linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andreas Fink <afink@list.fink.org>
To: linux-sctp@vger.kernel.org
Subject: Re: Heartbeat on closed SCTP sockets?
Date: Thu, 08 Oct 2020 11:02:25 +0000	[thread overview]
Message-ID: <35B9E584-4755-4B24-BE5E-54FE9ED51809@list.fink.org> (raw)
In-Reply-To: <1FB70B30-857C-4CD9-A05C-4BA15F57B1D2@list.fink.org>

PS wheres the repo of the latest version hosted?
I want to check it out and do some debugging

> On 8 Oct 2020, at 11:08, Michael Tuexen <michael.tuexen@lurchi.franken.de> wrote:
> 
>> On 8. Oct 2020, at 08:40, Andreas Fink <afink@list.fink.org> wrote:
>> 
>> by reading the linux diver source I discovered this code segment in input.c around line 188
>> 
>> 
>> /*
>> 	 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
>> 	 * An SCTP packet is called an "out of the blue" (OOTB)
>> 	 * packet if it is correctly formed, i.e., passed the
>> 	 * receiver's checksum check, but the receiver is not
>> 	 * able to identify the association to which this
>> 	 * packet belongs.
>> 	 */
>> 	
>> if (!asoc) {
>> 	if (sctp_rcv_ootb(skb)) {
>> 		__SCTP_INC_STATS(net, SCTP_MIB_OUTOFBLUES);
>> 		goto discard_release;
>> 	}
>> }
> The above code looks good. Have a look at
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sctp/input.c?h=v5.9-rc8#n666
> 
> RFC 4960 requires also to drop some OOTB packets. This is what sctp_rcv_ootb() checks for.
>> 
>> This means out of the blue packets are always ignored and dropped.
>> 
>> the RFC however says:
>> 
>>  8) The receiver should respond to the sender of the OOTB packet with
>>     an ABORT.  When sending the ABORT, the receiver of the OOTB packet
>>     MUST fill in the Verification Tag field of the outbound packet
>>     with the value found in the Verification Tag field of the OOTB
>>     packet and set the T-bit in the Chunk Flags to indicate that no
>>     TCB was found.  After sending this ABORT, the receiver of the OOTB
>>     packet shall discard the OOTB packet and take no further action.
>> 
>> I think this is what I am seeing. The remote sends OOTB messages, we dont reply with abort which means the remote doesnt reset the connection.
> What are those OOTB messages? Which chunks do they contain?
> 
> Bes regards
> Michael
>> There must be a second issue that the socket structures are not in sync up.
>> 
>> 
>>> On 5 Oct 2020, at 19:16, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
>>> 
>>> Hi,
>>> 
>>> On Mon, Oct 05, 2020 at 06:39:22PM +0200, Andreas Fink wrote:
>>> ...
>>>> What we now see in netstat --sctp is:
>>>> 
>>>> we have a LISTEN on port 2010
>>>> we have a  association from port 2010 to the remote in status CLOSED
>>>> 
>>>> in tcpdump we see packets coming in from the remote and heartbeat being acknowledged. However our application is not answering to these packets and the status of the application shows SCTP being down.
>>>> In other words, my application sees the association down. Netstat shows the association as being closed but the kernel seems to continue to entertain this association by continue to send heartbeat ACK and not sending ABORT.
>>> 
>>> That's weird. If it is in CLOSED, then the stack should be handling
>>> it as an OOTB packet and trigger an Abort.
>>> 
>>>> 
>>>> We now kill the application
>>>> 
>>>> What we now see in netstat --sctp is:
>>>> we no longer listen on port 2010
>>>> we have a closed association from port 2010 to the remote.
>>>> 
>>>> in tcpdump we however we STILL see packets coming in from the remote and heartbeat being acknowledged, even though no application is listening on this port and no userspace application is using that port.
>>>> We do not see any SHUTDOWN or INIT even if we restart the application.
>>>> 
>>>> Can anyone explain how this can be?
>>> 
>>> Please check the assoc status as well, via 'ss -a --sctp' and
>>> /proc/net/sctp/assocs . Maybe it got out of sync of the socket status.
>>> 
>>> Marcelo
>> 
>> 
> 

WARNING: multiple messages have this Message-ID (diff)
From: Andreas Fink <afink@list.fink.org>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	linux-sctp@vger.kernel.org
Subject: Re: Heartbeat on closed SCTP sockets?
Date: Thu, 8 Oct 2020 13:02:25 +0200	[thread overview]
Message-ID: <35B9E584-4755-4B24-BE5E-54FE9ED51809@list.fink.org> (raw)
Message-ID: <20201008110225.Ar7kf9gGQmZPHFbAw06RhNB-ZZY0eOF6f9_LLVKTz9g@z> (raw)
In-Reply-To: <E00505E6-B988-475D-86C7-F18A77E9AB7A@lurchi.franken.de>

PS wheres the repo of the latest version hosted?
I want to check it out and do some debugging

> On 8 Oct 2020, at 11:08, Michael Tuexen <michael.tuexen@lurchi.franken.de> wrote:
> 
>> On 8. Oct 2020, at 08:40, Andreas Fink <afink@list.fink.org> wrote:
>> 
>> by reading the linux diver source I discovered this code segment in input.c around line 188
>> 
>> 
>> /*
>> 	 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
>> 	 * An SCTP packet is called an "out of the blue" (OOTB)
>> 	 * packet if it is correctly formed, i.e., passed the
>> 	 * receiver's checksum check, but the receiver is not
>> 	 * able to identify the association to which this
>> 	 * packet belongs.
>> 	 */
>> 	
>> if (!asoc) {
>> 	if (sctp_rcv_ootb(skb)) {
>> 		__SCTP_INC_STATS(net, SCTP_MIB_OUTOFBLUES);
>> 		goto discard_release;
>> 	}
>> }
> The above code looks good. Have a look at
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sctp/input.c?h=v5.9-rc8#n666
> 
> RFC 4960 requires also to drop some OOTB packets. This is what sctp_rcv_ootb() checks for.
>> 
>> This means out of the blue packets are always ignored and dropped.
>> 
>> the RFC however says:
>> 
>>  8) The receiver should respond to the sender of the OOTB packet with
>>     an ABORT.  When sending the ABORT, the receiver of the OOTB packet
>>     MUST fill in the Verification Tag field of the outbound packet
>>     with the value found in the Verification Tag field of the OOTB
>>     packet and set the T-bit in the Chunk Flags to indicate that no
>>     TCB was found.  After sending this ABORT, the receiver of the OOTB
>>     packet shall discard the OOTB packet and take no further action.
>> 
>> I think this is what I am seeing. The remote sends OOTB messages, we dont reply with abort which means the remote doesnt reset the connection.
> What are those OOTB messages? Which chunks do they contain?
> 
> Bes regards
> Michael
>> There must be a second issue that the socket structures are not in sync up.
>> 
>> 
>>> On 5 Oct 2020, at 19:16, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
>>> 
>>> Hi,
>>> 
>>> On Mon, Oct 05, 2020 at 06:39:22PM +0200, Andreas Fink wrote:
>>> ...
>>>> What we now see in netstat --sctp is:
>>>> 
>>>> we have a LISTEN on port 2010
>>>> we have a  association from port 2010 to the remote in status CLOSED
>>>> 
>>>> in tcpdump we see packets coming in from the remote and heartbeat being acknowledged. However our application is not answering to these packets and the status of the application shows SCTP being down.
>>>> In other words, my application sees the association down. Netstat shows the association as being closed but the kernel seems to continue to entertain this association by continue to send heartbeat ACK and not sending ABORT.
>>> 
>>> That's weird. If it is in CLOSED, then the stack should be handling
>>> it as an OOTB packet and trigger an Abort.
>>> 
>>>> 
>>>> We now kill the application
>>>> 
>>>> What we now see in netstat --sctp is:
>>>> we no longer listen on port 2010
>>>> we have a closed association from port 2010 to the remote.
>>>> 
>>>> in tcpdump we however we STILL see packets coming in from the remote and heartbeat being acknowledged, even though no application is listening on this port and no userspace application is using that port.
>>>> We do not see any SHUTDOWN or INIT even if we restart the application.
>>>> 
>>>> Can anyone explain how this can be?
>>> 
>>> Please check the assoc status as well, via 'ss -a --sctp' and
>>> /proc/net/sctp/assocs . Maybe it got out of sync of the socket status.
>>> 
>>> Marcelo
>> 
>> 
> 



  parent reply	other threads:[~2020-10-08 11:02 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-05 16:39 Heartbeat on closed SCTP sockets? Andreas Fink
2020-10-05 16:39 ` Andreas Fink
2020-10-05 17:16 ` Marcelo Ricardo Leitner
2020-10-05 17:16   ` Marcelo Ricardo Leitner
2020-10-06 13:31 ` Andreas Fink
2020-10-06 13:31   ` Andreas Fink
2020-10-08  6:40 ` Andreas Fink
2020-10-08  6:40   ` Andreas Fink
2020-10-08  8:13 ` David Laight
2020-10-08  8:13   ` David Laight
2020-10-08  9:08 ` Michael Tuexen
2020-10-08  9:08   ` Michael Tuexen
2020-10-08 10:57 ` Andreas Fink
2020-10-08 10:57   ` Andreas Fink
2020-10-08 11:02 ` Andreas Fink [this message]
2020-10-08 11:02   ` Andreas Fink

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=35B9E584-4755-4B24-BE5E-54FE9ED51809@list.fink.org \
    --to=afink@list.fink.org \
    --cc=linux-sctp@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).