From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Borkmann Date: Fri, 23 Jan 2015 17:10:22 +0000 Subject: Re: Fwd: Question on SCTP ABORT chunk is generated when the association_max_retrans is reached Message-Id: <54C2807E.8080607@redhat.com> List-Id: References: <54C23581.9060809@redhat.com> <54C27137.5010405@gmail.com> In-Reply-To: <54C27137.5010405@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Vlad Yasevich Cc: Sun Paul , linux-sctp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, tuexen@fh-muenster.de On 01/23/2015 05:05 PM, Vlad Yasevich wrote: > On 01/23/2015 06:50 AM, Daniel Borkmann wrote: >> On 01/23/2015 11:25 AM, Sun Paul wrote: >> ... >>> I would like to check the behave in LKSCTP. >>> >>> we are running DIAMETER message over SCTP, and we have set the >>> parameter "net.sctp.association_max_retrans = 4" in the LinuxOS. >>> >>> We noticed that when remote peer have retry to send the same request >>> for 4 times, the LKSCTP will initiate an ABORT chunk with reason >>> "association exceeded its max_retrans count". >>> >>> We would like to know whether this is the correct behavior? is there >>> any other option that we can alter in order to avoid the ABORT chunk >>> being sent? >> >> I don't recall the RFC saying to send an ABORT, but let me double >> check in the mean time. > > The RFC is silent on the matter. The abort got added in 3.8 so > it's been there for a while. I see, commit de4594a51c90 ("sctp: send abort chunk when max_retrans exceeded") added the behaviour. >> Hmm, untested, but could you try something like that? >> >> diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c >> index fef2acd..5ce198d 100644 >> --- a/net/sctp/sm_sideeffect.c >> +++ b/net/sctp/sm_sideeffect.c >> @@ -584,7 +584,8 @@ static void sctp_cmd_assoc_failed(sctp_cmd_seq_t *commands, >> sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, >> SCTP_ULPEVENT(event)); >> >> - if (asoc->overall_error_count >= asoc->max_retrans) { >> + if (asoc->overall_error_count >= asoc->max_retrans && >> + error != SCTP_ERROR_NO_ERROR) { >> abort = sctp_make_violation_max_retrans(asoc, chunk); >> if (abort) >> sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, > > This would pretty much stop all ABORTs due to excessive rtx. Might > as well take the code out :). > > I was a bit concerned about this ABORT when it went in. So effectively, if I understand the argument from the commit, the assumption is that the ABORT would never reach the peer anyway, but is a way for tcpdump users to see on the wire that rtx limit has been exceeded and since there's not mentioned anything in the RFC about this, it doesn't break it. Hm. Sun Paul, what exactly broke in your scenario? Can you be more explicit? Thanks, Daniel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756262AbbAWRKm (ORCPT ); Fri, 23 Jan 2015 12:10:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:39047 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755866AbbAWRKi (ORCPT ); Fri, 23 Jan 2015 12:10:38 -0500 Message-ID: <54C2807E.8080607@redhat.com> Date: Fri, 23 Jan 2015 18:10:22 +0100 From: Daniel Borkmann User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Vlad Yasevich CC: Sun Paul , linux-sctp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, tuexen@fh-muenster.de Subject: Re: Fwd: Question on SCTP ABORT chunk is generated when the association_max_retrans is reached References: <54C23581.9060809@redhat.com> <54C27137.5010405@gmail.com> In-Reply-To: <54C27137.5010405@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/23/2015 05:05 PM, Vlad Yasevich wrote: > On 01/23/2015 06:50 AM, Daniel Borkmann wrote: >> On 01/23/2015 11:25 AM, Sun Paul wrote: >> ... >>> I would like to check the behave in LKSCTP. >>> >>> we are running DIAMETER message over SCTP, and we have set the >>> parameter "net.sctp.association_max_retrans = 4" in the LinuxOS. >>> >>> We noticed that when remote peer have retry to send the same request >>> for 4 times, the LKSCTP will initiate an ABORT chunk with reason >>> "association exceeded its max_retrans count". >>> >>> We would like to know whether this is the correct behavior? is there >>> any other option that we can alter in order to avoid the ABORT chunk >>> being sent? >> >> I don't recall the RFC saying to send an ABORT, but let me double >> check in the mean time. > > The RFC is silent on the matter. The abort got added in 3.8 so > it's been there for a while. I see, commit de4594a51c90 ("sctp: send abort chunk when max_retrans exceeded") added the behaviour. >> Hmm, untested, but could you try something like that? >> >> diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c >> index fef2acd..5ce198d 100644 >> --- a/net/sctp/sm_sideeffect.c >> +++ b/net/sctp/sm_sideeffect.c >> @@ -584,7 +584,8 @@ static void sctp_cmd_assoc_failed(sctp_cmd_seq_t *commands, >> sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, >> SCTP_ULPEVENT(event)); >> >> - if (asoc->overall_error_count >= asoc->max_retrans) { >> + if (asoc->overall_error_count >= asoc->max_retrans && >> + error != SCTP_ERROR_NO_ERROR) { >> abort = sctp_make_violation_max_retrans(asoc, chunk); >> if (abort) >> sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, > > This would pretty much stop all ABORTs due to excessive rtx. Might > as well take the code out :). > > I was a bit concerned about this ABORT when it went in. So effectively, if I understand the argument from the commit, the assumption is that the ABORT would never reach the peer anyway, but is a way for tcpdump users to see on the wire that rtx limit has been exceeded and since there's not mentioned anything in the RFC about this, it doesn't break it. Hm. Sun Paul, what exactly broke in your scenario? Can you be more explicit? Thanks, Daniel