0. Policing is a horrible idea. However it is commonly used in the field. It is impossible to set the burst parameter correctly for any range of RTTs.

1. qdisc netem 8001: parent 1:2 limit 1000 delay 10.0ms loss 1%

the arbitrary setting of limit 1000 does not match reality. We have seen both much larger and much smaller values in the field. try fiddling with this parameter in your testing.

Also, setting 3 queues of limit 1000 will do "interesting things" if you flood all the queues.

2. you have htb doing stuff to "direct" for some reason, not sure if htb "default 0" is intentional. For some pithy comments on how to screw up with htb, see: http://www.bufferbloat.net/projects/cerowrt/wiki/Wondershaper_Must_Die

3. I have never really trusted netem in conjunction with other qdiscs.

4. It would be nice to be able to inject cures like fq_codel into the emulations (but see 3)

5. I would love it if you were to try netperf-wrapper (also on github) against your tool, with emulations of cablemodems created with this tool (cable uses byte fifos, not packet fifos, btw), and see if your results line up with what we get from real world examples like

http://snapon.lab.bufferbloat.net/~cero2/jimreisert/results.html

http://burntchrome.blogspot.com/2014/05/fixing-bufferbloat-on-comcasts-blast.html

We have plenty of results for wifi as well, perhaps we can find a meeting of the tools that makes sense.

Always nice to see more network analysis and debugging tools out there!

6. if you wish to discuss further, it is saner to do it on the bloat bufferbloat.net mailing list.

The django apps are not installing properly, more precisely, they are missing static files, templates...

This issue did not happen before because in our dev setup we use the chef cookbook which install the packages using the -e options which instead of installing the files in the python's site-packages folder, creates symlink.

We are getting reports back about people having issues installing ATC partly because we did not do a good job at highlighting the requirements, but also, when we have a report, we have little actionable item.

Having a consistent list of info we need would help in getting better signal on what may be wrong, we could also flag directly if the host is suitable to run atcd....

I can see http://localhost:8000/atc_demo_ui/ .

Can you help me how to use ATC to test my app?
How to building a Wi-Fi network that could be set to different simulation speeds by the engineers using it?

While bootstrap does a great job at adapting the layout depending on the screen, we could do a better job and making it more useable on mobile.

When I click on the button 'turn on' on the web, django return 404 like api/v1/shape/ 404
This is my url.py

from django.conf.urls import include, url
from django.views.generic.base import RedirectView
from django.conf.urls import patterns
urlpatterns = patterns(
url(r'^api/v1/', include('atc_api.urls')),
url(r'^atc_demo_ui/', include('atc_demo_ui.urls')),
url(r'^api/v1/profiles/', include('atc_profile_storage.urls')),
url(r'^$', RedirectView.as_view(url='/atc_demo_ui/', permanent=False)),
)
who can help me?thx lol

i try until this readme
test -z $VIRTUAL_ENV && source ~/dev/atc/venv/bin/activate
sudo atcd

but it didnt work!
how can i solve this problem?? saveme!!

As I was documenting how atcd works, I found out that we use different handle for the netem qdisc for up or down link.
We should be able to use the same as they belong to different network interfaces.

On the other hand, IIRC, we do not assign them ourself and let the tc subsystem do it as they are leaf and we dont really need to know their ID.

Anyhow, putting this here until confirmed.

I am stuck on "sudo atcd" step where it asks for "passphrase".
I tried with "system" and my system password too but it says "command not allowed".

Though the sudo is working fine, it seems to be an issue of atcd.

Can anyone please assist here?

Hi, zeal

When i run the atcd in shell, catch the exception.

jinfengdeMacBook-Pro:atcui jinfeng$ atcd
Traceback (most recent call last):
  File "/usr/local/bin/atcd", line 12, in <module>
    from atcd.scripts import runner
  File "/Library/Python/2.7/site-packages/atcd/scripts/runner.py", line 19, in <module>
    from atcd.AtcdDeviceTimeoutTask import AtcdDeviceTimeoutTask
  File "/Library/Python/2.7/site-packages/atcd/AtcdDeviceTimeoutTask.py", line 10, in <module>
    from atcd.AtcdThriftHandlerTask import AtcdThriftHandlerTask
  File "/Library/Python/2.7/site-packages/atcd/AtcdThriftHandlerTask.py", line 41, in <module>
    from atcd.AtcdDBQueueTask import AtcdDBQueueTask
  File "/Library/Python/2.7/site-packages/atcd/AtcdDBQueueTask.py", line 13, in <module>
    from sparts.tasks.queue import QueueTask
  File "/Library/Python/2.7/site-packages/sparts/tasks/queue.py", line 10, in <module>
    from sparts.collections import PriorityQueue, UniqueQueue
  File "/Library/Python/2.7/site-packages/sparts/collections.py", line 3, in <module>
    from six.moves.queue import Queue
ImportError: No module named queue

Thank you

Hi,

Installation hangs with atc_thrift when I try to install packages with pip on Ubuntu 13.10.

Here is the log :

Downloading/unpacking atc-thrift
  Downloading atc_thrift-0.1.0.tar.gz
  Running setup.py egg_info for package atc-thrift
    Traceback (most recent call last):
      File "<string>", line 16, in <module>
      File "/tmp/pip_build_root/atc-thrift/setup.py", line 16, in <module>
        readme = open('README.md', 'r')
    IOError: [Errno 2] No such file or directory: 'README.md'
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):

  File "<string>", line 16, in <module>

  File "/tmp/pip_build_root/atc-thrift/setup.py", line 16, in <module>

    readme = open('README.md', 'r')

IOError: [Errno 2] No such file or directory: 'README.md'

It looks like README.md is required but not present in the package.

Cheers,
Chris

We switch atcui to use upstart a while ago (bff9f73), but never upgraded atcd.

hi all:

when run atcd with ubuntu 14.04, i get this error:

INFO:AtcdVService.AtcdNBServerTask:AtcdNBServerTask Server Started on 127.0.0.1:9090
CRITICAL:AtcdVService.AtcdLinuxShaper:One of the following interfaces does not exist: eth1, eth0
ERROR:sparts.tasks:Error creating task, AtcdLinuxShaper
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/sparts/vtask.py", line 313, in init
    t.initTask()
  File "/usr/local/lib/python2.7/dist-packages/atcd/backends/linux.py", line 48, in initTask
    super(AtcdLinuxShaper, self).initTask()
  File "/usr/local/lib/python2.7/dist-packages/atcd/AtcdThriftHandlerTask.py", line 220, in initTask
    self._links_lookup()
  File "/usr/local/lib/python2.7/dist-packages/atcd/backends/linux.py", line 65, in _links_lookup
    raise Exception(msg)
Exception: One of the following interfaces does not exist: eth1, eth0
ERROR:AtcdVService:Unexpected Exception during init
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/sparts/vservice.py", line 268, in _runloop
    instance._createTasks()
  File "/usr/local/lib/python2.7/dist-packages/sparts/vservice.py", line 167, in _createTasks
    self.tasks.init()
  File "/usr/local/lib/python2.7/dist-packages/sparts/vtask.py", line 332, in init
    len(exceptions))
Exception: Unable to start service (1 task start errors)
INFO:AtcdVService:Received graceful shutdown request
DEBUG:AtcdVService:VService Active.  Awaiting graceful shutdown.
INFO:AtcdVService:Waiting for tasks to shutdown gracefully...
DEBUG:AtcdVService:Waiting for <atcd.AtcdDeviceTimeoutTask.AtcdDeviceTimeoutTask object at 0x7faa9b613a50> to stop...
DEBUG:AtcdVService:Waiting for <atcd.backends.linux.AtcdLinuxShaper object at 0x7faa9b613d50> to stop...
DEBUG:AtcdVService:Waiting for <atcd.AtcdDBQueueTask.AtcdDBQueueTask object at 0x7faa9b613e10> to stop...
DEBUG:AtcdVService:Waiting for <atcd.AtcdThriftHandlerTask.AtcdNBServerTask object at 0x7faa9b613ed0> to stop...
INFO:AtcdVService:Instance shut down gracefully

please help!

Hi,
I have succesfully installed ATC on Debian and it partially works.
When I try to configure traffic loss, corruption, delay etc. All works well and I can see it thought cli command:

tc qdisc show

qdisc htb 1: dev eth0 root refcnt 2 r2q 10 default 0 direct_packets_stat 282697
qdisc netem 8019: dev eth0 parent 1:2 limit 1000
qdisc netem 801f: dev eth0 parent 1:3 limit 1000 delay 100.0ms loss 1% reorder 1% corrupt 1% gap 1
qdisc htb 1: dev eth1 root refcnt 2 r2q 10 default 0 direct_packets_stat 181
qdisc netem 801a: dev eth1 parent 1:2 limit 1000
qdisc netem 8020: dev eth1 parent 1:3 limit 1000 delay 100.0ms loss 1% reorder 1% corrupt 1% gap 1

You can see limit 1000
Limit always is 1000, no matter what I choose like uplink or downlink.

Can somebody help me with this problem?

The website (both github and http://facebook.github.io/augmented-traffic-control/) need to have a single sentence that describes what it's useful for. The following sentence provides a motivation for ATC, and could be inserted after the first sentence of the facebook.github.io page:

Developers can use ATC to test their application across varying network conditions, easily emulating high speed, mobile, and even severely impaired networks. Aspects that can be controlled by ATC include:

By subclassing APIView in atc-profile-storage, instead of getting raw json when browsing to the endpoint, we would be able to get a View that let the user GET/POST/DELETE to the endpoint just like with /api/v1/shape (see screenshot)
It proves to be pretty handy when troubleshooting or fiddling with values rather than having to fallback to curl.

When data is posted to the API to start shaping a particular IP, the data is coherent in the view, but is lost somewhere between the view and serializer.

The POST data in the view reflects the data sent by the client, but the data that the serializer receives is filled with None objects rather than the defaulted dicts, and the rate information is completely lost.

Posted data:

{
  "down": {
    "rate": 10000,
    "loss": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "delay": {
      "delay": 0,
      "jitter": 0,
      "correlation": 0.0
    },
    "corruption": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "reorder": {
      "percentage": 0.0,
      "correlation": 0.0,
      "gap": 0
    },
    "iptables_options": []
  },
  "up": {
    "rate": 10000,
    "loss": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "delay": {
      "delay": 0,
      "jitter": 0,
      "correlation": 0.0
    },
    "corruption": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "reorder": {
      "percentage": 0.0,
      "correlation": 0.0,
      "gap": 0
    },
    "iptables_options": []
  }
}

Data seen by view:

{
  "down": {
    "rate": 10000,
    "loss": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "delay": {
      "delay": 0,
      "jitter": 0,
      "correlation": 0.0
    },
    "corruption": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "reorder": {
      "percentage": 0.0,
      "correlation": 0.0,
      "gap": 0
    },
    "iptables_options": []
  },
  "up": {
    "rate": 10000,
    "loss": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "delay": {
      "delay": 0,
      "jitter": 0,
      "correlation": 0.0
    },
    "corruption": {
      "percentage": 0.0,
      "correlation": 0.0
    },
    "reorder": {
      "percentage": 0.0,
      "correlation": 0.0,
      "gap": 0
    },
    "iptables_options": []
  }
}

Data seen by ThriftSerializer:

{u'down': OrderedDict([(u'rate', 0), (u'loss', None), (u'delay', None), (u'corruption', None), (u'reorder', None), (u'iptables_options', None)]), u'up': OrderedDict([(u'rate', 0), (u'loss', None), (u'delay', None), (u'corruption', None), (u'reorder', None), (u'iptables_options', None)])}

Hello all,

I have ATC set up on a VM under VirtualHost. It serves as a gateway for other VM's hooked up to it via an internal network. It is running CentOS 6.

It's WAN (uplink) NIC is eth0, LAN (downlink) is eth1. I have deliberately tried to significantly slow down the client (internal, NAT'ed) VM's that can communicate to the internal only through the ATCD server/gateway. The settings are seemingly in accordance to what I set them in ATCD. Here is the tc output:

[root@atc-gw ~]# tc qdisc ls dev eth0
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 361306
qdisc netem 8019: parent 1:2 limit 1000 delay 20.0s loss 50% reorder 20% corrupt 90% gap 1
[root@atc-gw ~]# tc qdisc ls dev eth1
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 152995
qdisc netem 801a: parent 1:2 limit 1000 delay 10.0s loss 80% reorder 30% corrupt 90% gap 1
[root@atc-gw ~]#
[root@atc-gw ~]# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:2 police 0x19 rate 1000bit burst 12000b mtu 2Kb action drop overhead 0b
ref 1 bind 1

[root@atc-gw ~]# tc filter show dev eth1
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0x2 classid 1:2 police 0x1a rate 2000bit burst 12000b mtu 2Kb action drop overhead 0b
ref 1 bind 1

[root@atc-gw ~]#

Note that the rates are set up at 1 and 2 kbit/s for the interfaces.

While they are setup this way the client (another VirtualBox VM) is still able to download files off the internet at the speeds up to 8 MB/s = 64 Mbit/s!

Yes, I have tested to make sure the traffic does indeed go through the GW - when I shut it down or take down NIC's on it it stops!

The setup on it is quite simple in terms of networking - it is a NAT firewall/gw. Here is the iptables config file on it:

Firewall configuration written by system-config-firewall

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

ATCUI

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8000 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

I am truly mystified.

Any help dealing with this will be greatly appreciated.

Cheers,

Boris.

When trying to save a profile, I get prompted to enter a name, and click save.... but then nothing is saved

Right now we print a warning in chef if chef does not understand the init system in use.

We should probably fall back to using sysvinit configs instead so that we at least have something that works on some systems, rather than throwing up our hands in defeat.

Pros of doing this:

• Provides something that works on nearly all platforms (virtually everything except systemd systems)
• Provides a template for how to run our service which end-users can adapt for their situation.

Cons of doing this:

• May provide confusion if the sysvinit task doesn't work, rather than illustrating the actual problem (that we don't know which init system to use).

The sysvinit configs for atcui can be pulled from history:
https://github.com/facebook/augmented-traffic-control/tree/3fa1cb284fc6dea951b7695a179d91aaea6783d1/chef/atc/files/default/init.d

I have done all the setting as shown in the read file.
Continuously getting the below attached error
kindly help

Hello all,

I installed the software on my CentOS 6 VM and everything seems to be fine except that atcd would not run. I get the following:

[root@atc-gw ~]# gem install rubocop
ERROR: Error installing rubocop:
rainbow requires Ruby version >= 1.9.2.
[root@atc-gw ~]# atcd
Traceback (most recent call last):
File "/usr/local/bin/atcd", line 12, in
from atcd.scripts import runner
File "/usr/local/lib/python3.4/site-packages/atcd/scripts/runner.py", line 19, in
from atcd.AtcdDeviceTimeoutTask import AtcdDeviceTimeoutTask
File "/usr/local/lib/python3.4/site-packages/atcd/AtcdDeviceTimeoutTask.py", line 10, in
from atcd.AtcdThriftHandlerTask import AtcdThriftHandlerTask
File "/usr/local/lib/python3.4/site-packages/atcd/AtcdThriftHandlerTask.py", line 25, in
from atc_thrift import Atcd
File "/usr/local/lib/python3.4/site-packages/atc_thrift/Atcd.py", line 583
except TrafficControlException, failure:
^
SyntaxError: invalid syntax
[root@atc-gw ~]#

Has anybody seen this? Any idea as to what the cause could be?

Thanks.

Boris.

The way init subsystem is detected is not right, see comment on 3a86d86

Also, the diff should pass the lint.

I estimate that a large number of users are looking for a simpler set of deployment steps, in particular for deployment to other easy-to-use router firmwares like DD-WRT and OpenWRT. It would be great to provide a comprehensive guide or a set of simple scripts that automate deployment to these targets.

Additionally, it might even be appropriate to deploy atc to the opkg/ipkg repositories maintained by each of these firmwares, allowing for a simple "opkg install atc" type distribution. This would give folks new to embedded router firmware a convenient route to get started with cheap hardware.

if i got this spec, can i make the atcd environment?

1. one linux laptop (not include VM)
2. one network card

my idea is like this

1. connect a cable to my laptop from internet sharer(like anygate)
2. and then make laptop to wifi access point
3. build atcd on laptop
4. on smartphone, access the wifi (2.) and use ATC

I download and install ATC according to the readme file block in step run atcd with following issue：Traceback (most recent call last):
File "/usr/local/bin/atcd", line 13, in
runner.run()
File "/usr/local/lib/python2.7/site-packages/atcd/scripts/runner.py", line 34, in run
initialize_thrift()
File "/usr/local/lib/python2.7/site-packages/atcd/scripts/runner.py", line 27, in initialize_thrift
AtcdThriftHandlerTask.factory().register()
File "/usr/local/lib/python2.7/site-packages/atcd/AtcdThriftHandlerTask.py", line 203, in factory
'{0} backend is not implemented!'.format(os_name.lower())
NotImplementedError: darwin backend is not implemented!

I use two ways install thrift but always got the same error above.
brew install thrift and git clone source code
hope you give me some advance.

we have 2 implementations of _get_client_ip in atc_api.views and atc_api.serializers

This cause decrepencies between the 2 functions which are meant to solve the same thing.

It seems the view's version got reimplemented as part of ca74df9. We should rather refactor them to avoid issues like 7ff6c7a

In our testing of networks around the world, we've observed timers that drop dormant tcp sockets as fast as in 2-5 minutes, although 15-20 is more general. Those tend to have significant effect on mechanisms to maintain long-lived tcp sockets. It would be great to be able to simulate that with the tool.

OS: Windows 7 64 bit
Python Version:3.4.3(64bit)
If installing actd, always say can't copy sparts\fb303\contents.py to C;\Users%username%.... etc
failed error code is 1

"You must give this new profile a name." always show. and I could not be luanch ATC with "sudo atcd" , my PC connect to internet with lan (IP is 10.57.37.11) I want to luanch ATC server and config a demo profile to test. please give me some detail run commend example.

When trying to create any profile in FF, I get a form validation error. Works find for Chrome (which was how I got the "slow network" that appears in the screenshot).

FF 36.0.1 (Ubuntu 14.04) host, running in vagrant "trusty" box at tag v0.1.0

When running atcui-setup, it should be forced to be ran as the user under which the UI runs or we would have file permissions issues (like wrong sqlite db ownership...)

This was discussed in #20 and more precisely:
#20 (comment)

One thing to keep in mind is that we should ensure that the collected_static directory also has the right ownership.

While READMEs are useful to document individual components, a web page can go a long way in providing more detailed/consumable documentation.

OS: Windows 7 64 bit
Django Version: 1.7
Python Version: 2.7.9
I have done the settings as shown in the docs,but i can not open the url http://localhost:8000/atc_demo_ui/, always get Page not found (404) error .

Currently if you run atcui-setup as the atc user, it complains:

atc@precise:/var/django$ atcui-setup
/usr/local/bin/atcui-setup must be run as root.

This is pointless since it's going to su to atc anyway. We should allow this.

Headers:

HTTP_X_REAL_IP

For those just jumping in, would be nice to have some pre-sets based on some real network conditions. Some people just want to start testing their applications, and would rather not research connectivity on problem-networks :)

Great tool, and thanks!

Im running on a Mac OSX 10.10. Error below.
Traceback (most recent call last):
File "/usr/local/bin/atcd", line 13, in
runner.run()
File "/usr/local/lib/python2.7/site-packages/atcd/scripts/runner.py", line 34, in run
initialize_thrift()
File "/usr/local/lib/python2.7/site-packages/atcd/scripts/runner.py", line 27, in initialize_thrift
AtcdThriftHandlerTask.factory().register()
File "/usr/local/lib/python2.7/site-packages/atcd/AtcdThriftHandlerTask.py", line 203, in factory
'{0} backend is not implemented!'.format(os_name.lower())
NotImplementedError: darwin backend is not implemented!

When you try to POST to /api/v1/shape/{some-other-ip}/ ATC becomes unhappy.

Example:

curl -i http://192.168.10.2:8000/api/v1/shape/192.168.20.10/ -d '{"down":{"rate":10000,"loss":{"percentage":0.0,"correlation":0.0},"delay":{"delay":0,"jitter":0,"correlation":0.0},"corruption":{"percentage":0.0,"correlation":0.0},"reorder":{"percentage":0.0,"correlation":0.0,"gap":0},"iptables_options":[]},"up":{"rate":10000,"loss":{"percentage":0.0,"correlation":0.0},"delay":{"delay":0,"jitter":0,"correlation":0.0},"corruption":{"percentage":0.0,"correlation":0.0},"reorder":{"percentage":0.0,"correlation":0.0,"gap":0},"iptables_options":[]}}'

Traceback:

Traceback:
File "/usr/local/atc/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  111.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/atc/venv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  57.         return view_func(*args, **kwargs)
File "/usr/local/atc/venv/local/lib/python2.7/site-packages/django/views/generic/base.py" in view
  69.             return self.dispatch(request, *args, **kwargs)
File "/usr/local/atc/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  407.             response = self.handle_exception(exc)
File "/usr/local/atc/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  404.             response = handler(request, *args, **kwargs)
File "/usr/local/src/atc/atc/django-atc-api/atc_api/views.py" in decorator
  39.         return method(cls, request, service, *args, **kwargs)

Exception Type: TypeError at /api/v1/shape/192.168.20.10/
Exception Value: post() got an unexpected keyword argument 'address'

Hello,

error happened after restart service atcd, below is error log and environment info, any advice and suggestions will be greatly appreciated!

===== vagrant version =====
Vagrant 1.7.2

===== vagrant plugin list =====
vagrant-berkshelf (4.0.3)
vagrant-omnibus (1.4.1)
vagrant-share (1.1.3, system)

===== chef version =====
hef Development Kit Version: 0.4.0

===== error log ======

==> trusty: [2015-04-12T11:05:18+00:00] INFO: template[/etc/default/atcd] sending restart action to serviceatcd
==> trusty: ================================================================================
==> trusty: Error executing action restart on resource 'service[atcd]'
==> trusty: ================================================================================
==> trusty: Errno::ENOENT
==> trusty: -------------
==> trusty: No such file or directory - /etc/init.d/atcd
==> trusty: Resource Declaration:
==> trusty:
==> trusty: ---------------------
==> trusty: # In /tmp/vagrant-chef/ae4cfd0ce0224b28bb18503728431d99/cookbooks/atc/recipes/atcd.rb
==> trusty:
==> trusty: 126: service 'atcd' do
==> trusty: 127: supports :restart => true
==> trusty: 128: action [:enable, :start]
==> trusty: 129: end
==> trusty:
==> trusty: Compiled Resource:
==> trusty: ------------------
==> trusty: # Declared in /tmp/vagrant-chef/ae4cfd0ce0224b28bb18503728431d99/cookbooks/atc/recipes/atcd.rb:126:in `from_file'
==> trusty:
==> trusty: service("atcd") do
==> trusty: action [:enable, :start]
==> trusty: updated true
==> trusty: supports {:restart=>true}
==> trusty: retries 0
==> trusty: retry_delay 2
==> trusty: default_guard_interpreter :default
==> trusty: service_name "atcd"
==> trusty: enabled true
==> trusty: pattern "atcd"
==> trusty: declared_type :service
==> trusty: cookbook_name :atc
==> trusty: recipe_name "atcd"
==> trusty: end
==> trusty:
==> trusty: [2015-04-12T11:05:18+00:00] INFO: ruby_block[test-iptables] sending run action to execute[reload-iptables] (delaye
==> trusty: [2015-04-12T11:05:18+00:00] INFO: execute[reload-iptables] ran successfully
==> trusty: [2015-04-12T11:05:18+00:00] ERROR: Running exception handlers
==> trusty: [2015-04-12T11:05:18+00:00] ERROR: Exception handlers complete
==> trusty: [2015-04-12T11:05:18+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
==> trusty: [2015-04-12T11:05:18+00:00] ERROR: Chef::Exceptions::MultipleFailures
==> trusty: [2015-04-12T11:05:18+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit
code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

It appears that there is potentially a way to bypass marking packets from iptables and then filtering using the CLASSIFY target:
http://www.at.netfilter.org/patch-o-matic/pom-submitted.html#pom-submitted-CLASSIFY

That would allow passing the packet directly onto the class that does the throttling.

Current we use the policing part of the filter to drop packets when going beyond the allocated bandwidth... I am not sure we can benefit from this with the CLASSIFY target.

We have the bits in place to support shaping in a access controlled manner. This task is about enabling a secure and unsecure mode in atcd.

In secure mode, a device should only be able to shape traffic for itself or a device it has been granted access control previously (through auth token...)

In unsecure mode, one can just shape any arbitrary devices. This will put less friction if it is acceptable to shape any host.

I think it'd be helpful to incorporate a FAQ into our website for frequently asked questions.

A preliminary list:

• How do I make ATC run on {Windows,OSX,BSD}?
• How do I make ATC use only one interface?
• How do I change the name of the interfaces ATCD shapes?
• How do I load default profiles?
• How do I create a new profile?
• How do I make ATC more secure?

Primary way of specifying ports to shape should be port-range, such as 1..65535

Would also be nice to specify discrete list of ports, such as 22, 80, 443, 8080

Probably need to figure out a good way to allow specifying either of these inputs in a single format.

Perhaps a string input, which is split in the API. E.g. "ports": "22,80,443,8000..8999"