From: Richard Scheffenegger Date: Sat, 30 Dec 2023 15:28:36 +0000 (+0100) Subject: TCP: Add support for the AE (AccECN) flag. X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/55dc3206aa07c3cdfe19b8d23e7b134d37b9a6b7 TCP: Add support for the AE (AccECN) flag. Print the new flag using lowercase "e" to avoid confusion with the existing uppercase flags and "." for ACK. Add/update tests. Document it in the man page using "AE" as the shorthand. --- diff --git a/CHANGES b/CHANGES index 68ccb9d0..fa07f3c2 100644 --- a/CHANGES +++ b/CHANGES @@ -26,6 +26,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group advance the packet data pointer OSPF: Print more truncation indications OSPF: Add more length checks + TCP: Add support for the AE (AccECN) flag. User interface: Add optional unit suffix on -C file size. Add --print-sampling to print every Nth packet instead of all. diff --git a/print-tcp.c b/print-tcp.c index 308915bc..dacdd805 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -113,6 +113,7 @@ const struct tok tcp_flag_values[] = { { TH_URG, "U" }, { TH_ECNECHO, "E" }, { TH_CWR, "W" }, + { TH_AE, "e" }, { 0, NULL } }; @@ -166,7 +167,7 @@ tcp_print(netdissect_options *ndo, { const struct tcphdr *tp; const struct ip *ip; - u_char flags; + uint16_t flags; u_int hlen; char ch; uint16_t sport, dport, win, urp; @@ -248,7 +249,7 @@ tcp_print(netdissect_options *ndo, return; } - flags = GET_U_1(tp->th_flags); + flags = tcp_get_flags(tp); ND_PRINT("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags)); if (!ndo->ndo_Sflag && (flags & TH_ACK)) { diff --git a/tcp.h b/tcp.h index 268869a4..6be42737 100644 --- a/tcp.h +++ b/tcp.h @@ -50,6 +50,8 @@ struct tcphdr { }; #define TH_OFF(th) ((GET_U_1((th)->th_offx2) & 0xf0) >> 4) +#define tcp_get_flags(th) ((GET_U_1((th)->th_flags)) | \ + ((GET_U_1((th)->th_offx2) & 0x0f) << 8)) /* TCP flags */ #define TH_FIN 0x01 @@ -60,6 +62,7 @@ struct tcphdr { #define TH_URG 0x20 #define TH_ECNECHO 0x40 /* ECN Echo */ #define TH_CWR 0x80 /* ECN Cwnd Reduced */ +#define TH_AE 0x100 /* AccECN (draft-ietf-tcpm-accurate-ecn;rfc7560) part of L4S (rfc9330) */ extern const struct tok tcp_flag_values[]; diff --git a/tcpdump.1.in b/tcpdump.1.in index 0100ff44..95130097 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -1380,8 +1380,8 @@ The general format of a TCP protocol line is: .RE \fISrc\fP and \fIdst\fP are the source and destination IP addresses and ports. -\fITcpflags\fP are some combination of S (SYN), -F (FIN), P (PSH), R (RST), U (URG), W (CWR), E (ECE) or +\fITcpflags\fP are some combination of S (SYN), F (FIN), +P (PSH), R (RST), U (URG), W (CWR), E (ECE), e (AE) or `.' (ACK), or `none' if no flags are set. \fIData-seqno\fP describes the portion of sequence space covered by the data in this packet (see example below). @@ -1472,10 +1472,10 @@ long enough for the options to actually be there, \fItcpdump\fP reports it as ``[\fIbad hdr length\fP]''. .SS Particular TCP Flag Combinations (SYN-ACK, URG-ACK, etc.) .PP -There are 8 bits in the control bits section of the TCP header: -.IP -.I CWR | ECE | URG | ACK | PSH | RST | SYN | FIN -.PP +There are 9 bits in the control bits section of the TCP header: +.LP +\fIAE(e) CWR(W) ECE(E) URG(U) ACK(.) PSH(P) RST(R) SYN(S) FIN(F)\fP +.LP Let's assume that we want to watch packets used in establishing a TCP connection. Recall that TCP uses a 3-way handshake protocol @@ -1510,7 +1510,9 @@ Recall the structure of a TCP header without options: ----------------------------------------------------------------- | acknowledgment number | ----------------------------------------------------------------- -| HL | rsvd |C|E|U|A|P|R|S|F| window size | +|header |re |A|C|E|U|A|P|R|S|F| | +|length |serv |E|W|C|R|C|S|S|Y|I| window size | +| | ed | |R|E|G|K|H|T|N|N| | ----------------------------------------------------------------- | TCP checksum | urgent pointer | ----------------------------------------------------------------- @@ -1522,12 +1524,14 @@ The first line of the graph contains octets 0 - 3, the second line shows octets 4 - 7 etc. .PP Starting to count with 0, the relevant TCP control bits are contained -in octet 13: +in octets 12 and 13: .PP .nf 0 7| 15| 23| 31 ----------------|---------------|---------------|---------------- -| HL | rsvd |C|E|U|A|P|R|S|F| window size | +|header |re |A|C|E|U|A|P|R|S|F| | +|length |serv |E|W|C|R|C|S|S|Y|I| window size | +| | ed | |R|E|G|K|H|T|N|N| | ----------------|---------------|---------------|---------------- | | 13th octet | | | .fi @@ -1538,6 +1542,8 @@ Let's have a closer look at octet no. 13: | | |---------------| |C|E|U|A|P|R|S|F| + |W|C|R|C|S|S|Y|I| + |R|E|G|K|H|T|N|N| |---------------| |7 5 3 0| .fi @@ -1553,6 +1559,8 @@ with the SYN bit set in its header: .PP .nf |C|E|U|A|P|R|S|F| + |W|C|R|C|S|S|Y|I| + |R|E|G|K|H|T|N|N| |---------------| |0 0 0 0 0 0 1 0| |---------------| @@ -1602,6 +1610,8 @@ with SYN-ACK set arrives: .PP .nf |C|E|U|A|P|R|S|F| + |W|C|R|C|S|S|Y|I| + |R|E|G|K|H|T|N|N| |---------------| |0 0 0 1 0 0 1 0| |---------------| diff --git a/tests/TESTLIST b/tests/TESTLIST index 281cd1ff..f6b217c8 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -971,3 +971,6 @@ ip6-snmp-oid-unsigned ip6-snmp-oid-unsigned.pcap ip6-snmp-oid-unsigned.out lwres-pointer-arithmetic-ub lwres-pointer-arithmetic-ub.pcap lwres-pointer-arithmetic-ub.out ospf-signed-integer-ubsan ospf-signed-integer-ubsan.pcap ospf-signed-integer-ubsan.out -vv bgp-ub bgp-ub.pcap bgp-ub.out -v + +# AccECN tests +accecn_handshake accecn_handshake.pcap accecn_handshake.out -v diff --git a/tests/accecn_handshake.out b/tests/accecn_handshake.out new file mode 100644 index 00000000..79b12adc --- /dev/null +++ b/tests/accecn_handshake.out @@ -0,0 +1,25 @@ + 1 2022-07-26 06:26:07.794026 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) + 31.133.146.248.16433 > 66.228.43.12.80: Flags [SEWe], cksum 0x209c (incorrect -> 0xe443), seq 1948076589, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 112147477 ecr 0], length 0 + 2 2022-07-26 06:26:08.016156 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 72) + 66.228.43.12.80 > 31.133.146.248.16433: Flags [S.W], cksum 0x22a8 (correct), seq 2972234643, ack 1948076590, win 65160, options [mss 1460,sackOK,TS val 2783239876 ecr 112147477,exp-acc0,wscale 7], length 0 + 3 2022-07-26 06:26:08.016573 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 68) + 31.133.146.248.16433 > 66.228.43.12.80: Flags [.W], cksum 0x20a4 (incorrect -> 0x3b19), ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876,exp-acc0,eol], length 0 + 4 2022-07-26 06:26:08.017141 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 130) + 31.133.146.248.16433 > 66.228.43.12.80: Flags [P.Ee], cksum 0x20e2 (incorrect -> 0x9373), seq 1:79, ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876], length 78: HTTP, length: 78 + GET /1M HTTP/1.1 + Host: 66.228.43.12 + User-Agent: curl/7.69.1 + Accept: */* + + 5 2022-07-26 06:26:08.056144 IP (tos 0x1,ECT(1), ttl 54, id 45724, offset 0, flags [DF], proto TCP (6), length 52) + 66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0x26c6 (correct), ack 79, win 509, options [nop,nop,TS val 2783239918 ecr 112147698], length 0 + 6 2022-07-26 06:26:08.075386 IP (tos 0x1,ECT(1), ttl 54, id 45725, offset 0, flags [DF], proto TCP (6), length 1500) + 66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0xcfbd (correct), seq 1:1449, ack 79, win 509, options [nop,nop,TS val 2783239922 ecr 112147698], length 1448: HTTP, length: 1448 + HTTP/1.1 200 OK + Date: Mon, 25 Jul 2022 15:45:42 GMT + Server: Apache/2.4.41 (Ubuntu) + Last-Modified: Sun, 24 Jul 2022 18:49:15 GMT + ETag: "f4240-5e491862a86d8" + Accept-Ranges: bytes + Content-Length: 1000000 + diff --git a/tests/accecn_handshake.pcap b/tests/accecn_handshake.pcap new file mode 100644 index 00000000..b328dcd3 Binary files /dev/null and b/tests/accecn_handshake.pcap differ diff --git a/tests/babel_update_oobr.out b/tests/babel_update_oobr.out index 7785775e..890dc9d3 100644 --- a/tests/babel_update_oobr.out +++ b/tests/babel_update_oobr.out @@ -6,8 +6,8 @@ 0x0010: b1b1 b1b1 b158 5e0a 02f4 0ab1 0402 0f0f .....X^......... 0x0020: ff80 0f0f 0f0f 0f00 80a1 00b2 b2b2 b20d ................ 0x0030: 0d3a 3400 0001 00 .:4.... - 5 1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp] - 6 1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp] + 5 1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp] + 6 1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp] 7 1970-03-17 20:27:12.000000 IP 208.21.10.1.654 > 31.99.100.232.80: aodv rrep 34 prefix 4 hops 11 dst 237.34.38.84 dseq 32203525 src 232.11.2.0 67108864 ms ext 0 0 diff --git a/tests/beep-oobr.out b/tests/beep-oobr.out index 56deca8e..c711733e 100644 --- a/tests/beep-oobr.out +++ b/tests/beep-oobr.out @@ -1,2 +1,2 @@ 1 1995-08-15 05:27:12.808464432 unknown ip 3 - 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.U], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp] + 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.Ue], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp] diff --git a/tests/bgp-bgp_capabilities_print-oobr-1.out b/tests/bgp-bgp_capabilities_print-oobr-1.out index 068a0760..234a4aea 100644 --- a/tests/bgp-bgp_capabilities_print-oobr-1.out +++ b/tests/bgp-bgp_capabilities_print-oobr-1.out @@ -1,5 +1,5 @@ 1 1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!) - 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp] + 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp] Open Message (1), length: 59 Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4 Optional parameters, length: 29 diff --git a/tests/bgp-bgp_capabilities_print-oobr-2.out b/tests/bgp-bgp_capabilities_print-oobr-2.out index c519480b..d518de49 100644 --- a/tests/bgp-bgp_capabilities_print-oobr-2.out +++ b/tests/bgp-bgp_capabilities_print-oobr-2.out @@ -1,5 +1,5 @@ 1 1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!) - 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp] + 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp] Open Message (1), length: 59 Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4 Optional parameters, length: 29 diff --git a/tests/bgp_mp_reach_nlri-oobr.out b/tests/bgp_mp_reach_nlri-oobr.out index 5797b766..f6f0d3f1 100644 --- a/tests/bgp_mp_reach_nlri-oobr.out +++ b/tests/bgp_mp_reach_nlri-oobr.out @@ -1,5 +1,5 @@ 1 1975-04-27 04:29:01.371655446 IP (tos 0xff,CE, ttl 254, id 32783, offset 0, flags [rsvd], proto TCP (6), length 65535, bad cksum 8e15 (->5bbf)!) - 241.0.128.39.179 > 239.0.0.1.0: Flags [none], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp] + 241.0.128.39.179 > 239.0.0.1.0: Flags [e], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp] Update Message (2), length: 45 Withdrawn routes: (illegal prefix length) [|bgp] [|bgp] diff --git a/tests/heapoverflow-tcp_print.out b/tests/heapoverflow-tcp_print.out index 8527a1da..f7f70730 100644 --- a/tests/heapoverflow-tcp_print.out +++ b/tests/heapoverflow-tcp_print.out @@ -1,2 +1,2 @@ 1 1995-08-15 05:27:12.808464432 IP (tos 0x30, ttl 48, id 12336, offset 0, flags [DF], proto TCP (6), length 12336, bad cksum 3030 (->29a8)!) - 48.48.48.48.12336 > 48.48.48.48.12336: Flags [.U], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp] + 48.48.48.48.12336 > 48.48.48.48.12336: Flags [.Ue], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp] diff --git a/tests/rpki-rtr-oobr.out b/tests/rpki-rtr-oobr.out index a892848c..4468bbf8 100644 --- a/tests/rpki-rtr-oobr.out +++ b/tests/rpki-rtr-oobr.out @@ -1,3 +1,3 @@ 1 1975-04-27 03:20:48.134349590 IP [total length 62 > length 50] (invalid) (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!) - 19.128.128.20.323 > 76.19.6.127.49600: Flags [none], seq 2684354563:2684354585, win 28672, length 22 + 19.128.128.20.323 > 76.19.6.127.49600: Flags [e], seq 2684354563:2684354585, win 28672, length 22 RPKI-RTRv171 (unknown)