From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZmNBK3pE; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 29E525A0271 for ; Tue, 27 Jan 2026 12:32:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1769513557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a0bZKAKX1OJ4ebDQCaOhKV3R3X7v7SZZEFzPR7JrmEc=; b=ZmNBK3pEBA78gUlPNJEFzPQNHkwPD91KkuSgrJAgl8XJfu5DlYzy70vav21n75h+MgBhrz jc3XJUm/xF6nNJzb8vfqOOw0UAKijTUx0cjR0RRU5WmBcmj/jUHDB6ZQMDRuvujQi2i8f0 wIu5c64E7hFMU/gi+KMGylwfnMHTpQg= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-544-2HoGr47pOmOLHalxVmTHaw-1; Tue, 27 Jan 2026 06:32:35 -0500 X-MC-Unique: 2HoGr47pOmOLHalxVmTHaw-1 X-Mimecast-MFC-AGG-ID: 2HoGr47pOmOLHalxVmTHaw_1769513555 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-435a6c0c794so4289612f8f.2 for ; Tue, 27 Jan 2026 03:32:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769513555; x=1770118355; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=a0bZKAKX1OJ4ebDQCaOhKV3R3X7v7SZZEFzPR7JrmEc=; b=ThX08794ab0OcJ+BEsIR6U8h56JEKRHRg8Q5dD9xXGCOF4G4QRovJfjy1ylClyXc5+ pZM7Ux+2ZFwus6xpZClRGqMBSqEY3WJtlILf4qbhnDnobpkvkNcujyvVmDLlaAczssmy 8Gqgtth/1BF4VPiwqbKJqJfnd8/u4ascj8fBZvyW5BgTDbK3Z+D2yKZz9A38djTJrN0r pAxUyUhHW4xPxImU4aHq7LzvRoUpybGPQEqN6LPaCFp6NknFVjpmLolBKig24CDMqyi/ V5VJtBTQzdBHtq9DFApV+8R81pToHw6tmxLi6lR5sWXvy+1XkWonTtuUZpU7Pj77ek86 YQFA== X-Gm-Message-State: AOJu0YwwuuGEDBjknXU1erusRodxAvFy/PIUH5G3pTbfMOTomKVAGlP0 oXtjwxd9IWU3dQ7wMjjh3pl9O7L8RCvPeKTyBt63EwG69m0dIbiDcJCjOumK8kyJBfFVrAkZS58 0sOxaGrsLGG3gljkKjsCDvqfCPcvUdpbiiEbcxcxdo4cQMsTvpa6yMw== X-Gm-Gg: AZuq6aK2k7jRKVuQ7NqCgozrAsng2F48JStAO25pW+4/EaB9AKXtPTOFlgwMT8A6Wzb T+9I3Yxp/bU53oG4hhsCBEXP/pQZIlv8FuFa9l6m0pb2/q9GQqfY4VpRZBWPYaJXVV2PvMKgREV HzxCSeWGW174XiXUXGf0zk/O3mDF32cT3Zm7Lam2RRRaoaxCNKF6NoHEBo0A9dz0qX2HeSXVNIc hUNj2N1K7KBBdZK8YPYd6OVggwgo/TiZbTTdPJt2nbvV0itWiNH80r7l67W9iAu4Hs7tLTPteyS LFbjNRqHLpff+FhrdYP1iuNswDMqdBdR7f5BnzgEo9cDMgtOeAsEp9r+Nsr0wPo45CwZYUhszc7 6hYh+8yC2tFDFIB3niQTEJuFxdTUjZk+TvDN07w== X-Received: by 2002:a05:6000:609:b0:42b:38b1:e32e with SMTP id ffacd0b85a97d-435dd1ce0b2mr2320126f8f.46.1769513554486; Tue, 27 Jan 2026 03:32:34 -0800 (PST) X-Received: by 2002:a05:6000:609:b0:42b:38b1:e32e with SMTP id ffacd0b85a97d-435dd1ce0b2mr2320071f8f.46.1769513553843; Tue, 27 Jan 2026 03:32:33 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c30293sm38018636f8f.19.2026.01.27.03.32.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jan 2026 03:32:33 -0800 (PST) Date: Tue, 27 Jan 2026 12:32:32 +0100 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH 2/3] tcp: Properly propagate tap-side RST to socket side Message-ID: <20260127123232.4877d5e3@elisabeth> In-Reply-To: <20260127083953.824556-3-david@gibson.dropbear.id.au> References: <20260127083953.824556-1-david@gibson.dropbear.id.au> <20260127083953.824556-3-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: fGEVMwlhmOpYQCL9GuN_I7ldMoq9XDMnyuwAb7plNxc_1769513555 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: H3TFPVQ3DPUHXPHKL7JXKTCYRDSYUZTS X-Message-ID-Hash: H3TFPVQ3DPUHXPHKL7JXKTCYRDSYUZTS X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Tue, 27 Jan 2026 19:39:52 +1100 David Gibson wrote: > When the guest sends a TCP RST, or on certain error conditions, we want to > signal the abnormal termination of a TCP connection to the peer with an > RST as well. We attempt to do that by close()ing the socket. > > That doesn't work: a close() will usually send a FIN, rather than an RST. > The standard method of forcing an RST on a socket is to set the SO_LINGER > socket option with a 0 timeout, then close(). > > Update the tcp_rst() path to do this, so it forces a socket side RST. > Update the handling of a guest side RST to use the same path (minus > sending a tap side RST) so that we properly propagate guest RSTs to the > peer. > > Link: https://bugs.passt.top/show_bug.cgi?id=191 > > Signed-off-by: David Gibson > --- > tcp.c | 37 +++++++++++++++++++++++++++++++++---- > 1 file changed, 33 insertions(+), 4 deletions(-) > > diff --git a/tcp.c b/tcp.c > index 45dde5a0..9da37c2f 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -1403,7 +1403,34 @@ static int tcp_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, > } > > /** > - * tcp_rst_do() - Reset a tap connection: send RST segment to tap, close socket > + * tcp_sock_rst() - Close TCP connection forcing RST on socket side > + * @c: Execution context > + * @conn: Connection pointer > + */ > +static void tcp_sock_rst(const struct ctx *c, struct tcp_tap_conn *conn) > +{ > + const struct linger linger0 = { > + .l_onoff = 1, > + .l_linger = 0, > + }; > + > + /* Force RST on socket to inform the peer > + * > + * We do this by setting SO_LINGER with 0 timeout, which means that > + * close() will send an RST (unless the connection is already closed in > + * both directions). > + */ > + if (setsockopt(conn->sock, SOL_SOCKET, > + SO_LINGER, &linger0, sizeof(linger0)) < 0) { > + flow_dbg_perror(conn, > + "SO_LINGER failed, may not send RST to peer"); > + } > + > + conn_event(c, conn, CLOSED); > +} > + > +/** > + * tcp_rst_do() - Reset a tap connection: send RST segment on both sides, close > * @c: Execution context > * @conn: Connection pointer > */ > @@ -1412,8 +1439,10 @@ void tcp_rst_do(const struct ctx *c, struct tcp_tap_conn *conn) > if (conn->events == CLOSED) > return; > > + /* Send RST on tap */ > tcp_send_flag(c, conn, RST); > - conn_event(c, conn, CLOSED); > + > + tcp_sock_rst(c, conn); > } > > /** > @@ -1884,7 +1913,7 @@ static int tcp_data_from_tap(const struct ctx *c, struct tcp_tap_conn *conn, > return -1; > > if (th->rst) { > - conn_event(c, conn, CLOSED); > + tcp_sock_rst(c, conn); The whole series looks good to me, except for one exceedingly minor aspect: should we do this also in the getsockopt() error handling path of tcp_prepare_flags()? I would be inclined to apply it regardless of that, the fix is critical enough. I'll start the usual test run in a few hours. -- Stefano