ecn.9: Add ecn(9) manual
Add ecn manual for ip_ecn tunneling functions. Reviewed by: pauamma_gundo.com, tuexen Differential Revision: https://reviews.freebsd.org/D53517
This commit is contained in:
@@ -144,6 +144,7 @@ MAN= accept_filter.9 \
|
|||||||
drbr.9 \
|
drbr.9 \
|
||||||
driver.9 \
|
driver.9 \
|
||||||
DRIVER_MODULE.9 \
|
DRIVER_MODULE.9 \
|
||||||
|
ecn.9 \
|
||||||
efirt.9 \
|
efirt.9 \
|
||||||
epoch.9 \
|
epoch.9 \
|
||||||
ether_gen_addr.9 \
|
ether_gen_addr.9 \
|
||||||
@@ -1108,6 +1109,10 @@ MLINKS+=drbr.9 drbr_free.9 \
|
|||||||
MLINKS+=DRIVER_MODULE.9 DRIVER_MODULE_ORDERED.9 \
|
MLINKS+=DRIVER_MODULE.9 DRIVER_MODULE_ORDERED.9 \
|
||||||
DRIVER_MODULE.9 EARLY_DRIVER_MODULE.9 \
|
DRIVER_MODULE.9 EARLY_DRIVER_MODULE.9 \
|
||||||
DRIVER_MODULE.9 EARLY_DRIVER_MODULE_ORDERED.9
|
DRIVER_MODULE.9 EARLY_DRIVER_MODULE_ORDERED.9
|
||||||
|
MLINKS+=ecn.9 ip_ecn_ingress.9 \
|
||||||
|
ecn.9 ip_ecn_egress.9 \
|
||||||
|
ecn.9 ip6_ecn_ingress.9 \
|
||||||
|
ecn.9 ip6_ecn_egress.9
|
||||||
MLINKS+=epoch.9 epoch_context.9 \
|
MLINKS+=epoch.9 epoch_context.9 \
|
||||||
epoch.9 epoch_alloc.9 \
|
epoch.9 epoch_alloc.9 \
|
||||||
epoch.9 epoch_free.9 \
|
epoch.9 epoch_free.9 \
|
||||||
|
|||||||
@@ -0,0 +1,184 @@
|
|||||||
|
.\"
|
||||||
|
.\" SPDX-License-Identifier: BSD-2-Clause
|
||||||
|
.\"
|
||||||
|
.\" Copyright (c) 2026 Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org>
|
||||||
|
.\" All rights reserved.
|
||||||
|
.\"
|
||||||
|
.\" Redistribution and use in source and binary forms, with or without
|
||||||
|
.\" modification, are permitted provided that the following conditions
|
||||||
|
.\" are met:
|
||||||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||||||
|
.\" notice, this list of conditions and the following disclaimer.
|
||||||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||||||
|
.\" documentation and/or other materials provided with the distribution.
|
||||||
|
.\"
|
||||||
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
|
||||||
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
|
||||||
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
.\" SUCH DAMAGE.
|
||||||
|
.\"
|
||||||
|
.Dd March 19, 2026
|
||||||
|
.Dt ECN 9
|
||||||
|
.Os
|
||||||
|
.Sh NAME
|
||||||
|
.Nm ecn ,
|
||||||
|
.Nm ip_ecn_ingress ,
|
||||||
|
.Nm ip_ecn_egress ,
|
||||||
|
.Nm ip6_ecn_ingress ,
|
||||||
|
.Nm ip6_ecn_egress
|
||||||
|
.Nd IP ECN interfaces for tunnel encapsulation/decapsulation
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.In sys/netinet/ip_ecn.h
|
||||||
|
.In sys/netinet6/ip6_ecn.h
|
||||||
|
.\"
|
||||||
|
.Ss "Constants"
|
||||||
|
.Dv ECN_COMPLETE
|
||||||
|
.Dv ECN_ALLOWED
|
||||||
|
.Dv ECN_FORBIDDEN
|
||||||
|
.Dv ECN_NOCARE
|
||||||
|
.\"
|
||||||
|
.Ss "ECN Manipulation Functions"
|
||||||
|
.Ft "void"
|
||||||
|
.Fn ip_ecn_ingress "int mode" "uint8_t *outer" "const uint8_t *inner"
|
||||||
|
.Ft "void"
|
||||||
|
.Fn "ip6_ecn_ingress" "int mode" "uint32_t *outer" "const uint32_t *inner"
|
||||||
|
.Ft "int"
|
||||||
|
.Fn "ip_ecn_egress" "int mode" "uint8_t *outer" "const uint8_t *inner"
|
||||||
|
.Ft "int"
|
||||||
|
.Fn "ip6_ecn_egress" "int mode" "uint32_t *outer" "const uint32_t *inner"
|
||||||
|
.\"
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
The
|
||||||
|
.Fn ip_ecn_ingress
|
||||||
|
and
|
||||||
|
.Fn ip_ecn_egress
|
||||||
|
interfaces implement Explicit Congestion Notification (ECN) processing for
|
||||||
|
tunnel encapsulation (ingress) and decapsulation (egress). They operate on
|
||||||
|
the ECN bits in the IP Type of Service (TOS) or
|
||||||
|
IPv6 Traffic Class (TCLASS) header field.
|
||||||
|
These functions implements the standard specification of RFC6040 in
|
||||||
|
.Vt ECN_ALLOWED
|
||||||
|
mode for
|
||||||
|
.Fn ip_ecn_egress
|
||||||
|
with addition of
|
||||||
|
.Vt ECN_FORBIDDEN
|
||||||
|
mode as compatibility mode in
|
||||||
|
.Fn ip_ecn_ingress .
|
||||||
|
.Ss Interface
|
||||||
|
The functions for manipulating
|
||||||
|
.Vt ip_tos
|
||||||
|
and
|
||||||
|
.Vt ipv6_flow
|
||||||
|
are as follows:
|
||||||
|
.Bl -tag -width indent -offset indent
|
||||||
|
.It Fn ip_ecn_ingress Fn ip6_ecn_ingress
|
||||||
|
Perform ECN processing at encapsulation time (ingress) based on
|
||||||
|
the ECN bits of the
|
||||||
|
.Vt ip_tos
|
||||||
|
field in
|
||||||
|
.Vt "struct ip"
|
||||||
|
or the
|
||||||
|
.Vt ip6_flow
|
||||||
|
field in
|
||||||
|
.Vt "struct ip6_hdr"
|
||||||
|
as
|
||||||
|
.Va inner
|
||||||
|
to
|
||||||
|
.Va outer .
|
||||||
|
It also copies the DSCP value from
|
||||||
|
.Va inner
|
||||||
|
to
|
||||||
|
.Va outer .
|
||||||
|
.It Fn ip_ecn_egress Fn ip6_ecn_egress
|
||||||
|
Perform ECN processing at decapsulation time (egress) based on
|
||||||
|
the ECN bits of
|
||||||
|
.Va outer
|
||||||
|
to
|
||||||
|
.Va inner .
|
||||||
|
.Vt ECN_ALLOWED
|
||||||
|
mode may modify the
|
||||||
|
.Va inner
|
||||||
|
ECN bits or instruct the caller to drop or log
|
||||||
|
by returning
|
||||||
|
.Vt ECN_WARN
|
||||||
|
or
|
||||||
|
.Vt ECN_ALARM
|
||||||
|
values.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
Return codes for
|
||||||
|
.Fn ip_ecn_egress
|
||||||
|
are as follows:
|
||||||
|
.Bl -tag -width ".Dv ECN_SUCCESS" -offset indent
|
||||||
|
.It Dv ECN_DROP
|
||||||
|
(0) Caller MUST drop the packet.
|
||||||
|
.It Dv ECN_SUCCESS
|
||||||
|
(1) Processing succeeded;
|
||||||
|
inner ECN bits may have been updated.
|
||||||
|
.It Dv ECN_WARN
|
||||||
|
(2) Processing succeeded;
|
||||||
|
caller MAY log a warning for an anomalous ECN combination.
|
||||||
|
.It Dv ECN_ALARM
|
||||||
|
(3) Processing succeeded;
|
||||||
|
caller SHOULD log and MAY raise an alarm for a serious ECN anomaly.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
The following modes are handled by functions:
|
||||||
|
.Bl -tag -width ".Dv ECN_FORBIDDEN" -offset indent
|
||||||
|
.It Dv ECN_COMPLETE
|
||||||
|
Normal mode as defined in RFC6040.
|
||||||
|
ECN bits are preserved through encapsulation;
|
||||||
|
decapsulation follows RFC6040 rules and it returns
|
||||||
|
.Vt ECN_WARN
|
||||||
|
or
|
||||||
|
.Vt ECN_ALARM
|
||||||
|
values when a potentially dangerous packet detected.
|
||||||
|
.It Dv ECN_ALLOWED
|
||||||
|
Normal mode as defined in RFC6040 without security checks.
|
||||||
|
ECN bits are preserved through encapsulation;
|
||||||
|
decapsulation follows RFC6040 rules.
|
||||||
|
.It Dv ECN_FORBIDDEN
|
||||||
|
Compatibility mode.
|
||||||
|
ECN is stripped on encapsulation and decapsulation will
|
||||||
|
drop packets that carry CE in the outer header.
|
||||||
|
This mode should not be used in
|
||||||
|
.Fn ip_ecn_egress
|
||||||
|
or
|
||||||
|
.Fn ip6_ecn_egress
|
||||||
|
since the
|
||||||
|
.Vt ECN_ALLOWED
|
||||||
|
mode already covers all possible scenarios as specified in RFC6040.
|
||||||
|
.It Dv ECN_NOCARE
|
||||||
|
leave ECN bits unchanged and ignored.
|
||||||
|
.El
|
||||||
|
.Ss IPV6 HANDLING
|
||||||
|
IPv6 interfaces
|
||||||
|
.Fn ip6_ecn_ingress
|
||||||
|
and
|
||||||
|
.Fn ip6_ecn_egress
|
||||||
|
extract the 8‑bit DSCP and ECN values from the 32‑bit
|
||||||
|
.Vt ip6_flow
|
||||||
|
and insert it to IPv4 equivalent interfaces.
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr ip 4 ,
|
||||||
|
.Xr ip6 4 ,
|
||||||
|
.Xr ipsec 4
|
||||||
|
.Sh HISTORY
|
||||||
|
Historically
|
||||||
|
.Fn ip_ecn_egress
|
||||||
|
used a boolean-style return.
|
||||||
|
The current API preserves numeric mapping for drop (ECN_DROP == 0)
|
||||||
|
and success (ECN_SUCCESS == 1) but defines additional non‑zero
|
||||||
|
status codes (ECN_WARN, ECN_ALARM).
|
||||||
|
Callers that only test for non‑zero success will continue to
|
||||||
|
treat WARN/ALARM as success.
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An Pouria Mousavizadeh Tehrani Aq Mt pouria@FreeBSD.org
|
||||||
Reference in New Issue
Block a user