Re: [PATCH v7 4/4] udp: create and send ICMPv6 to local peer when applicable

[David Gibson <david@gibson.dropbear.id.au>]

[-- Attachment #1: Type: text/plain, Size: 2507 bytes --]

On Thu, Feb 27, 2025 at 04:35:18PM -0500, Jon Maloy wrote:
> When a local peer sends a UDP message to a non-existing port on an
> existing remote host, that host will return an ICMPv6 message containing
> the error code ICMP6_DST_UNREACH_NOPORT, plus the IPv6 header, UDP header
> and the first 1232 bytes of the original message, if any. If the sender
> socket has been connected, it uses this message to issue a
> "Connection Refused" event to the user.
> 
> Until now, we have only read such events from the externally facing
> socket, but we don't forward them back to the local sender because
> we cannot read the ICMP message directly to user space. Because of
> this, the local peer will hang and wait for a response that never
> arrives.
> 
> We now fix this for IPv6 by recreating and forwarding a correct ICMP
> message back to the internal sender. We synthesize the message based
> on the information in the extended error structure, plus the returned
> part of the original message body.
> 
> Note that for the sake of completeness, we even produce ICMP messages
> for other error types and codes. We have noticed that at least
> ICMP_PROT_UNREACH is propagated as an error event back to the user.
> 
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

Only real thing I'd question is whether we want to put the Packet Too
Big handling in this patch, or delay it to another series that
addresses bug 63 and is specifically tested with path MTU discovery.

[snip]
> +static void udp_send_conn_fail_icmp6(const struct ctx *c,
> +				     const struct sock_extended_err *ee,
> +				     const struct flowside *toside,
> +				     void *in, size_t dlen, uint32_t flow)
> +{
> +	const struct in6_addr *oaddr = &toside->oaddr.a6;
> +	const struct in6_addr *eaddr = &toside->eaddr.a6;
> +	in_port_t eport = toside->eport;
> +	in_port_t oport = toside->oport;
> +	struct {
> +		struct icmp6_hdr icmp6h;
> +		struct ipv6hdr ip6h;
> +		struct udphdr uh;
> +		char data[ICMP6_MAX_DLEN];
> +	} __attribute__((packed, aligned(__alignof__(max_align_t)))) msg;
> +	size_t msglen = sizeof(msg) - sizeof(msg.data) + dlen;
> +	size_t l4len = dlen + sizeof(struct udphdr);

Nit:
	ASSERT(dlen < ICMP6_MAX_DLEN)?

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]