1

I'm using a command line like this to replay a huge PCAP file at high speed - I'm benchmarking various aspects of tcpreplay:

sudo tcpreplay --mbps=1000 --intf1=docker0 linuxbig_log.pcap

As I don't want to annoy our sysadmins, I use my local docker installation as a bucket to pour all the dud data into, but it feels a bit of a hack and my random data might actually make docker do something nasty to the system.

I could use tcpreplay-edit and change the destination IP address to some black-hole address and hope the nearest router drops them, but I'd still be clogging up the local network for other users, and perhaps others further away if the local router isn't blocking the packets.

What I'd like ideally would be a virtual Ethernet adapter that tried to simulate max bandwidth, queuing, etc (one-way is sufficient), but even just an equivalent of /dev/null would suffice. A colleague suggested using TAP, but I don't really see how that would work.

PS: I'm 500km away from the actual Ubuntu 22.04 Linux box so I obviously cannot fiddle with the hardware.

Ken Y-N
  • 134

1 Answers1

1

There are several options:

  • A "dummy" interface. It's literally /dev/null.

    ip link add dummy2 type dummy
ip link set dummy2 up

    (These always report link 'up' and can still have IP addresses assigned, similar in concept to a "loopback" interface on a router.)

  • A bridge without any ports (well, not counting the 'host' port).

    ip link add br0 type bridge
ip link set br0 up

    (Sometimes used in a similar way to dummy interfaces, although it will report link 'down' if it doesn't have any ports that are 'up'.)

  • A tunnel interface such as GRE or VXLAN, pointed at a nonexistent remote endpoint. If you need to replay Ethernet frames, then VXLAN should work.

  • An actual Ethernet port. Get a USB Ethernet interface (or a PCI/PCIe one in order to be more realistic), install it, then just don't connect anything to it and let the bits fall out of the RJ45 port into a bit bucket.

    If tcpreplay wants the interface to report link 'up', connect a cheap switch that isn't connected anywhere further.

For additional isolation, you could move the interface into a different network namespace (what containers use), then run tcpreplay inside that namespace.

A colleague suggested using TAP, but I don't really see how that would work.

TAP interfaces are virtual Ethernet interfaces that are connected to a program (instead of a physical cable); any frames sent through a TAP interface will be read by the program from a file descriptor. Which means, the program can read and discard those packets, e.g.:

socat -u TUN,tun-name=tap3,tun-type=tap,iff-up OPEN:/dev/null

It is also possible to create a persistent unbound TUN or TAP interface, which isn't tied to the lifetime of a single process but can be opened several times. Without any program connected, such interfaces will end up discarding any packet:

ip tuntap add name tap3 mode tap

(Note the older tun-specific ip tuntap instead of ip link.)

grawity
  • 501,077