]> git.ipfire.org Git - thirdparty/kernel/stable.git/blob - tools/testing/selftests/netfilter/conntrack_sctp_collision.sh
projects / thirdparty / kernel / stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'kvm-x86-mmu-6.7' of https://github.com/kvm-x86/linux into HEAD
[thirdparty/kernel/stable.git] / tools / testing / selftests / netfilter / conntrack_sctp_collision.sh
1 #!/bin/bash
2 # SPDX-License-Identifier: GPL-2.0
3 #
4 # Testing For SCTP COLLISION SCENARIO as Below:
5 #
6 # 14:35:47.655279 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT] [init tag: 2017837359]
7 # 14:35:48.353250 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT] [init tag: 1187206187]
8 # 14:35:48.353275 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT ACK] [init tag: 2017837359]
9 # 14:35:48.353283 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [COOKIE ECHO]
10 # 14:35:48.353977 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [COOKIE ACK]
11 # 14:35:48.855335 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT ACK] [init tag: 164579970]
12 #
13 # TOPO: SERVER_NS (link0)<--->(link1) ROUTER_NS (link2)<--->(link3) CLIENT_NS
14
15 CLIENT_NS=$(mktemp -u client-XXXXXXXX)
16 CLIENT_IP="198.51.200.1"
17 CLIENT_PORT=1234
18
19 SERVER_NS=$(mktemp -u server-XXXXXXXX)
20 SERVER_IP="198.51.100.1"
21 SERVER_PORT=1234
22
23 ROUTER_NS=$(mktemp -u router-XXXXXXXX)
24 CLIENT_GW="198.51.200.2"
25 SERVER_GW="198.51.100.2"
26
27 # setup the topo
28 setup() {
29 ip net add $CLIENT_NS
30 ip net add $SERVER_NS
31 ip net add $ROUTER_NS
32 ip -n $SERVER_NS link add link0 type veth peer name link1 netns $ROUTER_NS
33 ip -n $CLIENT_NS link add link3 type veth peer name link2 netns $ROUTER_NS
34
35 ip -n $SERVER_NS link set link0 up
36 ip -n $SERVER_NS addr add $SERVER_IP/24 dev link0
37 ip -n $SERVER_NS route add $CLIENT_IP dev link0 via $SERVER_GW
38
39 ip -n $ROUTER_NS link set link1 up
40 ip -n $ROUTER_NS link set link2 up
41 ip -n $ROUTER_NS addr add $SERVER_GW/24 dev link1
42 ip -n $ROUTER_NS addr add $CLIENT_GW/24 dev link2
43 ip net exec $ROUTER_NS sysctl -wq net.ipv4.ip_forward=1
44
45 ip -n $CLIENT_NS link set link3 up
46 ip -n $CLIENT_NS addr add $CLIENT_IP/24 dev link3
47 ip -n $CLIENT_NS route add $SERVER_IP dev link3 via $CLIENT_GW
48
49 # simulate the delay on OVS upcall by setting up a delay for INIT_ACK with
50 # tc on $SERVER_NS side
51 tc -n $SERVER_NS qdisc add dev link0 root handle 1: htb
52 tc -n $SERVER_NS class add dev link0 parent 1: classid 1:1 htb rate 100mbit
53 tc -n $SERVER_NS filter add dev link0 parent 1: protocol ip u32 match ip protocol 132 \
54 0xff match u8 2 0xff at 32 flowid 1:1
55 tc -n $SERVER_NS qdisc add dev link0 parent 1:1 handle 10: netem delay 1200ms
56
57 # simulate the ctstate check on OVS nf_conntrack
58 ip net exec $ROUTER_NS iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59 ip net exec $ROUTER_NS iptables -A INPUT -p sctp -j DROP
60
61 # use a smaller number for assoc's max_retrans to reproduce the issue
62 modprobe sctp
63 ip net exec $CLIENT_NS sysctl -wq net.sctp.association_max_retrans=3
64 }
65
66 cleanup() {
67 ip net exec $CLIENT_NS pkill sctp_collision 2>&1 >/dev/null
68 ip net exec $SERVER_NS pkill sctp_collision 2>&1 >/dev/null
69 ip net del "$CLIENT_NS"
70 ip net del "$SERVER_NS"
71 ip net del "$ROUTER_NS"
72 }
73
74 do_test() {
75 ip net exec $SERVER_NS ./sctp_collision server \
76 $SERVER_IP $SERVER_PORT $CLIENT_IP $CLIENT_PORT &
77 ip net exec $CLIENT_NS ./sctp_collision client \
78 $CLIENT_IP $CLIENT_PORT $SERVER_IP $SERVER_PORT
79 }
80
81 # NOTE: one way to work around the issue is set a smaller hb_interval
82 # ip net exec $CLIENT_NS sysctl -wq net.sctp.hb_interval=3500
83
84 # run the test case
85 trap cleanup EXIT
86 setup && \
87 echo "Test for SCTP Collision in nf_conntrack:" && \
88 do_test && echo "PASS!"
89 exit $?
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git