For network catastrophe simulations of our server environment, we are looking for a way to intentionally timeout a TCP socket. Are there any simple ways for existing sockets? Also, little C test-case program would be a plus.
We have already tried putting down network interfaces during TCP buffer reading, and reading from disconnected mounted resources (samba).
Out test server is Ubuntu 12.04.4.
To cause an exiting connection to timeout you can use iptables. Just enable a DROP rule on the port you want to disable. So to simulate a timeout for your Samaba server, while an active connection is up, execute the following on the server:
sudo iptables -A INPUT -p tcp --dport 445 -j DROP
The DROP target will not reply with a RST packet or ICMP error to the packet's sender. The client will stop receiving packets from the server and eventually timeout.
Depending on if/how you have iptables configured, you may want to insert the rule higher into the INPUT ruleset.
The first answer is correct, but I've discovered how these timeouts work, so you could observe and test them (don't forget to block the port!).
There are 4 most interesting kernel parameters that deal with TCP timeouts:
/proc/sys/net/ipv4/tcp_keepalive_time
/proc/sys/net/ipv4/tcp_keepalive_intvl
/proc/sys/net/ipv4/tcp_keepalive_probes
/proc/sys/net/ipv4/tcp_retries2
Now there are 2 scenarios:
The socket is opened and trying to transmit - then (if there is no response from the other side), system retries tcp_retries2 times. With the default value of retires it takes somewhere over 2 minutes and the socket times out.
The socket is opened and idle - then keepalive limits are interesting. With an idle socket system will wait tcp_keepalive_time seconds, and after that try tcp_keepalive_probes times to send a TCP KEEPALIVE in intervals of tcp_keepalive_intvl seconds. And only after that all failes the socket times out.