From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1K6UjY-0005Hq-Ti for qemu-devel@nongnu.org; Wed, 11 Jun 2008 14:07:44 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1K6UjY-0005HG-7S for qemu-devel@nongnu.org; Wed, 11 Jun 2008 14:07:44 -0400 Received: from [199.232.76.173] (port=49506 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1K6UjX-0005H7-Vo for qemu-devel@nongnu.org; Wed, 11 Jun 2008 14:07:44 -0400 Received: from miranda.se.axis.com ([193.13.178.8]:60752) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1K6UjX-0002qY-KP for qemu-devel@nongnu.org; Wed, 11 Jun 2008 14:07:44 -0400 Received: from axis.com (edgar.se.axis.com [10.93.151.1]) by miranda.se.axis.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m5BI7eJa019707 for ; Wed, 11 Jun 2008 20:07:40 +0200 Date: Wed, 11 Jun 2008 20:07:39 +0200 From: "Edgar E. Iglesias" Subject: Re: [Qemu-devel] [PATCH] Proposed fix broken RST response to a slirp redirect socket Message-ID: <20080611180739.GA20729@edgar.se.axis.com> References: <485009A9.6000900@windriver.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <485009A9.6000900@windriver.com> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wessel Cc: qemu-devel@nongnu.org On Wed, Jun 11, 2008 at 12:21:45PM -0500, Jason Wessel wrote: > > When using slirp networking with a redirected tcp socket, the qemu guest > os does not receive RST packets when a redirected, accepted socket goes > into the FIN_WAIT_2 status. Presently slirp sends ACKs instead of RST > packets, which means the guest os application socket writes do not fail > event after the client has terminated the socket. > > Here is a simple way to demonstrate the problem. > > * Start qemu with user mode networking plus: > -redir tcp:4441::4441 > > * Assuming you booted a linux guest os you could run: > cat /dev/zero | nc -p 4441 -l > > * On the host run the following command and you > must hit control-c after about 1 second > nc localhost 4441 Hello Jason, IIRC connections in FIN_WAIT_2 can continue to receive data. If I might take a wild guess at whats going on: The host closed the receiving socket when you ctrl-c nc. That socket still has data in it's rcvbuf so the stack aborts the connection and sends a RST. The slirp code should now see a -1 on it's next write to that socket and an errno ECONNRESET but it's not correctly taking care of that case, instead it's incorrectly setting the TCP state to FIN_WAIT_2. It should have set it to CLOSED and sent a RST to the guest. Best regards > > > If you were to TCP dump the connection in the guest OS you would see > after killing the "nc" on the host computer that slirp keep acking the > packets, even though no client application is there. > > 14:55:38.385310 IP 10.0.2.15.4441 > 10.0.2.2.37227: P > 8884509:8885077(568) ack 2 win 5840 > 14:55:38.385310 IP 10.0.2.2.37227 > 10.0.2.15.4441: . ack 8885077 win 0 > 14:55:38.589613 IP 10.0.2.15.4441 > 10.0.2.2.37227: . ack 2 win 5840 > 14:55:38.589613 IP 10.0.2.2.37227 > 10.0.2.15.4441: . ack 8885077 win 0 > 14:55:38.997437 IP 10.0.2.15.4441 > 10.0.2.2.37227: . ack 2 win 5840 > 14:55:38.997653 IP 10.0.2.2.37227 > 10.0.2.15.4441: . ack 8885077 win 0 > 14:55:39.813522 IP 10.0.2.15.4441 > 10.0.2.2.37227: . ack 2 win 5840 > 14:55:39.813758 IP 10.0.2.2.37227 > 10.0.2.15.4441: . ack 8885077 win 0 > 14:55:41.445562 IP 10.0.2.15.4441 > 10.0.2.2.37227: . ack 2 win 5840 > 14:55:41.445769 IP 10.0.2.2.37227 > 10.0.2.15.4441: . ack 8885077 win 0 > > > The correct behavior should be to send an RST and not an ACK. There > might be several ways to correct this problem. The attached patch is > one possible way to implement the RFC compliant behavior. With the > patch, the tcp dump starts to look like: > > 15:04:34.567350 IP 10.0.2.15.4441 > 10.0.2.2.58510: P > 2101533:2102993(1460) ack 1 win 5840 > 15:04:34.567350 IP 10.0.2.2.58510 > 10.0.2.15.4441: . ack 2102993 win 5840 > 15:04:34.570718 IP 10.0.2.2.58510 > 10.0.2.15.4441: F 1:1(0) ack 2102993 > win 5840 > 15:04:34.571383 IP 10.0.2.15.4441 > 10.0.2.2.58510: . > 2102993:2104453(1460) ack 1 win 5840 > 15:04:34.571383 IP 10.0.2.2.58510 > 10.0.2.15.4441: F 1:1(0) ack 2104453 > win 4380 > 15:04:34.571383 IP 10.0.2.15.4441 > 10.0.2.2.58510: P > 2104453:2105345(892) ack 1 win 5840 > 15:04:34.571383 IP 10.0.2.2.58510 > 10.0.2.15.4441: F 1:1(0) ack 2105345 > win 3488 > 15:04:34.571383 IP 10.0.2.15.4441 > 10.0.2.2.58510: . ack 2 win 5840 > 15:04:34.571383 IP 10.0.2.15.4441 > 10.0.2.2.58510: . ack 2 win 5840 > 15:04:34.571383 IP 10.0.2.2.58510 > 10.0.2.15.4441: R > 12032003:12032003(0) win 3488 > > Also with the patch, the SIG_PIPE handlers start to work correctly in > the guest OS. > > Thanks, > Jason. > From: Jason Wessel > Subject: [PATCH] slirp: Fix broken RST response to a slirp redirect socket > > When using slirp networking with a redirected tcp socket, the qemu > guest os does not receive RST packets when a redirected, accepted > socket goes into the FIN_WAIT_2 status. Presently slirp sends ACKs > instead of RST packets, which means the guest os application socket > writes do not fail event after the client has terminated the socket. > > This patch changes the behavior to correctly send RST packets instead > of ACKS. > > Signed-off-by: Jason Wessel > > --- > slirp/tcp_input.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/slirp/tcp_input.c > +++ b/slirp/tcp_input.c > @@ -432,7 +432,7 @@ findso: > tp = sototcpcb(so); > > /* XXX Should never fail */ > - if (tp == 0) > + if (tp == 0 || tp->t_state == TCPS_FIN_WAIT_2) > goto dropwithreset; > if (tp->t_state == TCPS_CLOSED) > goto drop; -- Edgar E. Iglesias Axis Communications AB