On Mon, May 13, 2024 at 08:07:43PM +0200, Stefano Brivio wrote:On Fri, 3 May 2024 11:11:23 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:Fixed.Currently we always deliver inbound TCP packets to the guest's most recent observed IP address. This has the odd side effect that if the guest changes its IP address with active TCP connections we might deliver packets from old connections to the new address. That won't work; it will will probably result in an RST from the guest. Worse,s/will will/will/...if I recall correctly, that was actually working, as long as we don't swap link-local with global unicast addresses (hence those conditions sprinkled all over the place).Um.. I don't see how that's possible. Linux - and I imagine any peer - will index TCP connections by both endpoint addresses, so if we deliver packets from one connection to a different address, the peer won't recognize them as belonging to the old connection.But it doesn't matter in any case, this is surely the way forward.-- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson