Check that SYN+ACK packets are retransmitted in SYN_RCVD state.

bluhm · bluhm · commit 4c5c4401a4d8 · 2025-08-01T21:58:48.000Z
diff --git a/regress/sys/netinet/tcpstate/Makefile b/regress/sys/netinet/tcpstate/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 2025/08/01 11:10:00 bluhm Exp $
+#	$OpenBSD: Makefile,v 1.4 2025/08/01 21:58:48 bluhm Exp $
 
 # Copyright (c) 2025 Alexander Bluhm <bluhm@openbsd.org>
 #
@@ -111,7 +111,7 @@ run-$t: $t.py addr.py
 	${SUDO} ${PYTHON}$t.py
 .endfor
 
-.for t in CLOSING ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK SYN_SENT
+.for t in CLOSING ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK SYN_RCVD SYN_SENT
 REGRESS_TARGETS +=	run-netstat-${t:L:S/_//g}
 netstat-${t:L:S/_//g}.log:
 	${MAKE} -C ${.CURDIR} run-tcp_${t:L:S/_//g:C/[12]//}
diff --git a/regress/sys/netinet/tcpstate/README b/regress/sys/netinet/tcpstate/README
@@ -1,3 +1,12 @@
 These regress tests use a local and remote machine.  On remote
 machine inetd is providing services.  Local machine runs scapy to
 navigate the remote TCP stack through the TCP state diagram.
+For active connections netcat is started on remote machine.
+
+tcp_closing	FIN packets are retransmitted in CLOSING state.
+tcp_established	data packets are retransmitted in ESTABLISHED state.
+tcp_finwait	FIN retransmitted in FIN_WAIT_1 and goto FIN_WAIT_2 state.
+tcp_lastack	FIN packets are retransmitted in LAST_ACK state.
+tcp_syncache	SYN+ACK packets are retransmitted by SYN cache.
+tcp_synrcvd	SYN+ACK retransmitted in SYN_RCVD after SYN_SENT state.
+tcp_synsent	SYN packets are retransmitted in SYN_SENT state.
diff --git a/regress/sys/netinet/tcpstate/tcp_closing.py b/regress/sys/netinet/tcpstate/tcp_closing.py
@@ -89,8 +89,8 @@ def run(self):
 	    (recv_fin.getlayer(TCP).flags))
 	exit(1)
 if recv_ack.seq != recv_fin.seq or recv_ack.ack != 3:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in recv ack" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in recv ack" % \
 	    (recv_fin.seq, 3, recv_ack.seq, recv_ack.ack))
 	exit(1)
 
@@ -115,8 +115,8 @@ def run(self):
 if rxmit_fin is None:
 	print("ERROR: No FIN retransmitted from daytime server.")
 if rxmit_fin.seq != data.seq+tcplen or rxmit_fin.ack != 3:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in rxmit FIN" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in rxmit FIN" % \
 	    (data.seq+tcplen, 3, rxmit_fin.seq, rxmit_fin.ack))
 	exit(1)
 
diff --git a/regress/sys/netinet/tcpstate/tcp_established.py b/regress/sys/netinet/tcpstate/tcp_established.py
@@ -103,8 +103,8 @@ def run(self):
 if rxmit_echo is None:
 	print("ERROR: No echo retransmitted from echo server.")
 if rxmit_echo.seq != synack.seq+1+paylen-1 or rxmit_echo.ack != 2+paylen:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in rxmit echo" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in rxmit echo" % \
 	    (synack.seq+1+paylen-1, 2+paylen, rxmit_echo.seq, rxmit_echo.ack))
 	exit(1)
 
diff --git a/regress/sys/netinet/tcpstate/tcp_finwait.py b/regress/sys/netinet/tcpstate/tcp_finwait.py
@@ -72,8 +72,8 @@ def run(self):
 	    (recv_fin.getlayer(TCP).flags))
 	exit(1)
 if recv_fin.seq != data.seq+tcplen or recv_fin.ack != 2:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in recv fin" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in recv fin" % \
 	    (data.seq+tcplen, 2, recv_fin.seq, recv_fin.ack))
 	exit(1)
 
@@ -121,8 +121,8 @@ def run(self):
 if rxmit_fin is None:
 	print("ERROR: No FIN retransmitted from daytime server.")
 if rxmit_fin.seq != data.seq+tcplen or rxmit_fin.ack != 2:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in rxmit FIN" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in rxmit FIN" % \
 	    (data.seq+tcplen, 2, rxmit_fin.seq, rxmit_fin.ack))
 	exit(1)
 
diff --git a/regress/sys/netinet/tcpstate/tcp_lastack.py b/regress/sys/netinet/tcpstate/tcp_lastack.py
@@ -72,8 +72,8 @@ def run(self):
 	print("ERROR: No FIN received from discard server.")
 	exit(1)
 if recv_fin.seq != synack.seq+1 or recv_fin.ack != 3:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in recv fin" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in recv fin" % \
 	    (synack.seq+1, 3, recv_fin.seq, recv_fin.ack))
 	exit(1)
 
@@ -95,8 +95,8 @@ def run(self):
 if rxmit_fin is None:
 	print("ERROR: No FIN retransmitted from discard server.")
 if rxmit_fin.seq != synack.seq+1 or rxmit_fin.ack != 3:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in rxmit FIN" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in rxmit FIN" % \
 	    (synack.seq+1, 3, rxmit_fin.seq, rxmit_fin.ack))
 	exit(1)
 
diff --git a/regress/sys/netinet/tcpstate/tcp_synrcvd.py b/regress/sys/netinet/tcpstate/tcp_synrcvd.py
@@ -0,0 +1,117 @@
+#!/usr/local/bin/python3
+# transfer peer from SYN_SENT to SYN_RCVD state an check retransmit of SYN+ACK
+# from LISTEN state SYN_RCVD is cannot be reached as SYN cache handles it
+
+import os
+import threading
+from addr import *
+from scapy.all import *
+
+class Sniff1(threading.Thread):
+	filter = None
+	captured = None
+	packet = None
+	count = None
+	timeout = None
+	def __init__(self, count=1, timeout=3):
+		self.count = count
+		self.timeout = timeout
+		# clear packets buffered by scapy bpf
+		sniff(iface=LOCAL_IF, timeout=1)
+		super(Sniff1, self).__init__()
+	def run(self):
+		self.captured = sniff(iface=LOCAL_IF, filter=self.filter,
+		    count=self.count, timeout=self.timeout)
+		if self.captured:
+			self.packet = self.captured[0]
+
+ip=IP(src=FAKE_NET_ADDR, dst=REMOTE_ADDR)
+tport=os.getpid() & 0xffff
+
+print("Start sniffer for SYN packet from peer");
+sniffer = Sniff1(timeout=10)
+sniffer.filter = \
+    "ip and src %s and dst %s and tcp port %u " \
+    "and tcp[tcpflags] = tcp-syn" % \
+    (ip.dst, ip.src, tport)
+sniffer.start()
+time.sleep(1)
+
+print("Connect netcat")
+nc=os.popen("ssh %s nc -4Nn -s %s %s %u" % (REMOTE_SSH, ip.dst, ip.src, tport),
+    mode='w')
+
+print("Wait for SYN.")
+sniffer.join(timeout=10)
+syn=sniffer.packet
+if syn is None:
+	print("ERROR: No SYN received from netcat client.")
+	exit(1)
+
+print("Start sniffer for SYN+ACK packet from peer");
+sniffer = Sniff1(count=2, timeout=10)
+sniffer.filter = \
+    "ip and src %s and dst %s and tcp port %u " \
+    "and tcp[tcpflags] = tcp-syn|tcp-ack" % \
+    (ip.dst, ip.src, tport)
+sniffer.start()
+time.sleep(1)
+
+print("Send SYN packet, receive SYN+ACK.")
+synsyn=TCP(sport=syn.dport, dport=syn.sport, flags='S',
+    seq=1, ack=syn.seq+1, window=(2**16)-1)
+send(ip/synsyn)
+
+print("Wait for SYN+ACK and its retransmit.")
+sniffer.join(timeout=10)
+synack=sniffer.packet
+if synack is None:
+	print("ERROR: No SYN+ACK from netcat client received.")
+	exit(1)
+if synack.seq != syn.seq or synack.ack != 2:
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in SYN+ACK" % \
+	    (syn.seq, 2, synack.seq, synack.ack))
+	exit(1)
+
+print("Check peer is in SYN_RCVD state.")
+with os.popen("ssh "+REMOTE_SSH+" netstat -vnp tcp") as netstat:
+	with open("netstat-synrcvd.log", 'w') as log:
+		for line in netstat:
+			if "%s.%d" % (FAKE_NET_ADDR, tport) in line:
+				print(line)
+				log.write(line)
+
+print("Send ACK packet to finish handshake.")
+ack=TCP(sport=synack.dport, dport=synack.sport, flags='A',
+    seq=2, ack=synack.seq+1, window=(2**16)-1)
+send(ip/ack)
+
+print("Check peer is in ESTABLISHED state.")
+with os.popen("ssh "+REMOTE_SSH+" netstat -vnp tcp") as netstat:
+	with open("netstat-synrcvd.log", 'a') as log:
+		for line in netstat:
+			if "%s.%d" % (FAKE_NET_ADDR, tport) in line:
+				print(line)
+				log.write(line)
+
+print("Send reset to cleanup the connection")
+new_rst=TCP(sport=synack.dport, dport=synack.sport, flags='RA',
+    seq=ack.seq, ack=ack.ack)
+send(ip/new_rst)
+
+print("Check retransmit of SYN+ACK");
+rxmit_synack = sniffer.captured[1]
+if rxmit_synack is None:
+	print("ERROR: No SYN+ACK retransmitted from netcat client.")
+if rxmit_synack.ack != 2:
+	print("ERROR: expecting ack %d, got ack %d in rxmit SYN+ACK" % \
+	    (2, rxmit_synack.ack))
+	exit(1)
+if rxmit_synack.seq != syn.seq or rxmit_synack.ack != 2:
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in SYN+ACK" % \
+	    (syn.seq, 2, rxmit_synack.seq, rxmit_synack.ack))
+	exit(1)
+
+exit(0);
diff --git a/regress/sys/netinet/tcpstate/tcp_synsent.py b/regress/sys/netinet/tcpstate/tcp_synsent.py
@@ -37,7 +37,8 @@ def run(self):
 time.sleep(1)
 
 print("Connect netcat")
-os.popen("ssh %s nc -4n -s %s %s %u" % (REMOTE_SSH, ip.dst, ip.src, tport))
+nc=os.popen("ssh %s nc -4Nn -s %s %s %u" % (REMOTE_SSH, ip.dst, ip.src, tport),
+    mode='w')
 
 print("Wait for SYN and its retransmit.")
 sniffer.join(timeout=10)
@@ -58,11 +59,10 @@ def run(self):
     seq=1, ack=syn.seq+1, window=(2**16)-1)
 ack=sr1(ip/synack, timeout=5)
 if ack is None:
-	print("ERROR: No 3-way handshake ACK from netcat client received.")
+	print("ERROR: No ACK from netcat client received.")
 	exit(1)
 if ack.seq != syn.seq+1 or ack.ack != 2:
-	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
-	    "in 3-way handshake ACK" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d in ACK" % \
 	    (syn.seq+1, 2, ack.seq, ack.ack))
 	exit(1)
 
@@ -76,8 +76,8 @@ def run(self):
 if rxmit_syn is None:
 	print("ERROR: No SYN retransmitted from netstat client.")
 if rxmit_syn.seq != syn.seq or rxmit_syn.ack != syn.ack:
-	print("ERROR: expecting seq %d ack %d, " \
-	    "got seq %d ack %d in rxmit SYN" % \
+	print("ERROR: expecting seq %d ack %d, got seq %d ack %d " \
+	    "in rxmit SYN" % \
 	    (syn.seq, syn.ack, rxmit_syn.seq, rxmit_syn.ack))
 	exit(1)
 
