From nobody Wed Jan 03 18:32:59 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T4yyM5bjwz56RJ2; Wed, 3 Jan 2024 18:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T4yyM3ctrz41kL; Wed, 3 Jan 2024 18:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704306779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MBn/rwYp3oF6jolUMxXFM9aVyIgSSmf/NJtp0l6gVlQ=; b=QSt9JAKZA5BBUT2dEMhET9T9OiC9vDXbz2JlI/mx53sNQg6L4MNUp5FgunCMjfU7tY22vu uCjogWhu9SAi1/R9QzI6fN4v3216tqL0ULRzxzrhGrg+E003mgiLyVd6U3SrV2xaj6NbxU A2JMnAX9IdSIOXINRpild6Dg0l5JpwltlTzA+ABDQUBA2PEAQvuCIr71dJU0UkYzjYnZDl Zy4qigBFZO3ZO0OtRb467qCx68/xEMHmY3OOfI6QSz7ipQEMwlXLRDksjViZch5h41Q74p s8hOBrHsaOctqm7hyy5sZZuopJ4+S286UylC8D60AUaFd3c8xbdirVYvOoaqDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704306779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MBn/rwYp3oF6jolUMxXFM9aVyIgSSmf/NJtp0l6gVlQ=; b=WswQcz21t9SlDNB3LCW53l7Bu6SLT8Tw8ZvwkIuHnteLfLNgc/X8webFKLRbfayPUr3WtD MtQSFmsXhJrXh1KLirD5lc3EF/yTvAqMEEdVcOX0G/phDcROMHCN6xWPcDA002c2o9BUeE ElDJZ2SuCMLO3FsnreG+avT1slN8cNeG2cn1UKuT9cgLeYMrVypao3MQRCuilKbRedOYF8 haOJkmBWVPgOiqZdKvXGZqMHCvrrJClDa0ZYDFBr5spg6yFNhfvD1hxGiaTBciUtOhEZkn 6NTypOgrR25OCzUzOUy9wIZ861hyIU8sRJQkUzGkwMfLKMp5x3DxwKoexJP9/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704306779; a=rsa-sha256; cv=none; b=Rr/i782kq7rDMUfrGXFfuqjd874Px/GzGv2Vp8wLQmwNlg51MlNfHKzQGh51wrczVqhPIl r6/2rH2H1gzmilZY1QC6qwr12+fJpem3vAxNjAjHf65nYkAXqkMaCNXhsBm1gw5fGIv9ym FJfnClq9DpcjJUepOSoXpvxXOtFV2lpTLCYYxWKPh/D5r4SDYgYfFoXK6IfqNc+kdn/LbR pfz1OuR1iICl5fEfCcb0likG6NYN8I5BBM3wcE/rg84Sh4vAjiGeUuMlgDwxDq4JrpfUkQ zZHfASK6N5jM7iyopChvgiDTQKnZuGpu3ZJGl4KGGZFhT9X303PuBShM/mPT9A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T4yyM2h8RzwWV; Wed, 3 Jan 2024 18:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 403IWxUe019003; Wed, 3 Jan 2024 18:32:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 403IWxWN019000; Wed, 3 Jan 2024 18:32:59 GMT (envelope-from git) Date: Wed, 3 Jan 2024 18:32:59 GMT Message-Id: <202401031832.403IWxWN019000@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 8aafae66394f - main - traceroute: Implement ECN bleaching detection List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8aafae66394fe64489d6371c22da5a5fb7ee7c81 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8aafae66394fe64489d6371c22da5a5fb7ee7c81 commit 8aafae66394fe64489d6371c22da5a5fb7ee7c81 Author: Jose Luis Duran AuthorDate: 2023-10-28 00:28:52 +0000 Commit: Mark Johnston CommitDate: 2024-01-03 17:57:54 +0000 traceroute: Implement ECN bleaching detection Explicit Congestion Notification (ECN) is a mechanism that allows end-to-end notification of network congestion without dropping packets by explicitly setting the ECN code point (2 bits). Per RFC 8087, section 3.5, network devices should not be configured to change the ECN code point in the packets that they forward, except to set the CE (Congestion Experienced) code point ('11') to signal incipient congestion. The current commit adds an -E flag to traceroute that crafts a packet with an ECT(1) code point ('01'). If the packet is received back with a zero ECN code point ('00'), it outputs that the hop in question erases or "bleaches" the ECN code point values. Bleaching may occur for various reasons (including normalizing packets to hide which equipment supports ECN). This policy prevents the use of ECN by applications. If the packet is received back with an all-ones ECN code point ('11'), it outputs that the hop in question is experiencing "congestion". If the packet is received back with a different ECN code point ('10'), it outputs that the hop in question changes or "mangles" the ECN code point values. If the packet is received with the same ECN code point that was sent ('01'), it outputs that the hop has "passed" the ECN bits appropriately. Inspired by: Darwin Reviewed by: imp, markj MFC after: 1 month Pull Request: https://github.com/freebsd/freebsd-src/pull/879 --- contrib/traceroute/traceroute.8 | 20 ++++++++++++++++++-- contrib/traceroute/traceroute.c | 30 ++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/contrib/traceroute/traceroute.8 b/contrib/traceroute/traceroute.8 index d177413738dc..804306a11ca6 100644 --- a/contrib/traceroute/traceroute.8 +++ b/contrib/traceroute/traceroute.8 @@ -15,7 +15,7 @@ .\" .\" $Id: traceroute.8,v 1.19 2000/09/21 08:44:19 leres Exp $ .\" -.Dd November 25, 2020 +.Dd October 25, 2023 .Dt TRACEROUTE 8 .Os .Sh NAME @@ -24,7 +24,7 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl adDeFISnrvx +.Op Fl adDeEFISnrvx .Op Fl f Ar first_ttl .Op Fl g Ar gateway .Op Fl M Ar first_ttl @@ -66,6 +66,22 @@ default. Firewall evasion mode. Use fixed destination ports for UDP, UDP-Lite, TCP and SCTP probes. The destination port does NOT increment with each packet sent. +.It Fl E +Detect ECN bleaching. +Set the +.Em IPTOS_ECN_ECT1 +Explicit Congestion Notification (ECN) bits +.Pq Dv 01 , +and report if the hop has bleached +.Pq Dv 00 +or mangled +.Pq Dv 10 +them, or if it is experiencing congestion +.Pq Dv 11 . +Otherwise, report that it passed the bits appropriately. +If +.Fl t +is also specified, the corresponding ECN bits will be replaced. .It Fl f Ar first_ttl Set the initial time-to-live used in the first outgoing probe packet. .It Fl F diff --git a/contrib/traceroute/traceroute.c b/contrib/traceroute/traceroute.c index 282d4b2af929..03135e39837f 100644 --- a/contrib/traceroute/traceroute.c +++ b/contrib/traceroute/traceroute.c @@ -365,6 +365,7 @@ int doipcksum = 1; /* calculate ip checksums by default */ int optlen; /* length of ip options */ int fixedPort = 0; /* Use fixed destination port for TCP and UDP */ int printdiff = 0; /* Print the difference between sent and quoted */ +int ecnflag = 0; /* ECN bleaching detection flag */ extern int optind; extern int opterr; @@ -597,7 +598,7 @@ main(int argc, char **argv) prog = argv[0]; opterr = 0; - while ((op = getopt(argc, argv, "aA:edDFInrSvxf:g:i:M:m:P:p:q:s:t:w:z:")) != EOF) + while ((op = getopt(argc, argv, "aA:eEdDFInrSvxf:g:i:M:m:P:p:q:s:t:w:z:")) != EOF) switch (op) { case 'a': as_path = 1; @@ -620,6 +621,10 @@ main(int argc, char **argv) fixedPort = 1; break; + case 'E': + ecnflag = 1; + break; + case 'f': case 'M': /* FreeBSD compat. */ first_ttl = str2val(optarg, "first ttl", 1, 255); @@ -784,6 +789,10 @@ main(int argc, char **argv) outip->ip_v = IPVERSION; if (settos) outip->ip_tos = tos; + if (ecnflag) { + outip->ip_tos &= ~IPTOS_ECN_MASK; + outip->ip_tos |= IPTOS_ECN_ECT1; + } #ifdef BYTESWAP_IP_HDR outip->ip_len = htons(packlen); outip->ip_off = htons(off); @@ -1122,6 +1131,23 @@ main(int argc, char **argv) #endif precis = 3; Printf(" %.*f ms", precis, T); + if (ecnflag) { + u_char ecn = hip->ip_tos & IPTOS_ECN_MASK; + switch (ecn) { + case IPTOS_ECN_ECT1: + Printf(" (ecn=passed)"); + break; + case IPTOS_ECN_NOTECT: + Printf(" (ecn=bleached)"); + break; + case IPTOS_ECN_CE: + Printf(" (ecn=congested)"); + break; + default: + Printf(" (ecn=mangled)"); + break; + } + } if (printdiff) { Printf("\n"); Printf("%*.*s%s\n", @@ -2126,7 +2152,7 @@ usage(void) Fprintf(stderr, "Version %s\n", version); Fprintf(stderr, - "Usage: %s [-adDeFInrSvx] [-f first_ttl] [-g gateway] [-i iface]\n" + "Usage: %s [-adDeEFInrSvx] [-f first_ttl] [-g gateway] [-i iface]\n" "\t[-m max_ttl] [-p port] [-P proto] [-q nqueries] [-s src_addr]\n" "\t[-t tos] [-w waittime] [-A as_server] [-z pausemsecs] host [packetlen]\n", prog); exit(1);