I'm looking for a way to test the ability of the VoIP apps I'm using to connect to the alternatively provided servers.
I want to "kill" their connection with an external IP and don't allow them to connect for few seconds until they connect to secondary returned SBC in the SRV request they'd sent.
10.0.0.155 - machine with VoIP app
166.166.66.55 - primary server
166.166.66.66 - secondary server
Example:
10.0.0.155 establishes SIP connection with 166.166.66.55 on port 5060.
I enter the router with SSH and terminate that connection with something similar to "tcpkill -i br-lan host 166.166.66.55"
10.0.0.155 attempts to re-establish connection with 166.166.66.55, but the connection is rejected/dropped.
10.0.0.155 re-tries few times and then establishes connection with secondary server - 166.166.66.66.
I then allow the connection to the 166.166.66.55, so 10.0.0.155 can connect to it if something happens with the connection to 166.166.66.66.
Finally I stop the connection to 166.166.66.66 with something similar to "tcpkill -i br-lan host 166.166.66.66" and 10.0.0.155 is able to connect back to 166.166.66.55.
Is there similar alternative to TCPKill which I can use without restarting the router?
try netem or for specific connection based denials you might wish to custom script something with iptables string module and/or conntrack... as a last option with the most control... iptables userland python...
i'm not really seeing a need to be so exact here... its alot more complex... but I can see how it is more beneficial...
just stress test over a longer period with 50% netem loss or something... for the actual conntrack hooks... you can also use state + limit and/or ipsets+timeouts rules...
This seems to be really good solution. I didn't know that there is -D parameter which deletes the rule. I read that can even use -A in order to add the rule as a last one and then -D to delete it. I can even create a script doing it.