I wanted to simulate 100% tcp packet loss between ports 19530 and 19630 on the loop-back interface. So I defined the following comcast rule for this:
./comcast --device=lo0 --packet-loss=100% --target-addr=127.0.0.1 --target-proto=tcp --target-port=19530,19630

But once I start comcast with this specific rule it's affecting my entire network. As in 100% packet loss for everything. The device, target-addr, target-proto or the target-port filters are not honored. The tool is shutting down my entire network.

Here is the sequence of steps I followed. I was testing this by pinging to the Google DNS IP 8.8.8.8 before and after starting comcast. Even the ICMP packets are getting dropped even though my rule specifies tcp.

macalsu01:bin alsu$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=19.847 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=17.993 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=69.683 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=18.609 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 17.993/31.533/69.683/22.036 ms
macalsu01:bin alsu$ ./comcast --device=lo0 --packet-loss=100% --target-addr=127.0.0.1 --target-proto=tcp --target-port=19530,19630
sudo pfctl -E
(cat /etc/pf.conf && echo "dummynet-anchor "mop"" && echo "anchor "mop"") | sudo pfctl -f -
echo $'dummynet in all pipe 1' | sudo pfctl -a mop -f -
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19530 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19530 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19530 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19530 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19630 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask dst-port 19630 dst-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19630 src-ip 127.0.0.1 proto tcp
sudo dnctl pipe 1 config plr 1.0000 mask src-port 19630 dst-ip 127.0.0.1 proto tcp
Packet rules setup...
Run sudo pfctl -sa | grep -i enabled to double check
Run ./comcast --stop to reset
macalsu01:bin alsu$ sudo pfctl -sa | grep -i enabled
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 00:00:13 Debug: Urgent
macalsu01:bin alsu$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
macalsu01:bin alsu$ ./comcast --stop
sudo pfctl -f /etc/pf.conf
sudo pfctl -d
sudo dnctl -q flush
Packet rules stopped...
Run sudo pfctl -sa | grep -i enabled to double check
Run ./comcast to start

As you can see the 100% packet loss rule is taking effect. But the rest of the rules are being ignored.

@albinsuresh did you ever figure out how to get the masks to work?

Dear,

i am facing the same issue, while checking the output script with dry run option, i notice that pipe rules are not considering the filters added, it is instead adding filters to dnctl which doesnt have any affect, are you planning to resolve it in any upcoming release?