diff options
author | Mithun Iyer <iyerm@google.com> | 2021-04-17 11:30:36 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-04-17 11:32:17 -0700 |
commit | 9b4cc3d43bc79698762e1efa980148f12e8ad196 (patch) | |
tree | 15301debc1db874647b07f7b97a3d3a8256a96ee /pkg/seccomp | |
parent | 3b685753b4e9632ed8cde1ae284c79a9a14230b9 (diff) |
Avoid ignoring incoming packet by demuxer on endpoint lookup failure
This fixes a race that occurs while the endpoint is being unregistered
and the transport demuxer attempts to match the incoming packet to any
endpoint. The race specifically occurs when the unregistration (and
deletion of the endpoint) occurs, after a successful endpointsByNIC
lookup and before the endpoints map is further looked up with ingress
NICID of the packet.
The fix is to notify the caller of lookup-with-NICID failure, so that
the logic falls through to handling unknown destination packets.
For TCP this can mean replying back with RST.
The syscall test in this CL catches this race as the ACK completing the
handshake could get silently dropped on a listener close, causing no
RST sent to the peer and timing out the poll waiting for POLLHUP.
Fixes #5850
PiperOrigin-RevId: 369023779
Diffstat (limited to 'pkg/seccomp')
0 files changed, 0 insertions, 0 deletions