Any interest for a PR to add eBPF functionality? I was imagining a tutorial "Mediacom" Docker container baked out of a simple config file that gave it not only bad network connections - but also problematic filesystem calls in a designated directory like /tmp/mediacom .

Hi,

It would be great to see an exclusion parameter in comcast which will exclude the rules to a specific network.

e.g., Apply the delay to everyone but 192.16.0.10:

comcast --device=eth0 --latency=250 --target-bw=1000 --packet-loss=10% -exclude-network 192.168.0.10

or to a specific CIDR:

comcast --device=eth0 --latency=250 --target-bw=1000 --packet-loss=10% -exclude-network 192.168.0.10/24

Example of tc command for network exclusion of packets of 192.168.1.15 with destination port 9001:

tc filter add dev eth0 protocol ip parent 1:0 prio 3 u32 match ip src 0/0 flowid 1:3
tc filter add dev eth0 protocol ipv6 parent 1:0 prio 4 u32 match ip6 src ::/0 flowid 1:3

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 22 0xffff flowid 1:2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 22 0xffff flowid 1:2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.15 match ip dport 9001 0xffff flowid 1:2

tc filter add dev eth0 protocol ipv6 parent 1:0 prio 2 u32 match ip6 dport 22 0xffff flowid 1:2
tc filter add dev eth0 protocol ipv6 parent 1:0 prio 2 u32 match ip6 sport 22 0xffff flowid 1:2
tc filter add dev eth0 protocol ipv6 parent 1:0 prio 2 u32 match ip6 dport 9001 0xffff flowid 1:2

Thanks,
Pavlos

First of all thank you very much for sharing this project!
I wondered how you came up with the specific numbers in the section Network Condition Profiles?
Are they from some literature? Did you check it yourself?
Thank you very much in advance!

So you really need to emulate 20Mbit down/5 up, 50 down/10 up, 8mbit down 1up. Etc.

For example, cable modems have about 7-10ms RTT latency to the head end. DSL is often worse 16ms-30ms depending on interleave.

It is the buffer depth that is what causes the latency under load. And that is something netem doesn't really do "right" - what I typically do is setup a byte fifo on one interface to emulate that, and netem - with a proper emulation for loss and full path delay on the other, with a more correct limit.

If you are going to have a snarky test tool, it would pay to get this part right. Otherwise you aren't going to see #bufferbloat in all it's glory.

I wanted to simulate 100% tcp packet loss between ports 19530 and 19630 on the loop-back interface. So I defined the following comcast rule for this:
./comcast --device=lo0 --packet-loss=100% --target-addr=127.0.0.1 --target-proto=tcp --target-port=19530,19630

But once I start comcast with this specific rule it's affecting my entire network. As in 100% packet loss for everything. The device, target-addr, target-proto or the target-port filters are not honored. The tool is shutting down my entire network.

Here is the sequence of steps I followed. I was testing this by pinging to the Google DNS IP 8.8.8.8 before and after starting comcast. Even the ICMP packets are getting dropped even though my rule specifies tcp.

macalsu01:bin alsu$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=19.847 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=17.993 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=69.683 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=18.609 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 17.993/31.533/69.683/22.036 ms
macalsu01:bin alsu$ ./comcast --device=lo0 --packet-loss=100% --target-addr=127.0.0.1 --target-proto=tcp --target-port=19530,19630
sudo pfctl -E
(cat /etc/pf.conf && echo "dummynet-anchor "mop"" && echo "anchor "mop"") | sudo pfctl -f -
echo $'dummynet in all pipe 1' | sudo pfctl -a mop -f -
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19530 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19530 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19530 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19530 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19630 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19630 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19630 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19630 dst-ip 127.0.0.1 proto tcp
Packet rules setup...
Run sudo pfctl -sa | grep -i enabled to double check
Run ./comcast --stop to reset
macalsu01:bin alsu$ sudo pfctl -sa | grep -i enabled
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 00:00:13 Debug: Urgent
macalsu01:bin alsu$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
macalsu01:bin alsu$ ./comcast --stop
sudo pfctl -f /etc/pf.conf
sudo pfctl -d
sudo dnctl -q flush
Packet rules stopped...
Run sudo pfctl -sa | grep -i enabled to double check
Run ./comcast to start

As you can see the 100% packet loss rule is taking effect. But the rest of the rules are being ignored.

when I use this command

./comcast --device=eth0 --latency=5000 --target-proto=tcp,udp,icmp --target-addr=10.215.45.5

it is useful.but if i add --target-port=9999 like

./comcast --device=eth0 --latency=5000 --target-proto=tcp,udp,icmp --target-addr=10.215.45.5 --target-port=9999

it doesn’t work .

system CentOS release 6.9 (Final)
Comcast version 1.0.0

Does comcat gave you money to named your code as their brand name ?

Do you afraid they may Sue you.

I like the name.

Average bitrate is about 40 kbit/s.
Latency from 100 to 220ms.
Packet loss percentage near 2% (not sure here)

Any idea on how I could use Comcast to provide a shitty connection to a mobile device via Wifi?

I am simulating a webrtc call under bad network conditions, both the peer's machines(one windows one linux) are connected through lan, below is the command I used to restrict the bandwidth on the linux machine

comcast --target-proto="tcp,udp,icmp"  --mode="start" --target-port="1:65535" --target-bw=300 --default-bw='300'

this cap has effect when I am connecting to the internet, and also reflected on the data recievied on the windows machine, but for some wierd reason, my bandwidth for recieving data on linux has not reduced( remains about 1.5Mbps) i.e windows peer recivies poor quality video of linux one, but Linux peer recieves video in good quality. Am I doing something wrong? Sorry, my knowledge is limited in networking field.

Is there a place where we can donate to your legal fund when they hulk smash over the use of their mark? Your tool seems too useful and functional to claim parody although obviously I'm no lawyer.

Is there any way of making this work on Windows? I have no idea how much of a job that would be...

Would be great if there were a contribution guide of some kind. Not sure if that is needed at this point, but it might get more people interested in contributing as well. Just a through, and I would be open to assisting if you need it.

Hi, I tried to adapt the commands to Termux, but he doesn't recognize the commands, maybe there's some way to run it on it?

Otherwise you end up with duplicate source repositories in your GOPATH.

Comcast, in the real world, does deep packet inspection to find HTTP packages, and injects a "you've reached your data cap" message.

It would be useful to have this option for testing available as well (and maybe even multiple such messages from multiple ISPs, used at random)

I have installed and configured Comcast version 1.0.0 on my Macbook. I ran the below command to simulate 10Mbps; after that, the network became too slow, and when I checked the network speed via fast.com , https://www.speedtest.net/ or the mac native command 'network quality,' It is showing around 1-2 Mbps only. what is going wrong here, any other settings i need to focus?

comcast --device=en0 --latency=25 --target-bw=10000 --default-bw=30000 --target-proto=tcp,udp --target-port=80,443,49152:65535

Hi,
i'm new to the GO environment and it would be very nice if you would include a howto for building it on debian (jessie) with the golang version of the repository.

I want to simulate update-behaviour of various systems of virtual machines :)

Thanks for your work :)

root@ubuntu:~# comcast --device=eth0 --latency=250 --target-bw=1000 --packet-loss=10%
sudo tc qdisc show | grep "netem"
sudo tc qdisc add dev eth0 handle 10: root htb
I couldn't setup the packet rules: %s exit status 2

The README file indicates that --packet-loss=0.1 corresponds to 10% packet loss, but then further down lists profiles that would seem to include 150% or 200% packet loss. The code seems to indicate that 0.1 would actually mean 0.1%, not 10%.

Not sure if anyone else has that requirement, but it would be neat if we can setup multiple rules to different targets, say, one for 50ms latency and one for 200ms latency, to conduct tests without having to frequently setup and teardown comcast to switch rules. It's also beneficial when we need to simulate different network at the same time.

Currently executing comcast the second time results It looks like the packet rules are already setup. I'd be happy to create PR once having free time slot but before that, I want to ask you who already have experience on it: Are there any potential blocker to play with those various system tools for this purpose? To avoid bookkeeping, A simplification would be to set up multiple rules but teardown them all.

Hi guys,
I just tried to setup Comcast on a MAC OS X 10.10.1 machine, resulting in the following message:
"I don't support your version of OSX".
Is there a way to get it working? Maybe by changing some codelines and building it by myself?

For instance, when a server has multiple interfaces and want to effect the backup/management network (we aren't as confident as Netflix 😄) and as well as the new network interface names that all Linux distributions will eventually adopt. (Assuming the udev forks will also follow suit.)

:~$ comcast --version
Comcast version 1.0.0

#5 is the same, but was apparently fixed. Let me know what information would be helpful.

~$ comcast --device=lo --latency=250 --target-bw=40 --default-bw=1000000 --packet-loss=50% --target-addr=127.0.0.0/24 --target-proto=tcp,udp,icmp --target-port=4369,5672
sudo tc qdisc show | grep "netem"
sudo tc qdisc add dev lo handle 10: root htb
sudo tc class add dev lo parent 10: classid 10:1 htb rate 1000000kbit
sudo tc class add dev lo parent 10:1 classid 10:10 htb rate 1000000kbit
sudo tc qdisc add dev lo parent 10:10 handle 100: netem delay 250ms rate 40kbit loss 50.00%
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p tcp --match multiport --dports 4369,5672 -d 127.0.0.0/24
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p udp --match multiport --dports 4369,5672 -d 127.0.0.0/24
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p icmp -d 127.0.0.0/24
Packet rules setup...
Run `sudo tc -s qdisc` to double check
Run `comcast --stop` to reset

~$ comcast --stop
sudo tc qdisc show | grep "netem"
sudo iptables -t mangle -D POSTROUTING -d 127.0.0.0/24 -p tcp -m multiport --dports 4369,5672 -j CLASSIFY --set-class 0010:0010
sudo iptables -t mangle -D POSTROUTING -d 127.0.0.0/24 -p udp -m multiport --dports 4369,5672 -j CLASSIFY --set-class 0010:0010
sudo iptables -t mangle -D POSTROUTING -d 127.0.0.0/24 -p icmp -j CLASSIFY --set-class 0010:0010
sudo tc qdisc del dev eth0 handle 10: root
Failed to stop packet controls

~$ sudo tc -s qdisc
qdisc htb 10: dev lo root refcnt 2 r2q 10 default 0 direct_packets_stat 4732 direct_qlen 2
 Sent 874589 bytes 4823 pkt (dropped 76, overlimits 485 requeues 0) 
 backlog 0b 0p requeues 0 
qdisc netem 100: dev lo parent 10:10 limit 1000 delay 250.0ms loss 50% rate 40000bit
 Sent 8804 bytes 91 pkt (dropped 76, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
qdisc pfifo_fast 0: dev eth0 root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 2497436 bytes 28521 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
qdisc pfifo_fast 0: dev eth1 root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 555740 bytes 1293 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 

~$ sudo tc qdisc del dev lo root netem
RTNETLINK answers: Invalid argument

Please add functionality to accept the hostname/s for the target_address switch.

I'm very interested in this

I'm running to VMs that have to communicate with each other. When enabling latency with Comcast the bandwidth goes down drastically. Without anything enabled I get iperf to measure about 1.1Gbit/s, with a latency of 200ms however I get only a bandwith of about 100Mbit.

These are the rules that it outputs:

sudo tc qdisc add dev eth1 handle 10: root htb
sudo tc class add dev eth1 parent 10: classid 10:1 htb rate 1000000kbit
sudo tc class add dev eth1 parent 10:1 classid 10:10 htb rate 1000000kbit
sudo tc qdisc add dev eth1 parent 10:10 handle 100: netem delay 200ms
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p tcp --match multiport --dports 1:22,23:65535 -d 192.168.56.111
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p udp --match multiport --dports 1:22,23:65535 -d 192.168.56.111
sudo iptables -A POSTROUTING -t mangle -j CLASSIFY --set-class 10:10 -p icmp -d 192.168.56.111

I'm currently using Mac OS X 10.10, and it seems that comcast has some critical limitations that should probably be mentioned (or fixed if possible?)

The biggest one seems to be that upstream is not affected, only downstream. Both --packet-loss and --target-bw only seem to affect data received on the network device, and not data sent. This looks deliberate from 'dummynet in all pipe 1' | sudo pfctl -a mop -f - and no mention of "out". (Well, there is mention of both "src-ip" and "dst-ip" in the following dnctl rules. And maybe dummynet is supposed to apply to both directions. But it definitely doesn't work.) It should probably be mentioned somewhere in the README?

Another thing is that the downstream seems to be affected for all ip addresses, not just the --target-addr (even though I do see the target-addr mentioned in the rules applied).

My tests: I'm working on a webrtc server-side headless peer thingie (a gateway) and monitoring NACKs (packet losses) under various video bitrates and conditions in each direction. I also threw in a quick dslreports.com/speedtest run when I suspected that the --target-addr was not the only one affected by --target-bw.

Here's some more info in case it helps:

[pierce@plo-pro sysop]$ sudo dnctl list
00001: 600.000 Kbit/s    0 ms   50 sl. 2 queues (64 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000034/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
    mask: 0x00 0x00000000/0x0000 -> 0x00000034/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
 48 ip           0.0.0.0/0            0.0.0.48/0       11     1184  0    0   0
 52 ip           0.0.0.0/0            0.0.0.52/0        2      126  0    0   0
[pierce@plo-pro sysop]$ sudo pfctl -sa
No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
nat-anchor "com.apple/*" all
rdr-anchor "com.apple/*" all

FILTER RULES:
scrub-anchor "com.apple/*" all fragment reassemble
anchor "com.apple/*" all
anchor "mop" all

DUMMYNET RULES:
dummynet-anchor "com.apple/*" all
dummynet-anchor "mop" all

INFO:
Status: Enabled for 0 days 00:00:11           Debug: Urgent

State Table                          Total             Rate
  current entries                        0               
  searches                         2188637       198967.0/s
  inserts                                0            0.0/s
  removals                               0            0.0/s
Counters
  match                             809773        73615.7/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                            295           26.8/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
  dummynet                          671538        61048.9/s

I must admit that I was hoping "comcast" would prevent me from needing to figure out any of this OS X firewall+traffic-control stuff 😁

Any plans to make this tool work inside a docker container?

I understand that this is a docker issue and not a comcast issue, but i'm curious to know if anyone has already made it happen or if we plan to support docker containers in the future.

There is a fork (https://github.com/docker-in-practice/docker-comcast) that have some patches to make it run under a docker host.

Thanks :)

I know it's easy to build one but I'm just wondering if someone already built it

in tc.go the method teardown exec tcTeardown but should be cmd which is built

./bin/comcast --latency=300 --target-bw=150 --default-bw=150 --packet-loss=3%

I see that the incoming traffic is having no effect.

Linux precise32 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux

vagrant@precise32:~$ go get github.com/tylertreat/comcast
github.com/tylertreat/comcast/throttler
/usr/lib/go/src/pkg/github.com/tylertreat/comcast/throttler/throttler.go:160: undefined: bufio.NewScanner

used example
comcast --device=eth0 --latency=250 --bandwidth=1000 --packet-loss=0.1

attempting to stop failed.

root@Desktop:~# comcast --mode stop
sudo tc qdisc show | grep "netem"
sudo tc qdisc del dev eth0 root netem
Failed to stop packet controls

The kernel sends the client an eperm when tc or iptables drops a packet. In real packet loss, the client wouldn't be made immediately aware that the packet didn't reach its destination. The process I'm testing responds to eperm by closing down the socket and trying again on a new socket.

See https://www.spinics.net/lists/netfilter/msg42592.html.

I worked around this by rerouting the packet to a port, 9999, which hopefully isn't used - this solution probably isn't ideal here.

That said, if the intention is to run these scripts on a machine acting as a router then this isn't an issue.

I am not familiar with the internals of dnctl and how it configures the packet loss rate, but what I am finding is that if I set the packet loss rate the target-addr (src-ip, dst-ip) portion of the filter is ignored. For example if I set the plr to 100%, I cannot ping the localhost. See the following snippet:

➜ ~ ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.089 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.096 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.108 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.115 ms ^C --- 127.0.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.089/0.102/0.115/0.010 ms ➜ ~ sudo ./go/bin/comcast --device=utun0 --latency=250 --target-bw=100 --packet-loss=100% --target-addr=10.169.99.196 --target-proto=tcp,udp,icmp sudo pfctl -E (cat /etc/pf.conf && echo "dummynet-anchor \"mop\"" && echo "anchor \"mop\"") | sudo pfctl -f - echo $'dummynet in all pipe 1' | sudo pfctl -a mop -f - sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask src-ip 10.169.99.196 proto tcp sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask src-ip 10.169.99.196 proto udp sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask src-ip 10.169.99.196 proto icmp sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask dst-ip 10.169.99.196 proto tcp sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask dst-ip 10.169.99.196 proto udp sudo dnctl pipe 1 config delay 250ms bw 100Kbit/s plr 1.0000 mask dst-ip 10.169.99.196 proto icmp Packet rules setup... Run sudo pfctl -sa | grep -i enabledto double check Run./go/bin/comcast --stop` to reset
➜ ~ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
^C
--- 127.0.0.1 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

Have you tried to implement your code in a Windows environment? Is it possible?

more of a feature request than an issue

It would be nice to use it instead as it's meant to replace *tables.

I've come to the conclusion that PF does not include the features necessary to do the likes of arbitrary packet drop/reorder/corruption or delay. I can get working at the very least a bandwidth limit, and some packet drop may possible ensue from that by way of using a priority queue (PRIQ) setup where lower priority queues may lose packets if the data to the highest priority queue is saturated. But there's no way to finely control this behavior through means of configuration in similar fashion to TC and IPFW. So PF will only have very basic support for our purposes, thus leaving MacOSX 10.10.x poorly supported by the scope of this project.

root@ubuntu:/home/user# go get github.com/tylertreat/comcast

github.com/tylertreat/comcast/throttler

/usr/lib/go/src/pkg/github.com/tylertreat/comcast/throttler/throttler.go:175: undefined: bufio.NewScanner

I suggest the following flag be added to better support the testing connections relying on Mediacom.

--fibercut

The documentation didn't appear to state that using this will, by default, make requests to YouTube and Netflix slower, seems like a critical missing feature.

It would be pretty cool if you could spec a bandwidth restriction per domain though, or based on other packet criteria. Though I totally understand if delving that deep into networking black magic is outside the scope of this project.

OK, so I'm a total go n00b but the installation instructions don't seem to work...

$ brew install go
...
$ export GOPATH=~/.gocode
$ go get github.com/tylertreat/comcast
$ comcast --device=en0 --latency=250 --bandwidth=1000 --packet-loss=0.1
-bash: comcast: command not found

edit: brew installs go version go1.3.3 darwin/amd64

Hello!
I am actually having several issues. I am currently running Ubuntu 20.04.4 LTS for context.

1. The go install github.com/tylertreat/comcast@latest installation command isn't working for me; I needed to git pull the comcast repository, and then go build comcast.go and go install in order for the comcast command to work in my terminal. I am having to build and install each time I restart my terminal.
2. I simply can't get the comcast command to work properly; for example running comcast --device=<device name> --latency=2000 prints sudo tc qdisc show | grep "netem" It looks like the packet rules are already setup
   and then comcast --stop prints Failed to stop packet controls.

Any advice on fixing either of these things or getting comcast working would be greatly appreciated.