Amir Sela <[EMAIL PROTECTED]> writes:
> Anyone knows of a netfilter module that can be used (or any other way) to
> deliberately stall a packet in the router ? I want to create a situation in
> which machine A communicates with machine C on a LAN, through machine B, the
> linux router, and to stall the packets for a pre-determined amount of time.
I can think of a couple of ways to do it with a little bit of C coding.
1) hack the proper place in the kernel.
2) fully user-space solution:
a) grab every incoming packet with pcap
b) set iptables to DROP the packet (or ipchains to DENY, what have you)
alternatively, iptables supports a QUEUE chain which is supposed
to pass the packet to userland; it should be supported by the
kernel to work, and I have never tried it (I did the a+b trick with
ipchains - for a different purpose), so I don't know if it
has the same effect as a+b here.
c) once you've got the packet in userland, you can wait for a fixed
amount of time dt, wait for a random dt with a given
distribution using a random number generator, wait for different
amounts of time based on its parameters (maybe it's better to do
_this_ with iptables, if possible, in order not to send packets
you don't want to delay to userspace), etc.
d) having waited for time dt, send the packet to a raw socket;
don't forget to set IP_HDRINCL option.
I think option 2 is simpler, you want a delay so you don't care about
the inefficiency of passing every packet to userspace, you don't touch
the router's kernel, and userspace allows you much more flexibility.
--
Oleg Goldshmidt | [EMAIL PROTECTED]
"A sense of the fundamental decencies is parceled out unequally at birth."
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
