Skip to content
Snippets Groups Projects

shotgun prototype

Merged shotgun prototype
shotgun into master
Merged Tomas Krizek requested to merge shotgun into master
Viewing commit 13670724
Prev Next
Show latest version
1 file
+ 41
3
Preferences
Compare changes
README.md
+ 41
3
@@ -2,6 +2,14 @@
Realistic DNS traffic simulator with many independent clients
## Current status
- under development: active branches unstable, docker containers should work
- prototype for processing inut PCAPs is functional, but slow and requires
python-dpkt from master
- prototype for sending traffic is able to simulate UDP clients
- dnsjit extensions are not merged upstream
## Overview
The idea is to simulate many simultaneous clients with real behaviour, e.g.
@@ -14,8 +22,14 @@ of view.
### Dependencies
#### pellet.py
- python-dpkt (latest from git, commit 2c6aada35 or newer)
#### shotgun.lua
- dnsjit (with dnssim installed from https://github.com/tomaskrizek/dnsjit/tree/simulator )
### Input data
To have a realistic simulation of clients, no synthetic queries are created.
@@ -44,13 +58,37 @@ time period.
Simulating tens thousands of individual clients is challenging, especially with
TCP. Plans are to support UDP, TCP and TLS.
For ease of use, docker container with shotgun is available. Note that running
``--privileged`` can improve its performance by a few percent, if you don't mind
the security risk.
```
docker run registry.labs.nic.cz/knot/shotgun:20191002 --help
```
#### Shotgun
The machine that will act as the sender of the traffic should have enough IPs
and ports to avoid their exhaustion. This is especially important for TCP/TLS.
Only IPv6 is supported right now. You can use the fd00::/8 range to create
unique local addresses and assign multiple of them to a single interface.
It's also a good idea to extend the port range. In my testing with linux
kernel 5.3.1, it seemed once a half of this range is depleted, creating a new
socket starts to take a significantly longer time, slowing the tool down. I'd
recommend planing the expected port usage to utilize no more than half of the
port range per IP.
```
sysctl -w net.ipv4.ip_local_port_range="1025 60999"
```
#### UDP
- On the server, make sure the socket's receive buffer is sufficient.
Otherwise, many packets can be lost, resulting in low response rate.
```
net.core.rmem_default=4096000
net.core.rmem_default=8192000
```
TODO