Allow not handled packets for UDP Forwarder

OkamiW · gvisor-bot · commit f5dc9abc4928 · 2025-07-09T11:22:47.000-07:00
For TCP forwarder, we can reset the connection with r.Complete(true). For UDP forwarder, there was no way to reset the connection. gVisor already sends ICMP port unreachable for unhandled packets, but udp.Forwarder.HandlePacket always returns true. So we change the handler's function signature to return a bool type value, indicating whether the packet was handled or not. Thus allowing us to send ICMP port unreachable for failed UDP connections. FUTURE_COPYBARA_INTEGRATE_REVIEW=#11850 from OkamiW:udp-forwarder-not-handled-packets 496c218 PiperOrigin-RevId: 777960633
diff --git a/pkg/tcpip/adapters/gonet/gonet_test.go b/pkg/tcpip/adapters/gonet/gonet_test.go
@@ -480,7 +480,7 @@ func TestUDPForwarder(t *testing.T) {
 	}
 
 	done := make(chan struct{})
-	fwd := udp.NewForwarder(s, func(r *udp.ForwarderRequest) {
+	fwd := udp.NewForwarder(s, func(r *udp.ForwarderRequest) bool {
 		defer close(done)
 
 		var wq waiter.Queue
@@ -496,11 +496,15 @@ func TestUDPForwarder(t *testing.T) {
 		n, e := c.Read(buf)
 		if e != nil {
 			t.Errorf("c.Read() = %v", e)
+			return true
 		}
 
 		if _, e := c.Write(buf[:n]); e != nil {
 			t.Errorf("c.Write() = %v", e)
+			return true
 		}
+
+		return true
 	})
 	s.SetTransportProtocolHandler(udp.ProtocolNumber, fwd.HandlePacket)
 
diff --git a/pkg/tcpip/transport/udp/forwarder.go b/pkg/tcpip/transport/udp/forwarder.go
@@ -20,19 +20,24 @@ import (
 	"gvisor.dev/gvisor/pkg/waiter"
 )
 
+// ForwarderHandler handles incoming requests. Returning true marks the
+// request as handled, returning false marks the request as unhandled.
+// Stack may send an ICMP port unreachable message for unhandled requests.
+type ForwarderHandler func(*ForwarderRequest) (handled bool)
+
 // Forwarder is a session request forwarder, which allows clients to decide
 // what to do with a session request, for example: ignore it, or process it.
 //
 // The canonical way of using it is to pass the Forwarder.HandlePacket function
 // to stack.SetTransportProtocolHandler.
 type Forwarder struct {
-	handler func(*ForwarderRequest)
+	handler ForwarderHandler
 
 	stack *stack.Stack
 }
 
 // NewForwarder allocates and initializes a new forwarder.
-func NewForwarder(s *stack.Stack, handler func(*ForwarderRequest)) *Forwarder {
+func NewForwarder(s *stack.Stack, handler ForwarderHandler) *Forwarder {
 	return &Forwarder{
 		stack:   s,
 		handler: handler,
@@ -44,13 +49,11 @@ func NewForwarder(s *stack.Stack, handler func(*ForwarderRequest)) *Forwarder {
 // This function is expected to be passed as an argument to the
 // stack.SetTransportProtocolHandler function.
 func (f *Forwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.PacketBuffer) bool {
-	f.handler(&ForwarderRequest{
+	return f.handler(&ForwarderRequest{
 		stack: f.stack,
 		id:    id,
 		pkt:   pkt.Clone(),
 	})
-
-	return true
 }
 
 // ForwarderRequest represents a session request received by the forwarder and
