Network shaping local proxy for website testing

Question

I want to make a virtual network interface to TCP-proxy a website and have my browser see it through a slow network connection, in order to debug performance issues in the website itself.

So far I managed to set it up in the following way:

ip link add dummy-SLOW type dummy
ifconfig dummy-SLOW 10.54.0.10 up
tc qdisc add dev dummy-SLOW root tbf rate 120kbit latency 200ms burst 1540

and then

socat tcp-listen:443,bind=10.54.0.10,reuseaddr,fork tcp:XXX.XXX.XXX.XXX:443

I also added an alias in /etc/hosts so that I can see the website under the IP address 10.54.0.10 .

Well, I can see the site through this setup, no problem, the address 10.54.0.10 even shows in Chrome devtools. But traffic shaping is not working... I still see too many bytes downloading too fast. How can I get traffic shaping to work?

NOTE: IF there is a way for having the proxy do the throttling, well that also works for me.

Arlion · Answer 1 · 2018-09-14T16:21:38.937

You can shape traffic on your regular interface, without adding a virtual one.

Assign a qdisc with a unique ID

tc qdisc add dev eth0 root handle 1: htb

Assign the class to the above defined qdisc. This is considered to be a child of qdisc. I use htb mode because it's essentially a more feature rich version of tbf.

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 120kbit latency 200ms burst 1540

Assign a filter to the class and actively look for traffic that is tagged with "10"

tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 10 fw flowid 1:10

Now that TC has rules, we now need to send traffic TO traffic control for it throttle.

iptables -A OUTPUT -t mangle -p tcp --dport 443 -j MARK --set-mark 10

Taking that a step further, so you don't throttle everyone doing 443 traffic, let's write a rule that only effects your traffic.

iptables -A OUTPUT -t mangle -p tcp -s <client IP > --dport 443 -j MARK --set-mark 10

By marking our traffic on the way out of the server, we ensure that all ( technically %90) of all probable linux network routing has been completed and now we are ready to mark the traffic that matches out rule. The source being a laptop or another server where the test is coming coming into port 443 will be marked with a 10 in the packet header. Once this is seen, the kernel will take the packet and apply TC rules to it.

You can view all mangle rules by doing iptables -t mangle -nvL

Thanks Arlion. As I understand it, these commands are to run o the server? — dsign, Sep 15 '18 at 04:55

Network shaping local proxy for website testing

1 Answers1