Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Tyler Treat
@tylertreat
sounds like there's at least 1 person possibly working on some enhancements to the lib, which is great. feel free to direct any contribution discussion here.
term1nal
@term1nal
Hello! Great and perfectly satirical library there that actually serves a function! So I'm working on trying to add support to target the performance of specific endpoints (slow lanes essentially). I've got a basic working prototype, but I really would like to make it that much easier, as well as better support domains. There's two ways I can go about this...
Currently, I have tested successfully using tc to make a u32 match to an ip (or CIDR mask). Seems to work okay! doesn't affect other traffic but that involving the specified IP. Though, the other way, that I have yet to get working for some unknown reason I didn't have time to troubleshoot with some linux networking boffins, is specifying the netem rule as I did before (minus the tc filter with a u32 match), and instead using iptables prerouting and fwmark, with a tc filter to apply the netem rule by class id to packets that match the prerouting marker.
term1nal
@term1nal
For multiple disparate targets (not specifically covered by a single CIDR mask) If I can't get the iptables method of specifying the targets (makes it much easier, and also allows specification of domain names), then I'll just need to do multiple lines of u32 matches. Which should be fine,, and no persistence will be required, as I can simply just list out the rules and act per-entry from that.
For domain names with the u32 filter, I'll just have to run a query first to resolve the name.
Sean
@sean3d
lold at the library name
that's all I have to say.
Julian Norton
@JulianNorton
Never heard of gitter, wanted to try it out
term1nal
@term1nal
Alright, some troubleshooting lead to not using tc-filter for the packets, and instead using iptables with -j CLASSIFY (yay!) and I got it working. So rejiggering some things and then hammering on multiple target addresses.
Tyler Treat
@tylertreat
Awesome!
term1nal
@term1nal
So i'm also adding destination ports as well.
single ports, multiple ports, port ranges, and combination therein.
22,80,1000:1010
so far, only working on linux, once the TC/Iptables wrapper is done, i will need to start over for ipfw :D
which honestly should be easier to support, I bet.
Tyler Treat
@tylertreat
Yeah, unfortunately I don't even have a machine that supports ipfw anymore...
Jeff R. Allen
@jeffallen
It's all fun and games until someone gets a cease and desist. 😊
term1nal
@term1nal
I did learn some useful information, @tylertreat, OSX 10.10 is using pf from openbsd 4.6 (or so I've been told)
term1nal
@term1nal
OKAY... phew... I got the flag parser for the new functions with pretty fool-proof sanity checking, that was fun. Now I just need to do teardown of the iptables rules and it's done (for TC)
Then do I overhaul ipfw!
I'll commit the TC overhaul likely tonight.
Tyler Treat
@tylertreat
excellent, looking forward to checking it out
do you have a machine with ipfw?
term1nal
@term1nal
Nope! Might spin up a freebsd digitalocean droplet and play with it that way.
but here's a sneak peak at the new comcast.go
term1nal
@term1nal
oh, left in a bit of a holdover from my first bit
the checkConfig() bit
that's not valid anymore :P
Anyway! I'm taking a break for dinner, talk in a bit.
Tyler Treat
@tylertreat
sounds good, later
term1nal
@term1nal
Alright, tc wrapper is like 95% done.. ran into some complications during debugging that delayed it. I'm not comfortable with it just yet to commit it. Should be ready to commit it tomorrow morning after some tinkering to polish it up a smidge.
Then the ipfw wrapper should be pretty darn straightforward and not take long to port some of the functionality form the tc wrapper to ipfw.
term1nal
@term1nal
I added another flag --dry-run to just output the rules and not actually run the commands.
term1nal
@term1nal
And there it is!
Tyler Treat
@tylertreat
awesome!
term1nal
@term1nal
Sorry for all the PRs and such. I hope I'm not annoying the heck out of you :P
Tyler Treat
@tylertreat
nah it's great! you're a machine
James Mason
@jmason888
I was looking for a function to deploy lobbyists.
Andrew Sun
@as-com
lol, one of the funniest pokes at Comcast...
Looks like Netflix should be using this. :-P
term1nal
@term1nal
Tyler Treat
@tylertreat
haha nice. love the logo :D
term1nal
@term1nal
You're welcome to use it :P All I did was paste a poo on the "Com" part ;)
Andrew Sun
@as-com
When is support for Yosemite coming out?
term1nal
@term1nal
I need to make a wrapper for PF. I didn't have time this weekend to dig into it, as well, I don't own a box that has PF. I'll see what I can do this week.
The difference is with PF and ipfw, is that PF uses a conf file rather than commands to set up the rules. So this will require a different approach than before. The rules are line-order dependent, so we could just shove them at the top, and as of yet I have no understanding of the QoS features if any in PF, so that will be a task to learn.
term1nal
@term1nal
I've come to the conclusion that PF does not include the features necessary to do the likes of arbitrary packet drop/reorder/corruption or delay. I can get working at the very least a bandwidth limit, and some packet drop may possible ensue from that by way of using a priority queue (PRIQ) setup where lower priority queues may lose packets if the data to the highest priority queue is saturated. But there's no way to control this behavior through means of configuration. So PF will only have very basic support for our purposes, thus leaving MacOSX 10.10 poorly supported.
Tyler Treat
@tylertreat
well that kinda sucks :p