CN113918401A - Network fault simulation method and simulator based on iptables - Google Patents
Network fault simulation method and simulator based on iptables Download PDFInfo
- Publication number
- CN113918401A CN113918401A CN202111163779.5A CN202111163779A CN113918401A CN 113918401 A CN113918401 A CN 113918401A CN 202111163779 A CN202111163779 A CN 202111163779A CN 113918401 A CN113918401 A CN 113918401A
- Authority
- CN
- China
- Prior art keywords
- command
- network
- iptables
- simulation
- fault simulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004088 simulation Methods 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000008569 process Effects 0.000 claims abstract description 13
- 238000010586 diagram Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/26—Functional testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network fault simulation method and a simulator based on iptables, belonging to the technical field of network fault simulation and comprising the following steps: step A: starting a network fault simulator on a target server, initializing a command interface, and waiting for a fault simulation command to be input; and B: the method comprises the steps that a fault simulation command is created in a system, the network fault simulator controls iptables rules according to the created fault simulation command, network fault simulation is conducted, the technical problems that original codes need to be modified in the traditional technology, the process is complex, and the practical requirements cannot be met are solved, non-invasive transparency is achieved, original hardware does not need to be damaged, and the technical effect that the original codes do not need to be modified is achieved.
Description
Technical Field
The invention belongs to the technical field of network fault simulation, and particularly relates to a network fault simulation method and a simulator based on iptables.
Background
A network failure (network failure) refers to a state in which a network cannot provide normal services or reduce quality of services due to hardware problems, software bugs, virus intrusion, and the like, and when a hardware failure occurs, the network failure is generally caused by devices of a framework network, including devices such as a network card, a network cable, a router, an exchanger, a modem, and the like. For such failures, we can generally see through PING commands, tracert commands, and so on; when software fails, the general TCP/IP protocol can fail, and the network can definitely have problems. It is also possible that problems arise with respect to user management. Sometimes the setting of firewalls also affects the network.
In the prior art, in order to carry out disaster tolerance of network faults of software, original codes are often required to be modified, the process is complex, and the practical requirements cannot be met.
Disclosure of Invention
Aiming at the problems that the prior code needs to be modified, the process is complex and the practical requirement cannot be met in the prior art, the invention provides a network fault method and a simulator based on iptables, and the aim is as follows: the non-invasive transparency is realized, the original hardware is not required to be damaged, and the original code is not required to be modified.
The technical scheme adopted by the invention is as follows:
an iptables-based network fault simulation method comprises the following steps:
step A: starting a network fault simulator on a target server, initializing a command interface, and waiting for a fault simulation command to be input;
and B: and a fault simulation command is established in the system, and the network fault simulator controls the rules of iptables according to the established fault simulation command to simulate the network fault.
By adopting the scheme, various fault simulation commands can be received through the command processor in the fault simulator, and the linux toolkit is called according to the fault simulation commands to realize the simulation of the network fault.
The specific steps of the step B are as follows:
step B1: if a packet loss simulation instruction of the network is received, performing a network packet loss simulation process;
step B2: and if the local port occupied simulation instruction is received, carrying out a local port occupied simulation process.
The specific steps of the step B are as follows:
step B1: if a packet loss simulation instruction of the network is received, performing a network packet loss simulation process;
step B2: and if the local port occupied simulation instruction is received, carrying out a local port occupied simulation process.
The specific steps of the step B1 are as follows:
step B11: creating and sending create network loss-interface 0-percent 50 command to command processor;
step B12: and calling a command line of a linux built-in tool tc by the command processor to carry out random packet loss, and starting to simulate network packet loss.
The specific steps of the step B2 are as follows:
step B21: creating and sending a create network occupy 8080 command to the command handler;
step B22: the command processor calls an iptables-I INPUT-p tcp-dport 8080-jACCEPT command of the iptables, directly closes the corresponding network port, and realizes the simulation that the network port is occupied.
The invention also provides an iptables-based network fault simulator for a network fault simulation method, which comprises a command processor for receiving the created fault simulation command and calling a linux tool, wherein the linux tool comprises a tc command line and iptables.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that: the method can receive various fault simulation commands through a command processor in the fault simulator, and call the linux toolkit according to the fault simulation commands to realize the simulation of the network fault.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a network fault simulator overview framework of the present invention;
FIG. 2 is a framework of the present invention that simulates local port occupancy;
FIG. 3 is a framework of the present invention for simulating network packet loss;
FIG. 4 is a diagram of the linux core architecture of the present invention.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
The present invention will be described in detail with reference to fig. 1 to 4.
The first embodiment is as follows:
an iptables-based network fault simulation method comprises the following steps:
step A: starting a network fault simulator on a target server, initializing a command interface, and waiting for a fault simulation command to be input;
and B: and a fault simulation command is established in the system, and the network fault simulator controls the rules of the iptables according to the fault simulation command to simulate the network fault.
The specific steps of the step B are as follows:
step B1: if a packet loss simulation instruction of the network is received, performing a network packet loss simulation process;
step B2: and if the local port occupied simulation instruction is received, carrying out a local port occupied simulation process.
The specific steps of the step B1 are as follows:
step B11: creating and sending create network loss-interface 0-percent 50 command to command processor;
step B12: and calling a command line of a linux built-in tool tc by the command processor to carry out random packet loss, and starting to simulate network packet loss.
The specific steps of the step B2 are as follows:
step B21: creating and sending a create network occupy 8080 command to the command handler;
step B22: the command processor calls an iptables-I INPUT-p tcp-dport 8080-j ACCEPT command of the iptables, directly closes the corresponding network port, and realizes the simulation that the network port is occupied.
In the above embodiment, the iptables is a policy used by a user to manage and configure firewall rules, is located in a user space, is Netfilter to actually analyze the rules and perform actions according to the rules, and interacts with hooks having a packet filtering function in a protocol stack to complete work, and the kernel hooks form a Netfilter frame;
each packet (received and sent) entering the network system triggers these hooks when it passes through the protocol stack, and the program can handle network traffic on some critical path by registering the hook function.
The iPadables related kernel module registers processing functions in the hooks, so that network traffic can conform to firewall rules through the iPadables rules, wherein the fault simulator performs network fault simulation by calling various tools in a Linux framework, the Linux core structure diagram of which is shown in FIG. 4, wherein Netfilter is a subsystem introduced by Linux 2.4.x, which serves as a universal and abstract framework and provides a complete set of management mechanisms of hook functions, so that connections such as packet filtering, Network Address Translation (NAT) and protocol-based types are tracked to be possible, wherein the kernel of the Linux system is common knowledge of those skilled in the art and is not described in detail herein, wherein when local port occupation is performed, iptables-I INPUT-p tcp 8080-j-ACCEPT commands are called by a command processor, a specific process is shown in fig. 2, when network packet loss simulation is performed, a create network loss-interface 0-percentage 50 command is sent to a command processor, the command processor calls a linux built-in tool tc command line to perform random packet loss, and simulation of network packet loss starts to be performed, the scheme directly calls the tc command line in the linux system, and as shown in fig. 3, an operating system in fig. 3 is the linux system.
Example two:
an iptables-based network fault simulator for use in the network fault simulation method of the first embodiment comprises a command handler for receiving a created fault simulation command and invoking a linux tool comprising a tc command line and iptables.
In the above embodiment, the network failure simulator can receive two created commands, including a create network loss-interface eth 0-percent 50 command and a create network address 8080 command, where the create network loss-interface eth 0-percent 50 command can invoke a tc command in the linux system to perform network packet loss simulation, and where the create network address 8080 command can invoke an iptables-IINPUT-p tcp-dport 8080-accecept command in the iptables, directly close the local port, and perform network failure simulation where the network port is occupied.
The above-mentioned embodiments only express the specific embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for those skilled in the art, without departing from the technical idea of the present application, several changes and modifications can be made, which are all within the protection scope of the present application.
Claims (5)
1. An iptables-based network fault simulation method is characterized by comprising the following steps of:
step A: starting a network fault simulator on a target server, initializing a command interface, and waiting for a fault simulation command to be input;
and B: and a fault simulation command is established in the system, and the network fault simulator controls the rules of iptables according to the established fault simulation command to simulate the network fault.
2. The iptables-based network fault simulation method as claimed in claim 1, wherein the specific steps of the step B are as follows:
step B1: if a packet loss simulation instruction of the network is received, performing a network packet loss simulation process;
step B2: and if the local port occupied simulation instruction is received, carrying out a local port occupied simulation process.
3. The iptables-based network fault simulation method as claimed in claim 1, wherein the specific steps of the step B1 are as follows:
step B11: creating and sending create network loss-interface 0-percent 50 command to command processor;
step B12: and calling a command line of a linux built-in tool tc by the command processor to carry out random packet loss, and starting to simulate network packet loss.
4. The iptables-based network fault simulation method as claimed in claim 1, wherein the specific steps of the step B2 are as follows:
step B21: creating and sending a create network occupy 8080 command to the command handler;
step B22: the command processor calls an iptables-I INPUT-p tcp-dport 8080-jACCEPT command of the iptables, directly closes the corresponding network port, and realizes the simulation that the network port is occupied.
5. An iptables-based network fault simulator for use in the network fault simulation method of any one of claims 1 to 4, comprising a command handler for receiving a created fault simulation command and invoking a linux tool comprising a tc command line and iptables.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111163779.5A CN113918401A (en) | 2021-09-30 | 2021-09-30 | Network fault simulation method and simulator based on iptables |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111163779.5A CN113918401A (en) | 2021-09-30 | 2021-09-30 | Network fault simulation method and simulator based on iptables |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113918401A true CN113918401A (en) | 2022-01-11 |
Family
ID=79237752
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111163779.5A Pending CN113918401A (en) | 2021-09-30 | 2021-09-30 | Network fault simulation method and simulator based on iptables |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918401A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618645A (en) * | 2013-11-28 | 2014-03-05 | 武汉虹旭信息技术有限责任公司 | Complex network environment test system and method with intelligent simulation function |
| CN105763570A (en) * | 2016-04-26 | 2016-07-13 | 北京交通大学 | Virtualization-technology-based distributed real-time network simulation system |
| CN105808420A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | Implementation method and device of robustness testing process |
| CN110535764A (en) * | 2019-05-23 | 2019-12-03 | 南京大学 | A kind of implementation method of Information Network scale link simulator |
| CN111385147A (en) * | 2020-03-06 | 2020-07-07 | 腾讯科技(深圳)有限公司 | Fault simulation method, device and computer readable storage medium |
| CN111752787A (en) * | 2019-03-26 | 2020-10-09 | 中移(苏州)软件技术有限公司 | Resource pool disaster tolerance drilling method, device and storage medium |
| CN112231165A (en) * | 2020-09-29 | 2021-01-15 | 四川新网银行股份有限公司 | Memory fault simulation method based on link library injection and memory mapping mode |
-
2021
- 2021-09-30 CN CN202111163779.5A patent/CN113918401A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618645A (en) * | 2013-11-28 | 2014-03-05 | 武汉虹旭信息技术有限责任公司 | Complex network environment test system and method with intelligent simulation function |
| CN105808420A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | Implementation method and device of robustness testing process |
| CN105763570A (en) * | 2016-04-26 | 2016-07-13 | 北京交通大学 | Virtualization-technology-based distributed real-time network simulation system |
| CN111752787A (en) * | 2019-03-26 | 2020-10-09 | 中移(苏州)软件技术有限公司 | Resource pool disaster tolerance drilling method, device and storage medium |
| CN110535764A (en) * | 2019-05-23 | 2019-12-03 | 南京大学 | A kind of implementation method of Information Network scale link simulator |
| CN111385147A (en) * | 2020-03-06 | 2020-07-07 | 腾讯科技(深圳)有限公司 | Fault simulation method, device and computer readable storage medium |
| CN112231165A (en) * | 2020-09-29 | 2021-01-15 | 四川新网银行股份有限公司 | Memory fault simulation method based on link library injection and memory mapping mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108449282B (en) | Load balancing method and device | |
| US5734865A (en) | Virtual local area network well-known port routing mechanism for mult--emulators in an open system environment | |
| JP4488077B2 (en) | Virtualization system, virtualization method, and virtualization program | |
| US11005813B2 (en) | Systems and methods for modification of p0f signatures in network packets | |
| US9348771B1 (en) | Cloud-based instrument driver system | |
| US10191762B2 (en) | Transparent deployment of intermediary manager into guest operating system network traffic | |
| WO2017162089A1 (en) | Service configuration method and device for network service | |
| WO2011002575A1 (en) | Network traffic processing pipeline for virtual machines in a network device | |
| CN111817961A (en) | Open vSwitch kernel flow table-based distributed routing method and device in Overlay network | |
| CN114567481A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN106487598B (en) | The more examples of isomery redundancy Snmp agreements realize system and its implementation | |
| CN113691458A (en) | Network packet processing method and device, electronic equipment and storage medium | |
| US9329960B2 (en) | Methods, systems, and computer readable media for utilizing abstracted user-defined data to conduct network protocol testing | |
| WO2024139412A1 (en) | Application traffic comprehensive management method, apparatus, and electronic device | |
| CN113918401A (en) | Network fault simulation method and simulator based on iptables | |
| CN112003794A (en) | Floating IP current limiting method, system, terminal and storage medium | |
| US7433814B2 (en) | Network emulator architecture | |
| WO2022204676A1 (en) | Systems and methods for low latency stateful threat detection and mitigation | |
| Tovar et al. | Harnessing HPC resources for CMS jobs using a Virtual Private Network | |
| US20130290481A1 (en) | Host embedded controller interface bridge | |
| CN114520780A (en) | Access method and device for proxy server | |
| JP3545777B2 (en) | Network connection type communication processing system and test system | |
| Waheed et al. | Implementation of virtual firewall function in SDN (software defined networks) | |
| US20230146378A1 (en) | Packet transfer device, packet transfer method and packet transfer program | |
| CN102946395B (en) | The method and apparatus of analogue network element |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |