From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=Qgz9HEkc; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 2B2345A0274 for ; Fri, 28 Feb 2025 03:13:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1740708824; bh=BFe1jP//srPAoHQrhHv5gmcHwg2mDRayy78ARQUV8uw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Qgz9HEkc1eJVudgu5oEziu86ktirlS+dM8LiaVnFZCk9saURH6q/HmAC35CRuX5Mw kO+vKhZqsOXcwtEq+QbjijYPtj3nZ9S9ARrOdGMZ9l+wD3+nAt/lTCdA59ntsrEMYx T9Y7iwb3U3tHNtL5n61VdvX8bK825Ar9sqbRwLdUteII5KjgeObwoc+VEJk2iHsBAv uYYs1g0MyW+ug+UgPNuP6QRoLO1wwEARm+wS8qAqzZUvxkj3rm65fVX6hfqRp11d2Q w2YKw65aRJaMlLFwU3huaK97/ApwsKMd0e3f450wMBaEZBakeQ78bv2pEd89GQvydW XQqiPv6CduwQA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4Z3sFh5Vw6z4wcQ; Fri, 28 Feb 2025 13:13:44 +1100 (AEDT) Date: Fri, 28 Feb 2025 13:13:35 +1100 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v7 4/4] udp: create and send ICMPv6 to local peer when applicable Message-ID: References: <20250227213518.506955-1-jmaloy@redhat.com> <20250227213518.506955-5-jmaloy@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fbY97949ld9QRNrr" Content-Disposition: inline In-Reply-To: <20250227213518.506955-5-jmaloy@redhat.com> Message-ID-Hash: MXC4ZJ4Z4YO36EH652WC32SRXCPRKMLY X-Message-ID-Hash: MXC4ZJ4Z4YO36EH652WC32SRXCPRKMLY X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --fbY97949ld9QRNrr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 27, 2025 at 04:35:18PM -0500, Jon Maloy wrote: > When a local peer sends a UDP message to a non-existing port on an > existing remote host, that host will return an ICMPv6 message containing > the error code ICMP6_DST_UNREACH_NOPORT, plus the IPv6 header, UDP header > and the first 1232 bytes of the original message, if any. If the sender > socket has been connected, it uses this message to issue a > "Connection Refused" event to the user. >=20 > Until now, we have only read such events from the externally facing > socket, but we don't forward them back to the local sender because > we cannot read the ICMP message directly to user space. Because of > this, the local peer will hang and wait for a response that never > arrives. >=20 > We now fix this for IPv6 by recreating and forwarding a correct ICMP > message back to the internal sender. We synthesize the message based > on the information in the extended error structure, plus the returned > part of the original message body. >=20 > Note that for the sake of completeness, we even produce ICMP messages > for other error types and codes. We have noticed that at least > ICMP_PROT_UNREACH is propagated as an error event back to the user. >=20 > Signed-off-by: Jon Maloy Reviewed-by: David Gibson Only real thing I'd question is whether we want to put the Packet Too Big handling in this patch, or delay it to another series that addresses bug 63 and is specifically tested with path MTU discovery. [snip] > +static void udp_send_conn_fail_icmp6(const struct ctx *c, > + const struct sock_extended_err *ee, > + const struct flowside *toside, > + void *in, size_t dlen, uint32_t flow) > +{ > + const struct in6_addr *oaddr =3D &toside->oaddr.a6; > + const struct in6_addr *eaddr =3D &toside->eaddr.a6; > + in_port_t eport =3D toside->eport; > + in_port_t oport =3D toside->oport; > + struct { > + struct icmp6_hdr icmp6h; > + struct ipv6hdr ip6h; > + struct udphdr uh; > + char data[ICMP6_MAX_DLEN]; > + } __attribute__((packed, aligned(__alignof__(max_align_t)))) msg; > + size_t msglen =3D sizeof(msg) - sizeof(msg.data) + dlen; > + size_t l4len =3D dlen + sizeof(struct udphdr); Nit: ASSERT(dlen < ICMP6_MAX_DLEN)? --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --fbY97949ld9QRNrr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfBG84ACgkQzQJF27ox 2GcUkA//QOyFSY62sTMFkTqV0E+e2Bxe07R9GxZ7f3qYH7u1LOVcx0aKkLkAYxDf qknbV4qsCDso+n/XG4YF4xCmETFToyvD8OBVGgx2X0OrrgNfAUk+BPYTgkpHKtYj QvhHOchiMQP/Y6lZlilT5Cz5biv7lu3qNJTDiF2UvCmDijaibhpDSkIFhVCVpvbK N1Nrj4d0jVUGNJaq0jDjD0YUXIDR4xXPIiZtfV6/xjgYYi242TenqR+apCX8tAvt wsn7h3ovSwdgrwaW9EWwuKH80aHc7LxP4gRYBcTVJU6uqjgtuNfZALLtI8/yvj24 Rvwp2WTcuypsVGVzadkUk1bZvSGUmfPyQAuoW5ZSsM96wkmskVow8aLoO5Naupkg /vGwDdbR9TMpVnt0NDUnYGdsU5WqK0ItcJKu1em82dJRdOtSW5DAk7ZnUzrzpew3 vg/yOMP2oYbqu+aXLNQehm49cDbJYjZ2gX+cPvwOvGRMH+TpQ6ziugbyRxtH8nPK x/PmXlubh9DXWj0aMwYZ2UuAVKncgeko3P0aeTvcJhxf7tzb6rU2/+lrAERHBuz4 d4ksg/oAxslmoQb8UH8YgtP/7wmZKYS2mZM8lpHyZV1zWfIsUAS1RTPCUdH8M97U C8Xl+mhWyANgj0EhSZIsVvN77PDP6B11ndmlKbOM4kgRaZ7y9m4= =8fFJ -----END PGP SIGNATURE----- --fbY97949ld9QRNrr--