From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=TsvY7lcm;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 12FBB5A9C34
	for <passt-dev@passt.top>; Wed, 05 Mar 2025 05:32:46 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1741149153;
	bh=JeUV/I2RTsfFEP0mMoHb7yXomav6ETmhrtBu49vxT3Y=;
	h=From:To:Cc:Subject:Date:From;
	b=TsvY7lcmU+KAQnSlPgHSualSdTcWlevA2x0zFzmvf0ElwPBBnxCN5C1NTTGJoYbPs
	 evMEVgrpnjl1TcK0+SoglRl117veNVhKbsKjY6SDw6KEbYfh5GLImfZNNF8ZY3XBoS
	 JI1iWJ//G6W79kIfWk5C2iBuKG5RqaPGqHVUIUb6oi8Zfzp7Btu6rkgfT32RLWPHJ0
	 ItGqYTXo9OVUi02xpydIjf1wmTB5ATDIk7rfbnOLVRXKTSVvlSI5yaSPQ6NM7v/WKY
	 syooeRyIatCmaiBXgwk+5vKtuaG3U4mBjtKkcrvG580zqaHwbGK8kRu4Nr9RiQpY4k
	 9lrNWjjZ3PcWA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Z705Y00Fcz4x0t; Wed,  5 Mar 2025 15:32:32 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 0/3] Send RST for guest packets with no flow
Date: Wed,  5 Mar 2025 15:32:27 +1100
Message-ID: <20250305043230.1576131-1-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.48.1
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: T2WOXPCMCAMQFSFL6HK5ZYLY5UKOLTNM
X-Message-ID-Hash: T2WOXPCMCAMQFSFL6HK5ZYLY5UKOLTNM
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250305043230.1576131-1-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/T2WOXPCMCAMQFSFL6HK5ZYLY5UKOLTNM/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

As we discussed on email, this adds support for sending an RST in
response to packets from the guest which don't match an existing flow
and are neither SYN (requesting a new connection) nor themselves RST.

This is a sligjhtly larger patch than I'd like, but I can't really see
a way to simplify it without making fairly extensive reworks to share
more code with paths for RST where there is a known connection.  That
would end up being more churn.

This doesn't (IMO) correctly handle IPv6 flow labels.  Fixing that
raises several additional issues regarding flow labels, so I've
decided to defer that for now.

v2:
 * Assorted cosmetic fixups
 * Use correct IPv6 flow label for packets
   * This required two preliminary patches
 * tcp_rst_no_conn() is now static

David Gibson (3):
  ip: Helpers to access IPv6 flow label
  tap: Consider IPv6 flow label when building packet sequences
  tcp: Send RST in response to guest packets that match no connection

 ip.h  | 24 ++++++++++++++++++
 tap.c | 25 ++++++++++---------
 tap.h |  6 +++++
 tcp.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 tcp.h |  2 +-
 5 files changed, 118 insertions(+), 17 deletions(-)

-- 
2.48.1