diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2025-03-05 15:32:30 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2025-03-05 21:46:32 +0100 |
| commit | 672d786de1c1f2aca32caedbcf440f710c4aecb5 (patch) | |
| tree | 8401644cfa30717355b9323ce2fbdfd8837877bc /contrib | |
| parent | 1f236817ea715e9215e0fe4ecb0938d0a9809ce1 (diff) | |
| download | passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar.gz passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar.bz2 passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar.lz passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar.xz passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.tar.zst passt-672d786de1c1f2aca32caedbcf440f710c4aecb5.zip | |
tcp: Send RST in response to guest packets that match no connection
Currently, if a non-SYN TCP packet arrives which doesn't match any existing
connection, we simply ignore it. However RFC 9293, section 3.10.7.1 says
we should respond with an RST to a non-SYN, non-RST packet that's for a
CLOSED (i.e. non-existent) connection.
This can arise in practice with migration, in cases where some error means
we have to discard a connection. We destroy the connection with tcp_rst()
in that case, but because the guest is stopped, we may not be able to
deliver the RST packet on the tap interface immediately. This change
ensures an RST will be sent if the guest tries to use the connection again.
A similar situation can arise if a passt/pasta instance is killed or
crashes, but is then replaced with another attached to the same guest.
This can leave the guest with stale connections that the new passt instance
isn't aware of. It's better to send an RST so the guest knows quickly
these are broken, rather than letting them linger until they time out.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib')
0 files changed, 0 insertions, 0 deletions