A python script downloads files from an ftp server as it runs.

The process uses combat ftp, and I would not want to complicate the process of raising a virtual machine with a test ftp - the script's work is sensitive to the content and I will have to configure the data update.

It is necessary to test the behavior when the connection is broken during the download . It is advisable to do this automatically, that is, manually doing kill myftpserver or pulling the cord out of the network card is not an option.

Thus, I need to either terminate the current connection directly on the test server, or raise the proxy, wait for the connection on it and terminate in a second or two. I can not imagine how to implement it. You need at least the name of the utility or command, which I can catch the current connection and terminate it, or block all current connections to the specified ip.

Of course, I'm testing on a test instance. It has root access via ssh.

    1 answer 1

    I think the easiest way to do this is using iptables. Just to prohibit the transfer of packets, you can try REJECT for a fast break or DROP for a timeout.

    The simplest rule (if specified on a machine where the program under test is) of type iptables -I OUTPUT -d ip-ftp-сервера -j REJECT You can add a simple shell script while periodically making delays for sleep, for example.

    Or complicate the rule itself and use for example connbytes .

     sudo iptables -I OUTPUT -d ip-ftp-сервера -m \ connbytes --connbytes 10000 --connbytes-dir both \ --connbytes-mode bytes -j REJECT

    should break the connection after pumping on it 10 kilobytes.

    If iptables didn't work before ... iptables -I adds a rule. iptables -D with exactly the same parameters as they were when adding - removes. iptables -L -nv will show existing rules

    • 2
      indeed, two more parameters were needed. Added in response to the option that eventually worked. About REJECT and DROP great idea, thanks, I'll check. - Nick Volynkin
    • one
      @NickVolynkin, not on the subject of the issue, but still supplement. iptables can also degrade the quality of the connection: limit the speed, create lags, drop random packets, rearrange them and duplicate ... You can also check in this mode. - Pavel Mayorov
    • one
      @PavelMayorov I thought the same thing about it, but for tcp connections this is not particularly relevant, all the losses and duplicates will be taken over by the OS kernel, for the program yes - there will be brakes and connections may break if Ip-stack does not cope with the situation. These would be useful tests for applications using UDP - Mike
    • one
      @Mike, there may be timeouts in the most unexpected places ... - Pavel Mayorov
    • one
      @PavelMayorov thanks, very valuable information. - Nick Volynkin