Upgrade iperf3 to 3.17.1

[mfeit-internet2]

Iperf3 3.17 contains some bug fixes that we should ship with 5.1.0.

HOWEVER: The bug fixes are incompatible with 3.16 unless a command line switch is present allowing the vul

• Upgrade iperf3 in build to 3.17.1
• Make the plugin's participant-data method add the local system's iperf3 version to what it produces.
• Make the plugin's run method configure iperf3 so it will work with what's at the other end.

The rules for the run method:

• If the remote end's participant data doesn't include the iperf3 version, assume its version is 3.16 or lower
• If local is >= 3.17 and remote is not, add --use-pkcs1-padding to the command line
• If both sides are >= 3.17, do nothing,.

I wrote a ticket against iperf3 about making it deal with this in future releases: esnet/iperf#1701

Announcement from ESNet

ESnet (Energy Sciences Network) is proud to announce the availability of iperf-3.17. This release includes several important bug fixes, as well as a correction for a possible side-channel timing vulnerability. To address this issue, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore older (vulnerable) behavior for backwards compatibility, please use the --use-pkcs1-padding flag.

Special thanks to Hubert Kario from RedHat for reporting this issue and providing feedback for the fix (CVE-2024-26306).

This release also includes several other changes, including a new --json-stream option, and it no longer changes its current working directory in --daemon mode. It also includes bug fixes for UDP tests operating between two different endian hosts, and the --fq-rate parameter now works in reverse tests. Statistics reporting interval is now available in the --json start test object, and a negative time duration is now correctly reported as an error.

The 3.17 release also includes additional support for Android, VxWorks, and now builds correctly on architectures without native support for 64-bit atomic types.

iperf3 is a tool for measuring the maximum TCP, UDP, and SCTP throughput along a path, allowing for the tuning of various parameters and reporting measurements such as throughput, jitter, and datagram packet loss. It is fully supported on Linux, FreeBSD, and macOS. It may run on other platforms as well, although it has not received the same attention and testing. Note that iperf3 is not compatible with, and will not interoperate with, version 2 or earlier of iperf, although the two versions can co-exist on the same hosts and networks.

The source code for iperf 3.17 is available at:

https://downloads.es.net/pub/iperf/iperf-3.17.tar.gz

SHA256 hash:

077ede831b11b733ecf8b273abd97f9630fd7448d3ec1eaa789f396d82c8c943

iperf3 is freely-redistributable under a 3-clause BSD license. More information can be found in the LICENSE file inside the source distribution.

Additional documentation for iperf3 can be found at:

https://software.es.net/iperf

More information about iperf3 (including the issue tracker, source code repository access, and discussion forum) can be found on the iperf3 page on GitHub at:

https://github.com/esnet/iperf

User questions can go to the iperf users list (which is more-or-less shared between iperf2 and iperf3):

[email protected]

Mailing list information and archives can be found at:

https://lists.sourceforge.net/lists/listinfo/iperf-users

The mailing list for iperf3 development is:

[email protected]

To see the list archives or join the mailing list, visit:

http://groups.google.com/group/iperf-dev

[mfeit-internet2]

Release Notes:

A change in iperf3 3.17 to fix a security vulnerability rendered it incompatible with earlier versions without explicit use of a backward-compatibility mode. The pScheduler iperf3 tool plugin has been adjusted to detect this and handle it correctly in as many situations as possible.