1

I have a Pi 3 B+ setup as Wi-Fi access point and would like to simulate packet delays and packet loss for connected devices communicating through the AP. I thought that I could achieve this using tc and iptables to cause packet jitter and loss for connected devices communicating through the AP but those packets are unaffected. The only packets that are affected are packets from a connected device who's destination IP is the AP or AP packets who's destination who's destination IP is a connected device. Any insight on how to affect connected devices communicating through the AP would be greatly appreciated. Also I cannot modify the software or configuration on the devices connected to the AP. I tried commands similar to the ones below on the AP without success.

tc qdisc change dev wlan0 root netem delay 100ms 10ms

tc qdisc change dev wlan0 root netem loss 0.1

iptables -D INPUT -m statistic --mode random --probability 0.2 -j DROP

iptables -D OUTPUT -m statistic --mode random --probability 0.2 -j DROP

iptables -D FORWARD -m statistic --mode random --probability 0.2 -j DROP

Improve this question

1 Answer 1

Reset to default
1

You should be able to use netem for this purpose, without requiring iptables. You can combine the delay and loss you require in a single netem instance.

However, each qdisc only handles outgoing traffic on its interface by default. Incoming traffic involves a different path, and you have to put a separate qdisc on that path to influence them. You could either attach a second netem instance to the Ethernet interface, or direct the Wifi ingress traffic to pass through a virtual intermediate device. The latter requires:

ifconfig ifb0 up
tc qdisc add dev wlan0 handle ffff: ingress
tc filter add dev wlan0 parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev ifb0
tc qdisc add dev ifb0 root netem ...

One reason why iptables might not be working for you is that, by default, bridged traffic does not pass through it for efficiency reasons, only routed traffic does. There is a compile-time kernel configuration option to send bridged traffic through iptables as well, but I don't think that's necessary in your case.

Improve this answer
6
  • I tried this but with the follow command without success as the tc filter command was not working. Any other ideas would be greatly appreciated # modprobe ifb # ip link set dev ifb0 up # tc qdisc add dev eth0 ingress # tc filter add dev eth0 parent ffff: \ protocol ip u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0 # tc qdisc add dev ifb0 root netem delay 750ms
    – user9773452
    Commented May 14, 2018 at 1:08
  • @user9773452 How exactly was the tc filter command "not working"? Was there an error message?
    – Chromatix
    Commented May 14, 2018 at 11:02
  • It was a parsing error
    – user9773452
    Commented May 15, 2018 at 3:49
  • @user9773452 In that case, try the version in my edited answer.
    – Chromatix
    Commented May 15, 2018 at 9:41
  • The commands now work but only packets that are affected are packets from a connected device who's destination IP is the AP or AP packets who's destination who's destination IP is a connected device.
    – user9773452
    Commented May 15, 2018 at 14:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .