[英]How to test connect timeout on RHEL c/cpp application
I have an application which talks to server over HTTP. 我有一个通过HTTP与服务器对话的应用程序。 I have written a code to control connect timeout (amount of time it will wait before server replies) .
我已经编写了一个代码来控制连接超时(服务器等待之前等待的时间)。 But I am finding it hard to generate a test case to test my connect timeout code.
但是我发现很难生成一个测试用例来测试我的连接超时代码。 Could you please help me.
请你帮助我好吗。
Basically, TCp handshake will contain Host A sends a TCP SYNchronize packet to Host B 基本上,TCp握手将包含主机A向主机B发送一个TCP SYNchronize数据包
Host B receives A's SYN 主机B收到A的SYN
Host B sends a SYNchronize-ACKnowledgement 主机B发送一个SYNchronize-ACKnowledgement
Host A receives B's SYN-ACK 主机A收到B的SYN-ACK
Host A sends ACKnowledge 主机A发送ACKnowledge
Host B receives ACK. 主机B收到ACK。 TCP socket connection is ESTABLISHED.
TCP套接字连接已建立。
In my application, if server does not complete TCP handshek in x seconds, applications moves to next server. 在我的应用程序中,如果服务器在x秒内未完成TCP握手,则应用程序将移至下一个服务器。 But to test this code, I need a server stub which will probably accept SYN packet from client but will not set SYN+ACK packet to client.
但是要测试此代码,我需要一个服务器存根,该存根可能会接受来自客户端的SYN数据包,但不会将SYN + ACK数据包设置为客户端。 Thus making client wait for server's reply.
从而使客户端等待服务器的回复。
Could you please help me to create small server stub which will listen to particular port but will not complete handshake. 您能否帮助我创建一个小型服务器存根,该存根将侦听特定端口,但无法完成握手。
Given you mentioned RHEL I think you're best off using iptables
to help test this. 鉴于您提到了RHEL,我认为最好使用
iptables
来进行测试。 For example you could call: 例如,您可以致电:
iptables -I INPUT -s hostb -d hosta -p tcp --dport $port --tcp-flags SYN,ACK SYN,ACK -j DROP
calling that before running the test (or even during it perhaps?) and an equivalent matched -X to delete it seems to be by far the simplest way of breaking a handshake halfway through. 在运行测试(或者甚至在测试期间?)之前调用它,并使用等效的-X删除它,这似乎是迄今为止中途中断握手的最简单方法。
Drop all SYN+ACK (warning, WILL break new SSH connections): 删除所有SYN + ACK(警告, 将断开新的SSH连接):
iptables -I INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -j DROP
Drop all from or to 10.10.22.34: 从或降到10.10.22.34:
iptables -I INPUT -s 10.10.22.34 -j DROP
iptables -I OUTPUT -d 10.10.22.34 -j DROP
Personally I would use the most specific match you can possibly write to avoid accidentally breaking remote access or anything else at the same time. 就我个人而言,我将使用您可能会写的最具体的匹配项来避免意外破坏远程访问或其他任何事件。
You could get fancier and use the -m owner
match to only apply this rule for packets to/from the UID you run this test as. 您可能会觉得更怪异,并使用
-m owner
匹配仅将此规则应用于与运行此测试的UID之间的数据包。
I wouldn't rely on iptables
, or any other tool for unit testing, as those tests would be too brittle. 我不会依赖
iptables
或任何其他工具进行单元测试,因为这些测试太脆弱了。 What if the IP address changes, or the unit tests are run on another machine ? 如果IP地址更改,或者单元测试在另一台计算机上运行该怎么办? What if the code has to be ported on an OS where
iptables
is not available ? 如果必须在无法使用
iptables
的操作系统上移植代码怎么办?
In order to keep the unit tests isolated from the network , I would encapsulate the socket API in a Socket class. 为了使单元测试与网络隔离 ,我将套接字API封装在Socket类中。 Then I would have a
Connection
class that uses the Socket
class. 然后,我将拥有一个使用
Socket
类的Connection
类。 I would unit test the Connection
class with a TimeoutSocket
class (derived from Socket
) that simulates the server not accepting the first connection request. 我将使用模拟服务器不接受第一个连接请求的
TimeoutSocket
类(从Socket
派生)对Connection
类进行单元测试。
Your code should not depend on what's going on on the wire. 您的代码不应取决于网络上正在发生的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.