On Mon, 24 Feb 2025 14:24:47 -0500 Jon Maloy <jmaloy(a)redhat.com> wrote:When a local peer sends a UDP message to a non-existing port on an existing remote host, that host will return an ICMP message containing the error code ICMP_PORT_UNREACH, plus the header and the first eight bytes of the original message. If the sender socket has been connected, it uses this message to issue a "Connection Refused" event to the user. Until now, we have only read such events from the externally facing socket, but we don't forward them back to the local sender because we cannot read the ICMP message directly to user space. Because of this, the local peer will hang and wait for a response that never arrives. We now fix this for IPv6 by recreating and forwarding a correct ICMP message back to the internal sender. We synthesize the message based on the information in the extended error structure, plus the returned part of the original message body. Note that for the sake of completeness, we even produce ICMP messages for other error codes. We have noticed that at least ICMP_PROT_UNREACH is propagated as an error event back to the user.Have a look at https://bugs.passt.top/show_bug.cgi?id=63#c1 if you haven't (I didn't really go through it). While bug #63 is beyond the scope of this series, if you register an account on the bug tracker you can be Cc'ed on comments. -- Stefano