208969 – SCTP multi-homed association (::1)->(::1+127.0.0.1) attempting HEARTBEAT on 127.0.0.1->127.0.0.1

Bug 208969 - SCTP multi-homed association (::1)->(::1+127.0.0.1) attempting HEARTBEAT on 127.0.0.1->127.0.0.1

Summary: SCTP multi-homed association (::1)->(::1+127.0.0.1) attempting HEARTBEAT on 1...

Status:	NEW

Alias:	None

Product:	Networking
Classification:	Unclassified
Component:	IPV6 (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Hideaki YOSHIFUJI

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-08-20 10:19 UTC by Pau Espin Pedrol
Modified:	2020-08-20 11:10 UTC (History)
CC List:	3 users (show)

See Also:
Kernel Version:	5.8.1-arch1-1
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
pcap record showing the issue described above (65.90 KB, application/x-pcapng) 2020-08-20 10:19 UTC, Pau Espin Pedrol	Details
/proc/net/sctp/assocs (1.19 KB, text/plain) 2020-08-20 10:20 UTC, Pau Espin Pedrol	Details
Add an attachment (proposed patch, testcase, etc.)

Description Pau Espin Pedrol 2020-08-20 10:19:41 UTC

Created attachment 292035 [details]
pcap record showing the issue described above

I'm currently adding support for IPv6 in the SCTP/M3UA/SCCP osmocom stack [1].

The general idea (skip details here) is that there's a node called an STP which is acting as an SCTP server, with a socket configured to bound and listen on several IP address (be it v4 and/or v6), as in SCTP multi-home. Other nodes connect to it through an SCTP client socket which may be also configured with any amount of IP addresses (v4 and/or v6).

Here the bad behavior I'm observing:
* I configure the STP (server) to create an SCTP socket AF_INET6 and bind on both "127.0.0.1" (IPv4) and "::1" (IPv6) on port 2905 using sctp_bindx, then listen(). This can be seen here in /proc/net/sctp/eps:
"""
$ cat /proc/net/sctp/eps
 ENDPT     SOCK   STY SST HBKT LPORT   UID INODE LADDRS
ec3be735  2fa765e 2   10  18   2905   1000 11762308 127.0.0.1 0000:0000:0000:0000:0000:0000:0000:0001
"""

Then, I create a client SCTP AF_INET6 socket and I bind it to "::1" (port 0, whatever free) using sctp_bindx, then connect it to the STP using sctp_connectx() on address "::1".

As seen on the attached pcap trace, one can see the client (port!=2905, there's several clients in parallel) connecting fine (SCTP INIT) on ::1->::1, and then the STP announcing back the other address 127.0.0.1 it is bound too.

Until here, everything is fine. But then, once the connection succeeds, I see the client attempting HEARTBEAT on 127.0.0.1 which is wrong in 2 ways because:
* HEARTBEAT shouldn't be attempted in this scenario on a remote IPv4 address because the socket is locally bound to IPv6 addresses only
* HEARTBEAT for sure shouldn't be using 127.0.0.1 as source address because the socket was never bound to that address, only to "::1".

I attach output of /proc/net/sctp/assocs to the tickets where they different connections can be seen which prove the configuration I'm describing (see client with port 34151 and another one with port 47592, also appearing in the pcap file).


[1] https://osmocom.org/projects/cellular-infrastructure

Comment 1 Pau Espin Pedrol 2020-08-20 10:20:46 UTC

Created attachment 292037 [details]
/proc/net/sctp/assocs

Note You need to log in before you can comment on or make changes to this bug.