Re: Heartbeat on closed SCTP sockets?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On 8 Oct 2020, at 11:08, Michael Tuexen <michael.tuexen@xxxxxxxxxxxxxxxxx> wrote:
> 
>> On 8. Oct 2020, at 08:40, Andreas Fink <afink@xxxxxxxxxxxxx> wrote:
>> 
>> by reading the linux diver source I discovered this code segment in input.c around line 188
>> 
>> 
>> /*
>> 	 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
>> 	 * An SCTP packet is called an "out of the blue" (OOTB)
>> 	 * packet if it is correctly formed, i.e., passed the
>> 	 * receiver's checksum check, but the receiver is not
>> 	 * able to identify the association to which this
>> 	 * packet belongs.
>> 	 */
>> 	
>> if (!asoc) {
>> 	if (sctp_rcv_ootb(skb)) {
>> 		__SCTP_INC_STATS(net, SCTP_MIB_OUTOFBLUES);
>> 		goto discard_release;
>> 	}
>> }
> The above code looks good. Have a look at
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sctp/input.c?h=v5.9-rc8#n666

So where does it generate the ABORT? I don't see it. I can only it checks for an incoming ABORT but its not generating an outgoing ABORT for the packets which are not handled.

> 
> RFC 4960 requires also to drop some OOTB packets. This is what sctp_rcv_ootb() checks for.

Its ok to drop the packet and not hand it over to any socket (after all theres' no open socket at that moment around to handle it anyway). But we should inform the remote that this packet is not being processed by sending ABORT. That way the remote would start with INIT the next time and things probably come back to live.

>> 
>> This means out of the blue packets are always ignored and dropped.
>> 
>> the RFC however says:
>> 
>>  8) The receiver should respond to the sender of the OOTB packet with
>>     an ABORT.  When sending the ABORT, the receiver of the OOTB packet
>>     MUST fill in the Verification Tag field of the outbound packet
>>     with the value found in the Verification Tag field of the OOTB
>>     packet and set the T-bit in the Chunk Flags to indicate that no
>>     TCB was found.  After sending this ABORT, the receiver of the OOTB
>>     packet shall discard the OOTB packet and take no further action.
>> 
>> I think this is what I am seeing. The remote sends OOTB messages, we dont reply with abort which means the remote doesnt reset the connection.
> What are those OOTB messages? Which chunks do they contain?

They contain HEARTBEAT for example.

But because we are indeed sending HEATBEAT ACK back, they are handled. 
This means the kernel must think they are not OOTB but some established assoc. Only its status is CLOSED.


> 
> Bes regards
> Michael
>> There must be a second issue that the socket structures are not in sync up.
>> 
>> 
>>> On 5 Oct 2020, at 19:16, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> wrote:
>>> 
>>> Hi,
>>> 
>>> On Mon, Oct 05, 2020 at 06:39:22PM +0200, Andreas Fink wrote:
>>> ...
>>>> What we now see in netstat --sctp is:
>>>> 
>>>> we have a LISTEN on port 2010
>>>> we have a  association from port 2010 to the remote in status CLOSED
>>>> 
>>>> in tcpdump we see packets coming in from the remote and heartbeat being acknowledged. However our application is not answering to these packets and the status of the application shows SCTP being down.
>>>> In other words, my application sees the association down. Netstat shows the association as being closed but the kernel seems to continue to entertain this association by continue to send heartbeat ACK and not sending ABORT.
>>> 
>>> That's weird. If it is in CLOSED, then the stack should be handling
>>> it as an OOTB packet and trigger an Abort.
>>> 
>>>> 
>>>> We now kill the application
>>>> 
>>>> What we now see in netstat --sctp is:
>>>> we no longer listen on port 2010
>>>> we have a closed association from port 2010 to the remote.
>>>> 
>>>> in tcpdump we however we STILL see packets coming in from the remote and heartbeat being acknowledged, even though no application is listening on this port and no userspace application is using that port.
>>>> We do not see any SHUTDOWN or INIT even if we restart the application.
>>>> 
>>>> Can anyone explain how this can be?
>>> 
>>> Please check the assoc status as well, via 'ss -a --sctp' and
>>> /proc/net/sctp/assocs . Maybe it got out of sync of the socket status.
>>> 
>>> Marcelo
>> 
>> 
> 





[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux