review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Tue, 3 Oct 2023 17:17:54 +0000 (13:17 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 20 Nov 2023 10:51:54 +0000 (11:51 +0100)
commit	d860416236bd46c1b9e9586e8d10041cb5ce4e92
tree	b694c2e3be6adcb423950fbbd982de64e5eb1826	tree \| snapshot
parent	aa0a050c656981521f513fca0a45c8f74141e536	commit \| diff

selftests: netfilter: test for sctp collision processing in nf_conntrack

[ Upstream commit cf791b22bef7d9352ff730a8727d3871942d6001 ]

This patch adds a test case to reproduce the SCTP DATA chunk retransmission
timeout issue caused by the improper SCTP collision processing in netfilter
nf_conntrack_proto_sctp.

In this test, client sends a INIT chunk, but the INIT_ACK replied from
server is delayed until the server sends a INIT chunk to start a new
connection from its side. After the connection is complete from server
side, the delayed INIT_ACK arrives in nf_conntrack_proto_sctp.

The delayed INIT_ACK should be dropped in nf_conntrack_proto_sctp instead
of updating the vtag with the out-of-date init_tag, otherwise, the vtag
in DATA chunks later sent by client don't match the vtag in the conntrack
entry and the DATA chunks get dropped.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Stable-dep-of: c4eee56e14fe ("net: skb_find_text: Ignore patterns extending past 'to'")
Signed-off-by: Sasha Levin <sashal@kernel.org>

tools/testing/selftests/netfilter/Makefile		diff \| blob \| history
tools/testing/selftests/netfilter/conntrack_sctp_collision.sh	[new file with mode: 0755]	blob
tools/testing/selftests/netfilter/sctp_collision.c	[new file with mode: 0644]	blob