chaosblade icon indicating copy to clipboard operation
chaosblade copied to clipboard

Published 20 hours ago verified publisher icon chaosblade-io

The problem of using both the exclude-port and exclude-ip flags

Open xcaspar opened this issue 4 years ago • 2 comments

Issue Description

Type: bug report

Describe what you expected to happen

I expect that when the exclude-port and exclude-ip flags are used at the same time, the exclude-port and exclude-ip flags take effect separately instead of being combined together like ip:port.

For example, --exclude-ip 1.1.1.1 --exclude-port 80 flags exclude 1.1.1.1 and 80 instead of 1.1.1.1:80

Tell us your environment

Anything else we need to know?

xcaspar avatar Dec 22 '20 02:12 xcaspar

  1. When local-port or remote-port is used with destination-ip, the destination-ip:local-port or destination-ip:remote-port takes effect. For example:
# blade c network loss --percent 100 --timeout 60 --interface eth0 --remote-port 80,443 --destination-ip 61.155.221.xxx
{"code":200,"success":true,"result":"d605e9999397ac82"}

# ping 61.155.221.xxx
PING 61.155.221.xxx (61.155.221.xxx) 56(84) bytes of data.
64 bytes from 61.155.221.xxx: icmp_seq=1 ttl=53 time=14.6 ms
--- 61.155.221.xxx ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.603/14.603/14.603/0.000 ms

# telnet 61.155.221.xxx 80
Trying 61.155.221.xxx...
  1. When local-port or remote-port is used with exclude-ip, the all of exclude-ip ports don't take effect, only other ips with local-portor remote-port take effect. For example:
blade c network loss --percent 100 --timeout 60 --interface eth0 --remote-port 80,443 --exclude-ip 61.155.221.xxx,180.101.49.xxx
{"code":200,"success":true,"result":"7ce80f937a0b3342"}

# ping www.xxx.com
PING img2x-sched.xxx-cdn.com (180.97.189.xxx) 56(84) bytes of data.
64 bytes from 180.97.189.xxx (180.97.189.xxx): icmp_seq=1 ttl=52 time=15.5 ms
--- img2x-sched.xxx-cdn.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 14.731/15.010/15.541/0.400 ms

# telnet 180.97.189.xxx 80
Trying 180.97.189.xxx...
^C
# telnet 61.155.221.xxx 80
Trying 61.155.221.xxx...
Connected to 61.155.221.xxx.
Escape character is '^]'.
^CConnection closed by foreign host.

# telnet 180.101.49.xxx 80
Trying 180.101.49.xxx...
Connected to 180.101.49.xxx.
Escape character is '^]'.
  1. When local-port or remote-port is used with exclude-port, the exclude-port doesn't take effect, the local-port or remote-port takes effect. For example:
blade c network loss --percent 100 --timeout 60 --interface eth0 --remote-port 400-500 --exclude-port 80
{"code":200,"success":true,"result":"2032f3d0974605d8"}

# telnet 61.155.221.xxx 443
Trying 61.155.221.xxx..

# telnet 61.155.221.xxx 80
Trying 61.155.221.xxx...
Connected to 61.155.221.xxx.
Escape character is '^]'.
  1. When exclude-port is used with destination-ip, the destination-ip take effect, all of exclude-port ports include destination-ip port don't take effect. For example:
# blade c network loss --percent 100 --timeout 60 --interface eth0 --exclude-port 80 --destination-ip 61.155.221.xxx
{"code":200,"success":true,"result":"f3361c36d4286976"}

# ping 61.155.221.xxx
PING 61.155.221.xxx (61.155.221.xxx) 56(84) bytes of data.
^C
--- 61.155.221.xxx ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

# telnet 61.155.221.xxx 80
Trying 61.155.221.xxx...
Connected to 61.155.221.xxx.
Escape character is '^]'.

# telnet 61.155.221.xxx 443
Trying 61.155.221.xxx...
^C
  1. When exclude-port is used with exclude-ip, all of exclude-port or exclude-ip don't take effect, other ports or ips take effect. For example:
blade c network loss --percent 100 --timeout 60 --interface eth0 --exclude-port 80 --exclude-ip 180.101.49.xxx,42.120.72.xxx
{"code":200,"success":true,"result":"9f56b3263508e096"}

# ping 180.101.49.xxx
PING 180.101.49.12 (180.101.49.xxx) 56(84) bytes of data.
64 bytes from 180.101.49.xxx: icmp_seq=1 ttl=50 time=14.7 ms
64 bytes from 180.101.49.xxx: icmp_seq=2 ttl=50 time=14.6 ms

# telnet 180.101.49.xxx 443
Trying 180.101.49.xxx...
Connected to 180.101.49.xxx.
Escape character is '^]'

# telnet 180.101.49.xxx 80
Trying 180.101.49.xxx...
Connected to 180.101.49.xxx.
Escape character is '^]'

# ping www.xxx.com
  1. When the destination-ip is used with exclude-ip, the destination-ip takes effect, the exclude-ip doesn't take effect.
blade c network loss --percent 100 --timeout 60 --interface eth0 --destination-ip 61.155.221.xxx,180.101.49.xxx --exclude-ip 180.101.49.xxx
{"code":200,"success":true,"result":"d6c6d967a1c13841"}

# ping 61.155.221.xxx
PING 61.155.221.xxx (61.155.221.xxx) 56(84) bytes of data.
^C
--- 61.155.221.xxx ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

# ping 180.101.49.xxx
PING 180.101.49.xxx (180.101.49.xxx) 56(84) bytes of data.
64 bytes from 180.101.49.xxx: icmp_seq=1 ttl=50 time=14.6 ms
64 bytes from 180.101.49.xxx: icmp_seq=2 ttl=50 time=14.6 ms

xcaspar avatar Dec 22 '20 07:12 xcaspar

当你说「when the destination-ip is used」, 若我设置dest-ip = 0.0.0.0/0。经过测试,如此设置相当于没有使用「destination ip is not used」。不知我是否讲明白。

ZMbiubiubiu avatar Dec 21 '23 03:12 ZMbiubiubiu