From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=B6s+rp7+; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 30CAB5A0275 for ; Sat, 25 Jan 2025 21:16:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737836211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bfkMkmnSQwCCESJtB/D+3f0sBrSUps/8hLK/KEnuZ9E=; b=B6s+rp7+AIDJscaJW1sCUtMMjaj5/ZIbsZCFIkhxOmOdwlUnsh6cMLMSU72dT2FMIY35PX +qnHYe6bIsUNngX2hg/Dx8Pmscj26dlixesAHymcGxErqDPw7n3grngGSY4okQb4xIeiHq R1t2dSb0kcK2iraGcmDTadl5oy/W/pY= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-452-eOVGFmfLPg-LB7GQHyLbEg-1; Sat, 25 Jan 2025 15:16:50 -0500 X-MC-Unique: eOVGFmfLPg-LB7GQHyLbEg-1 X-Mimecast-MFC-AGG-ID: eOVGFmfLPg-LB7GQHyLbEg Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B248B1800360 for ; Sat, 25 Jan 2025 20:16:49 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.81.70]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 342BD18008C0; Sat, 25 Jan 2025 20:16:48 +0000 (UTC) From: Jon Maloy To: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com, jmaloy@redhat.com Subject: pasta: set correct flags in reset message when outgoing connection setup fails Date: Sat, 25 Jan 2025 15:16:47 -0500 Message-ID: <20250125201647.902478-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: CSxTT1_y3pyFUL3qBGVUu2RzVZn84y-oThsX4CBhKWY_1737836209 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: P6MLMINDEMD2SGWTBYX6VDPSOJ2RHIXA X-Message-ID-Hash: P6MLMINDEMD2SGWTBYX6VDPSOJ2RHIXA X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Bug #93 states that a connect() will hang if the remote port of a connection setup doesn't exist. The remote host will respond with the (RST | SYN | ACK) flags set, but we only relay the RST flag back to the local user. This causes the situation described above. We now add a check if the reset happens in the connection state TAP_SYN_RCVD, in which case we add the missing (SYN | ACK) flags. This solves the problem. Signed-off-by: Jon Maloy --- tcp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tcp.c b/tcp.c index c89f323..46df6bd 100644 --- a/tcp.c +++ b/tcp.c @@ -1199,9 +1199,14 @@ static int tcp_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, */ void tcp_rst_do(const struct ctx *c, struct tcp_tap_conn *conn) { + int flags = RST; + if (conn->events == CLOSED) return; + if (conn->events == TAP_SYN_RCVD) + flags |= SYN | ACK; + if (!tcp_send_flag(c, conn, RST)) conn_event(c, conn, CLOSED); } -- 2.48.0