1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3#
4# Testing For SCTP COLLISION SCENARIO as Below:
5#
6#   14:35:47.655279 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT] [init tag: 2017837359]
7#   14:35:48.353250 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT] [init tag: 1187206187]
8#   14:35:48.353275 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [INIT ACK] [init tag: 2017837359]
9#   14:35:48.353283 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [COOKIE ECHO]
10#   14:35:48.353977 IP CLIENT_IP.PORT > SERVER_IP.PORT: sctp (1) [COOKIE ACK]
11#   14:35:48.855335 IP SERVER_IP.PORT > CLIENT_IP.PORT: sctp (1) [INIT ACK] [init tag: 164579970]
12#
13# TOPO: SERVER_NS (link0)<--->(link1) ROUTER_NS (link2)<--->(link3) CLIENT_NS
14
15CLIENT_NS=$(mktemp -u client-XXXXXXXX)
16CLIENT_IP="198.51.200.1"
17CLIENT_PORT=1234
18
19SERVER_NS=$(mktemp -u server-XXXXXXXX)
20SERVER_IP="198.51.100.1"
21SERVER_PORT=1234
22
23ROUTER_NS=$(mktemp -u router-XXXXXXXX)
24CLIENT_GW="198.51.200.2"
25SERVER_GW="198.51.100.2"
26
27# setup the topo
28setup() {
29	ip net add $CLIENT_NS
30	ip net add $SERVER_NS
31	ip net add $ROUTER_NS
32	ip -n $SERVER_NS link add link0 type veth peer name link1 netns $ROUTER_NS
33	ip -n $CLIENT_NS link add link3 type veth peer name link2 netns $ROUTER_NS
34
35	ip -n $SERVER_NS link set link0 up
36	ip -n $SERVER_NS addr add $SERVER_IP/24 dev link0
37	ip -n $SERVER_NS route add $CLIENT_IP dev link0 via $SERVER_GW
38
39	ip -n $ROUTER_NS link set link1 up
40	ip -n $ROUTER_NS link set link2 up
41	ip -n $ROUTER_NS addr add $SERVER_GW/24 dev link1
42	ip -n $ROUTER_NS addr add $CLIENT_GW/24 dev link2
43	ip net exec $ROUTER_NS sysctl -wq net.ipv4.ip_forward=1
44
45	ip -n $CLIENT_NS link set link3 up
46	ip -n $CLIENT_NS addr add $CLIENT_IP/24 dev link3
47	ip -n $CLIENT_NS route add $SERVER_IP dev link3 via $CLIENT_GW
48
49	# simulate the delay on OVS upcall by setting up a delay for INIT_ACK with
50	# tc on $SERVER_NS side
51	tc -n $SERVER_NS qdisc add dev link0 root handle 1: htb
52	tc -n $SERVER_NS class add dev link0 parent 1: classid 1:1 htb rate 100mbit
53	tc -n $SERVER_NS filter add dev link0 parent 1: protocol ip u32 match ip protocol 132 \
54		0xff match u8 2 0xff at 32 flowid 1:1
55	tc -n $SERVER_NS qdisc add dev link0 parent 1:1 handle 10: netem delay 1200ms
56
57	# simulate the ctstate check on OVS nf_conntrack
58	ip net exec $ROUTER_NS iptables -A FORWARD -m state --state INVALID,UNTRACKED -j DROP
59	ip net exec $ROUTER_NS iptables -A INPUT -p sctp -j DROP
60
61	# use a smaller number for assoc's max_retrans to reproduce the issue
62	modprobe sctp
63	ip net exec $CLIENT_NS sysctl -wq net.sctp.association_max_retrans=3
64}
65
66cleanup() {
67	ip net exec $CLIENT_NS pkill sctp_collision 2>&1 >/dev/null
68	ip net exec $SERVER_NS pkill sctp_collision 2>&1 >/dev/null
69	ip net del "$CLIENT_NS"
70	ip net del "$SERVER_NS"
71	ip net del "$ROUTER_NS"
72}
73
74do_test() {
75	ip net exec $SERVER_NS ./sctp_collision server \
76		$SERVER_IP $SERVER_PORT $CLIENT_IP $CLIENT_PORT &
77	ip net exec $CLIENT_NS ./sctp_collision client \
78		$CLIENT_IP $CLIENT_PORT $SERVER_IP $SERVER_PORT
79}
80
81# NOTE: one way to work around the issue is set a smaller hb_interval
82# ip net exec $CLIENT_NS sysctl -wq net.sctp.hb_interval=3500
83
84# run the test case
85trap cleanup EXIT
86setup && \
87echo "Test for SCTP Collision in nf_conntrack:" && \
88do_test && echo "PASS!"
89exit $?
90