triglav 0.1.0

High-performance multi-path networking tool with intelligent uplink management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371

//! Flow hash calculation for ECMP-aware path selection.
//!
//! Implements flow hash calculation compatible with common ECMP implementations
//! used by network devices. Packets with the same flow hash will traverse the
//! same network path through ECMP routers.
//!
//! Based on Dublin Traceroute's flow hash calculation technique.

use std::net::{IpAddr, SocketAddr};

/// Flow identifier containing the 5-tuple that determines ECMP path selection.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct FlowId {
    /// Source IP address.
    pub src_ip: IpAddr,
    /// Destination IP address.
    pub dst_ip: IpAddr,
    /// Source port.
    pub src_port: u16,
    /// Destination port.
    pub dst_port: u16,
    /// IP protocol (6 = TCP, 17 = UDP).
    pub protocol: u8,
}

impl FlowId {
    /// Create a new flow identifier.
    pub fn new(
        src_ip: IpAddr,
        dst_ip: IpAddr,
        src_port: u16,
        dst_port: u16,
        protocol: u8,
    ) -> Self {
        Self {
            src_ip,
            dst_ip,
            src_port,
            dst_port,
            protocol,
        }
    }

    /// Create from socket addresses with UDP protocol.
    pub fn from_udp(src: SocketAddr, dst: SocketAddr) -> Self {
        Self::new(src.ip(), dst.ip(), src.port(), dst.port(), 17)
    }

    /// Create from socket addresses with TCP protocol.
    pub fn from_tcp(src: SocketAddr, dst: SocketAddr) -> Self {
        Self::new(src.ip(), dst.ip(), src.port(), dst.port(), 6)
    }

    /// Calculate the ECMP-compatible flow hash.
    ///
    /// This hash mimics common router ECMP implementations:
    /// - Uses all 5-tuple fields
    /// - Produces consistent results for the same flow
    /// - Returns 0xffff if the calculated hash is 0 (never returns 0)
    ///
    /// Two packets with the same flow hash will follow the same path through
    /// ECMP-enabled network devices.
    pub fn flow_hash(&self) -> u16 {
        let hash = self.compute_hash();
        if hash == 0 { 0xffff } else { hash }
    }

    /// Internal hash computation matching Dublin Traceroute algorithm.
    fn compute_hash(&self) -> u16 {
        let mut hash: u32 = 0;

        // Add TOS (0 for our purposes) + protocol
        hash = hash.wrapping_add(u32::from(self.protocol));

        // Add source IP
        match self.src_ip {
            IpAddr::V4(addr) => {
                let octets = addr.octets();
                hash = hash.wrapping_add(u32::from(u16::from_be_bytes([octets[0], octets[1]])));
                hash = hash.wrapping_add(u32::from(u16::from_be_bytes([octets[2], octets[3]])));
            }
            IpAddr::V6(addr) => {
                let octets = addr.octets();
                for chunk in octets.chunks(2) {
                    hash = hash.wrapping_add(u32::from(u16::from_be_bytes([chunk[0], chunk[1]])));
                }
            }
        }

        // Add destination IP
        match self.dst_ip {
            IpAddr::V4(addr) => {
                let octets = addr.octets();
                hash = hash.wrapping_add(u32::from(u16::from_be_bytes([octets[0], octets[1]])));
                hash = hash.wrapping_add(u32::from(u16::from_be_bytes([octets[2], octets[3]])));
            }
            IpAddr::V6(addr) => {
                let octets = addr.octets();
                for chunk in octets.chunks(2) {
                    hash = hash.wrapping_add(u32::from(u16::from_be_bytes([chunk[0], chunk[1]])));
                }
            }
        }

        // Add ports
        hash = hash.wrapping_add(u32::from(self.src_port));
        hash = hash.wrapping_add(u32::from(self.dst_port));

        // Fold to 16 bits
        while hash > 0xffff {
            hash = (hash & 0xffff) + (hash >> 16);
        }

        hash as u16
    }

    /// Generate a variant flow that will take a different ECMP path.
    ///
    /// By modifying the source port, we can probe different ECMP paths
    /// while keeping the same destination.
    pub fn with_src_port(&self, port: u16) -> Self {
        Self {
            src_port: port,
            ..*self
        }
    }

    /// Generate a variant flow with different destination port.
    pub fn with_dst_port(&self, port: u16) -> Self {
        Self {
            dst_port: port,
            ..*self
        }
    }
}

/// Calculate flow hash for a packet's 5-tuple.
///
/// This is a convenience function for quick hash calculation.
pub fn calculate_flow_hash(
    src_ip: IpAddr,
    dst_ip: IpAddr,
    src_port: u16,
    dst_port: u16,
    protocol: u8,
) -> u16 {
    FlowId::new(src_ip, dst_ip, src_port, dst_port, protocol).flow_hash()
}

/// Calculate flow hash from socket addresses.
pub fn flow_hash_from_addrs(src: SocketAddr, dst: SocketAddr, is_tcp: bool) -> u16 {
    if is_tcp {
        FlowId::from_tcp(src, dst).flow_hash()
    } else {
        FlowId::from_udp(src, dst).flow_hash()
    }
}

/// ECMP path enumerator.
///
/// Generates a sequence of port values that will produce different flow hashes,
/// allowing enumeration of multiple ECMP paths to a destination.
#[derive(Debug)]
pub struct EcmpPathEnumerator {
    base_flow: FlowId,
    base_port: u16,
    num_paths: u16,
    use_src_port: bool,
}

impl EcmpPathEnumerator {
    /// Create a new ECMP path enumerator.
    ///
    /// # Arguments
    /// * `base_flow` - The base flow to vary
    /// * `base_port` - Starting port number
    /// * `num_paths` - Number of paths to enumerate
    /// * `use_src_port` - If true, vary source port; if false, vary destination port
    pub fn new(base_flow: FlowId, base_port: u16, num_paths: u16, use_src_port: bool) -> Self {
        Self {
            base_flow,
            base_port,
            num_paths,
            use_src_port,
        }
    }

    /// Get flow IDs for all paths.
    pub fn flows(&self) -> Vec<FlowId> {
        (0..self.num_paths)
            .map(|i| {
                let port = self.base_port.wrapping_add(i);
                if self.use_src_port {
                    self.base_flow.with_src_port(port)
                } else {
                    self.base_flow.with_dst_port(port)
                }
            })
            .collect()
    }

    /// Get unique flow hashes (deduplicated).
    pub fn unique_hashes(&self) -> Vec<u16> {
        let mut hashes: Vec<_> = self.flows().iter().map(FlowId::flow_hash).collect();
        hashes.sort_unstable();
        hashes.dedup();
        hashes
    }

    /// Estimate number of unique ECMP paths based on hash diversity.
    pub fn estimated_path_count(&self) -> usize {
        self.unique_hashes().len()
    }
}

/// Flow hash bucket for grouping packets by ECMP path.
#[derive(Debug, Default)]
pub struct FlowHashBucket {
    /// Flows grouped by their hash.
    buckets: std::collections::HashMap<u16, Vec<FlowId>>,
}

impl FlowHashBucket {
    /// Create a new flow hash bucket.
    pub fn new() -> Self {
        Self::default()
    }

    /// Add a flow to its bucket.
    pub fn add(&mut self, flow: FlowId) {
        let hash = flow.flow_hash();
        self.buckets.entry(hash).or_default().push(flow);
    }

    /// Get the number of unique buckets (paths).
    pub fn bucket_count(&self) -> usize {
        self.buckets.len()
    }

    /// Get flows in a specific bucket.
    pub fn get_bucket(&self, hash: u16) -> Option<&Vec<FlowId>> {
        self.buckets.get(&hash)
    }

    /// Iterate over all buckets.
    pub fn iter(&self) -> impl Iterator<Item = (&u16, &Vec<FlowId>)> {
        self.buckets.iter()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::net::{Ipv4Addr, Ipv6Addr};

    #[test]
    fn test_flow_hash_consistency() {
        let flow = FlowId::new(
            IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1)),
            IpAddr::V4(Ipv4Addr::new(10, 0, 0, 1)),
            12345,
            80,
            6,
        );

        let hash1 = flow.flow_hash();
        let hash2 = flow.flow_hash();
        assert_eq!(hash1, hash2);
    }

    #[test]
    fn test_different_ports_different_hash() {
        let flow1 = FlowId::new(
            IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1)),
            IpAddr::V4(Ipv4Addr::new(10, 0, 0, 1)),
            12345,
            80,
            17,
        );

        let flow2 = flow1.with_src_port(12346);

        // Different ports should (usually) produce different hashes
        // Note: hash collisions are possible but unlikely for adjacent ports
        let hash1 = flow1.flow_hash();
        let hash2 = flow2.flow_hash();
        assert_ne!(hash1, hash2);
    }

    #[test]
    fn test_flow_hash_never_zero() {
        // Test many flows to ensure we never get 0
        for port in 1..1000 {
            let flow = FlowId::new(
                IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
                IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
                port,
                port,
                0,
            );
            assert_ne!(flow.flow_hash(), 0);
        }
    }

    #[test]
    fn test_ipv6_flow_hash() {
        let flow = FlowId::new(
            IpAddr::V6(Ipv6Addr::new(0x2001, 0xdb8, 0, 0, 0, 0, 0, 1)),
            IpAddr::V6(Ipv6Addr::new(0x2001, 0xdb8, 0, 0, 0, 0, 0, 2)),
            12345,
            443,
            6,
        );

        let hash = flow.flow_hash();
        assert_ne!(hash, 0);
    }

    #[test]
    fn test_ecmp_enumerator() {
        let base = FlowId::new(
            IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1)),
            IpAddr::V4(Ipv4Addr::new(8, 8, 8, 8)),
            10000,
            53,
            17,
        );

        let enumerator = EcmpPathEnumerator::new(base, 10000, 16, true);
        let flows = enumerator.flows();
        assert_eq!(flows.len(), 16);

        // Should have multiple unique hashes
        let unique = enumerator.estimated_path_count();
        assert!(unique > 1);
    }

    #[test]
    fn test_flow_hash_bucket() {
        let mut bucket = FlowHashBucket::new();

        for port in 10000..10016 {
            let flow = FlowId::new(
                IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1)),
                IpAddr::V4(Ipv4Addr::new(8, 8, 8, 8)),
                port,
                80,
                6,
            );
            bucket.add(flow);
        }

        // Should have grouped flows by hash
        assert!(bucket.bucket_count() > 0);
    }

    #[test]
    fn test_from_socket_addrs() {
        let src = SocketAddr::from(([192, 168, 1, 1], 12345));
        let dst = SocketAddr::from(([10, 0, 0, 1], 80));

        let flow_tcp = FlowId::from_tcp(src, dst);
        let flow_udp = FlowId::from_udp(src, dst);

        assert_eq!(flow_tcp.protocol, 6);
        assert_eq!(flow_udp.protocol, 17);

        // Different protocols should produce different hashes
        assert_ne!(flow_tcp.flow_hash(), flow_udp.flow_hash());
    }
}