Re: Bug report connect to VM with Vagrant

[Eric Dumazet]

On Thu, Nov 30, 2023 at 2:55 PM Shachar Kagan <skagan@xxxxxxxxxx> wrote:
>
> Hi Eric,
>
> I have an issue that bisection pointed at this patch:
> commit 0a8de364ff7a14558e9676f424283148110384d6
> tcp: no longer abort SYN_SENT when receiving some ICMP
>

Please provide tcpdump/pcap captures.

 It is hard to say what is going on just by looking at some application logs.


> Full commit message at [1].
>
> The issue appears while using Vagrant to manage nested VMs.
> The steps are:
> * create vagrant file
> * vagrant up
> * vagrant halt (VM is created but shut down)
> * vagrant up - fail
>
> Turn on a VM with ‘Vagrant up’ fails when the VM is in halt state. When the VM hasn't been created yet, 'Vagrant up' passes.
> The failure occurs in the Net-SSH connection to the VM step.
> Vagrant error is ‘Guest communication could not be established! This is usually because SSH is not running, the authentication information was changed, or some other networking issue.'
> We use a new version of vagrant-libvirt.
> Turn on the VM with virsh instead of vagrant works.
>
> Stdout[2] bellow.
>
> Any idea what may cause the error with your patch?
>
> Thanks,
> Shachar Kagan
>
> [1]
> commit 0a8de364ff7a14558e9676f424283148110384d6
> Author: Eric Dumazet <edumazet@xxxxxxxxxx>
> Date:   Tue Nov 14 17:23:41 2023 +0000
>
>     tcp: no longer abort SYN_SENT when receiving some ICMP
>
>     Currently, non fatal ICMP messages received on behalf
>     of SYN_SENT sockets do call tcp_ld_RTO_revert()
>     to implement RFC 6069, but immediately call tcp_done(),
>     thus aborting the connect() attempt.
>
>     This violates RFC 1122 following requirement:
>
>     4.2.3.9  ICMP Messages
>     ...
>               o    Destination Unreachable -- codes 0, 1, 5
>
>                      Since these Unreachable messages indicate soft error
>                      conditions, TCP MUST NOT abort the connection, and it
>                      SHOULD make the information available to the
>                      application.
>
>     This patch makes sure non 'fatal' ICMP[v6] messages do not
>     abort the connection attempt.
>
>     It enables RFC 6069 for SYN_SENT sockets as a result.
>
>     Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
>     Cc: David Morley <morleyd@xxxxxxxxxx>
>     Cc: Neal Cardwell <ncardwell@xxxxxxxxxx>
>     Cc: Yuchung Cheng <ycheng@xxxxxxxxxx>
>     Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
>
> [2]
> Vagrant up stdout:
> Bringing machine 'player1' up with 'libvirt' provider...
> ==> player1: Creating shared folders metadata...
> ==> player1: Starting domain.
> ==> player1: Domain launching with graphics connection settings...
> ==> player1:  -- Graphics Port:      5900
> ==> player1:  -- Graphics IP:        127.0.0.1
> ==> player1:  -- Graphics Password:  Not defined
> ==> player1:  -- Graphics Websocket: 5700
> ==> player1: Waiting for domain to get an IP address...
> ==> player1: Waiting for machine to boot. This may take a few minutes...
>     player1: SSH address: 192.168.123.61:22
>     player1: SSH username: vagrant
>     player1: SSH auth method: private key
> ==> player1: Attempting graceful shutdown of VM...
> ==> player1: Attempting graceful shutdown of VM...
> ==> player1: Attempting graceful shutdown of VM...
>     player1: Guest communication could not be established! This is usually because
>     player1: SSH is not running, the authentication information was changed,
>     player1: or some other networking issue. Vagrant will force halt, if
>     player1: capable.
> ==> player1: Attempting direct shutdown of domain...
>
>