Linux服务器端网络实用工具比较-Iptable Vs TC

IPtable 与 TC都是服务器端开发和测试人员经常使用的工具，先简单比较这两个工具，然后阐述一下TC Tool的强大之处

• Iptable:  A user space application program that allows asystem administrator to configure the tables forpacketfilter rules provided by the Linux kernel firewall and the chains andrules it stores

• TC:  trafficcontrol in the iproute2 package.NETEM: net emulator, anextension of TC

Compare

•  概念基本比较

Function differences

(1)    Can drop whole packages: YES

(2)    Can drop some packages with rate: No

(3)    Can delaying, dropping, duplicating, or corrupting? NO

(4)    Can control priority or bandwidth? NO

Summary: only can be used as firewall: Nat/drop/accept package.

(1)    YES

(2)    YES

(3)    YES

(4)    YES

Summary: with more functions to control traffic.

   

Use steps

Configure rules according to followed elements:

 

TABLE

Specify the table.

CHAIN

Specify the chain.

RULES

Packet selection rules.

TARGET

Action to take place.

Configure one queue for net interface -> [setup classes base on the queue (should be class full queue) -> setup sub class with sub queue-> setup filter to route to the class].

   

Typical use

Rough control

(1)    Block connection

(2)    NAT

Better for traffic detail control

(1)    Limit bandwidth

(2)    Emulator delaying, dropping, duplicating, or corrupting packages

•  具体用法比较

一.  IpTable Detail Command Show:

Drop

Drop发往目的地址端口的数据(SYN)
iptables -t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口-j DROP

或者Drop目的地址返回的数据(ACK)
iptables -t filter -p tcp -A INPUT -s 目标IP --sport 目标端口-j DROP

Reject

iptables-t filter -p tcp -A OUTPUT -d 目标IP --dport 目标端口 -j REJECT 

Thentelnet can’t success Src to 目标

限速

通过iptables限制单位时间通过的数据包数，例如每分钟只能通过一个数据包：
iptables -A INPUT -p tcp --dport 目标端口 -m limit --limit 1/m --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 目标端口 -j DROP  

二  .TC Detail Command Show:

1. 延时
（1）设置延时

# tc qdisc add dev eth0 root netem delay 30ms

上面的命令实现了给 eth0 口发包时添加 30ms 的延时。

（2）显示延时的设置

# tc qdisc show

（3）修改延时

# tc qdisc change dev eth0 root netem delay 40ms

（4）删除延时的配置

# tc qdisc del dev eth0 root netem delay 40ms

2. 丢包
设置丢包命令如下：

# tc qdisc add dev eth0 root netem loss 10%

删除丢包恢复tc qdisc del dev eth0 root netem loss 10%

3．破坏包

tc qdisc add dev eth0 root netem corrupt 0.1%
tc qdisc del dev eth0 root netem corrupt 0.1% * *

4．重发包
tc qdisc add dev eth0 root netem duplicate 1%
tc qdisc del dev eth0 root netem duplicate 1%
 5．包的乱序

tc qdisc add dev eth0 root netem gap 5 delay 10ms
tc qdisc add dev eth0 root netem delay 10ms reorder 25% 50%
tc qdisc add dev eth0 root netem delay 100ms 75ms* *

Notes:鉴于项目的需要，测试Server 到Server 内部的异常pdu可以考虑用一台机器作为 破坏包的出口，然后转发到另外一台被测试的Server，达到测试的目的！

check 日常工作中发现的一个Bug

Step1.Launch the C++ multiThread Tool on 10.224.**** ./multiThreadTool -C Ip  -T 10 -N 200000000 -U *****  -S
Step2. Select one node to return the Bad Pdu to Server2
one Node Server 1
:wdhf1wco003:root > tc qdisc add dev eth0 root netem corrupt 0.5%
:wdhf1wco003:root > tc qdisc show
qdisc netem 8001: dev eth0 limit 1000 corrupt 0.5%

except Result: Server will run normally and no memory leak happened
infact Result Server have memory leak


[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20
[03/02/2012 09:13:21.992 pid=14057 tid=1411541312]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x54223a20
[03/02/2012 09:13:21.992 pid=14057 tid=1443010880]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x56026a20
[03/02/2012 09:13:21.992 pid=14057 tid=1128315200]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x43408a20
[03/02/2012 09:13:21.992 pid=14057 tid=1380071744]Error:CCmByteStreamT::Read, can't read. m_ResultRead=10013 this=0x52420a20


Memory Leak:
Mar 2 15:04:04 wdhf1wco001 kernel: Free swap: 0kB
Mar 2 15:04:04 wdhf1wco001 kernel: 8650752 pages of RAM
Mar 2 15:04:04 wdhf1wco001 kernel: 413345 reserved pages
Mar 2 15:04:04 wdhf1wco001 kernel: 27401 pages shared
Mar 2 15:04:04 wdhf1wco001 kernel: 251 pages swap cached
Mar 2 15:04:04 wdhf1wco001 kernel: Out of memory: Killed process 14058 (*****).
Mar 2 15:04:04 wdhf1wco001 kernel: ******: page allocation failure. order:0, mode:0x850
Mar 2 15:04:04 wdhf1wco001 kernel: