On Sun, 9 Feb 2025 12:00:56 -0500 Jon Maloy <jmaloy(a)redhat.com> wrote:When a local peer sends a UDP message to a non-existing port on an existing remote host, that host will return an ICMP message containing the error code ICMP_PORT_UNREACH, plus the header and the first eight bytes of the original message. If the sender socket has been connected, it uses this message to issue a "Connection Refused" event to the user. Until now, we have only read such events from the externally facing socket, but we don't forward them back to the local sender because we cannot read the ICMP message directly to user space. Because of this, the local peer will hang and wait for a response that never arrives.I haven't had a chance to really review this yet, in general it looks great to me (I was afraid it would be more complicated). I have a couple of preliminary questions though: - referring to the paragraph above: what about TCP (which is the case where a peer might actually hang)? Do you plan to support errors for TCP's connect() in a separate patch?We now fix this for IPv4 by recreating and forwarding a correct ICMP message back to the internal sender. We synthesize the message based on the information in the extended error structure, plus the returned part of the original message body.- ...and what about IPv6 and NDP? Also separate patch? In that case, would it perhaps make sense to implement and submit that as a series so that we have a consistent behaviour to begin with? -- Stefano