Category Archives: Linux General

Notes which apply to all flavours of Linux systems

Emulating a network connection with packet drop

IP packet drop can be easily emulated on any section of network using a Linux Bridge and a single iptables command:

iptables -t mangle -A FORWARD -m statistic --mode random --probability 0.01 -j DROP

(where probability is expressed as a value between 0 and 1)

If the intention is to emulate packet drop to the local Linux system not using a bridge, use the INPUT chain:

iptables -t mangle -A INPUT -m statistic --mode random --probability 0.01 -j DROP

To remove the random packet drop and restore the connection to normal operation either change -A to -D in the above commands, or flush the iptables with:
iptables -t mangle -F FORWARD or iptables -t mangle -F INPUT

Linux Networking Bridge

It is often useful to place a Linux system on a specific network cable, to packet sniff or modify the network behaviour. The network setup:

[switch] - ethernet cable - [node]

becomes:

[switch] - ethernet cable - [[Linux Bridge]] - ethernet cable - [node]

The only requirement for the Linux Bridge is two physical network interfaces and root access.

Important: stop Network Manager
/etc/init.d/network-manager stop

As root, setup the bridge with the commands below:

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig eth0 up
ifconfig eth1 up
ifconfig br0 up

-

The Linux Bridge Interface (br0) does not require an IP address, and no configuration changes are required on the network.

Using tcpdump or wireshark on the Linux Bridge (br0), it is possible to monitor all network traffic going to or from the network node. Using tc and iptables network traffic may be manipulated to facilitate testing.

Emulating a high latency network connection using Linux and TC

Often it is necessary for testing purposes to recreate the networking conditions found in a high latency network, such as a satellite link.

Firstly create a network bridge that can be placed inbetween the test network and its router (assuming eth0 and eth1 are the bridged interfaces).

To increase network latency use the following command:

tc qdisc add dev eth0 root netem delay 1000ms
tc qdisc add dev eth1 root netem delay 1000ms

which will delay every IP packet going through the bridge by 2 seconds (1 second in either direction)

To create some variation to the latency (jitter), add an additional argument:

tc qdisc add dev eth0 root netem delay 1000ms 50ms
tc qdisc add dev eth1 root netem delay 1000ms 50ms

which will cause upto ±100ms of latency (±50ms in either direction)

To reset this delay and remove the 2 seconds of latency:

tc qdisc del dev eth0 root
tc qdisc del dev eth1 root

Bash – verbose debugging

When debugging bash scripts use:
set -o xtrace
to print out each line along with the regular output, as it is executed.

Debian Squeeze – .xinitrc .xsession and .xprofile (X startup script)

Annoyed that tapping my trackpad was no longer being recognised as a mouse click after an upgrade to Debian Squeeze, I sought to have “synclient TapButton1=1” executed after login.

It would appear that both ~/.xinitrc and ~/.xsession are not used. Placing the above command in the file ~/.xprofile resolved the issue and I am now happily tapping my trackpad.
(tested when using GDM for logging in and Enlightenment for the Window Manager)

Tom Salmon

Linux & Networking