TCP: Add support for the AE (AccECN) flag.

rscheff · infrastation · commit 55dc3206aa07 · 2024-03-27T11:19:34.000Z
Print the new flag using lowercase "e" to avoid confusion with the
existing uppercase flags and "." for ACK.  Add/update tests.  Document
it in the man page using "AE" as the shorthand.
diff --git a/CHANGES b/CHANGES
@@ -26,6 +26,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
         advance the packet data pointer
       OSPF: Print more truncation indications
       OSPF: Add more length checks
+      TCP: Add support for the AE (AccECN) flag.
     User interface:
       Add optional unit suffix on -C file size.
       Add --print-sampling to print every Nth packet instead of all.
diff --git a/print-tcp.c b/print-tcp.c
@@ -113,6 +113,7 @@ const struct tok tcp_flag_values[] = {
         { TH_URG, "U" },
         { TH_ECNECHO, "E" },
         { TH_CWR, "W" },
+        { TH_AE, "e" },
         { 0, NULL }
 };
 
@@ -166,7 +167,7 @@ tcp_print(netdissect_options *ndo,
 {
         const struct tcphdr *tp;
         const struct ip *ip;
-        u_char flags;
+        uint16_t flags;
         u_int hlen;
         char ch;
         uint16_t sport, dport, win, urp;
@@ -248,7 +249,7 @@ tcp_print(netdissect_options *ndo,
                 return;
         }
 
-        flags = GET_U_1(tp->th_flags);
+        flags = tcp_get_flags(tp);
         ND_PRINT("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags));
 
         if (!ndo->ndo_Sflag && (flags & TH_ACK)) {
diff --git a/tcp.h b/tcp.h
@@ -50,6 +50,8 @@ struct tcphdr {
 };
 
 #define TH_OFF(th)	((GET_U_1((th)->th_offx2) & 0xf0) >> 4)
+#define tcp_get_flags(th)	((GET_U_1((th)->th_flags)) | \
+			((GET_U_1((th)->th_offx2) & 0x0f) << 8))
 
 /* TCP flags */
 #define	TH_FIN     0x01
@@ -60,6 +62,7 @@ struct tcphdr {
 #define	TH_URG	   0x20
 #define TH_ECNECHO 0x40	/* ECN Echo */
 #define TH_CWR	   0x80	/* ECN Cwnd Reduced */
+#define	TH_AE	  0x100	/* AccECN (draft-ietf-tcpm-accurate-ecn;rfc7560) part of L4S (rfc9330) */
 extern const struct tok tcp_flag_values[];
 
 
diff --git a/tcpdump.1.in b/tcpdump.1.in
@@ -1380,8 +1380,8 @@ The general format of a TCP protocol line is:
 .RE
 \fISrc\fP and \fIdst\fP are the source and destination IP
 addresses and ports.
-\fITcpflags\fP are some combination of S (SYN),
-F (FIN), P (PSH), R (RST), U (URG), W (CWR), E (ECE) or
+\fITcpflags\fP are some combination of S (SYN), F (FIN),
+P (PSH), R (RST), U (URG), W (CWR), E (ECE), e (AE) or
 `.' (ACK), or `none' if no flags are set.
 \fIData-seqno\fP describes the portion of sequence space covered
 by the data in this packet (see example below).
@@ -1472,10 +1472,10 @@ long enough for the options to actually be there, \fItcpdump\fP reports
 it as ``[\fIbad hdr length\fP]''.
 .SS Particular TCP Flag Combinations (SYN-ACK, URG-ACK, etc.)
 .PP
-There are 8 bits in the control bits section of the TCP header:
-.IP
-.I CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
-.PP
+There are 9 bits in the control bits section of the TCP header:
+.LP
+\fIAE(e) CWR(W) ECE(E) URG(U) ACK(.) PSH(P) RST(R) SYN(S) FIN(F)\fP
+.LP
 Let's assume that we want to watch packets used in establishing
 a TCP connection.
 Recall that TCP uses a 3-way handshake protocol
@@ -1510,7 +1510,9 @@ Recall the structure of a TCP header without options:
 -----------------------------------------------------------------
 |                     acknowledgment number                     |
 -----------------------------------------------------------------
-|  HL   | rsvd  |C|E|U|A|P|R|S|F|        window size            |
+|header |re   |A|C|E|U|A|P|R|S|F|                               |
+|length |serv |E|W|C|R|C|S|S|Y|I|        window size            |
+|       |  ed | |R|E|G|K|H|T|N|N|                               |
 -----------------------------------------------------------------
 |         TCP checksum          |       urgent pointer          |
 -----------------------------------------------------------------
@@ -1522,12 +1524,14 @@ The first line of the graph contains octets 0 - 3, the
 second line shows octets 4 - 7 etc.
 .PP
 Starting to count with 0, the relevant TCP control bits are contained
-in octet 13:
+in octets 12 and 13:
 .PP
 .nf
  0             7|             15|             23|             31
 ----------------|---------------|---------------|----------------
-|  HL   | rsvd  |C|E|U|A|P|R|S|F|        window size            |
+|header |re   |A|C|E|U|A|P|R|S|F|                               |
+|length |serv |E|W|C|R|C|S|S|Y|I|        window size            |
+|       |  ed | |R|E|G|K|H|T|N|N|                               |
 ----------------|---------------|---------------|----------------
 |               |  13th octet   |               |               |
 .fi
@@ -1538,6 +1542,8 @@ Let's have a closer look at octet no. 13:
                 |               |
                 |---------------|
                 |C|E|U|A|P|R|S|F|
+                |W|C|R|C|S|S|Y|I|
+                |R|E|G|K|H|T|N|N|
                 |---------------|
                 |7   5   3     0|
 .fi
@@ -1553,6 +1559,8 @@ with the SYN bit set in its header:
 .PP
 .nf
                 |C|E|U|A|P|R|S|F|
+                |W|C|R|C|S|S|Y|I|
+                |R|E|G|K|H|T|N|N|
                 |---------------|
                 |0 0 0 0 0 0 1 0|
                 |---------------|
@@ -1602,6 +1610,8 @@ with SYN-ACK set arrives:
 .PP
 .nf
      |C|E|U|A|P|R|S|F|
+     |W|C|R|C|S|S|Y|I|
+     |R|E|G|K|H|T|N|N|
      |---------------|
      |0 0 0 1 0 0 1 0|
      |---------------|
diff --git a/tests/TESTLIST b/tests/TESTLIST
@@ -971,3 +971,6 @@ ip6-snmp-oid-unsigned ip6-snmp-oid-unsigned.pcap ip6-snmp-oid-unsigned.out
 lwres-pointer-arithmetic-ub lwres-pointer-arithmetic-ub.pcap lwres-pointer-arithmetic-ub.out
 ospf-signed-integer-ubsan       ospf-signed-integer-ubsan.pcap          ospf-signed-integer-ubsan.out -vv
 bgp-ub bgp-ub.pcap bgp-ub.out -v
+
+# AccECN tests
+accecn_handshake	accecn_handshake.pcap		accecn_handshake.out	-v
diff --git a/tests/accecn_handshake.out b/tests/accecn_handshake.out
@@ -0,0 +1,25 @@
+    1  2022-07-26 06:26:07.794026 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
+    31.133.146.248.16433 > 66.228.43.12.80: Flags [SEWe], cksum 0x209c (incorrect -> 0xe443), seq 1948076589, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 112147477 ecr 0], length 0
+    2  2022-07-26 06:26:08.016156 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 72)
+    66.228.43.12.80 > 31.133.146.248.16433: Flags [S.W], cksum 0x22a8 (correct), seq 2972234643, ack 1948076590, win 65160, options [mss 1460,sackOK,TS val 2783239876 ecr 112147477,exp-acc0,wscale 7], length 0
+    3  2022-07-26 06:26:08.016573 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 68)
+    31.133.146.248.16433 > 66.228.43.12.80: Flags [.W], cksum 0x20a4 (incorrect -> 0x3b19), ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876,exp-acc0,eol], length 0
+    4  2022-07-26 06:26:08.017141 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 130)
+    31.133.146.248.16433 > 66.228.43.12.80: Flags [P.Ee], cksum 0x20e2 (incorrect -> 0x9373), seq 1:79, ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876], length 78: HTTP, length: 78
+	GET /1M HTTP/1.1
+	Host: 66.228.43.12
+	User-Agent: curl/7.69.1
+	Accept: */*
+	
+    5  2022-07-26 06:26:08.056144 IP (tos 0x1,ECT(1), ttl 54, id 45724, offset 0, flags [DF], proto TCP (6), length 52)
+    66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0x26c6 (correct), ack 79, win 509, options [nop,nop,TS val 2783239918 ecr 112147698], length 0
+    6  2022-07-26 06:26:08.075386 IP (tos 0x1,ECT(1), ttl 54, id 45725, offset 0, flags [DF], proto TCP (6), length 1500)
+    66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0xcfbd (correct), seq 1:1449, ack 79, win 509, options [nop,nop,TS val 2783239922 ecr 112147698], length 1448: HTTP, length: 1448
+	HTTP/1.1 200 OK
+	Date: Mon, 25 Jul 2022 15:45:42 GMT
+	Server: Apache/2.4.41 (Ubuntu)
+	Last-Modified: Sun, 24 Jul 2022 18:49:15 GMT
+	ETag: "f4240-5e491862a86d8"
+	Accept-Ranges: bytes
+	Content-Length: 1000000
+	
diff --git a/tests/accecn_handshake.pcap b/tests/accecn_handshake.pcap
diff --git a/tests/babel_update_oobr.out b/tests/babel_update_oobr.out
@@ -6,8 +6,8 @@
 	0x0010:  b1b1 b1b1 b158 5e0a 02f4 0ab1 0402 0f0f  .....X^.........
 	0x0020:  ff80 0f0f 0f0f 0f00 80a1 00b2 b2b2 b20d  ................
 	0x0030:  0d3a 3400 0001 00                        .:4....
-    5  1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp]
-    6  1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp]
+    5  1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp]
+    6  1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp]
     7  1970-03-17 20:27:12.000000 IP 208.21.10.1.654 > 31.99.100.232.80:  aodv rrep 34  prefix 4 hops 11
 	dst 237.34.38.84 dseq 32203525 src 232.11.2.0 67108864 ms
 	ext 0 0
diff --git a/tests/beep-oobr.out b/tests/beep-oobr.out
@@ -1,2 +1,2 @@
     1  1995-08-15 05:27:12.808464432 unknown ip 3
-    2  1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.U], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp]
+    2  1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.Ue], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp]
diff --git a/tests/bgp-bgp_capabilities_print-oobr-1.out b/tests/bgp-bgp_capabilities_print-oobr-1.out
@@ -1,5 +1,5 @@
     1  1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!)
-    226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
+    226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
 	Open Message (1), length: 59
 	  Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4
 	  Optional parameters, length: 29
diff --git a/tests/bgp-bgp_capabilities_print-oobr-2.out b/tests/bgp-bgp_capabilities_print-oobr-2.out
@@ -1,5 +1,5 @@
     1  1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!)
-    226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
+    226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
 	Open Message (1), length: 59
 	  Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4
 	  Optional parameters, length: 29
diff --git a/tests/bgp_mp_reach_nlri-oobr.out b/tests/bgp_mp_reach_nlri-oobr.out
@@ -1,5 +1,5 @@
     1  1975-04-27 04:29:01.371655446 IP (tos 0xff,CE, ttl 254, id 32783, offset 0, flags [rsvd], proto TCP (6), length 65535, bad cksum 8e15 (->5bbf)!)
-    241.0.128.39.179 > 239.0.0.1.0: Flags [none], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp]
+    241.0.128.39.179 > 239.0.0.1.0: Flags [e], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp]
 	Update Message (2), length: 45
 	  Withdrawn routes:
 	    (illegal prefix length) [|bgp] [|bgp]
diff --git a/tests/heapoverflow-tcp_print.out b/tests/heapoverflow-tcp_print.out
@@ -1,2 +1,2 @@
     1  1995-08-15 05:27:12.808464432 IP (tos 0x30, ttl 48, id 12336, offset 0, flags [DF], proto TCP (6), length 12336, bad cksum 3030 (->29a8)!)
-    48.48.48.48.12336 > 48.48.48.48.12336: Flags [.U], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp]
+    48.48.48.48.12336 > 48.48.48.48.12336: Flags [.Ue], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp]
diff --git a/tests/rpki-rtr-oobr.out b/tests/rpki-rtr-oobr.out
@@ -1,3 +1,3 @@
     1  1975-04-27 03:20:48.134349590 IP [total length 62 > length 50] (invalid) (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!)
-    19.128.128.20.323 > 76.19.6.127.49600: Flags [none], seq 2684354563:2684354585, win 28672, length 22
+    19.128.128.20.323 > 76.19.6.127.49600: Flags [e], seq 2684354563:2684354585, win 28672, length 22
 	RPKI-RTRv171 (unknown)

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`1 1995-08-15 05:27:12.808464432 unknown ip 3`
`2`		`- 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.U], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [\|tcp]`
	`2`	`+ 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.Ue], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [\|tcp]`