New Features

.gitattributes

@@ -0,0 +1 @@
+* text eol=lf

README.md

@@ -1,6 +1,6 @@
-# Turbulence
+# Turbulence++
 
-Turbulence release is used for injecting different failure scenarios into a BOSH deployed system. Currently the following scenarios are supported:
+Turbulence++ release is used for injecting different failure scenarios into a BOSH deployed system. Currently the following scenarios are supported:
 
 - VM termination on BOSH supported IaaSes
 - impose CPU/RAM/IO load
@@ -16,8 +16,8 @@ Agent job is a daemon that periodically retrieves instructions from the API serv
 Next steps:
 
 - [Configuration doc](docs/config.md) on how to configure API server and agents
-- [API doc](docs/api.md) on how to use Turbulence
-- [API client doc](docs/client.md) on how to use Turbulence GO client
+- [API doc](docs/api.md) on how to use Turbulence++
+- [API client doc](docs/client.md) on how to use Turbulence++ GO client
 - [Development doc](docs/dev.md) on how to contribute
 
 --

docs/api.md

@@ -84,7 +84,7 @@ Available selector rules:
   - set `Values` (array of strings; optional)
   - set `Limit` (string; optional)
 
-Limits default to 100%. Name defaults to '*' and wildcard matches are supported.
+Limits default to 100%. Name defaults to '\*' and wildcard matches are supported.
 
 ```json
 {
@@ -208,6 +208,25 @@ Example:
 }
 ```
 
+### Pause Process
+
+Pause one or more process on the VM associated with an instance.
+
+Configuration:
+
+- set `ProcessName`(string) to a pattern used with `pkill`
+- set `timeout` (string) to how long the process should remain paused. A valid timeout is required.
+
+Example:
+
+```json
+{
+	"Type": "PauseProcess",
+	"ProcessName": "sshd",
+	"Timeout": "10m" // Times may be suffixed with s,m,h,d,y
+}
+```
+
 ### Stress
 
 Stresses different subsystems on the VM associated with an instance.
@@ -263,6 +282,58 @@ Example:
 }
 ```
 
+### TargetedBlocker
+
+Drops incoming and or outgoing traffic from one or more VMs. It is able to target specific IPs and Ports to simulate the failure of specific services.
+
+Currently iptables is used for dropping packets from INPUT and OUTPUT chains.
+
+Target parameters:
+
+- set `Direction` (string; required) to the direction of traffic to drop, can be either "INPUT", "OUTPUT", or "FORWARD". If you are targeting diego-cells, then you will probably want "FORWARD".
+- set `SrcHost` (string) to either an IPv4 address such as "192.168.1.50" or with a mask such as "192.168.0.0/24", or to a domain name which will be resolved into (possibly multiple) IPs such as "example.com" using the dig command. If no host is specified, then all source hosts will be impacted.
+- set `DstHost` (string) to either an IPv4 address such as "192.168.1.50" or with a mask such as "192.168.0.0/24", or to a domain name which will be resolved into (possibly multiple) IPs such as "example.com" using the dig command. If no host is specified, then all destination hosts will be impacted.
+- set `Protocol` (string) to the protocol to drop traffic on, can be either "udp", "tcp", "icmp", or "all". Defaults to being unspecified.
+- set `DstPorts` (string) to the destination port to drop. This can be either a single port such as "8080" or a range such as "1503:1520". If blank, all destination ports will be dropped.
+- set `SrcPorts` (string) to the source ports to drop. This can be either a single port such as "8080" or a range such as "1503:1520". If blank, all source ports will be dropped.
+
+*Note*: at least one of `SrcHost`, `DstHost`, `DstPorts`, or `SrcPorts` must be specified.
+
+Example:
+
+```json
+{
+	"Type": "TargetedBlocker",
+	"Timeout": "10m", // Times may be suffixed with ms,s,m,h
+	"Targets": [{
+		"DstHost": "1.1.1.1",
+		"Direction": "INPUT",
+		"DstPorts": "53"
+	},{
+		"DstHost": "google.com",
+		"Direction": "FORWARD",
+		"Protocol": "tcp",
+		"DstPorts": "80"
+	}]
+}
+```
+
+
+### Block DNS
+
+Causes all outgoing DNS packets to be dropped.
+
+Currently iptables is used for dropping packets going out on tcp or udp port 53.
+
+Example:
+
+```json
+{
+	"Type": "BlockDNS",
+	"Timeout": "10m" // Times may be suffixed with ms,s,m,h
+}
+```
+
 ### Control Network
 
 Controls network quality on the VM associated with an instance. Does not affect `lo0`.
@@ -274,10 +345,29 @@ One or both of the following configurations must be selected:
 - packet delay
   - set `Delay` (string; required). Must be suffixed with `ms`.
   - set `DelayVariation` (string; optional). Must be suffixed with `ms`. Default is `10ms`.
+  - if `DelayVariation >= 0.5*Delay`, then packet reordering may occur.
 
 - packet loss
   - set `Loss` (string; required). Must be suffixed with `%`.
   - set `LossCorrelation` (string; optional). Must be suffixed with `%`. Default is `75%`.
+
+- packet duplication
+  - set `Duplication` (string; required). Must be suffixed with `%`.
+
+- packet corruption
+  - set `Corruption` (string; required). Must be suffixed with `%`.
+
+- packet reordering
+  - set `Reorder` (string; required). Must be suffixed with `%`.
+  - set `ReorderCorrelation` (string; optional). Must be suffixed with `%`. Default is `50%`.
+  - if the `Delay` is less than the inter-packet arrival time, then no reordering will be observed.
+
+- bandwidth limiting
+  - set `Bandwidth` (string; required). Must be suffixed with one of `kbps`, `mbps` or `gbps`.
+  - bandwidth limiting must be used without any other effects.
+
+In addition it is possible to apply a destination filter:
+  - set `Targets` (array, optional). Must include either `DstHost` or `DstPort`
 
 Example:
 
@@ -286,7 +376,14 @@ Example:
 	"Type": "ControlNet",
 	"Timeout": "10m", // Times may be suffixed with ms,s,m,h
 
-	"Delay": "50ms"
+	"Delay": "50ms",
+
+	"Targets": [
+	  {
+		"DstHost": "1.2.3.4",
+		"DstHost": "443"
+	  }
+	]
 }
 ```
 
@@ -300,12 +397,14 @@ One of the following configurations must be selected:
 - set `Ephemeral` (bool) to fill up /var/vcap/data
 - set `Temporary` (bool) to fill up /tmp
 - by default uses root disk
+- if multiple are selected, the first one in the above order will be used.
 
 Example:
 
 ```json
 {
 	"Type": "FillDisk",
+	"Timeout": "10m", // Times may be suffixed with ms,s,m,h
 	"Persistent": true
 }
 ```

docs/dev.md

@@ -15,8 +15,6 @@ Run `./update-deps` to update `github.com/cppforlife/turbulence` package depende
 - lock up whole machine
 - remount disk as readonly
 - corrupt disks
-- pause a process
-- restrict X% bandw
 
 https://www.kernel.org/doc/Documentation/sysrq.txt might be useful...
 http://blog.hut8labs.com/gorillas-before-monkeys.html

src/github.com/cppforlife/turbulence/agent/agent.go

@@ -146,6 +146,9 @@ func (a Agent) buildAgentTask(task tasks.Task) (agentTask, error) {
 			t = tasks.NewKillProcessTask(monitClient, a.cmdRunner, opts, a.logger)
 		}
 
+	case tasks.PauseProcessOptions:
+		t = tasks.NewPauseProcessTask(a.cmdRunner, opts, a.logger)
+
 	case tasks.StressOptions:
 		t = tasks.NewStressTask(a.cmdRunner, opts, a.logger)
 
@@ -155,6 +158,12 @@ func (a Agent) buildAgentTask(task tasks.Task) (agentTask, error) {
 	case tasks.FirewallOptions:
 		t = tasks.NewFirewallTask(a.cmdRunner, opts, a.agentConfig.AllowedOutputDests(), a.logger)
 
+	case tasks.TargetedBlockerOptions:
+		t = tasks.NewTargetedBlockerTask(a.cmdRunner, opts, a.logger)
+
+	case tasks.BlockDNSOptions:
+		t = tasks.NewBlockDNSTask(a.cmdRunner, opts, a.logger)
+
 	case tasks.FillDiskOptions:
 		t = tasks.NewFillDiskTask(a.cmdRunner, opts, a.logger)
 

src/github.com/cppforlife/turbulence/tasks/block_dns_task.go

@@ -0,0 +1,74 @@
+package tasks
+
+import (
+	"strings"
+
+	bosherr "github.com/cloudfoundry/bosh-utils/errors"
+	boshlog "github.com/cloudfoundry/bosh-utils/logger"
+	boshsys "github.com/cloudfoundry/bosh-utils/system"
+)
+
+type BlockDNSOptions struct {
+	Type    string
+	Timeout string // Times may be suffixed with ms,s,m,h
+}
+
+func (BlockDNSOptions) _private() {}
+
+type BlockDNSTask struct {
+	cmdRunner boshsys.CmdRunner
+	opts      BlockDNSOptions
+}
+
+func NewBlockDNSTask(
+	cmdRunner boshsys.CmdRunner,
+	opts BlockDNSOptions,
+	_ boshlog.Logger,
+) BlockDNSTask {
+	return BlockDNSTask{cmdRunner, opts}
+}
+
+func (t BlockDNSTask) Execute(stopCh chan struct{}) error {
+	timeoutCh, err := NewOptionalTimeoutCh(t.opts.Timeout)
+	if err != nil {
+		return err
+	}
+
+	rules := t.rules()
+
+	for _, r := range rules {
+		err := t.iptables("-A", r)
+		if err != nil {
+			return err
+		}
+	}
+
+	select {
+	case <-timeoutCh:
+	case <-stopCh:
+	}
+
+	for _, r := range rules {
+		err := t.iptables("-D", r)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (t BlockDNSTask) rules() []string {
+	return []string{ "OUTPUT -p tcp --destination-port 53 -j DROP", "OUTPUT -p udp --destination-port 53 -j DROP" }
+}
+
+func (t BlockDNSTask) iptables(action, rule string) error {
+	args := append([]string{action}, strings.Split(rule, " ")...)
+
+	_, _, _, err := t.cmdRunner.RunCommand("iptables", args...)
+	if err != nil {
+		return bosherr.WrapError(err, "Shelling out to iptables")
+	}
+
+	return nil
+}