On Mon, 24 Feb 2025 14:24:47 -0500
Jon Maloy <jmaloy(a)redhat.com> wrote:
When a local peer sends a UDP message to a
non-existing port on an
existing remote host, that host will return an ICMP message containing
the error code ICMP_PORT_UNREACH, plus the header and the first eight
bytes of the original message. If the sender socket has been connected,
it uses this message to issue a "Connection Refused" event to the user.
Until now, we have only read such events from the externally facing
socket, but we don't forward them back to the local sender because
we cannot read the ICMP message directly to user space. Because of
this, the local peer will hang and wait for a response that never
arrives.
We now fix this for IPv6 by recreating and forwarding a correct ICMP
message back to the internal sender. We synthesize the message based
on the information in the extended error structure, plus the returned
part of the original message body.
Note that for the sake of completeness, we even produce ICMP messages
for other error codes. We have noticed that at least ICMP_PROT_UNREACH
is propagated as an error event back to the user.
Have a look at
https://bugs.passt.top/show_bug.cgi?id=63#c1 if you
haven't (I didn't really go through it).
While bug #63 is beyond the scope of this series, if you register an
account on the bug tracker you can be Cc'ed on comments.