-2015 03:29 PM
You may have explained why it doesn't matter testing from zone to zone to your boss but not to us. So until you do, and preferably in a detailed way outlining components that could pose problems (or not) and therefore should be tested (or not), there is no need for me to come up with any reasons why it would be necessary to test from IP to IP (or not). Or am I mistaken about how things usually work?

Icculus 04-27-2015 03:37 PM
Well, before I do that, do you know of a way to make Iptables work to create jitter?

unSpawn 04-27-2015 04:01 PM
I don't (well, not w/o using NFQUEUE). If you must ensure there isn't a way then do search the Netfilter framework source code and mailing list archives and ask on the iptables users / developer mailing list.

Icculus 04-27-2015 04:35 PM
Thank You, you've been very helpful.


All times are GMT -5. The time now is 08:22 PM.