pmtud

#! /usr/bin/env sh

set -u

# Simplistic Path MTU Discovery using ICMP Echo Request probes.
#
# Copyright (C) 2017-2024 Erik Auerswald <auerswal@unix-ag.uni-kl.de>
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without any warranty.

# Simplistic Path MTU Discovery using ICMP Echo Request probes, may be fooled
# by networks limiting ICMP Echo Request size. Intended use is for PMTUD over
# VPN in broken networks, where standard PMTUD does not work, but the VPN
# hides that the probe packets are ICMP Echo Requests and thus allows the
# script to work.

# Some versions of the Ping program from iputils fragments IPv6 probe
# packets to conform to the local MTU even with the "-M do" option that
# shall prevent local fragmentation. Thus the results of this program
# may be wrong if an IPv6 end point is specified.

VERSION='2024-09-28-03'
PROG="$(basename "$0")"

DEF_ALGO='binary'
DEF_OVERHEAD=28
DEF_MIN='auto'
DEF_MAX='auto'
DEF_INC=10
DEF_TABLE='65535 32000 17914 9180 9000 8166 4352 2304 2002 1500 1492 1400 1358 1280 1024 1006 576 508 296 68'
DEF_WAIT='.15'
DEF_PROBETIMEOUT='2'

TARGET=''
AF=''
PINGOPTS="-c1 -Mdo -n -W${DEF_PROBETIMEOUT}"
QUIET=''
VERBOSE=''
BRIEF=''
DIRECTION='upwards'
PROBE_LINE_END='\r'

version() { echo "$PROG version $VERSION"; }

copyright()
{
  echo 'Copyright (C) 2017-2024 Erik Auerswald <auerswal@unix-ag.uni-kl.de>'
}

license()
{
  cat <<EOF
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.  This file is offered as-is,
without any warranty.
EOF
}

usage()
{
  echo "Usage: $PROG [OPTIONS] {IP | HOSTNAME}"
  echo "Help:  $PROG -h"
}

help()
{
  version
  copyright
  usage
  cat <<EOF

Path MTU discovery to given IP / HOSTNAME using ICMP Echo Request probes.
The $DEF_ALGO search strategy is used by default.
The upper search limit is automatically determined by using the current
interface MTU of the outgoing interface, if possible, unless given
via option.
The result may be too low, if network or target host limit ICMP Echo
Request packet size, or if the probes are sent faster than a rate limit
in network or target host allows.
The result may be too high, if probe packets are fragmented on the
sending host.  The default ping program in some older Debian versions
had this problem for IPv6.

Options:
  -h            print this help and exit
  -V            print version and exit
  -L            print license and exit
  -l            use linear search strategy for path MTU discovery (upwards)
  -d            use linear search strategy for path MTU discovery (downwards)
  -b            use binary search strategy for path MTU discovery (default)
  -p            use plateau table based search as suggested in RFC 1191
  -P VALUES     specify alternate plateau table (values separated by whitespace)
  -m MIN        set minimum probe size in bytes (default ${DEF_MIN})
  -M MAX        set maximum probe size in bytes (default ${DEF_MAX})
  -i INCREMENT  set linear search increment size in bytes (default ${DEF_INC})
  -w WAIT       set time waited between probes (default ${DEF_WAIT}s)
  -W TIMEOUT    set probe timeout (default ${DEF_PROBETIMEOUT}s)
  -o OVERHEAD   set overhead in bytes added by ping (default ${DEF_OVERHEAD})
  -q            quiet operation: omit progress messages
  -Q            quiet operation with brief output: print only the PMTU in bytes
  -v            verbose operation: one line per probe
  -4            use IPv4 with 28B overhead (default)
  -6            use IPv6 with 48B overhead

Plateau search uses the following values by default:
  ${DEF_TABLE}

Different sources provide different plateau search table contents.
The built-in plateau table probably uses too many different values.
The "-P" option allows to specify a different set of values.

 - Source Routing Bridges largest frame values:
    -p -P '65535 17800 11407 4472 2052 1500 516'
 - RFC 1191, Path MTU Discovery:
    -p -P '65535 32000 17914 8166 4352 2002 1492 1006 508 296 68'
 - LWN article "So you think you understand IP fragmentation?":
    -p -P '9000 8000 1500 1400 1280'
   To send the packets "at the same time" as in the LWN article use "-w0":
    -p -P '9000 8000 1500 1400 1280' -w 0
EOF
}

# error_msg() prints its parameters as a line to STDERR
error_msg()
{
  echo "[!] ${PROG}: ERROR: $*" 1>&2
}

# ensure the first argument is a positive integer, otherwise exit
# use second argument in error message
ensure_pos_int()
{
  test $# -eq 2 || {
    error_msg 'ensure_pos_int(): wrong number of arguments:' "$#"; exit 1;
  }
  printf -- '%s' "$1" | { tr '\012' '%'; echo; } | grep -q '^[1-9][0-9]*$' || {
    error_msg "$2 must be a positive integer"
    usage
    exit 1
  }
  return 0
}

# ensure the first argument is a non-negative number, otherwise exit
# use second argument in error message
ensure_nn_num()
{
  test $# -eq 2 || {
    error_msg 'ensure_nn_num(): wrong number of arguments:' "$#"; exit 1;
  }
  printf -- '%s' "$1" | { tr '\012' '%'; echo; } \
  | grep -Eq '^([0-9]*\.?[0-9]+|[0-9]+\.[0-9]*)$' || {
    error_msg "$2 must be a non-negative number"
    usage
    exit 1
  }
  return 0
}

# ensure the first argument is a list of non-negative integers, otherwise exit
# use second argument in error message
ensure_nn_int_list()
{
  test $# -eq 2 || {
    error_msg 'ensure_nn_int_list(): wrong number of arguments:' "$#"; exit 1;
  }
  printf -- '%s' "$1" | { tr '\012' '%'; echo; } | grep -Eq '^[ 0-9]+$' || {
    error_msg "$2 must only use digits and spaces"
    usage
    exit 1
  }
  return 0
}

ALGO="$DEF_ALGO"
OVERHEAD="$DEF_OVERHEAD"
MIN="$DEF_MIN"
MAX="$DEF_MAX"
INCREMENT="$DEF_INC"
TABLE="$DEF_TABLE"
WAIT="$DEF_WAIT"
PROBETIMEOUT="$DEF_PROBETIMEOUT"

while getopts ':hVLldbpP:m:M:i:w:W:o:q46vQ' OPT; do
  case "$OPT" in
    'h') help; exit 0;;
    'V') version; exit 0;;
    'L') version; copyright; license; exit 0;;
    'l') ALGO='linear';;
    'd') ALGO='linear' DIRECTION='downwards';;
    'b') ALGO='binary';;
    'p') ALGO='plateau';;
    'P') ensure_nn_int_list "$OPTARG" 'plateau table'; TABLE="$OPTARG";;
    'm') ensure_pos_int "$OPTARG" 'MIN'; MIN="$OPTARG";;
    'M') ensure_pos_int "$OPTARG" 'MAX'; MAX="$OPTARG";;
    'i') ensure_pos_int "$OPTARG" 'INCREMENT'; INCREMENT="$OPTARG";;
    'w') ensure_nn_num "$OPTARG" 'WAIT'; WAIT="$OPTARG";;
    'W') ensure_pos_int "$OPTARG" 'TIMEOUT';
         PROBETIMEOUT="$OPTARG"; PINGOPTS="-c1 -Mdo -n -W${PROBETIMEOUT}";;
    'o') ensure_pos_int "$OPTARG" 'OVERHEAD'; OVERHEAD="$OPTARG";;
    'q') QUIET='quiet' VERBOSE='' BRIEF='';;
    'Q') QUIET='quiet' VERBOSE='' BRIEF='brief';;
    'v') QUIET='' VERBOSE='verbose' BRIEF='';;
    '4') AF='-4' OVERHEAD=28;;
    '6') AF='-6' OVERHEAD=48;;
    '?') error_msg "unknown option '-$OPTARG'"; usage; exit 1;;
    ':') error_msg "argument required for option '-$OPTARG'"; usage; exit 1;;
    *) error_msg "option '$OPT' not implemented"; usage; exit 1;;
  esac
done
shift $((OPTIND - 1))

test $# -lt 1 && { error_msg "no target host given"; usage; exit 1; }
test $# -gt 1 && { error_msg "too many arguments"; usage; exit 1; }
test $# -eq 1 && { TARGET="$1"; shift; }

test -n "$QUIET" && test -n "$VERBOSE" && {
  error_msg 'operation cannot be both quiet and verbose at the same time'
  exit 1
}
test -n "$VERBOSE" && test -n "$BRIEF" && {
  error_msg 'brief output is only supported with quiet operation'
  exit 1
}
# shellcheck disable=SC2015
test -z "$QUIET" && { exec 3>&1; } || { exec 3>/dev/null; }
test -n "$VERBOSE" && PROBE_LINE_END='\n'

# guess at intended IP version if neither option -4 nor -6 is used:
#  use IPv6 is the target looks similar to an IPv6 address,
#  otherwise use IPv4
if test -z "$AF"; then
  if expr " $TARGET" : ' [0-9A-Fa-f:][0-9A-Fa-f:]*$' >/dev/null; then
    AF='-6' OVERHEAD=48
  else
    AF='-4' OVERHEAD=28
  fi
fi

PINGOPTS="$AF $PINGOPTS"
IP="IPv${AF##-}"
ICMP="ICMP"
test "$IP" = 'IPv6' && ICMP="${ICMP}v6"

test "$MIN" = 'auto' &&
  case "$AF" in
    '-4') MIN=68;;
    '-6') MIN=1280;;
    *)    MIN="$OVERHEAD";;
  esac

# auto_max() attempts to determine the outgoing link's MTU
auto_max()
{
  DEVICE=$(ip "$AF" route get "$TARGET" | sed -nE 's/^.*dev +([^ ]+) .*$/\1/p')
  ip "$AF" link show dev "$DEVICE" | sed -nE 's/^.*mtu +([^ ]+) .*$/\1/p'
}

test "${MAX}" = 'auto' && MAX=$(auto_max 2>/dev/null)
MAX=${MAX:-1500}
test "${MAX}" -ge 65535 && MAX=65535

test "${MIN}" -gt 0 || MIN="${DEF_MIN}"
test "${MIN}" -le 65535 || MIN=65535

test "${MIN}" -le "${MAX}" || {
  error_msg 'MIN must be less than or equal to MAX'
  exit 1
}

# sending_report() takes one argument, the size of the probe
sending_report()
{
  test $# -eq 1 || {
    error_msg 'sending_report(): wrong number of arguments:' "$#"; exit 1
  }
  printf -- '[.] sending %s bytes probe   '"$PROBE_LINE_END" "$1" 1>&3
}

# send_probe() has exactly two mandatory parameters:
# 1) the probe size in bytes
# 2) the target IP address or host name
# if the probe is successful, the function will return 0 and print the probe
# size to STDOUT
send_probe()
{
  test $# -eq 2 || {
    error_msg 'send_probe(): wrong number of arguments:' "$#"; return 1;
  }
  S="$1"
  TARGET="$2"
# shellcheck disable=SC2086
  ping $PINGOPTS -s "$((S - OVERHEAD))" "$TARGET" >/dev/null 2>&1 && echo "$S"
}

# optional parameters add text in front of "IP MTU"
# decorate result number read on STDIN with explanatory words, unless BRIEF
decorate_result()
{
  if test -z "$BRIEF"; then
    sed -n '$s/^\(.*\)$/[+] '"$*"'IP PMTU is \1 bytes/p'
  else
    tail -n1
  fi
}

binary()
{
  cat 1>&3 <<EOF
[-] performing binary search $IP PMTUD to $TARGET with $ICMP Echo Requests
[-] search_low starts at $MIN bytes, search_high starts at $MAX bytes
[-] waiting $WAIT seconds between probes
[-] using $PROBETIMEOUT seconds timeout for unsuccessful probes
EOF

  LOW=$MIN
  HIGH=$MAX
  while test "$LOW" -le "$HIGH"; do
    PROBE=$(((LOW + HIGH) / 2))
    sending_report "$PROBE"
    if send_probe "$PROBE" "$TARGET"; then
      LOW=$((PROBE+1))
    else
      HIGH=$((PROBE-1))
    fi
    sleep "$WAIT"
  done | decorate_result
  echo '[+] all probes returned or timed out' 1>&3
}

linear()
{
  cat 1>&3 <<EOF
[-] performing linear search $IP PMTUD to $TARGET with $ICMP Echo Requests
[-] search_low $MIN bytes, search_high $MAX bytes, $INCREMENT byte(s) step size
[-] search direction is $DIRECTION
[-] waiting $WAIT seconds between probes
[-] using $PROBETIMEOUT seconds timeout for unsuccessful probes
EOF

  if test "$DIRECTION" = 'upwards'; then
    VALUES=$(seq "$MIN" "$INCREMENT" "$MAX")
  else
    VALUES=$(seq "$MAX" -"$INCREMENT" "$MIN")
  fi
  # shellcheck disable=SC2086
  probe_values $VALUES | decorate_result
  echo '[+] all probes returned or timed out' 1>&3
}

plateau()
{
  cat 1>&3 <<EOF
[-] performing plateau table based $IP PMTUD to $TARGET with $ICMP Echo Requests
[-] values: $TABLE
[-] using values between $MIN bytes and $MAX bytes
[-] waiting $WAIT seconds between probes
[-] using $PROBETIMEOUT seconds timeout for unsuccessful probes
EOF

  # shellcheck disable=SC2086
  probe_values $TABLE | decorate_result 'plateau estimate for '
  echo '[+] all probes returned or timed out' 1>&3
}

probe_values()
{
  for S in "$@"; do
    test "$S" -gt "$MAX" && continue
    test "$S" -lt "$MIN" && continue
    sending_report "$S"
    send_probe "$S" "$TARGET" &
    sleep "$WAIT"
  done | sort -n
}

PMTU=$("$ALGO")
# shellcheck disable=SC2015
test -n "$PMTU" && echo "$PMTU" || {
  error_msg 'could not determine PMTU'
  exit 1
}

# vim:expandtab: