Artificial Network Failure and Intermittent Loss

The following script can optionally cause random 100% packet drop, 100% packet rejection or intermittent loss for matched traffic. This is can be very useful when testing how applications handle connectivity problems and how load balancers detect and mark nodes in a pool as failed.


It can definetly be done better; but this suited my quick and dirty needs tonight.


TODO: 

  • Get it to handle kill (Ctlr-C, HUP etc) signals properly and ensure all jump statements in INPUT table are removed
  • Get it to optionally insert jumps to a configurable list of chains
  • Use ebtables to drop cause failure and loss at Layer 2 ??
**#!/bin/bash**
**# make_bad_conn.sh**
**# Copyright (C) 2010 Colin Stubbs **
**#**
**# This program is free software: you can redistribute it and/or modify**
**# it under the terms of the GNU General Public License as published by**
**# the Free Software Foundation, either version 3 of the License, or**
**# (at your option) any later version.**
**# **
**# This program is distributed in the hope that it will be useful,**
**# but WITHOUT ANY WARRANTY; without even the implied warranty of**
**# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the**
**# GNU General Public License for more details.**
**# You should have received a copy of the GNU General Public License**
**# along with this program.  If not, see **
**# **
**#**
**# REQUIRES:**
**#  iptables**
**#  libxt_statistic.so (not available on RHEL 5, possible not 4 or 3 either)**
** **
**# whereis**
**IPTABLES=”/sbin/iptables”**
**# iterations to run**
**ITERATIONS=10**
**# Destination protocol**
**PROTO=”tcp”**
**# Destination port**
**DPORT=”50000″**
**# Destination host match. Make sure you put the bitmask on there**
**SHOST=”0.0.0.0/0″**
**# Destination host match. Make sure you put the bitmask on there**
**DHOST=”0.0.0.0/0″**
**# Randomly cause all packets to be silently dropped**
**DROP=1**
**# Randomly cause all packets to be RST rejected**
**REJECT=1**
**# Randomly cause 10% of packets to be randomly dropped**
**RANDOMDROP=1**
**# Probability of drop, in % as decimal point value**
**PROBABILITY=0.1**
**# iptables table to insert rules to**
**TABLE=”filter”**
**# iptables chain to insert rules to**
**CHAIN=”INPUT”**
**# Drop chain name, should be random or at least unique**
**DEST_CHAIN=”0x00DROP”**
**# Log prefix**
**LOG_PREFIX=”MBC: “**
**LOG_LEVEL=”6″**
** **
**# Random time in seconds to do sleeps for**
**MAX_SLEEP=16**
** **
**### NOTE: ${RANDOM} is a pseudorandom value from 0 – 32768**
**###       It’s autogenerated by bash.**
** **
**# Generate 100 numbers to try and salt things up a little**
**MAXCOUNT=100**
**COUNT=1**
** **
**while [ ${COUNT} -le ${MAXCOUNT} ]**
**do**
**  NUMBER=${RANDOM}**
**  let “COUNT += 1”**
**done**
** **
**if [ ! -x “${IPTABLES}” ] ; then**
**  echo “iptables doesn’t appear to be installed sorry, try again after installing it”**
**  exit 1**
**fi**
** **
**# Flush/destroy and create our new dest chain**
**${IPTABLES} -t ${TABLE} -F ${DEST_CHAIN} 1>/dev/null 2>&1**
**${IPTABLES} -t ${TABLE} -X ${DEST_CHAIN} 1>/dev/null 2>&1**
** **
**${IPTABLES} -t ${TABLE} -N ${DEST_CHAIN}**
** **
**${IPTABLES} -t ${TABLE} -A ${DEST_CHAIN} -j LOG –log-level ${LOG_LEVEL} –log-prefix ${LOG_PREFIX}**
** **
**if [ ${?} -ne 0 ] ; then**
**  exit 1**
**fi**
** **
**# Do stuff forever loop. You should nohup, redirect output and background**
**# this script if you need a long term run.**
**# ie. nohup /bin/bash make_bad_conn.sh 1>bad.log 2>&1 &**
**COUNT=0**
**while [ ${COUNT} -lt ${ITERATIONS} ]  ; do**
**  RANDY=${RANDOM}**
**  DICE=${RANDY}**
**  let “RANDY %= ${MAX_SLEEP}”**
**  let “DICE %= 4”**
**  let “DICE += 1”**
**  let “RANDY += 1”**
** **
**  DATE=`date +%Y-%m-%d_%H:%M:%S`**
** **
**  if [ ${DROP} -eq 1 ] && [ ${DICE} -eq 0 ]**
**  then**
** **
**    echo -n “${DATE} – Causing 100% packet drop for ${RANDY} seconds”**
** **
**    ${IPTABLES} -t ${TABLE} -A ${DEST_CHAIN} -j DROP**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${SHOST} -d ${DHOST} **
**        -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${DHOST} -d ${SHOST} **
**        -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
** **
**    sleep ${RANDY}**
** **
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${SHOST} -d ${DHOST} -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${DHOST} -d ${SHOST} -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${DEST_CHAIN} -j DROP**
** **
**    echo ” DONE.”**
** **
**  elif [ ${REJECT} -eq 1 ] && [ ${DICE} -eq 1 ]**
**  then**
** **
**    echo -n “${DATE} – Causing 100% packet reject for ${RANDY} seconds”**
** **
**    ${IPTABLES} -t ${TABLE} -A ${DEST_CHAIN} -j REJECT**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${SHOST} -d ${DHOST} **
**        -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${DHOST} -d ${SHOST} **
**        -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
** **
** **
**    sleep ${RANDY}**
** **
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${SHOST} -d ${DHOST} -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${DHOST} -d ${SHOST} -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${DEST_CHAIN} -j REJECT**
** **
**    echo ” DONE.”**
** **
**  elif [ ${RANDOMDROP} -eq 1 ] && [ ${DICE} -eq 2 ]**
**  then**
** **
**    echo -n “${DATE} – Causing random packet drop for ${RANDY} seconds”**
** **
**    ${IPTABLES} -t ${TABLE} -A ${DEST_CHAIN} -m statistic –mode random **
**        –probability ${PROBABILITY} -j DROP**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${SHOST} -d ${DHOST} **
**        -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -I ${CHAIN} 1 -s ${DHOST} -d ${SHOST} **
**        -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
** **
**    sleep ${RANDY}**
** **
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${SHOST} -d ${DHOST} -p ${PROTO} –dport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${CHAIN} -s ${DHOST} -d ${SHOST} -p ${PROTO} –sport ${DPORT} -j ${DEST_CHAIN}**
**    ${IPTABLES} -t ${TABLE} -D ${DEST_CHAIN} -m statistic –mode random **
**        –probability ${PROBABILITY} -j DROP**
** **
**    echo ” DONE.”**
**  fi**
** **
**  RANDY=${RANDOM}**
**  let “RANDY %= ${MAX_SLEEP}”**
** **
**  DATE=`date +%Y-%m-%d_%H:%M:%S`**
** **
**  echo “${DATE} – Sleeping for ${RANDY} seconds”**
** **
**  sleep ${RANDY}**
** **
**  COUNT=$((${COUNT} + 1))**
** **
**done**
** **
**${IPTABLES} -t ${TABLE} -F ${DEST_CHAIN} 1>/dev/null 2>&1**
**${IPTABLES} -t ${TABLE} -X ${DEST_CHAIN} 1>/dev/null 2>&1**
** **
**# EOF**
Author image
About colin-stubbs