diff mbox series

[PATCHv4,net-next,16/16] sctp: enable udp tunneling socks

Message ID b65bdc11e5a17e328227676ea283cee617f973fb.1603110316.git.lucien.xin@gmail.com (mailing list archive)
State Not Applicable
Delegated to: Netdev Maintainers
Headers show
Series sctp: Implement RFC6951: UDP Encapsulation of SCTP | expand

Commit Message

Xin Long Oct. 19, 2020, 12:25 p.m. UTC
This patch is to enable udp tunneling socks by calling
sctp_udp_sock_start() in sctp_ctrlsock_init(), and
sctp_udp_sock_stop() in sctp_ctrlsock_exit().

Also add sysctl udp_port to allow changing the listening
sock's port by users.

Wit this patch, the whole sctp over udp feature can be
enabled and used.

v1->v2:
  - Also update ctl_sock udp_port in proc_sctp_do_udp_port()
    where netns udp_port gets changed.
v2->v3:
  - Call htons() when setting sk udp_port from netns udp_port.
v3->v4:
  - Not call sctp_udp_sock_start() when new_value is 0.
  - Add udp_port entry in ip-sysctl.rst.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 Documentation/networking/ip-sysctl.rst |  6 ++++
 net/sctp/protocol.c                    |  5 ++++
 net/sctp/sysctl.c                      | 52 ++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)

Comments

Marcelo Ricardo Leitner Oct. 19, 2020, 10:15 p.m. UTC | #1
On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> --- a/Documentation/networking/ip-sysctl.rst
> +++ b/Documentation/networking/ip-sysctl.rst
> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
>  
>  	Default: 1
>  
> +udp_port - INTEGER

Need to be more verbose here, and also mention the RFC.

> +	The listening port for the local UDP tunneling sock.
        , shared by all applications in the same net namespace.
> +	UDP encapsulation will be disabled when it's set to 0.

	"Note, however, that setting just this is not enough to actually
	use it. ..."

> +
> +	Default: 9899
> +
>  encap_port - INTEGER
>  	The default remote UDP encapsalution port.
>  	When UDP tunneling is enabled, this global value is used to set

When is it enabled, which conditions are needed? Maybe it can be
explained only in the one above.
Marcelo Ricardo Leitner Oct. 19, 2020, 10:29 p.m. UTC | #2
Ah, please note that net-next is closed.
https://lore.kernel.org/netdev/20201015123116.743005ca%40kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com/T/

  Marcelo
Xin Long Oct. 20, 2020, 9:12 a.m. UTC | #3
On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
<marcelo.leitner@gmail.com> wrote:
>
> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> > --- a/Documentation/networking/ip-sysctl.rst
> > +++ b/Documentation/networking/ip-sysctl.rst
> > @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
> >
> >       Default: 1
> >
> > +udp_port - INTEGER
>
> Need to be more verbose here, and also mention the RFC.
>
> > +     The listening port for the local UDP tunneling sock.
>         , shared by all applications in the same net namespace.
> > +     UDP encapsulation will be disabled when it's set to 0.
>
>         "Note, however, that setting just this is not enough to actually
>         use it. ..."
When it's a client, yes,  but when it's a server, the encap_port can
be got from the incoming packet.

>
> > +
> > +     Default: 9899
> > +
> >  encap_port - INTEGER
> >       The default remote UDP encapsalution port.
> >       When UDP tunneling is enabled, this global value is used to set
>
> When is it enabled, which conditions are needed? Maybe it can be
> explained only in the one above.
Thanks!
pls check if this one will be better:

udp_port - INTEGER

The listening port for the local UDP tunneling sock.

This UDP sock is used for processing the incoming UDP-encapsulated
SCTP packets (from RFC6951), and shared by all applications in the
same net namespace. This UDP sock will be closed when the value is
set to 0.

The value will also be used to set the src port of the UDP header
for the outgoing UDP-encapsulated SCTP packets. For the dest port,
please refer to 'encap_port' below.

Default: 9899

encap_port - INTEGER

The default remote UDP encapsulation port.

This value is used to set the dest port of the UDP header for the
outgoing UDP-encapsulated SCTP packets by default. Users can also
change the value for each sock/asoc/transport by using setsockopt.
For further information, please refer to RFC6951.

Note that when connecting to a remote server, the client should set
this to the port that the UDP tunneling sock on the peer server is
listening to and the local UDP tunneling sock on the client also
must be started. On the server, it would get the encap_port from
the incoming packet's source port.

Default: 0
Marcelo Ricardo Leitner Oct. 20, 2020, 9:11 p.m. UTC | #4
On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
> <marcelo.leitner@gmail.com> wrote:
> >
> > On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> > > --- a/Documentation/networking/ip-sysctl.rst
> > > +++ b/Documentation/networking/ip-sysctl.rst
> > > @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
> > >
> > >       Default: 1
> > >
> > > +udp_port - INTEGER
> >
> > Need to be more verbose here, and also mention the RFC.
> >
> > > +     The listening port for the local UDP tunneling sock.
> >         , shared by all applications in the same net namespace.
> > > +     UDP encapsulation will be disabled when it's set to 0.
> >
> >         "Note, however, that setting just this is not enough to actually
> >         use it. ..."
> When it's a client, yes,  but when it's a server, the encap_port can
> be got from the incoming packet.
> 
> >
> > > +
> > > +     Default: 9899
> > > +
> > >  encap_port - INTEGER
> > >       The default remote UDP encapsalution port.
> > >       When UDP tunneling is enabled, this global value is used to set
> >
> > When is it enabled, which conditions are needed? Maybe it can be
> > explained only in the one above.
> Thanks!
> pls check if this one will be better:

It is. Verbose enough now, thx.
(one other comment below)

> 
> udp_port - INTEGER
> 
> The listening port for the local UDP tunneling sock.
> 
> This UDP sock is used for processing the incoming UDP-encapsulated
> SCTP packets (from RFC6951), and shared by all applications in the
> same net namespace. This UDP sock will be closed when the value is
> set to 0.
> 
> The value will also be used to set the src port of the UDP header
> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
> please refer to 'encap_port' below.
> 
> Default: 9899

I'm now wondering if this is the right default. I mean, it is the
standard port for it, yes, but at the same time, it means loading SCTP
module will steal/use that UDP port on all net namespaces and can lead
to conflicts with other apps. A more conservative approach here is to
document the standard port, but set the default to 0 and require the
user to set it in if it is expected to be used.

Did FreeBSD enable it by default too?
Michael Tuexen Oct. 20, 2020, 9:15 p.m. UTC | #5
> On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> 
> On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
>> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
>> <marcelo.leitner@gmail.com> wrote:
>>> 
>>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
>>>> --- a/Documentation/networking/ip-sysctl.rst
>>>> +++ b/Documentation/networking/ip-sysctl.rst
>>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
>>>> 
>>>>      Default: 1
>>>> 
>>>> +udp_port - INTEGER
>>> 
>>> Need to be more verbose here, and also mention the RFC.
>>> 
>>>> +     The listening port for the local UDP tunneling sock.
>>>        , shared by all applications in the same net namespace.
>>>> +     UDP encapsulation will be disabled when it's set to 0.
>>> 
>>>        "Note, however, that setting just this is not enough to actually
>>>        use it. ..."
>> When it's a client, yes,  but when it's a server, the encap_port can
>> be got from the incoming packet.
>> 
>>> 
>>>> +
>>>> +     Default: 9899
>>>> +
>>>> encap_port - INTEGER
>>>>      The default remote UDP encapsalution port.
>>>>      When UDP tunneling is enabled, this global value is used to set
>>> 
>>> When is it enabled, which conditions are needed? Maybe it can be
>>> explained only in the one above.
>> Thanks!
>> pls check if this one will be better:
> 
> It is. Verbose enough now, thx.
> (one other comment below)
> 
>> 
>> udp_port - INTEGER
>> 
>> The listening port for the local UDP tunneling sock.
>> 
>> This UDP sock is used for processing the incoming UDP-encapsulated
>> SCTP packets (from RFC6951), and shared by all applications in the
>> same net namespace. This UDP sock will be closed when the value is
>> set to 0.
>> 
>> The value will also be used to set the src port of the UDP header
>> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
>> please refer to 'encap_port' below.
>> 
>> Default: 9899
> 
> I'm now wondering if this is the right default. I mean, it is the
> standard port for it, yes, but at the same time, it means loading SCTP
> module will steal/use that UDP port on all net namespaces and can lead
> to conflicts with other apps. A more conservative approach here is to
> document the standard port, but set the default to 0 and require the
> user to set it in if it is expected to be used.
> 
> Did FreeBSD enable it by default too?
No. The default is 0, which means that the encapsulation is turned off.
Setting this sysctl variable to a non-zero value enables the UDP tunneling
with the given port.

Best regards
Michael
Marcelo Ricardo Leitner Oct. 20, 2020, 9:23 p.m. UTC | #6
On Tue, Oct 20, 2020 at 11:15:26PM +0200, Michael Tuexen wrote:
> > On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> > 
> > On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
> >> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
> >> <marcelo.leitner@gmail.com> wrote:
> >>> 
> >>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> >>>> --- a/Documentation/networking/ip-sysctl.rst
> >>>> +++ b/Documentation/networking/ip-sysctl.rst
> >>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
> >>>> 
> >>>>      Default: 1
> >>>> 
> >>>> +udp_port - INTEGER
> >>> 
> >>> Need to be more verbose here, and also mention the RFC.
> >>> 
> >>>> +     The listening port for the local UDP tunneling sock.
> >>>        , shared by all applications in the same net namespace.
> >>>> +     UDP encapsulation will be disabled when it's set to 0.
> >>> 
> >>>        "Note, however, that setting just this is not enough to actually
> >>>        use it. ..."
> >> When it's a client, yes,  but when it's a server, the encap_port can
> >> be got from the incoming packet.
> >> 
> >>> 
> >>>> +
> >>>> +     Default: 9899
> >>>> +
> >>>> encap_port - INTEGER
> >>>>      The default remote UDP encapsalution port.
> >>>>      When UDP tunneling is enabled, this global value is used to set
> >>> 
> >>> When is it enabled, which conditions are needed? Maybe it can be
> >>> explained only in the one above.
> >> Thanks!
> >> pls check if this one will be better:
> > 
> > It is. Verbose enough now, thx.
> > (one other comment below)
> > 
> >> 
> >> udp_port - INTEGER
> >> 
> >> The listening port for the local UDP tunneling sock.
> >> 
> >> This UDP sock is used for processing the incoming UDP-encapsulated
> >> SCTP packets (from RFC6951), and shared by all applications in the
> >> same net namespace. This UDP sock will be closed when the value is
> >> set to 0.
> >> 
> >> The value will also be used to set the src port of the UDP header
> >> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
> >> please refer to 'encap_port' below.
> >> 
> >> Default: 9899
> > 
> > I'm now wondering if this is the right default. I mean, it is the
> > standard port for it, yes, but at the same time, it means loading SCTP
> > module will steal/use that UDP port on all net namespaces and can lead
> > to conflicts with other apps. A more conservative approach here is to
> > document the standard port, but set the default to 0 and require the
> > user to set it in if it is expected to be used.
> > 
> > Did FreeBSD enable it by default too?
> No. The default is 0, which means that the encapsulation is turned off.
> Setting this sysctl variable to a non-zero value enables the UDP tunneling
> with the given port.

Thanks Michael.
Xin, then we should change this default value (and update the
documentation above accordingly, to still have the standard port #
readily available in there).

Cheers,
Marcelo
David Laight Oct. 20, 2020, 10:08 p.m. UTC | #7
From: Marcelo Ricardo Leitner
> Sent: 20 October 2020 22:24
...
> > > Did FreeBSD enable it by default too?
> > No. The default is 0, which means that the encapsulation is turned off.
> > Setting this sysctl variable to a non-zero value enables the UDP tunneling
> > with the given port.
> 
> Thanks Michael.
> Xin, then we should change this default value (and update the
> documentation above accordingly, to still have the standard port #
> readily available in there).

Does that mean that you can't have some 'normal' connections and
others that use UDP encapsulation?
Seems a pretty strong restriction.

(I'm waiting for one of our customers to ask for this...)

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Marcelo Ricardo Leitner Oct. 20, 2020, 10:13 p.m. UTC | #8
On Tue, Oct 20, 2020 at 10:08:17PM +0000, David Laight wrote:
> From: Marcelo Ricardo Leitner
> > Sent: 20 October 2020 22:24
> ...
> > > > Did FreeBSD enable it by default too?
> > > No. The default is 0, which means that the encapsulation is turned off.
> > > Setting this sysctl variable to a non-zero value enables the UDP tunneling
> > > with the given port.
> > 
> > Thanks Michael.
> > Xin, then we should change this default value (and update the
> > documentation above accordingly, to still have the standard port #
> > readily available in there).
> 
> Does that mean that you can't have some 'normal' connections and
> others that use UDP encapsulation?
> Seems a pretty strong restriction.

That's not what was said. Just that the socket shouldn't be created by
default.

> 
> (I'm waiting for one of our customers to ask for this...)

It can. The setting in question is for receiving encapsulated packets,
and which doesn't exclude the standard one. It can still receive
normal/non-encapsulated packets.
Xin Long Oct. 21, 2020, 4:16 a.m. UTC | #9
On Wed, Oct 21, 2020 at 5:23 AM Marcelo Ricardo Leitner
<marcelo.leitner@gmail.com> wrote:
>
> On Tue, Oct 20, 2020 at 11:15:26PM +0200, Michael Tuexen wrote:
> > > On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> > >
> > > On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
> > >> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
> > >> <marcelo.leitner@gmail.com> wrote:
> > >>>
> > >>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> > >>>> --- a/Documentation/networking/ip-sysctl.rst
> > >>>> +++ b/Documentation/networking/ip-sysctl.rst
> > >>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
> > >>>>
> > >>>>      Default: 1
> > >>>>
> > >>>> +udp_port - INTEGER
> > >>>
> > >>> Need to be more verbose here, and also mention the RFC.
> > >>>
> > >>>> +     The listening port for the local UDP tunneling sock.
> > >>>        , shared by all applications in the same net namespace.
> > >>>> +     UDP encapsulation will be disabled when it's set to 0.
> > >>>
> > >>>        "Note, however, that setting just this is not enough to actually
> > >>>        use it. ..."
> > >> When it's a client, yes,  but when it's a server, the encap_port can
> > >> be got from the incoming packet.
> > >>
> > >>>
> > >>>> +
> > >>>> +     Default: 9899
> > >>>> +
> > >>>> encap_port - INTEGER
> > >>>>      The default remote UDP encapsalution port.
> > >>>>      When UDP tunneling is enabled, this global value is used to set
> > >>>
> > >>> When is it enabled, which conditions are needed? Maybe it can be
> > >>> explained only in the one above.
> > >> Thanks!
> > >> pls check if this one will be better:
> > >
> > > It is. Verbose enough now, thx.
> > > (one other comment below)
> > >
> > >>
> > >> udp_port - INTEGER
> > >>
> > >> The listening port for the local UDP tunneling sock.
> > >>
> > >> This UDP sock is used for processing the incoming UDP-encapsulated
> > >> SCTP packets (from RFC6951), and shared by all applications in the
> > >> same net namespace. This UDP sock will be closed when the value is
> > >> set to 0.
> > >>
> > >> The value will also be used to set the src port of the UDP header
> > >> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
> > >> please refer to 'encap_port' below.
> > >>
> > >> Default: 9899
> > >
> > > I'm now wondering if this is the right default. I mean, it is the
> > > standard port for it, yes, but at the same time, it means loading SCTP
> > > module will steal/use that UDP port on all net namespaces and can lead
> > > to conflicts with other apps. A more conservative approach here is to
> > > document the standard port, but set the default to 0 and require the
> > > user to set it in if it is expected to be used.
> > >
> > > Did FreeBSD enable it by default too?
> > No. The default is 0, which means that the encapsulation is turned off.
> > Setting this sysctl variable to a non-zero value enables the UDP tunneling
> > with the given port.
>
> Thanks Michael.
> Xin, then we should change this default value (and update the
> documentation above accordingly, to still have the standard port #
> readily available in there).
OK, I misunderstood the RFC.

I will remove the call to sctp_udp_sock_start/stop() from
sctp_ctrlsock_init/exit(), and set the udp_port as 0 by default.

Thanks.
Michael Tuexen Oct. 21, 2020, 9:13 a.m. UTC | #10
> On 21. Oct 2020, at 06:16, Xin Long <lucien.xin@gmail.com> wrote:
> 
> On Wed, Oct 21, 2020 at 5:23 AM Marcelo Ricardo Leitner
> <marcelo.leitner@gmail.com> wrote:
>> 
>> On Tue, Oct 20, 2020 at 11:15:26PM +0200, Michael Tuexen wrote:
>>>> On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
>>>> 
>>>> On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
>>>>> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
>>>>> <marcelo.leitner@gmail.com> wrote:
>>>>>> 
>>>>>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
>>>>>>> --- a/Documentation/networking/ip-sysctl.rst
>>>>>>> +++ b/Documentation/networking/ip-sysctl.rst
>>>>>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
>>>>>>> 
>>>>>>>     Default: 1
>>>>>>> 
>>>>>>> +udp_port - INTEGER
>>>>>> 
>>>>>> Need to be more verbose here, and also mention the RFC.
>>>>>> 
>>>>>>> +     The listening port for the local UDP tunneling sock.
>>>>>>       , shared by all applications in the same net namespace.
>>>>>>> +     UDP encapsulation will be disabled when it's set to 0.
>>>>>> 
>>>>>>       "Note, however, that setting just this is not enough to actually
>>>>>>       use it. ..."
>>>>> When it's a client, yes,  but when it's a server, the encap_port can
>>>>> be got from the incoming packet.
>>>>> 
>>>>>> 
>>>>>>> +
>>>>>>> +     Default: 9899
>>>>>>> +
>>>>>>> encap_port - INTEGER
>>>>>>>     The default remote UDP encapsalution port.
>>>>>>>     When UDP tunneling is enabled, this global value is used to set
>>>>>> 
>>>>>> When is it enabled, which conditions are needed? Maybe it can be
>>>>>> explained only in the one above.
>>>>> Thanks!
>>>>> pls check if this one will be better:
>>>> 
>>>> It is. Verbose enough now, thx.
>>>> (one other comment below)
>>>> 
>>>>> 
>>>>> udp_port - INTEGER
>>>>> 
>>>>> The listening port for the local UDP tunneling sock.
>>>>> 
>>>>> This UDP sock is used for processing the incoming UDP-encapsulated
>>>>> SCTP packets (from RFC6951), and shared by all applications in the
>>>>> same net namespace. This UDP sock will be closed when the value is
>>>>> set to 0.
>>>>> 
>>>>> The value will also be used to set the src port of the UDP header
>>>>> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
>>>>> please refer to 'encap_port' below.
>>>>> 
>>>>> Default: 9899
>>>> 
>>>> I'm now wondering if this is the right default. I mean, it is the
>>>> standard port for it, yes, but at the same time, it means loading SCTP
>>>> module will steal/use that UDP port on all net namespaces and can lead
>>>> to conflicts with other apps. A more conservative approach here is to
>>>> document the standard port, but set the default to 0 and require the
>>>> user to set it in if it is expected to be used.
>>>> 
>>>> Did FreeBSD enable it by default too?
>>> No. The default is 0, which means that the encapsulation is turned off.
>>> Setting this sysctl variable to a non-zero value enables the UDP tunneling
>>> with the given port.
>> 
>> Thanks Michael.
>> Xin, then we should change this default value (and update the
>> documentation above accordingly, to still have the standard port #
>> readily available in there).
> OK, I misunderstood the RFC.
Does that RFC mandate that the feature is on by default? Can you point me to
that text?

Best regards
Michael
> 
> I will remove the call to sctp_udp_sock_start/stop() from
> sctp_ctrlsock_init/exit(), and set the udp_port as 0 by default.
> 
> Thanks.
Xin Long Oct. 22, 2020, 3:12 a.m. UTC | #11
On Wed, Oct 21, 2020 at 5:13 PM Michael Tuexen <tuexen@fh-muenster.de> wrote:
>
> > On 21. Oct 2020, at 06:16, Xin Long <lucien.xin@gmail.com> wrote:
> >
> > On Wed, Oct 21, 2020 at 5:23 AM Marcelo Ricardo Leitner
> > <marcelo.leitner@gmail.com> wrote:
> >>
> >> On Tue, Oct 20, 2020 at 11:15:26PM +0200, Michael Tuexen wrote:
> >>>> On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> >>>>
> >>>> On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
> >>>>> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
> >>>>> <marcelo.leitner@gmail.com> wrote:
> >>>>>>
> >>>>>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
> >>>>>>> --- a/Documentation/networking/ip-sysctl.rst
> >>>>>>> +++ b/Documentation/networking/ip-sysctl.rst
> >>>>>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
> >>>>>>>
> >>>>>>>     Default: 1
> >>>>>>>
> >>>>>>> +udp_port - INTEGER
> >>>>>>
> >>>>>> Need to be more verbose here, and also mention the RFC.
> >>>>>>
> >>>>>>> +     The listening port for the local UDP tunneling sock.
> >>>>>>       , shared by all applications in the same net namespace.
> >>>>>>> +     UDP encapsulation will be disabled when it's set to 0.
> >>>>>>
> >>>>>>       "Note, however, that setting just this is not enough to actually
> >>>>>>       use it. ..."
> >>>>> When it's a client, yes,  but when it's a server, the encap_port can
> >>>>> be got from the incoming packet.
> >>>>>
> >>>>>>
> >>>>>>> +
> >>>>>>> +     Default: 9899
> >>>>>>> +
> >>>>>>> encap_port - INTEGER
> >>>>>>>     The default remote UDP encapsalution port.
> >>>>>>>     When UDP tunneling is enabled, this global value is used to set
> >>>>>>
> >>>>>> When is it enabled, which conditions are needed? Maybe it can be
> >>>>>> explained only in the one above.
> >>>>> Thanks!
> >>>>> pls check if this one will be better:
> >>>>
> >>>> It is. Verbose enough now, thx.
> >>>> (one other comment below)
> >>>>
> >>>>>
> >>>>> udp_port - INTEGER
> >>>>>
> >>>>> The listening port for the local UDP tunneling sock.
> >>>>>
> >>>>> This UDP sock is used for processing the incoming UDP-encapsulated
> >>>>> SCTP packets (from RFC6951), and shared by all applications in the
> >>>>> same net namespace. This UDP sock will be closed when the value is
> >>>>> set to 0.
> >>>>>
> >>>>> The value will also be used to set the src port of the UDP header
> >>>>> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
> >>>>> please refer to 'encap_port' below.
> >>>>>
> >>>>> Default: 9899
> >>>>
> >>>> I'm now wondering if this is the right default. I mean, it is the
> >>>> standard port for it, yes, but at the same time, it means loading SCTP
> >>>> module will steal/use that UDP port on all net namespaces and can lead
> >>>> to conflicts with other apps. A more conservative approach here is to
> >>>> document the standard port, but set the default to 0 and require the
> >>>> user to set it in if it is expected to be used.
> >>>>
> >>>> Did FreeBSD enable it by default too?
> >>> No. The default is 0, which means that the encapsulation is turned off.
> >>> Setting this sysctl variable to a non-zero value enables the UDP tunneling
> >>> with the given port.
> >>
> >> Thanks Michael.
> >> Xin, then we should change this default value (and update the
> >> documentation above accordingly, to still have the standard port #
> >> readily available in there).
> > OK, I misunderstood the RFC.
> Does that RFC mandate that the feature is on by default? Can you point me to
> that text?
Not really.

I was thinking that by leaving it to 9899 by default users don't need to
know the port when want to use it, and yet I didn't want to add another
sysctl member. :D

>
> Best regards
> Michael
> >
> > I will remove the call to sctp_udp_sock_start/stop() from
> > sctp_ctrlsock_init/exit(), and set the udp_port as 0 by default.
> >
> > Thanks.
>
David Laight Oct. 22, 2020, 8:47 a.m. UTC | #12
From: Xin Long
> Sent: 22 October 2020 04:13
...
> I was thinking that by leaving it to 9899 by default users don't need to
> know the port when want to use it, and yet I didn't want to add another
> sysctl member. :D

Could you make 1 mean 9899?
So:
  0 => disabled
  1 => default port
  n => use port n
I doubt that disallowing port 1 is a problem!

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Michael Tuexen Oct. 22, 2020, 11:38 a.m. UTC | #13
`On 22. Oct 2020, at 05:12, Xin Long <lucien.xin@gmail.com> wrote:
> 
> On Wed, Oct 21, 2020 at 5:13 PM Michael Tuexen <tuexen@fh-muenster.de> wrote:
>> 
>>> On 21. Oct 2020, at 06:16, Xin Long <lucien.xin@gmail.com> wrote:
>>> 
>>> On Wed, Oct 21, 2020 at 5:23 AM Marcelo Ricardo Leitner
>>> <marcelo.leitner@gmail.com> wrote:
>>>> 
>>>> On Tue, Oct 20, 2020 at 11:15:26PM +0200, Michael Tuexen wrote:
>>>>>> On 20. Oct 2020, at 23:11, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
>>>>>> 
>>>>>> On Tue, Oct 20, 2020 at 05:12:06PM +0800, Xin Long wrote:
>>>>>>> On Tue, Oct 20, 2020 at 6:15 AM Marcelo Ricardo Leitner
>>>>>>> <marcelo.leitner@gmail.com> wrote:
>>>>>>>> 
>>>>>>>> On Mon, Oct 19, 2020 at 08:25:33PM +0800, Xin Long wrote:
>>>>>>>>> --- a/Documentation/networking/ip-sysctl.rst
>>>>>>>>> +++ b/Documentation/networking/ip-sysctl.rst
>>>>>>>>> @@ -2640,6 +2640,12 @@ addr_scope_policy - INTEGER
>>>>>>>>> 
>>>>>>>>>    Default: 1
>>>>>>>>> 
>>>>>>>>> +udp_port - INTEGER
>>>>>>>> 
>>>>>>>> Need to be more verbose here, and also mention the RFC.
>>>>>>>> 
>>>>>>>>> +     The listening port for the local UDP tunneling sock.
>>>>>>>>      , shared by all applications in the same net namespace.
>>>>>>>>> +     UDP encapsulation will be disabled when it's set to 0.
>>>>>>>> 
>>>>>>>>      "Note, however, that setting just this is not enough to actually
>>>>>>>>      use it. ..."
>>>>>>> When it's a client, yes,  but when it's a server, the encap_port can
>>>>>>> be got from the incoming packet.
>>>>>>> 
>>>>>>>> 
>>>>>>>>> +
>>>>>>>>> +     Default: 9899
>>>>>>>>> +
>>>>>>>>> encap_port - INTEGER
>>>>>>>>>    The default remote UDP encapsalution port.
>>>>>>>>>    When UDP tunneling is enabled, this global value is used to set
>>>>>>>> 
>>>>>>>> When is it enabled, which conditions are needed? Maybe it can be
>>>>>>>> explained only in the one above.
>>>>>>> Thanks!
>>>>>>> pls check if this one will be better:
>>>>>> 
>>>>>> It is. Verbose enough now, thx.
>>>>>> (one other comment below)
>>>>>> 
>>>>>>> 
>>>>>>> udp_port - INTEGER
>>>>>>> 
>>>>>>> The listening port for the local UDP tunneling sock.
>>>>>>> 
>>>>>>> This UDP sock is used for processing the incoming UDP-encapsulated
>>>>>>> SCTP packets (from RFC6951), and shared by all applications in the
>>>>>>> same net namespace. This UDP sock will be closed when the value is
>>>>>>> set to 0.
>>>>>>> 
>>>>>>> The value will also be used to set the src port of the UDP header
>>>>>>> for the outgoing UDP-encapsulated SCTP packets. For the dest port,
>>>>>>> please refer to 'encap_port' below.
>>>>>>> 
>>>>>>> Default: 9899
>>>>>> 
>>>>>> I'm now wondering if this is the right default. I mean, it is the
>>>>>> standard port for it, yes, but at the same time, it means loading SCTP
>>>>>> module will steal/use that UDP port on all net namespaces and can lead
>>>>>> to conflicts with other apps. A more conservative approach here is to
>>>>>> document the standard port, but set the default to 0 and require the
>>>>>> user to set it in if it is expected to be used.
>>>>>> 
>>>>>> Did FreeBSD enable it by default too?
>>>>> No. The default is 0, which means that the encapsulation is turned off.
>>>>> Setting this sysctl variable to a non-zero value enables the UDP tunneling
>>>>> with the given port.
>>>> 
>>>> Thanks Michael.
>>>> Xin, then we should change this default value (and update the
>>>> documentation above accordingly, to still have the standard port #
>>>> readily available in there).
>>> OK, I misunderstood the RFC.
>> Does that RFC mandate that the feature is on by default? Can you point me to
>> that text?
> Not really.
> 
> I was thinking that by leaving it to 9899 by default users don't need to
> know the port when want to use it, and yet I didn't want to add another
> sysctl member. :D
OK. Thanks for letting me know.

Best regards
Michael
> 
>> 
>> Best regards
>> Michael
>>> 
>>> I will remove the call to sctp_udp_sock_start/stop() from
>>> sctp_ctrlsock_init/exit(), and set the udp_port as 0 by default.
>>> 
>>> Thanks.
>>
Xin Long Oct. 26, 2020, 5:58 a.m. UTC | #14
On Thu, Oct 22, 2020 at 4:47 PM David Laight <David.Laight@aculab.com> wrote:
>
> From: Xin Long
> > Sent: 22 October 2020 04:13
> ...
> > I was thinking that by leaving it to 9899 by default users don't need to
> > know the port when want to use it, and yet I didn't want to add another
> > sysctl member. :D
>
> Could you make 1 mean 9899?
still feel not good, since it's called 'udp_port'.

I will add a note in ip-sysctl.rst:

udp_port - INTEGER
        The listening port for the local UDP tunneling sock. Normally it's
        using the IANA-assigned UDP port number 9899 (sctp-tunneling).
        ...

Thanks.
> So:
>   0 => disabled
>   1 => default port
>   n => use port n
> I doubt that disallowing port 1 is a problem!
>
>         David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
diff mbox series

Patch

diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 3909305..9effc45 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -2640,6 +2640,12 @@  addr_scope_policy - INTEGER
 
 	Default: 1
 
+udp_port - INTEGER
+	The listening port for the local UDP tunneling sock.
+	UDP encapsulation will be disabled when it's set to 0.
+
+	Default: 9899
+
 encap_port - INTEGER
 	The default remote UDP encapsalution port.
 	When UDP tunneling is enabled, this global value is used to set
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index c8de327..894ab12 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1469,6 +1469,10 @@  static int __net_init sctp_ctrlsock_init(struct net *net)
 	if (status)
 		pr_err("Failed to initialize the SCTP control sock\n");
 
+	status = sctp_udp_sock_start(net);
+	if (status)
+		pr_err("Failed to initialize the SCTP UDP tunneling sock\n");
+
 	return status;
 }
 
@@ -1476,6 +1480,7 @@  static void __net_exit sctp_ctrlsock_exit(struct net *net)
 {
 	/* Free the control endpoint.  */
 	inet_ctl_sock_destroy(net->sctp.ctl_sock);
+	sctp_udp_sock_stop(net);
 }
 
 static struct pernet_operations sctp_ctrlsock_ops = {
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index ecc1b5e..e92df77 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -49,6 +49,8 @@  static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos);
 static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, void *buffer,
 				size_t *lenp, loff_t *ppos);
+static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, void *buffer,
+				 size_t *lenp, loff_t *ppos);
 static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp, loff_t *ppos);
 static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
@@ -292,6 +294,15 @@  static struct ctl_table sctp_net_table[] = {
 		.proc_handler	= proc_dointvec,
 	},
 	{
+		.procname	= "udp_port",
+		.data		= &init_net.sctp.udp_port,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_sctp_do_udp_port,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= &udp_port_max,
+	},
+	{
 		.procname	= "encap_port",
 		.data		= &init_net.sctp.encap_port,
 		.maxlen		= sizeof(int),
@@ -487,6 +498,47 @@  static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
 	return ret;
 }
 
+static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write,
+				 void *buffer, size_t *lenp, loff_t *ppos)
+{
+	struct net *net = current->nsproxy->net_ns;
+	unsigned int min = *(unsigned int *)ctl->extra1;
+	unsigned int max = *(unsigned int *)ctl->extra2;
+	struct ctl_table tbl;
+	int ret, new_value;
+
+	memset(&tbl, 0, sizeof(struct ctl_table));
+	tbl.maxlen = sizeof(unsigned int);
+
+	if (write)
+		tbl.data = &new_value;
+	else
+		tbl.data = &net->sctp.udp_port;
+
+	ret = proc_dointvec(&tbl, write, buffer, lenp, ppos);
+	if (write && ret == 0) {
+		struct sock *sk = net->sctp.ctl_sock;
+
+		if (new_value > max || new_value < min)
+			return -EINVAL;
+
+		net->sctp.udp_port = new_value;
+		sctp_udp_sock_stop(net);
+		if (new_value) {
+			ret = sctp_udp_sock_start(net);
+			if (ret)
+				net->sctp.udp_port = 0;
+		}
+
+		/* Update the value in the control socket */
+		lock_sock(sk);
+		sctp_sk(sk)->udp_port = htons(net->sctp.udp_port);
+		release_sock(sk);
+	}
+
+	return ret;
+}
+
 int sctp_sysctl_net_register(struct net *net)
 {
 	struct ctl_table *table;