Filter routes, not just networks

[JonathanLennox]

If a Linux box is acting as a router, it'd be helpful to be able to specify impairments for a specific route (i.e. all traffic from X.X.X.X to Y.Y.Y.Y, possibly with protocols or ports specified). How hard would this be to add?

[thombashi]

@JonathanLennox
Actually, tcset command within tcconfig package has --port option which enables specify impairments specific port.
e.g. https://tcconfig.readthedocs.io/en/latest/pages/usage/tcset/index.html#e-g-specify-the-ip-network-and-port-of-traffic-control

Does it answer your question?

[JonathanLennox]

No, what I'm looking for is something like this:

My Linux box is set up as a router.

eth0 has IP address 192.168.2.1, and is the route for 192.168.2.0/24.

eth1 has IP address 192.168.1.3, and is the default route for all other traffic.

I want to be able to introduce impairments to all traffic from 192.168.2.55 (which is behind eth1) to 192.168.14.77 (which is somewhere beyond the default router), without any impairments to either other traffic from 192.168.2.55, or other traffic to 192.168.14.77.

I believe this should be possible with the 'tc filter' command, though to be fair I don't really understand tc at all. (This is of course why I want to use tcconfig instead.)

The broader goal here is to have a complete replacement for the ancient 'nistnet' package, without needing to use 15-year-old unsupported kernel modules. This is the main nistnet capability that isn't in tcconfig.

[thombashi]

Thank you for your explanation.

Certainly, tcconfig does not have the capability to do that currently.
So, I've made prototype package that added --src-network option which restricts source network.

Example:

tcset --device eth1 --network 192.168.14.77 --src-network 192.168.2.55 --delay 5

In this example, tc will incur network latency to communication that only which destination is 192.168.14.77 and source is 192.168.2.55.
Does it solves your issue?

I've uploaded this prototype package to https://drive.google.com/file/d/0By6ycr1BX49xal84dU9OS3VBRkU/view?usp=sharing
Would you try this package?

Installation:

pip install tcconfig-0.7.0a0-py2.py3-none-any.whl --upgrade

Any comments or suggestions would be appreciated.

[JonathanLennox]

Unfortunately I don't have the setup to test it right now (my test router is still the aforementioned ancient box running nistnet) but it looks good by inspection.

[thombashi]

Thank for your response.
I'll integrate this feature in the next release (probably 0.7.0).

[konetzed]

Did this make it into the 0.7.0-alpha's? Or is it part of the master branch?

[thombashi]

@konetzed
You can use the --src-network with 0.7.0-alpha version, but there is no documentation for now.

Please note followings if you use it:

• The option require iptables package and tcset will add/delete mangle table during execution (any other tables are not changed)
• --iptables option always required with --src-network option
• --src-network will only affect to outgoing packets (not affect to if you use --direction incoming option)
• These behavior may change at 7.0.0 release

Any comments or suggestions are welcome.

[thombashi]

I'll close the issue, since the feature included from tcconfig 7.0.0.
Feel free to reopen.

Thanks,