From bc0c8fe6ff8a26cb2c4203f8e62af97d6589c1ae Mon Sep 17 00:00:00 2001 From: Marco Varlese Date: Thu, 27 Sep 2018 16:43:57 +0200 Subject: SCTP: fix overflow issue with timestamp Change-Id: I03bb47a2baa4375b7bf9347d95c4cc8de37fe510 Signed-off-by: Marco Varlese --- src/vnet/sctp/sctp.c | 4 ++-- src/vnet/sctp/sctp.h | 26 +++++++++++++------------- src/vnet/sctp/sctp_input.c | 14 ++++++++++---- src/vnet/sctp/sctp_output.c | 6 +++--- src/vnet/sctp/sctp_packet.h | 2 +- test/test_sctp.py | 2 +- 6 files changed, 30 insertions(+), 24 deletions(-) diff --git a/src/vnet/sctp/sctp.c b/src/vnet/sctp/sctp.c index ffa86343b47..f97039c7936 100644 --- a/src/vnet/sctp/sctp.c +++ b/src/vnet/sctp/sctp.c @@ -712,13 +712,13 @@ sctp_expired_timers_cb (u32 conn_index, u32 timer_id) { sctp_connection_t *sctp_conn; + SCTP_DBG ("%s expired", sctp_timer_to_string (timer_id)); + sctp_conn = sctp_connection_get (conn_index, vlib_get_thread_index ()); /* note: the connection may have already disappeared */ if (PREDICT_FALSE (sctp_conn == 0)) return; - SCTP_DBG ("%s expired", sctp_timer_to_string (timer_id)); - if (sctp_conn->sub_conn[conn_index].unacknowledged_hb > SCTP_PATH_MAX_RETRANS) { diff --git a/src/vnet/sctp/sctp.h b/src/vnet/sctp/sctp.h index 5f19566d240..577c2aff8b0 100644 --- a/src/vnet/sctp/sctp.h +++ b/src/vnet/sctp/sctp.h @@ -112,11 +112,11 @@ typedef struct _sctp_sub_connection u32 ssthresh; /**< Slow-start threshold (in bytes), which is used by the sender to distinguish slow-start and congestion avoidance phases. */ - u32 rtt_ts; /**< USED to hold the timestamp of when the packet has been sent */ + u64 rtt_ts; /**< USED to hold the timestamp of when the packet has been sent */ u32 RTO; /**< The current retransmission timeout value. */ - u32 SRTT; /**< The current smoothed round-trip time. */ - f32 RTTVAR; /**< The current RTT variation. */ + u64 SRTT; /**< The current smoothed round-trip time. */ + f64 RTTVAR; /**< The current RTT variation. */ u32 partially_acked_bytes; /**< The tracking method for increase of cwnd when in congestion avoidance mode (see Section 7.2.2).*/ @@ -134,10 +134,10 @@ typedef struct _sctp_sub_connection Every time the RTT calculation completes (i.e., the DATA chunk is SACK'd), clear this flag. */ - u32 last_seen; /**< The time to which this destination was last sent a packet to. + u64 last_seen; /**< The time to which this destination was last sent a packet to. This can be used to determine if a HEARTBEAT is needed. */ - u32 last_data_ts; /**< Used to hold the timestamp value of last time we sent a DATA chunk */ + u64 last_data_ts; /**< Used to hold the timestamp value of last time we sent a DATA chunk */ u8 unacknowledged_hb; /**< Used to track how many unacknowledged heartbeats we had; If more than SCTP_PATH_MAX_RETRANS then connection is considered unreachable. */ @@ -489,7 +489,7 @@ typedef struct _sctp_main u8 log2_tstamp_clocks_per_tick; f64 tstamp_ticks_per_clock; - u32 *time_now; + u64 *time_now; /** per-worker tx buffer free lists */ u32 **tx_buffers; @@ -582,7 +582,7 @@ sctp_half_open_connection_del (sctp_connection_t * tc) clib_spinlock_unlock_if_init (&sctp_main->half_open_lock); } -always_inline u32 +always_inline u64 sctp_set_time_now (u32 thread_index) { sctp_main.time_now[thread_index] = clib_cpu_time_now () @@ -665,7 +665,7 @@ sctp_get_connection_from_transport (transport_connection_t * tconn) return (sctp_connection_t *) sub; } -always_inline u32 +always_inline u64 sctp_time_now (void) { return sctp_main.time_now[vlib_get_thread_index ()]; @@ -677,11 +677,11 @@ always_inline void sctp_calculate_rto (sctp_connection_t * sctp_conn, u8 conn_idx) { /* See RFC4960, 6.3.1. RTO Calculation */ - u32 RTO = 0; - f32 RTTVAR = 0; - u32 now = sctp_time_now (); - u32 prev_ts = sctp_conn->sub_conn[conn_idx].rtt_ts; - u32 R = prev_ts - now; + u64 RTO = 0; + f64 RTTVAR = 0; + u64 now = sctp_time_now (); + u64 prev_ts = sctp_conn->sub_conn[conn_idx].rtt_ts; + u64 R = prev_ts - now; if (sctp_conn->sub_conn[conn_idx].RTO == 0) // C1: Let's initialize our RTO { diff --git a/src/vnet/sctp/sctp_input.c b/src/vnet/sctp/sctp_input.c index bca34f1a25c..4f6214501e2 100644 --- a/src/vnet/sctp/sctp_input.c +++ b/src/vnet/sctp/sctp_input.c @@ -851,7 +851,7 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_connection_t * sctp_conn, u8 idx, vlib_buffer_t * b0, u16 * next0) { - u32 now = sctp_time_now (); + u64 now = sctp_time_now (); sctp_cookie_echo_chunk_t *cookie_echo = (sctp_cookie_echo_chunk_t *) sctp_hdr; @@ -864,10 +864,11 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_calculate_rto (sctp_conn, idx); - u32 creation_time = - clib_net_to_host_u32 (cookie_echo->cookie.creation_time); - u32 cookie_lifespan = + u64 creation_time = + clib_net_to_host_u64 (cookie_echo->cookie.creation_time); + u64 cookie_lifespan = clib_net_to_host_u32 (cookie_echo->cookie.cookie_lifespan); + if (now > creation_time + cookie_lifespan) { SCTP_DBG ("now (%u) > creation_time (%u) + cookie_lifespan (%u)", @@ -1516,6 +1517,11 @@ sctp_handle_sack (sctp_selective_ack_chunk_t * sack_chunk, /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ if (sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag) { + SCTP_ADV_DBG + ("sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag"); + + *next0 = sctp_next_drop (sctp_conn->sub_conn[idx].c_is_ip4); + return SCTP_ERROR_INVALID_TAG; } diff --git a/src/vnet/sctp/sctp_output.c b/src/vnet/sctp/sctp_output.c index 0c865caa33d..c1a0c8ac1a6 100644 --- a/src/vnet/sctp/sctp_output.c +++ b/src/vnet/sctp/sctp_output.c @@ -779,7 +779,7 @@ sctp_prepare_initack_chunk_for_collision (sctp_connection_t * sctp_conn, clib_host_to_net_u16 (SCTP_STATE_COOKIE_TYPE); state_cookie_param->param_hdr.length = clib_host_to_net_u16 (sizeof (sctp_state_cookie_param_t)); - state_cookie_param->creation_time = clib_host_to_net_u32 (sctp_time_now ()); + state_cookie_param->creation_time = clib_host_to_net_u64 (sctp_time_now ()); state_cookie_param->cookie_lifespan = clib_host_to_net_u32 (SCTP_VALID_COOKIE_LIFE); @@ -919,7 +919,7 @@ sctp_prepare_initack_chunk (sctp_connection_t * sctp_conn, u8 idx, clib_host_to_net_u16 (SCTP_STATE_COOKIE_TYPE); state_cookie_param->param_hdr.length = clib_host_to_net_u16 (sizeof (sctp_state_cookie_param_t)); - state_cookie_param->creation_time = clib_host_to_net_u32 (sctp_time_now ()); + state_cookie_param->creation_time = clib_host_to_net_u64 (sctp_time_now ()); state_cookie_param->cookie_lifespan = clib_host_to_net_u32 (SCTP_VALID_COOKIE_LIFE); @@ -1239,7 +1239,7 @@ sctp_send_heartbeat (sctp_connection_t * sctp_conn) vlib_main_t *vm = vlib_get_main (); u8 i; - u32 now = sctp_time_now (); + u64 now = sctp_time_now (); for (i = 0; i < MAX_SCTP_CONNECTIONS; i++) { diff --git a/src/vnet/sctp/sctp_packet.h b/src/vnet/sctp/sctp_packet.h index 0cee3f26174..427e2f39496 100644 --- a/src/vnet/sctp/sctp_packet.h +++ b/src/vnet/sctp/sctp_packet.h @@ -713,7 +713,7 @@ typedef struct sctp_opt_params_hdr_t param_hdr; unsigned char mac[SHA1_OUTPUT_LENGTH]; /* RFC 2104 */ - u32 creation_time; + u64 creation_time; u32 cookie_lifespan; } sctp_state_cookie_param_t; diff --git a/test/test_sctp.py b/test/test_sctp.py index 4d04aa06828..f77b9dc7a48 100644 --- a/test/test_sctp.py +++ b/test/test_sctp.py @@ -68,7 +68,7 @@ class TestSCTP(VppTestCase): self.logger.critical(error) self.assertEqual(error.find("failed"), -1) - error = self.vapi.cli("test echo client mbytes 10" + + error = self.vapi.cli("test echo client mbytes 1" + " appns 1" + " fifo-size 4" + " no-output test-bytes syn-timeout 3" + -- cgit 1.2.3-korg