There are many guides out there on the internet for both ipfw and pf, but it took me a while to sort through which ones are still applicable. Also, the most common use case is bandwidth throttling (just like I wrote about when throttling my FreeNAS uploads), but I was interested in doing some network testing.
Goal: see how my client/server app behaved with a network delay of 500ms by inserting a delay between every packet.
- pfctl - the utility to manipulate the PF packet filter
- dnctl - the utility to manipulate dummynet, the part that actually inserts delay
- enable pf
- add a temporary extra ruleset (called "anchor") named "deeelay
(cat /etc/pf.conf && echo "dummynet-anchor \"deeelay\"" && echo "anchor \"deeelay\"") | sudo pfctl -f -
- add a rule to the deeelay set to send any traffic to my app (running on port 8081) to dummynet pipe 1
echo "dummynet in quick proto tcp from any to any port 8081 pipe 1" | sudo pfctl -a deeelay -f -
- Add a rule to dummynet pipe 1 to delay every packet by 500ms
sudo dnctl pipe 1 config delay 500
- View your all PF rules
sudo pfctl -sa
- View your PF dummynet anchors
sudo pfctl -sd
- View the rules in your PF dummynet anchor
sudo pfctl -a "deeelay" -sd
- View your dummynet pipe
sudo dnctl show
- When you're done, reset everything to its default state
sudo pfctl -f /etc/pf.conf
Use tshark (terminal) or wireshark (GUI) to view your traffic and verify that there is delay inserted into the conversation.
Read the dnctl and pfctl man pages for more goodies.