How to add delay to incoming traffic?
Adding delay can be done on incoming (ingress) or outgoing (egress) packets (or both). Delaying ingress packets is a bit harder (cause the packet has already arrived) but is achievable with Intermediate Functional Block device (have a look here. search for "netem on incoming traffic").
Because your goal can be achieved by delaying ingress or egress traffic and delaying egress is easier, I'd recommend to do that. Your configuration is almost correct: you just need to replace the iptables mangle line with
sudo iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 11
Related videos on Youtube
15 : 23
06 : 36
01 : 31
02 : 14
33 : 42
Comments
-
bbaja42 over 1 year
For purpose of continuous testing, I would like have apache server to serve static files with at least 20ms delay.
I tried to find a apache configuration setting or a plugin with similar ability, but failed.
Combination of tc and iptables might work, but I only found a way to add delay based on outgoing port, (which is different for every client).
Variables IF=lo IFSPEED=100Mbps # Get from sudo /sbin/ethtool $IF DELAY=1000ms # # Create a tree of classful HTB objects # sudo /sbin/tc qdisc add dev $IF handle 1: root htb # # Create a classful child bucket with classid 1:11 # sudo /sbin/tc class add dev $IF parent 1: classid 1:11 htb rate $IFSPEED # # Create a qdisc (classless) netem child to provide a delay for packets in this 'bucket' # sudo /sbin/tc qdisc add dev $IF parent 1:11 handle 11: netem delay $DELAY # # Filter mangled/marked traffic to the above class # sudo /sbin/tc filter add dev $IF parent 1:0 prio 1 protocol ip handle 11 fw flowid 1:11 # # Use iptables to mangle TCP packets to port 4001 and mark packet for tc filtering # sudo /sbin/iptables -A OUTPUT -t mangle -p tcp --dport 4001 -j MARK --set-mark 11
So the previous snippet work, but how to change policy so every incoming packet with destinatiom port 80 is delayed? -- attempted to try iptables with PREROUTING , but still didn't work?
-
skarap almost 11 yearsPlease clarify: do you want to delay incoming or outgoing packets? I'm not quite sure if both will have the same effect, but delaying outgoing packets is easier.
-
bbaja42 almost 11 yearsFor my purpose, delay either of them will suffice.
-
skarap almost 11 yearsWell, won't changing the iptables rule to
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 11be enough? At least for me it delays the outgoing packets for 1000ms. -
bbaja42 almost 11 yearsYes, you are right. My mistake was trying to use --sport with PREROUTEING table, and --dport with OUTPUT table. I didn't realize that I can combine --sport with OUTPUT table.
-
