Fix IPv6 guest port reservation leak in VirtioProxy networking#40803
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a VirtioProxy networking regression where IPv6 guest port reservations were not being released on the host after the guest closed the listener, causing VirtioProxyTests::GuestPortIsReleasedV6 to fail. The change ensures the device host always receives the listen address (and therefore the address family) when modifying port forwards, so IPv6 unbinds target the correct (family, port) entry.
Changes:
- Always append
listen_addr=<ip>to the port-forward option string on both open and close operations. - Keep
allocate=falseappended only for the close path, preserving existing semantics while ensuring the close operation is family-aware.
49799a1 to
99f40a0
Compare
ModifyOpenPorts only sent the listen address to the device host when opening a port, not when closing it. The consomme port-forward table is keyed by (address family, port), so the device host must know the family to unbind the correct listener. With no address on close, the device host defaulted the family to IPv4, so IPv6 ports were never unbound and their host-side reservations leaked until process exit. IPv4 worked only because IPv4 is the default family. Always include the listen address in the port string so the family is available on both open and close. This fixes VirtioProxyTests::GuestPortIsReleasedV6. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
99f40a0 to
1bd8c68
Compare
OneBlue
approved these changes
Jun 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes an IPv6 guest port reservation leak in VirtioProxy networking.
VirtioProxyTests::GuestPortIsReleasedV6fails because a host-side port reservation for an IPv6 guest listener is never released after the guest closes the port.Root cause
VirtioNetworking::ModifyOpenPortsonly sent thelisten_addr(and therefore the address family) to the device host when opening a port, not when closing it.The consomme port-forward table in the device host is keyed by
(address family, port). To unbind the correct listener the device host must know the family. With no address supplied on close, the device host defaulted the family to IPv4, so IPv6 ports were never unbound and their host-side reservations leaked until the process exited.IPv4 release worked only by accident: IPv4 is the default family, so an IPv4 close happened to match.
This was exposed by the consomme change that made the port-forward table family-specific (previously it was keyed by port alone, so the missing family on close did not matter).
Fix
Always include
listen_addrin the port string passed to the device host, on both open and close, so the address family is available when unbinding.Since the address is now always present, the open/close branch collapses:
allocateis sent explicitly (trueon open,falseon close) instead of relying on the device host default oftruewhen the token is absent. The device host already parsesallocate=true, so behavior is unchanged.Testing
VirtioProxyTests::GuestPortIsReleasedV6now passes.VirtioProxyTests::GuestPortIsReleased(IPv4) andNetworkTests::HostToGuestLoopback(all configs) still pass.Note
This is one of two fixes for VirtioProxy networking regressions. The companion fix for the IPv4 host-to-guest loopback handshake lives in openvmm/consomme (microsoft/openvmm#3742) and ships via a DeviceHost package bump.