Skip to content

Fix IPv6 guest port reservation leak in VirtioProxy networking#40803

Merged
benhillis merged 1 commit into
masterfrom
user/benhill/virtioproxy-v6-port-release
Jun 16, 2026
Merged

Fix IPv6 guest port reservation leak in VirtioProxy networking#40803
benhillis merged 1 commit into
masterfrom
user/benhill/virtioproxy-v6-port-release

Conversation

@benhillis

@benhillis benhillis commented Jun 14, 2026

Copy link
Copy Markdown
Member

Summary

Fixes an IPv6 guest port reservation leak in VirtioProxy networking. VirtioProxyTests::GuestPortIsReleasedV6 fails because a host-side port reservation for an IPv6 guest listener is never released after the guest closes the port.

Root cause

VirtioNetworking::ModifyOpenPorts only sent the listen_addr (and therefore the address family) to the device host when opening a port, not when closing it.

The consomme port-forward table in the device host is keyed by (address family, port). To unbind the correct listener the device host must know the family. With no address supplied on close, the device host defaulted the family to IPv4, so IPv6 ports were never unbound and their host-side reservations leaked until the process exited.

IPv4 release worked only by accident: IPv4 is the default family, so an IPv4 close happened to match.

This was exposed by the consomme change that made the port-forward table family-specific (previously it was keyed by port alone, so the missing family on close did not matter).

Fix

Always include listen_addr in the port string passed to the device host, on both open and close, so the address family is available when unbinding.

Since the address is now always present, the open/close branch collapses: allocate is sent explicitly (true on open, false on close) instead of relying on the device host default of true when the token is absent. The device host already parses allocate=true, so behavior is unchanged.

Testing

  • VirtioProxyTests::GuestPortIsReleasedV6 now passes.
  • VirtioProxyTests::GuestPortIsReleased (IPv4) and NetworkTests::HostToGuestLoopback (all configs) still pass.
  • clang-format clean.

Note

This is one of two fixes for VirtioProxy networking regressions. The companion fix for the IPv4 host-to-guest loopback handshake lives in openvmm/consomme (microsoft/openvmm#3742) and ships via a DeviceHost package bump.

@benhillis benhillis requested a review from a team as a code owner June 14, 2026 14:38
Copilot AI review requested due to automatic review settings June 14, 2026 14:38

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a VirtioProxy networking regression where IPv6 guest port reservations were not being released on the host after the guest closed the listener, causing VirtioProxyTests::GuestPortIsReleasedV6 to fail. The change ensures the device host always receives the listen address (and therefore the address family) when modifying port forwards, so IPv6 unbinds target the correct (family, port) entry.

Changes:

  • Always append listen_addr=<ip> to the port-forward option string on both open and close operations.
  • Keep allocate=false appended only for the close path, preserving existing semantics while ensuring the close operation is family-aware.
@benhillis benhillis force-pushed the user/benhill/virtioproxy-v6-port-release branch from 49799a1 to 99f40a0 Compare June 14, 2026 14:45
ModifyOpenPorts only sent the listen address to the device host when
opening a port, not when closing it. The consomme port-forward table is
keyed by (address family, port), so the device host must know the family
to unbind the correct listener. With no address on close, the device host
defaulted the family to IPv4, so IPv6 ports were never unbound and their
host-side reservations leaked until process exit. IPv4 worked only because
IPv4 is the default family.

Always include the listen address in the port string so the family is
available on both open and close. This fixes
VirtioProxyTests::GuestPortIsReleasedV6.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@benhillis benhillis force-pushed the user/benhill/virtioproxy-v6-port-release branch from 99f40a0 to 1bd8c68 Compare June 14, 2026 14:47
Copilot AI review requested due to automatic review settings June 14, 2026 14:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread src/windows/common/VirtioNetworking.cpp
@benhillis benhillis requested a review from Brian-Perkins June 14, 2026 14:49
@benhillis benhillis merged commit 356c780 into master Jun 16, 2026
12 checks passed
@benhillis benhillis deleted the user/benhill/virtioproxy-v6-port-release branch June 16, 2026 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants