Linux服务器端网络实用工具比较-Iptable Vs TC
来源:互联网 发布:js动态隐藏tr 编辑:程序博客网 时间:2024/06/15 10:48
IPtable 与 TC都是服务器端开发和测试人员经常使用的工具,先简单比较这两个工具,然后阐述一下TC Tool的强大之处
- Iptable: A user space application program that allows asystem administrator to configure the tables forpacketfilter rules provided by the Linux kernel firewall and the chains andrules it stores
TC: trafficcontrol in the iproute2 package.NETEM: net emulator, anextension of TC
Compare
概念基本比较
Function differences
(1) Can drop whole packages: YES
(2) Can drop some packages with rate: No
(3) Can delaying, dropping, duplicating, or corrupting? NO
(4) Can control priority or bandwidth? NO
Summary: only can be used as firewall: Nat/drop/accept package.
(1) YES
(2) YES
(3) YES
(4) YES
Summary: with more functions to control traffic.
Use steps
Configure rules according to followed elements:
TABLE
Specify the table.
CHAIN
Specify the chain.
RULES
Packet selection rules.
TARGET
Action to take place.
Configure one queue for net interface -> [setup classes base on the queue (should be class full queue) -> setup sub class with sub queue-> setup filter to route to the class].
Typical use
Rough control
(1) Block connection
(2) NAT
Better for traffic detail control
(1) Limit bandwidth
(2) Emulator delaying, dropping, duplicating, or corrupting packages
具体用法比较
一. IpTable Detail Command Show:
Drop
Drop发往目的地址端口的数据(SYN)
iptables -t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口-j DROP
或者Drop目的地址返回的数据(ACK)
iptables -t filter -p tcp -A INPUT -s 目标IP --sport 目标端口-j DROP
Reject
iptables-t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口 -j REJECT
Thentelnet can’t success Src to 目标
限速
通过iptables限制单位时间通过的数据包数,例如每分钟只能通过一个数据包:
iptables -A INPUT -p tcp --dport 目标端口 -m limit --limit 1/m --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 目标端口 -j DROP
二 .TC Detail Command Show:
1. 延时
(1)设置延时
# tc qdisc add dev eth0 root netem delay 30ms
上面的命令实现了给 eth0 口发包时添加 30ms 的延时。
(2)显示延时的设置
# tc qdisc show
(3)修改延时
# tc qdisc change dev eth0 root netem delay 40ms
(4)删除延时的配置
# tc qdisc del dev eth0 root netem delay 40ms
2. 丢包
设置丢包命令如下:
# tc qdisc add dev eth0 root netem loss 10%
删除丢包恢复tc qdisc del dev eth0 root netem loss 10%
3.破坏包
tc qdisc add dev eth0 root netem corrupt 0.1%
tc qdisc del dev eth0 root netem corrupt 0.1% * *
4.重发包
tc qdisc add dev eth0 root netem duplicate 1%
tc qdisc del dev eth0 root netem duplicate 1%
5.包的乱序
tc qdisc add dev eth0 root netem gap 5 delay 10ms
tc qdisc add dev eth0 root netem delay 10ms reorder 25% 50%
tc qdisc add dev eth0 root netem delay 100ms 75ms* *
Notes:鉴于项目的需要,测试Server 到Server 内部的异常pdu可以考虑用一台机器作为 破坏包的出口,然后转发到另外一台被测试的Server,达到测试的目的!
check 日常工作中发现的一个Bug
Step1.Launch the C++ multiThread Tool on 10.224.**** ./multiThreadTool -C Ip -T 10 -N 200000000 -U ***** -S
Step2. Select one node to return the Bad Pdu to Server2
one Node Server 1
:wdhf1wco003:root > tc qdisc add dev eth0 root netem corrupt 0.5%
:wdhf1wco003:root > tc qdisc show
qdisc netem 8001: dev eth0 limit 1000 corrupt 0.5%
except Result: Server will run normally and no memory leak happened
infact Result Server have memory leak
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
Memory Leak:
Mar 2 15:04:04 wdhf1wco001 kernel: Free swap: 0kB
Mar 2 15:04:04 wdhf1wco001 kernel: 8650752 pages of RAM
Mar 2 15:04:04 wdhf1wco001 kernel: 413345 reserved pages
Mar 2 15:04:04 wdhf1wco001 kernel: 27401 pages shared
Mar 2 15:04:04 wdhf1wco001 kernel: 251 pages swap cached
Mar 2 15:04:04 wdhf1wco001 kernel: Out of memory: Killed process 14058 (*****).
Mar 2 15:04:04 wdhf1wco001 kernel: ******: page allocation failure. order:0, mode:0x850
Mar 2 15:04:04 wdhf1wco001 kernel:
- Linux服务器端网络实用工具比较-Iptable Vs TC
- 【linux iptable】iptable练习
- Linux网络基础设定selinux/iptable/firewall
- linux-iptable
- linux iptable 设置实践(DHCP、VPN、会议网络)
- linux通过tc控制网络QoS(1)
- linux通过tc控制网络QoS(2)
- Windows VS Linux 比较
- linux实用工具
- Linux实用工具
- linux 实用工具
- Linux实用工具
- linux实用工具
- Linux firewall(iptable) configure
- Linux iptable文档
- linux iptable设置
- Linux firewall with iptable
- iptable 相关(linux, mac)
- 整理:web、webService的介绍
- Android自定义View及自定义控件属性declare-styleable:自定义控件的属性(attr.xml,TypedArray)的使用
- gSOAP使用
- 设计模式C++实现(1)——桥接模式
- iPhone delegate 两界面传递数据(转)
- Linux服务器端网络实用工具比较-Iptable Vs TC
- Android中Adapter的getView方法复用view机制
- singleton三种写方法
- 关于集电极开路(OC)或漏极开路(OD)输出的结构
- oracle 导入文件报错 导出文件中出现无法识别的语句:
- Android http get/post传递参数
- linux系统命令操作全集
- 最好的英文词典
- 用EnumProcesses()枚举进程