I have decentralised application that uses UDP multicast to communicate with other peers in its network. I've been looking at pumba for chaos testing this application by introducing packet-loss.

This works quite well using the netem feature of pumba except that only applies to egress traffic and introduces synchronised behaviour in my tests as all nodes in the network will see the same packets being dropped (as packets are dropped on the container that sends these packets).

I was looking at other some other options to drop incoming packets and found a way that I'm now using in a script but believe this may be helpful for pumba.

This method uses iptables and requires iptables to be installed on the containers under test, similar that pumba requires iproute2 to be installed for using the tc command. The containers under test should also have the NET_ADMIN capability added.

Ingress packet dropping can now be activated by adding a iptables rule to the containers that need it.

An example of iptables rules randomly dropping 20% of incoming UDP packets to a specific port:

iptables -I INPUT -p udp --dport 5001 -i eth0 -m statistic --mode random --probability 0.2 -j DROP

An example of iptables rules randomly dropping 5% of incoming UDP packets to a specific multicast address:

iptables -I INPUT -p udp -d 239.1.2.3 -i eth0 -m statistic --mode random --probability 0.05 -j DROP

Would this something that would be of interest to include in pumba or to consider a PR for?