Delaying outbound ACK

# Match customer (destination) based on IP address
iptables -t mangle -F POSTROUTING
iptables -t mangle -A POSTROUTING -o eth0 -p udp -d 198.51.100.33 -j CUSTOMER

# Create table to match "ACK sip" and set a mark.
iptables -t mangle -X CUSTOMER
iptables -t mangle -N CUSTOMER
iptables -t mangle -F CUSTOMER
iptables -t mangle -A CUSTOMER -m string --algo kmp --from 20 --to 30 --string 'ACK sip' -j MARK --set-mark 4242

# Change the default qdisc to use `prio` so that we can apply sub-qdisc
tc qdisc add dev eth0 root handle 1: prio
# The sub-qdisc will delay 250ms
tc qdisc add dev eth0 parent 1:3 handle 30: netem delay 250ms
# Match on the mark and send to the sub-qdisc
tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 4242 fw flowid 1:3

To check this is working:

tc -s -d qdisc dev eth0
iptables -L POSTROUTING -t mangle --verbose ; iptables -L CUSTOMER -t mangle --verbose
Written on February 23, 2013