Merge pull request #9 from catchpoint/develop

First release

ChangeLog

@@ -1,3 +1,96 @@
+2023-08-21  Luca Sani  <[email protected]> - 0.0.5
+    *  Fixed privilege requirements and closing sockets once used
+
+        The introduction of ToS packet analysis requires the usage of raw socket
+        and - consequently - requires superuser privileges. The last change on
+        ToS was however requiring superuser privileges even if ToS was not
+        required. This has now been fixed. 
+
+        It was also fixed a problem with regular code that was not closing the
+        sockets once used
+
+2023-08-01  Luca Sani  <[email protected]> - 0.0.4
+    *  Added dockerfiles to build binaries
+
+        Added simple dockerfiles to compile binaries for centos7, debian11 and
+        ubuntu22. To run the build use the "build.sh" script into the
+        dockerfiles folder. Binaries will be put into the binaries/ folder.
+
+2023-07-26  Luca Sani  <[email protected]> - 0.0.3
+
+    *  Enhanced Path MTU discovery
+
+        Traceroute can be launched with --mtu to perform the traceroute
+        measurement with a large packet (initially set to 65000) which is
+        firstly narrowed down by the network interface of the local machine,
+        then by the network itself.
+
+        Whenever a bottleneck is found, traceroute will cut the size of the
+        packet sent to the MTU value indicated by the network, and the
+        measurement will continue to run regularly.
+
+        There are a couple of problems with this approach:
+
+        - It does not work in TCP mode. Whenever traceroute is launched with -T
+        and --mtu, traceroute will ignore --mtu and sends SYN packets without
+        any TCP payload, thus not allowing the tool to discover any bottleneck
+        in the path.
+        - Even if we made that work, the destination is likely to drop packets
+        because TCP SYN probes with a size larger than the TCP header are seen
+        as malicious. That would cause the whole traceroute to not reach
+        destination.
+        - It is slow and expensive. The regular way to proceed with that is to
+        limit the number of simultaneous probes to 1, and send large packets
+        that will be narrowed along the path.
+
+        To solve that, we changed the way --mtu works inside of traceroute.
+
+        We introduced an initial step performed only when option --mtu is set
+        which consist in inferring the path MTU between source and destination.
+        As in regular traceroute, we start with packet size 65000, which will
+        be narrowed down by the interface and, eventually, by any bottleneck in
+        the path by ICMP/ICMPv6 returning messages. 
+        If our probe times out, we assume that no further bottleneck are present
+        in the network, but the final path MTU discovered is potentially
+        overestimated.
+
+        With this initial phase, we are going to be able to infer the path MTU.
+        We only need to understand which hop is introducing the bottleneck.
+        To achieve that, we perform traceroute with 1 single large probe to
+        destination as in regular traceroute. Every time we notice that a
+        bottleneck is found (using the same logic in original traceroute), we
+        check if we found the bottleneck that caused the path MTU to be narrowed
+        down. If that's the case, we know there won't be any further bottleneck
+        in the path, and we can proceed sending small simultaneous packets to
+        destination, as in regular traceroute mode (without --mtu).
+
+2023-06-28  Alessandro Improta  <[email protected]> - 0.0.2
+
+    *  Introduced enhanced TOS field report
+
+       Original traceroute allows to set ToS field in outgoing packets, but 
+       currently does not allow to read the ToS field of the expiring probe 
+       which is contained in the IP header inside the ICMP payload.
+
+       This can be done by reading returning ICMP packets via a dedicated 
+       raw socket, and then extract the relevant info from the ICMP payload,
+       which contains the IP header of the expired probe.
+
+       We also added two more options: --dscp and --ecn. These options are 
+       mutually exclusive with option -t (or --tos), but not with each other.
+
+       When options -t/--tos or --dscp or --ecn are set, each hop will show
+       the content of the ToS field of the expired probe in the following
+       format: <TOS: X, DSCP: Y, ECN: Z>. 
+
+2023-05-25  Alessandro Improta  <[email protected]> - 0.0.1
+
+    *  Introduced InSession tracerouting
+
+       More details here: https://www.catchpoint.com/blog/traceroute-insession-catchpoints-effort-towards-a-more-reliable-network-diagnostic-tool
+
+    *  Discontinued versioning with original traceroute
+
 2023-02-13  Dmitry Butskoy  <[email protected]> - 2.1.2
 
 	*  Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1

Make.rules

@@ -46,9 +46,9 @@ $(call set, INSTALL, cp)
 $(call set, INDENT, true)
 
 gcc = $(findstring gcc,$(CC))
-$(call set, CFLAGS, $(if $(gcc), -O2 -Wall, -O))
+$(call set, CFLAGS, $(if $(gcc), -g -Wall -std=c99, -O0))
 $(call set, CPPFLAGS, )
-$(call set, LDFLAGS, -s)
+$(call set, LDFLAGS, -g)
 $(call set, LIBS, )
 
 
@@ -78,7 +78,7 @@ DESTDIR =
 
 
 #  layout stuff
-SKIPDIRS = tmp%
+SKIPDIRS = tmp% binaries% dockerfiles%
 INCLUDEDIRS = include%
 LIBDIRS = lib%
 MODDIRS = mod%

Makefile

@@ -25,7 +25,6 @@ include ./Make.rules
 
 targets = $(EXEDIRS) $(LIBDIRS) $(MODDIRS)
 
-
 # be happy, easy, perfomancy...
 .PHONY: $(subdirs) dummy all force
 .PHONY: depend indent clean distclean libclean release store libs mods
@@ -77,6 +76,7 @@ endif
 $(targets): mkfile = $(if $(wildcard $@/Makefile),,-f $(srcdir)/default.rules)
 
 $(targets): force
+	@echo Doing $@
 	@$(MAKE) $(mkfile) -C $@ $(what) TARGET=$@
 
 force:

README

@@ -1,11 +1,37 @@
-This is an enhanced version of Dmitry Butskoy traceroute developed by Catchpoint 
-to support "TCP InSession" method. This method opens a TCP connection with
+# Catchpoint traceroute
+
+## Introduction
+
+This is an enhanced version of Dmitry Butskoy traceroute developed by Catchpoint.  
+There are a number of improvements.  The main ones are enumerated here:
+* Support for "TCP InSession" method. This method opens a TCP connection with
 the destination and sends TCP probes within the opened session with incremental
 TTL. The aim is to prevent false packet loss introduced by firewall and
 router configurations related to security and to ensures that packets follow a
 single flow, akin to a normal TCP session, to bypass load-balanced routers.
+ - Introduced enhanced TOS (DSCP/ECN) field report. This new option allows to set 
+ToS field in outgoing packets and read the ToS field of the expiring probes. It
+includes a special output to highlight DSCP and ECN values
+
+Full details in ChangeLog [here](https://github.com/catchpoint/Networking.traceroute/blob/develop/ChangeLog).
+
+## Building & Installation
+```
+make 
+make install
+```
+
+## Binaries
+
+This tool should build on any modern Linux system.  
 
-Hereafter is the original Dmitry README:
+Binaries are provided for convenience [here](https://github.com/catchpoint/Networking.traceroute/tree/main/binaries) for common Linux distributions.
+
+## Usage
+
+See `traceroute(8)` for detailed instructions.
+
+## Original Dmitry Butskoy README file
 
 This is a new modern implementation of the traceroute(8)
 utility for Linux systems.
@@ -44,5 +70,4 @@ You can try to contact the author at <Dmitry at Butskoy dot name> .
 
 Good tracerouting!
 
-Dmitry Butskoy
-
+Dmitry Butskoy

VERSION

@@ -1 +1 @@
-#define VERSION 0.0.1
+#define VERSION 0.0.5

dockerfiles/build.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+clean_folder()
+{
+    rm -rf libsupp/
+    rm -rf include/
+    rm -rf traceroute/
+    rm -f default.rules
+    rm -f Makefile
+    rm -f Make.rules
+    rm -f Make.defines
+    rm -f VERSION
+}
+
+copy_files()
+{
+    cp -r ../../libsupp ./
+    cp -r ../../include ./
+    cp -r ../../traceroute ./
+    cp ../../Makefile ./
+    cp ../../Make.rules ./
+    cp ../../Make.defines ./
+    cp ../../default.rules ./
+    cp ../../VERSION ./
+}
+
+build()
+{
+    echo "Starting docker for $1"
+    if ! docker build . -t traceroute:"$1"
+    then
+        echo "Failed to build docker for platform $1"
+        return 1
+    fi
+
+    CONTAINER_ID=$(docker run -d traceroute:"$1")
+
+    if ! docker exec -it "$CONTAINER_ID" /bin/bash -c "cd traceroute && make clean && make traceroute"
+    then
+        echo "Failed to execute docker container ${CONTAINER_ID} for platform $1"
+        return 1
+    fi
+
+    if ! docker cp "$CONTAINER_ID":/traceroute/traceroute/traceroute ../../binaries/"$1"/
+    then
+        echo "Failed to copy traceroute artifact from container ${CONTAINER_ID} for platform $1"
+        return 1
+    fi
+
+    if ! docker container stop "$CONTAINER_ID"
+    then
+        echo "Failed to stop container ${CONTAINER_ID} for platform $1"
+        return 1
+    fi
+
+    if ! docker container rm "$CONTAINER_ID"
+    then
+        echo "Failed to remove container ${CONTAINER_ID} for platform $1"
+        return 1
+    fi
+
+    if ! docker image rm traceroute:"$1"
+    then
+        echo "Failed to remove image traceroute:$1"
+        return 1
+    fi
+
+    return 0
+}
+
+SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
+
+for PLATFORM in $(echo "centos7 debian11 ubuntu22")
+do
+    echo "Building for $PLATFORM"
+    SAVE_DIR="${SCRIPTPATH}/${PLATFORM}"
+
+    if ! cd "${SCRIPTPATH}/${PLATFORM}"
+    then
+        echo "Platform $PLATFORM not found, skipping it"
+        continue
+    fi
+
+    rm -f "${SCRIPTPATH}/build.log"
+
+    clean_folder
+    copy_files
+
+    if ! build "$PLATFORM" >> "${SCRIPTPATH}/build.log" 2>&1
+    then
+        echo "An error occurred while building for platform $PLATFORM, see ${SCRIPTPATH}/build.log for more information"
+        exit 1
+    fi
+
+    clean_folder
+
+    if ! cd "$SAVE_DIR"
+    then
+        echo "Cannot come back to ${SAVE_DIR}, aborting"
+        exit 1
+    fi
+done
+
+echo "Build completed, see ${SCRIPTPATH}/build.log for more information"
+echo "Traceroute binaries have been copied into ${SCRIPTPATH}/../binaries"
+
+exit 0
+
+

dockerfiles/centos7/Dockerfile

@@ -0,0 +1,13 @@
+FROM centos:7
+RUN yum install -y make systemd gcc
+RUN mkdir traceroute
+ADD libsupp traceroute/libsupp/
+ADD include traceroute/include
+ADD traceroute traceroute/traceroute/
+ADD Makefile traceroute/
+ADD Make.rules traceroute/
+ADD Make.defines traceroute/
+ADD default.rules traceroute/
+ADD VERSION traceroute/
+
+CMD ["/sbin/init"]

dockerfiles/debian11/Dockerfile

@@ -0,0 +1,13 @@
+FROM debian:11
+RUN apt-get update && apt-get install -y make init gcc
+RUN mkdir traceroute
+ADD libsupp traceroute/libsupp/
+ADD include traceroute/include
+ADD traceroute traceroute/traceroute/
+ADD Makefile traceroute/
+ADD Make.rules traceroute/
+ADD Make.defines traceroute/
+ADD default.rules traceroute/
+ADD VERSION traceroute/
+
+CMD ["/sbin/init"]

dockerfiles/ubuntu22/Dockerfile

@@ -0,0 +1,13 @@
+FROM ubuntu:22.04
+RUN apt-get update && apt-get install -y make init gcc
+RUN mkdir traceroute
+ADD libsupp traceroute/libsupp/
+ADD include traceroute/include
+ADD traceroute traceroute/traceroute/
+ADD Makefile traceroute/
+ADD Make.rules traceroute/
+ADD Make.defines traceroute/
+ADD default.rules traceroute/
+ADD VERSION traceroute/
+
+CMD ["/sbin/init"]