From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63D7FC433E7 for ; Thu, 8 Oct 2020 09:17:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 130C1215A4 for ; Thu, 8 Oct 2020 09:17:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725916AbgJHJRD convert rfc822-to-8bit (ORCPT ); Thu, 8 Oct 2020 05:17:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725849AbgJHJRD (ORCPT ); Thu, 8 Oct 2020 05:17:03 -0400 X-Greylist: delayed 529 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 08 Oct 2020 02:17:03 PDT Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 525F1C061755 for ; Thu, 8 Oct 2020 02:17:03 -0700 (PDT) Received: from [IPv6:2a02:8109:1140:c3d:a59e:7de:bf9c:56] (unknown [IPv6:2a02:8109:1140:c3d:a59e:7de:bf9c:56]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id 465FC71EB3C02; Thu, 8 Oct 2020 11:08:07 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: Heartbeat on closed SCTP sockets? From: Michael Tuexen In-Reply-To: Date: Thu, 8 Oct 2020 11:08:06 +0200 Cc: Marcelo Ricardo Leitner , linux-sctp@vger.kernel.org Content-Transfer-Encoding: 8BIT Message-ID: References: <1FB70B30-857C-4CD9-A05C-4BA15F57B1D2@list.fink.org> <20201005171643.GK70998@localhost.localdomain> To: Andreas Fink X-Mailer: Apple Mail (2.3608.120.23.2.4) Precedence: bulk List-ID: X-Mailing-List: linux-sctp@vger.kernel.org Message-ID: <20201008090806.V052k1C4vrQv75JnB0r4K_T8Sx9JTDYnz8OVCtwNlmI@z> > On 8. Oct 2020, at 08:40, Andreas Fink wrote: > > by reading the linux diver source I discovered this code segment in input.c around line 188 > > > /* > * RFC 2960, 8.4 - Handle "Out of the blue" Packets. > * An SCTP packet is called an "out of the blue" (OOTB) > * packet if it is correctly formed, i.e., passed the > * receiver's checksum check, but the receiver is not > * able to identify the association to which this > * packet belongs. > */ > > if (!asoc) { > if (sctp_rcv_ootb(skb)) { > __SCTP_INC_STATS(net, SCTP_MIB_OUTOFBLUES); > goto discard_release; > } > } The above code looks good. Have a look at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sctp/input.c?h=v5.9-rc8#n666 RFC 4960 requires also to drop some OOTB packets. This is what sctp_rcv_ootb() checks for. > > This means out of the blue packets are always ignored and dropped. > > the RFC however says: > > 8) The receiver should respond to the sender of the OOTB packet with > an ABORT. When sending the ABORT, the receiver of the OOTB packet > MUST fill in the Verification Tag field of the outbound packet > with the value found in the Verification Tag field of the OOTB > packet and set the T-bit in the Chunk Flags to indicate that no > TCB was found. After sending this ABORT, the receiver of the OOTB > packet shall discard the OOTB packet and take no further action. > > I think this is what I am seeing. The remote sends OOTB messages, we dont reply with abort which means the remote doesnt reset the connection. What are those OOTB messages? Which chunks do they contain? Bes regards Michael > There must be a second issue that the socket structures are not in sync up. > > >> On 5 Oct 2020, at 19:16, Marcelo Ricardo Leitner wrote: >> >> Hi, >> >> On Mon, Oct 05, 2020 at 06:39:22PM +0200, Andreas Fink wrote: >> ... >>> What we now see in netstat --sctp is: >>> >>> we have a LISTEN on port 2010 >>> we have a association from port 2010 to the remote in status CLOSED >>> >>> in tcpdump we see packets coming in from the remote and heartbeat being acknowledged. However our application is not answering to these packets and the status of the application shows SCTP being down. >>> In other words, my application sees the association down. Netstat shows the association as being closed but the kernel seems to continue to entertain this association by continue to send heartbeat ACK and not sending ABORT. >> >> That's weird. If it is in CLOSED, then the stack should be handling >> it as an OOTB packet and trigger an Abort. >> >>> >>> We now kill the application >>> >>> What we now see in netstat --sctp is: >>> we no longer listen on port 2010 >>> we have a closed association from port 2010 to the remote. >>> >>> in tcpdump we however we STILL see packets coming in from the remote and heartbeat being acknowledged, even though no application is listening on this port and no userspace application is using that port. >>> We do not see any SHUTDOWN or INIT even if we restart the application. >>> >>> Can anyone explain how this can be? >> >> Please check the assoc status as well, via 'ss -a --sctp' and >> /proc/net/sctp/assocs . Maybe it got out of sync of the socket status. >> >> Marcelo > >