From: Ashok Kumar <svashok79@gmail.com>
To: linux-sctp@vger.kernel.org
Subject: Re: How to restrict SCTP abort during a process crash
Date: Thu, 14 Dec 2017 06:42:42 +0000 [thread overview]
Message-ID: <CAOTBYLY5JnK4kHDPe_43WVHgtz81k53G7z9ow9NTUQRmVSaO-Q@mail.gmail.com> (raw)
In-Reply-To: <CAOTBYLYCFVt0hHf5_pJQCEPsh9vSNXR3V7b0SaVycJ4-KZja0w@mail.gmail.com>
Neil / Xin,
The best way is to change the LKSTCP kernel code to handle this
situation and stop sending SCTP abort message?
Can you please give guidance on where to change the code?
Thanks,
Ashok
On Wed, Dec 13, 2017 at 5:52 PM, Neil Horman <nhorman@tuxdriver.com> wrote:
> On Wed, Dec 13, 2017 at 02:58:34PM +0800, Xin Long wrote:
>> On Wed, Dec 13, 2017 at 12:50 PM, Ashok Kumar <svashok79@gmail.com> wrote:
>> > Thanks Neil for the suggestion. Yes, it sounds to be a bad hack, but
>> > we will give it a try. Meanwhile, if you can think of some other
>> > solution please let me know.
>>
>> Not sure if your SCTP server app running as a systemd service,
>> if yes, just add it to the 'After =', then let systemd insert the
>> iptables rule before killing your sctp process.
>>
>> # cat /etc/systemd/system/sctp_no_abort.service
>> [Unit]
>> Description=SCTP No Abort Send When Shutdown
>> After=shutdown.target reboot.target halt.target
>>
>> [Service]
>> Type=oneshot
>> ExecStart=/bin/true
>> ExecStop=/usr/bin/bash -c "iptables -A OUTPUT -p sctp -j DROP"
>> RemainAfterExit=yes
>>
>> [Install]
>> WantedBy=multi-user.target
>>
> This would work for some packets, but those queued and sent by a timer might
> make it out.
>
> Neil
>
>>
>>
>>
>> >
>> > Thanks,
>> > Ashok
>> >
>> > On Wed, Dec 13, 2017 at 12:02 AM, Neil Horman <nhorman@tuxdriver.com> wrote:
>> >> On Tue, Dec 12, 2017 at 10:21:31PM +0530, Ashok Kumar wrote:
>> >>> Hi,
>> >>>
>> >>>
>> >>>
>> >>> We are using LKSCTP in our LTE product (HeNBGW). We have
>> >>> high-availability support also in our product. In case of any failure
>> >>> on active VM, standby VM will take over active role and all the SCTP
>> >>> associations will be moved to that new active VM. The associations
>> >>> should be moved transparent to the peers (a kind of SCTP reset before
>> >>> SCTP heartbeat expires on the peer nodes).
>> >>>
>> >>>
>> >>>
>> >>> But the problem that we face is that when a process crashes on active
>> >>> VM, the LKSCTP stack immediately sends SCTP abort to the peers for all
>> >>> associations before the system goes down completely. This creates
>> >>> confusion with the peers. Is there any way to avoid sending SCTP abort
>> >>> message in this scenario? If yes, please let us know how to do the
>> >>> same? If it needs LKSCTP kernel code change, please give pointers on
>> >>> what and where to change.
>> >>>
>> >>>
>> >>>
>> >>> P.S: We tried to block the abort messages by dynamically using
>> >>> IPtables through signal handler (for signal 11 and 6). But this did
>> >>> not work.
>> >>>
>> >>>
>> >>>
>> >>> A quick response will be highly appreciated.
>> >>>
>> >> You're not going to be able to reliably block ABORTS, or any packet only on a
>> >> crash condition, just because the stack has points that operates asynchronously
>> >> to the process.
>> >>
>> >> About the closest thing that I could think of would be to write a custom
>> >> iptables rule to match on ABORT packets and send them to the NFQUEUE target.
>> >> Write a userspace handler process for queue targeted packets which in turn just
>> >> holds the abort packet for at least one cluster live heartbeat time (I'm
>> >> assuming here that, being a clustered system it has some sort of liveness
>> >> check). Doing this hold may allow the cluster to shift to the new vm in a
>> >> failure situation before your queue handler process releases any abort packets
>> >> that it has, while in the event there is no failover, it will just release the
>> >> abort a little late.
>> >>
>> >> I can't really recommend that approach mind you (its a horrid hack, and will
>> >> likely cause other protocol issues), but its all I can think of at the moment.
>> >>
>> >> Regards
>> >> Neil
>> >>
>> >>>
>> >>>
>> >>> Thanks,
>> >>>
>> >>> Ashok
>> >>> --
>> >>> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
>> >>> the body of a message to majordomo@vger.kernel.org
>> >>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> >>>
>> > --
>> > To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
>> > the body of a message to majordomo@vger.kernel.org
>> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
next prev parent reply other threads:[~2017-12-14 6:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-12 16:51 How to restrict SCTP abort during a process crash Ashok Kumar
2017-12-12 18:32 ` Neil Horman
2017-12-12 19:38 ` Marcelo Ricardo Leitner
2017-12-13 4:50 ` Ashok Kumar
2017-12-13 6:58 ` Xin Long
2017-12-13 12:22 ` Neil Horman
2017-12-14 6:42 ` Ashok Kumar [this message]
2017-12-14 9:22 ` Xin Long
2017-12-14 10:40 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOTBYLY5JnK4kHDPe_43WVHgtz81k53G7z9ow9NTUQRmVSaO-Q@mail.gmail.com \
--to=svashok79@gmail.com \
--cc=linux-sctp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.