Discussion:
how to simulate a connection timeout on a local machine?
Jan Pechanec
2007-02-13 18:38:45 UTC
Permalink
hi all, I would like to ask you for help on how to simulate a
connection timeout on a local machine. Please cc' me since I'm not on this
alias.

I'm working on several RFE's for SSH and one is to resync client
side ConnectTimeout feature from OpenSSH. That's the easy part - set socket
as non-blocking, call connect() and then select().

however, I would like to add a new test case into STC-2 SSH test
suite. The question is how to simulate a situation where "ssh -o
ConnectTimeout=5 somehost" will timeout in 5 seconds if I can configure/use
local machine only.

I thought about ipfilter on lo0 before I found out that loopback
cannot be filtered on. I then thought about -blackhole flag. I found out
that the system responded with "No route to host" when I wanted to connect
using that route (route add 1.2.3.4 127.0.0.1 -blackhole).

I guess I might setup two zones and filter between them but I hope
for an easier solution. The less code to setup a testing environment the
better. I'm out of ideas. Any help please?

adding 2nd machine to the STC-2 SSH test suite is also not an
option, the setup would be then too complicated.

thank you, Jan.
--
Jan Pechanec
Nicolas Williams
2007-02-13 18:41:02 UTC
Permalink
# route add -blackhole <server IP> ...
# ssh ... &
# sleep <timeout>
# route delete ...
# fg
Jan Pechanec
2007-02-13 18:55:01 UTC
Permalink
Post by Nicolas Williams
# route add -blackhole <server IP> ...
I tried that but I found out that it wasn't working the way I
expected:

root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable

real 0m0.005s
user 0m0.001s
sys 0m0.003s

Jan.
--
Jan Pechanec
Eric Enright
2007-02-13 19:17:24 UTC
Permalink
Post by Jan Pechanec
Post by Nicolas Williams
# route add -blackhole <server IP> ...
I tried that but I found out that it wasn't working the way I
root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable
real 0m0.005s
user 0m0.001s
sys 0m0.003s
ipf maybe? Something like:

block out quick on if0 proto tcp from any to 1.2.3.4 port = 23

should do it.
--
Eric Enright
Jan Pechanec
2007-02-13 19:25:17 UTC
Permalink
Post by Eric Enright
Post by Jan Pechanec
root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable
real 0m0.005s
user 0m0.001s
sys 0m0.003s
block out quick on if0 proto tcp from any to 1.2.3.4 port = 23
hi Eric, the problem is, as noted, that unfortunately if0 = lo0. I
need to do that on local machine only.

Jan.
--
Jan Pechanec
Darren.Reed-UdXhSnd/
2007-02-13 19:25:22 UTC
Permalink
Post by Jan Pechanec
Post by Eric Enright
Post by Jan Pechanec
root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable
real 0m0.005s
user 0m0.001s
sys 0m0.003s
block out quick on if0 proto tcp from any to 1.2.3.4 port = 23
hi Eric, the problem is, as noted, that unfortunately if0 = lo0. I
need to do that on local machine only.
are you using nevada (post build 52) or s10?

Darren
Jan Pechanec
2007-02-13 19:32:37 UTC
Permalink
Post by Darren.Reed-UdXhSnd/
hi Eric, the problem is, as noted, that unfortunately if0 = lo0. I need
to do that on local machine only.
are you using nevada (post build 52) or s10?
latest Nevada. It's a test suite for Nevada. Jan.
--
Jan Pechanec
Darren.Reed-UdXhSnd/
2007-02-13 19:31:10 UTC
Permalink
Post by Jan Pechanec
Post by Darren.Reed-UdXhSnd/
hi Eric, the problem is, as noted, that unfortunately if0 = lo0. I need
to do that on local machine only.
are you using nevada (post build 52) or s10?
latest Nevada. It's a test suite for Nevada. Jan
Add this to the top of your ipf.conf:

set intercept_loopback true;

Darren
Jan Pechanec
2007-02-13 19:38:04 UTC
Permalink
Post by Darren.Reed-UdXhSnd/
Post by Jan Pechanec
Post by Darren.Reed-UdXhSnd/
are you using nevada (post build 52) or s10?
latest Nevada. It's a test suite for Nevada. Jan
set intercept_loopback true;
ah, great. Didn't know about that. Thanks, J.
--
Jan Pechanec
Eric Enright
2007-02-13 19:33:40 UTC
Permalink
Post by Jan Pechanec
Post by Eric Enright
Post by Jan Pechanec
root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable
real 0m0.005s
user 0m0.001s
sys 0m0.003s
block out quick on if0 proto tcp from any to 1.2.3.4 port = 23
hi Eric, the problem is, as noted, that unfortunately if0 = lo0. I
need to do that on local machine only.
I believe builds >= b53 can filter loopback.
--
Eric Enright
Nicolas Williams
2007-02-13 20:35:37 UTC
Permalink
Post by Jan Pechanec
Post by Nicolas Williams
# route add -blackhole <server IP> ...
I tried that but I found out that it wasn't working the way I
root:andal:amd64:~# route add -blackhole 1.2.3.4 127.0.0.1
add host 1.2.3.4: gateway 127.0.0.1
root:andal:amd64:~# time telnet 1.2.3.4
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Network is unreachable
That seems wrong. That's what I expect from -reject routes!

I strongly recall this working in the past. Did something break
blackhole routes?

Nico
--

Loading...