[2/2] sctp_big_chunk: make INIT packet in the test
diff mbox series

Message ID 1524562426-13008-2-git-send-email-alexey.kodanev@oracle.com
State Superseded
Headers show
Series
  • Untitled series #40566
Related show

Commit Message

Alexey Kodanev April 24, 2018, 9:33 a.m. UTC
Since creating many different IP addresses and binding them
to the same SCTP socket is a time consuming process, prepare
SCTP INIT chunk in the test.

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
---
 runtest/cve                             |    1 -
 testcases/network/sctp/sctp_big_chunk.c |   98 ++++++++++++++++++++++++++-----
 2 files changed, 84 insertions(+), 15 deletions(-)

Comments

Xiao Yang April 24, 2018, 10:05 a.m. UTC | #1
Hi Alexey,

Thanks for your update.

If only over-sized INIT packet is tested, Could we remove -a option?

Thanks,
Xiao Yang

On 2018/04/24 17:33, Alexey Kodanev wrote:
> Since creating many different IP addresses and binding them
> to the same SCTP socket is a time consuming process, prepare
> SCTP INIT chunk in the test.
>
> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
> ---
>  runtest/cve                             |    1 -
>  testcases/network/sctp/sctp_big_chunk.c |   98 ++++++++++++++++++++++++++-----
>  2 files changed, 84 insertions(+), 15 deletions(-)
>
> diff --git a/runtest/cve b/runtest/cve
> index 1d9569a..2f4171c 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -33,4 +33,3 @@ cve-2017-17052 cve-2017-17052
>  cve-2017-16939 cve-2017-16939
>  cve-2017-17053 cve-2017-17053
>  cve-2018-5803 sctp_big_chunk
> -cve-2018-5803_2 sctp_big_chunk -a 10000
> diff --git a/testcases/network/sctp/sctp_big_chunk.c b/testcases/network/sctp/sctp_big_chunk.c
> index 55a2969..02b8aa0 100644
> --- a/testcases/network/sctp/sctp_big_chunk.c
> +++ b/testcases/network/sctp/sctp_big_chunk.c
> @@ -24,12 +24,14 @@
>  #include <sys/types.h>
>  #include <sys/socket.h>
>  #include <netinet/in.h>
> +#include <netinet/ip.h>
> +#include <netinet/ip6.h>
>  #include <netdb.h>
>  #include <sys/syscall.h>
> -#include <fcntl.h>
>  
>  #include "tst_test.h"
>  #include "tst_safe_stdio.h"
> +#include "tst_checksum.h"
>  #include "lapi/netinet_in.h"
>  #include "lapi/socket.h"
>  #include "lapi/sctp.h"
> @@ -38,6 +40,8 @@ static int port;
>  static int sfd, cfd;
>  static struct sockaddr_in6 rmt, loc;
>  
> +static uint8_t packet[IP_MAXPACKET];
> +static int pkt_len;
>  static char *addr_param;
>  static int addr_num = 3273;
>  
> @@ -53,28 +57,91 @@ static void setup_server(void)
>  	tst_res(TINFO, "sctp server listen on %d", port);
>  
>  	SAFE_LISTEN(sfd, 1);
> +
> +	srand(port);
>  }
>  
> -static void setup_client(void)
> +static void update_packet_field(int *off, void *buf, int buf_len)
>  {
> -	struct sockaddr_in6 addr_buf[addr_num];
> -	int i;
> +	memcpy(packet + *off, buf, buf_len);
> +	*off += buf_len;
> +}
>  
> -	cfd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, IPPROTO_SCTP);
> +static void setup_client(void)
> +{
> +	struct ip6_hdr ip6;
> +	int ip6_hdr_len = sizeof(ip6);
> +	int cmn_hdr_off;
> +	int off, i;
> +
> +	memset(&ip6, 0, sizeof(ip6));
> +	ip6.ip6_flow = htonl(6 << 28 | 2 << 20);
> +	ip6.ip6_hops = 64;
> +	ip6.ip6_nxt = IPPROTO_SCTP;
> +	ip6.ip6_src.s6_addr[15] = 1;
> +	ip6.ip6_dst.s6_addr[15] = 1;
>  	rmt.sin6_family = AF_INET6;
>  	rmt.sin6_addr = in6addr_loopback;
> -	rmt.sin6_port = htons(port);
>  
> -	tst_res(TINFO, "bind %d additional IP addresses", addr_num);
> +	/* SCTP common header */
> +	off = ip6_hdr_len;
> +
> +	uint16_t src_port = htons(port - 1);
> +	uint16_t dst_port = htons(port);
> +	uint32_t vtag = 0;
> +	uint32_t checksum = 0;
> +
> +	update_packet_field(&off, &src_port, 2);
> +	update_packet_field(&off, &dst_port, 2);
> +	update_packet_field(&off, &vtag, 4);
> +	update_packet_field(&off, &checksum, 4);
> +	cmn_hdr_off = off;
> +
> +	/* SCTP INIT chunk */
> +	uint16_t chunk_len;
> +
> +	packet[off++] = 1;
> +	packet[off++] = 0;
> +	off += 2; /* chunk length, will be set in the end */
>  
> -	memset(addr_buf, 0, sizeof(addr_buf));
> +	uint32_t init_tag = rand();
> +	uint32_t rwnd = htonl(106496);
> +	uint16_t outs = htons(10);
> +	uint16_t ins = htons(65535);
> +	uint32_t init_tsn = rand();
> +
> +	update_packet_field(&off, &init_tag, 4);
> +	update_packet_field(&off, &rwnd, 4);
> +	update_packet_field(&off, &outs, 2);
> +	update_packet_field(&off, &ins, 2);
> +	update_packet_field(&off, &init_tsn, 4);
> +
> +	/* SCTP optional parameter for IPv6 addresses */
> +	uint16_t param_type = htons(6);
> +	uint16_t param_len = htons(20);
> +
> +	/* IPv6 (40) + SCTP_BASE (12) + SCTP_CHUNK(20) + SCTP_OPT(65460)) */
>  	for (i = 0; i < addr_num; ++i) {
> -		addr_buf[i].sin6_family = AF_INET6;
> -		addr_buf[i].sin6_addr = in6addr_loopback;
> +		update_packet_field(&off, &param_type, 2);
> +		update_packet_field(&off, &param_len, 2);
> +		packet[off + 15] = 1;
> +		off += 16;
>  	}
> +	pkt_len = off;
> +
> +	tst_res(TINFO, "set chunk length %d", pkt_len - cmn_hdr_off);
> +	chunk_len = htons(pkt_len - cmn_hdr_off);
> +	memcpy(packet + cmn_hdr_off + 2, &chunk_len, 2);
> +
> +	/* set checksum for SCTP: common header + INIT chunk */
> +	uint32_t csum = crc32c(packet + ip6_hdr_len, pkt_len - ip6_hdr_len);
>  
> -	SAFE_SETSOCKOPT(cfd, SOL_SCTP, SCTP_SOCKOPT_BINDX_ADD, addr_buf,
> -			sizeof(addr_buf));
> +	memcpy(packet + ip6_hdr_len + 8, &csum, 4);
> +
> +	ip6.ip6_plen = htons(pkt_len - ip6_hdr_len);
> +	memcpy(packet, &ip6, ip6_hdr_len);
> +
> +	cfd = SAFE_SOCKET(AF_INET6, SOCK_RAW, IPPROTO_RAW);
>  }
>  
>  static void setup(void)
> @@ -89,6 +156,7 @@ static void setup(void)
>  static void run(void)
>  {
>  	int pid = SAFE_FORK();
> +	int i;
>  
>  	if (!pid) {
>  		struct sockaddr_in6 addr6;
> @@ -99,8 +167,10 @@ static void run(void)
>  		exit(0);
>  	}
>  
> -	fcntl(cfd, F_SETFL, O_NONBLOCK);
> -	connect(cfd, (struct sockaddr *)&rmt, sizeof(rmt));
> +	for (i = 0; i < 3; ++i) {
> +		SAFE_SENDTO(1, cfd, packet, pkt_len, 0,
> +			(struct sockaddr *)&rmt, sizeof(rmt));
> +	}
>  
>  	SAFE_KILL(pid, SIGKILL);
>  	SAFE_WAITPID(pid, NULL, 0);
Alexey Kodanev April 24, 2018, 11:13 a.m. UTC | #2
On 24.04.2018 13:05, Xiao Yang wrote:
> Hi Alexey,
> 
> Thanks for your update.
> 
> If only over-sized INIT packet is tested, Could we remove -a option?
> 

Hi Xiao,

Yes, we could but it still can be useful for debugging, for example
to check whether SCTP server processes it correctly and returns
INIT ACK when we set not so many addresses.

Patch
diff mbox series

diff --git a/runtest/cve b/runtest/cve
index 1d9569a..2f4171c 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -33,4 +33,3 @@  cve-2017-17052 cve-2017-17052
 cve-2017-16939 cve-2017-16939
 cve-2017-17053 cve-2017-17053
 cve-2018-5803 sctp_big_chunk
-cve-2018-5803_2 sctp_big_chunk -a 10000
diff --git a/testcases/network/sctp/sctp_big_chunk.c b/testcases/network/sctp/sctp_big_chunk.c
index 55a2969..02b8aa0 100644
--- a/testcases/network/sctp/sctp_big_chunk.c
+++ b/testcases/network/sctp/sctp_big_chunk.c
@@ -24,12 +24,14 @@ 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
 #include <netdb.h>
 #include <sys/syscall.h>
-#include <fcntl.h>
 
 #include "tst_test.h"
 #include "tst_safe_stdio.h"
+#include "tst_checksum.h"
 #include "lapi/netinet_in.h"
 #include "lapi/socket.h"
 #include "lapi/sctp.h"
@@ -38,6 +40,8 @@  static int port;
 static int sfd, cfd;
 static struct sockaddr_in6 rmt, loc;
 
+static uint8_t packet[IP_MAXPACKET];
+static int pkt_len;
 static char *addr_param;
 static int addr_num = 3273;
 
@@ -53,28 +57,91 @@  static void setup_server(void)
 	tst_res(TINFO, "sctp server listen on %d", port);
 
 	SAFE_LISTEN(sfd, 1);
+
+	srand(port);
 }
 
-static void setup_client(void)
+static void update_packet_field(int *off, void *buf, int buf_len)
 {
-	struct sockaddr_in6 addr_buf[addr_num];
-	int i;
+	memcpy(packet + *off, buf, buf_len);
+	*off += buf_len;
+}
 
-	cfd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, IPPROTO_SCTP);
+static void setup_client(void)
+{
+	struct ip6_hdr ip6;
+	int ip6_hdr_len = sizeof(ip6);
+	int cmn_hdr_off;
+	int off, i;
+
+	memset(&ip6, 0, sizeof(ip6));
+	ip6.ip6_flow = htonl(6 << 28 | 2 << 20);
+	ip6.ip6_hops = 64;
+	ip6.ip6_nxt = IPPROTO_SCTP;
+	ip6.ip6_src.s6_addr[15] = 1;
+	ip6.ip6_dst.s6_addr[15] = 1;
 	rmt.sin6_family = AF_INET6;
 	rmt.sin6_addr = in6addr_loopback;
-	rmt.sin6_port = htons(port);
 
-	tst_res(TINFO, "bind %d additional IP addresses", addr_num);
+	/* SCTP common header */
+	off = ip6_hdr_len;
+
+	uint16_t src_port = htons(port - 1);
+	uint16_t dst_port = htons(port);
+	uint32_t vtag = 0;
+	uint32_t checksum = 0;
+
+	update_packet_field(&off, &src_port, 2);
+	update_packet_field(&off, &dst_port, 2);
+	update_packet_field(&off, &vtag, 4);
+	update_packet_field(&off, &checksum, 4);
+	cmn_hdr_off = off;
+
+	/* SCTP INIT chunk */
+	uint16_t chunk_len;
+
+	packet[off++] = 1;
+	packet[off++] = 0;
+	off += 2; /* chunk length, will be set in the end */
 
-	memset(addr_buf, 0, sizeof(addr_buf));
+	uint32_t init_tag = rand();
+	uint32_t rwnd = htonl(106496);
+	uint16_t outs = htons(10);
+	uint16_t ins = htons(65535);
+	uint32_t init_tsn = rand();
+
+	update_packet_field(&off, &init_tag, 4);
+	update_packet_field(&off, &rwnd, 4);
+	update_packet_field(&off, &outs, 2);
+	update_packet_field(&off, &ins, 2);
+	update_packet_field(&off, &init_tsn, 4);
+
+	/* SCTP optional parameter for IPv6 addresses */
+	uint16_t param_type = htons(6);
+	uint16_t param_len = htons(20);
+
+	/* IPv6 (40) + SCTP_BASE (12) + SCTP_CHUNK(20) + SCTP_OPT(65460)) */
 	for (i = 0; i < addr_num; ++i) {
-		addr_buf[i].sin6_family = AF_INET6;
-		addr_buf[i].sin6_addr = in6addr_loopback;
+		update_packet_field(&off, &param_type, 2);
+		update_packet_field(&off, &param_len, 2);
+		packet[off + 15] = 1;
+		off += 16;
 	}
+	pkt_len = off;
+
+	tst_res(TINFO, "set chunk length %d", pkt_len - cmn_hdr_off);
+	chunk_len = htons(pkt_len - cmn_hdr_off);
+	memcpy(packet + cmn_hdr_off + 2, &chunk_len, 2);
+
+	/* set checksum for SCTP: common header + INIT chunk */
+	uint32_t csum = crc32c(packet + ip6_hdr_len, pkt_len - ip6_hdr_len);
 
-	SAFE_SETSOCKOPT(cfd, SOL_SCTP, SCTP_SOCKOPT_BINDX_ADD, addr_buf,
-			sizeof(addr_buf));
+	memcpy(packet + ip6_hdr_len + 8, &csum, 4);
+
+	ip6.ip6_plen = htons(pkt_len - ip6_hdr_len);
+	memcpy(packet, &ip6, ip6_hdr_len);
+
+	cfd = SAFE_SOCKET(AF_INET6, SOCK_RAW, IPPROTO_RAW);
 }
 
 static void setup(void)
@@ -89,6 +156,7 @@  static void setup(void)
 static void run(void)
 {
 	int pid = SAFE_FORK();
+	int i;
 
 	if (!pid) {
 		struct sockaddr_in6 addr6;
@@ -99,8 +167,10 @@  static void run(void)
 		exit(0);
 	}
 
-	fcntl(cfd, F_SETFL, O_NONBLOCK);
-	connect(cfd, (struct sockaddr *)&rmt, sizeof(rmt));
+	for (i = 0; i < 3; ++i) {
+		SAFE_SENDTO(1, cfd, packet, pkt_len, 0,
+			(struct sockaddr *)&rmt, sizeof(rmt));
+	}
 
 	SAFE_KILL(pid, SIGKILL);
 	SAFE_WAITPID(pid, NULL, 0);