chaosd icon indicating copy to clipboard operation
chaosd copied to clipboard

Published 20 hours ago verified publisher icon chaos-mesh

execute network partition attack failed

Open WangXiangUSTC opened this issue 2 years ago • 2 comments

when executing network partition attack, chaosd will run iptables command like below:

iptables -w ...

But -w is not provided in iptables before v1.6, so it will run failed in this situation.

WangXiangUSTC avatar Jun 28 '22 07:06 WangXiangUSTC

For iptables, the same version in different Linux distributions may have different parameters. For example, iptables 1.4.21 on RHEL contains -w, but it is not in SUSE.

WangXiangUSTC avatar Jun 28 '22 08:06 WangXiangUSTC

Seems the effactive code is here.

Based on official ChangeLog of iptables, -w flag has added an optional [seconds] argument since v1.6.0

However, there are evidence shows that even in 1.4.21, some OS, such as RHEL, already supported that [seconds] argument. So it's not straightforward to decide the command based on version number.

Simply remove the time argument may cause the process keep holding when xtables lock is not available.

huang325 avatar Jun 30 '22 06:06 huang325