Traffic Shaping (simulate packet delay and loss) on Linux Wi-FI Access Point

1

I have a Pi 3 B+ setup as Wi-Fi access point and would like to simulate packet delays and packet loss for connected devices communicating through the AP. I thought that I could achieve this using tc and iptables to cause packet jitter and loss for connected devices communicating through the AP but those packets are unaffected. The only packets that are affected are packets from a connected device who's destination IP is the AP or AP packets who's destination who's destination IP is a connected device. Any insight on how to affect connected devices communicating through the AP would be greatly appreciated. Also I cannot modify the software or configuration on the devices connected to the AP. I tried commands similar to the ones below on the AP without success.

tc qdisc change dev wlan0 root netem delay 100ms 10ms

tc qdisc change dev wlan0 root netem loss 0.1

iptables -D INPUT -m statistic --mode random --probability 0.2 -j DROP

iptables -D OUTPUT -m statistic --mode random --probability 0.2 -j DROP

iptables -D FORWARD -m statistic --mode random --probability 0.2 -j DROP

user9773452

Posted 2018-05-10T22:47:38.773

Reputation: 11

Answers

1

You should be able to use netem for this purpose, without requiring iptables. You can combine the delay and loss you require in a single netem instance.

However, each qdisc only handles outgoing traffic on its interface by default. Incoming traffic involves a different path, and you have to put a separate qdisc on that path to influence them. You could either attach a second netem instance to the Ethernet interface, or direct the Wifi ingress traffic to pass through a virtual intermediate device. The latter requires:

ifconfig ifb0 up
tc qdisc add dev wlan0 handle ffff: ingress
tc filter add dev wlan0 parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev ifb0
tc qdisc add dev ifb0 root netem ...

One reason why iptables might not be working for you is that, by default, bridged traffic does not pass through it for efficiency reasons, only routed traffic does. There is a compile-time kernel configuration option to send bridged traffic through iptables as well, but I don't think that's necessary in your case.

Chromatix

Posted 2018-05-10T22:47:38.773

Reputation: 348

I tried this but with the follow command without success as the tc filter command was not working. Any other ideas would be greatly appreciated # modprobe ifb

ip link set dev ifb0 up

tc qdisc add dev eth0 ingress

tc filter add dev eth0 parent ffff: \

protocol ip u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0

tc qdisc add dev ifb0 root netem delay 750ms< – user9773452 – 2018-05-14T01:08:41.173

@user9773452 How exactly was the tc filter command "not working"? Was there an error message? – Chromatix – 2018-05-14T11:02:19.263

It was a parsing error – user9773452 – 2018-05-15T03:49:45.907

@user9773452 In that case, try the version in my edited answer. – Chromatix – 2018-05-15T09:41:09.877

The commands now work but only packets that are affected are packets from a connected device who's destination IP is the AP or AP packets who's destination who's destination IP is a connected device. – user9773452 – 2018-05-15T14:45:55.150

@user9773452 That's weird. Really weird. But as a workaround you could give eth0 the same treatment. You can direct the eth0 ingress traffic to the same ifb0 device, so you don't need to duplicate that as well. – Chromatix – 2018-05-16T21:31:12.360

Asked: 2018-05-10T22:47:38.773

Viewed: 712 times

Active: 2018-05-15T09:40:36.547