1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# Testing For SCTP COLLISION SCENARIO as Below: 5# 6# 14:35:47.655279 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT] [init tag: 2017837359] 7# 14:35:48.353250 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT] [init tag: 1187206187] 8# 14:35:48.353275 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT ACK] [init tag: 2017837359] 9# 14:35:48.353283 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [COOKIE ECHO] 10# 14:35:48.353977 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [COOKIE ACK] 11# 14:35:48.855335 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT ACK] [init tag: 164579970] 12# 13# TOPO: SERVER_NS (link0)<--->(link1) ROUTER_NS (link2)<--->(link3) CLIENT_NS 14 15source lib.sh 16 17CLIENT_IP="198.51.200.1" 18CLIENT_PORT=1234 19 20SERVER_IP="198.51.100.1" 21SERVER_PORT=1234 22 23CLIENT_GW="198.51.200.2" 24SERVER_GW="198.51.100.2" 25 26# setup the topo 27setup() { 28 setup_ns CLIENT_NS SERVER_NS ROUTER_NS 29 ip -n "$SERVER_NS" link add link0 type veth peer name link1 netns "$ROUTER_NS" 30 ip -n "$CLIENT_NS" link add link3 type veth peer name link2 netns "$ROUTER_NS" 31 32 ip -n "$SERVER_NS" link set link0 up 33 ip -n "$SERVER_NS" addr add $SERVER_IP/24 dev link0 34 ip -n "$SERVER_NS" route add $CLIENT_IP dev link0 via $SERVER_GW 35 36 ip -n "$ROUTER_NS" link set link1 up 37 ip -n "$ROUTER_NS" link set link2 up 38 ip -n "$ROUTER_NS" addr add $SERVER_GW/24 dev link1 39 ip -n "$ROUTER_NS" addr add $CLIENT_GW/24 dev link2 40 ip net exec "$ROUTER_NS" sysctl -wq net.ipv4.ip_forward=1 41 42 ip -n "$CLIENT_NS" link set link3 up 43 ip -n "$CLIENT_NS" addr add $CLIENT_IP/24 dev link3 44 ip -n "$CLIENT_NS" route add $SERVER_IP dev link3 via $CLIENT_GW 45 46 # simulate the delay on OVS upcall by setting up a delay for INIT_ACK with 47 # tc on $SERVER_NS side 48 tc -n "$SERVER_NS" qdisc add dev link0 root handle 1: htb r2q 64 49 tc -n "$SERVER_NS" class add dev link0 parent 1: classid 1:1 htb rate 100mbit 50 tc -n "$SERVER_NS" filter add dev link0 parent 1: protocol ip u32 match ip protocol 132 \ 51 0xff match u8 2 0xff at 32 flowid 1:1 52 if ! tc -n "$SERVER_NS" qdisc add dev link0 parent 1:1 handle 10: netem delay 1200ms; then 53 echo "SKIP: Cannot add netem qdisc" 54 exit $ksft_skip 55 fi 56 57 # simulate the ctstate check on OVS nf_conntrack 58 ip net exec "$ROUTER_NS" iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP 59 ip net exec "$ROUTER_NS" iptables -A INPUT -p sctp -j DROP 60 61 # use a smaller number for assoc's max_retrans to reproduce the issue 62 modprobe -q sctp 63 ip net exec "$CLIENT_NS" sysctl -wq net.sctp.association_max_retrans=3 64} 65 66cleanup() { 67 ip net exec "$CLIENT_NS" pkill sctp_collision >/dev/null 2>&1 68 ip net exec "$SERVER_NS" pkill sctp_collision >/dev/null 2>&1 69 cleanup_all_ns 70} 71 72do_test() { 73 ip net exec "$SERVER_NS" ./sctp_collision server \ 74 $SERVER_IP $SERVER_PORT $CLIENT_IP $CLIENT_PORT & 75 ip net exec "$CLIENT_NS" ./sctp_collision client \ 76 $CLIENT_IP $CLIENT_PORT $SERVER_IP $SERVER_PORT 77} 78 79# NOTE: one way to work around the issue is set a smaller hb_interval 80# ip net exec $CLIENT_NS sysctl -wq net.sctp.hb_interval=3500 81 82# run the test case 83trap cleanup EXIT 84setup && \ 85echo "Test for SCTP Collision in nf_conntrack:" && \ 86do_test && echo "PASS!" 87exit $? 88