rpms/passt
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI passt-0^20240806.gee36266-7.el9_5

Browse Source
This commit is contained in:
eabdullin 2025-03-19 02:49:49 +00:00
parent 0ce8a50f98
commit 56c9427554
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch Normal file
View File

@ -0,0 +1,44 @@
From 2d5181f7363a09b24b225b9d7c07f999a1f89e63 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 3 Feb 2025 08:19:16 +0100
Subject: [PATCH] tcp: Don't reset outbound connection on SYN retries
Reported by somebody on IRC: if the server has considerable latency,
it might happen that the client retries sending SYN segments for the
same flow while we're still in a TAP_SYN_RCVD, non-ESTABLISHED state.
In that case, we should go with the blanket assumption that we need
to reset the connection on any unexpected segment: RFC 9293 explicitly
mentions this case in Figure 8: Recovery from Old Duplicate SYN,
section 3.5. It doesn't make sense for us to set a specific sequence
number, socket-side, but we should definitely wait and see.
Ignoring the duplicate SYN segment should also be compatible with
section 3.10.7.3. SYN-SENT STATE, which mentions updating sequences
socket-side (which we can't do anyway), but certainly not reset the
connection.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 722d347c1932f630a53ba05ea0270a651ed601b2)
---
tcp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tcp.c b/tcp.c
index bbc5687..babd02a 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1962,6 +1962,9 @@ int tcp_tap_handler(struct ctx *c, uint8_t pif, sa_family_t af,
/* Establishing connection from tap */
if (conn->events & TAP_SYN_RCVD) {
+ if (th->syn && !th->ack && !th->fin)
+ return 1; /* SYN retry: ignore and keep waiting */
+
if (!(conn->events & TAP_SYN_ACK_SENT))
goto reset;
--
2.47.1

6
SPECS/passt.spec
View File

@ -12,7 +12,7 @@
Name: passt Name: passt
Version: 0^20240806.gee36266 Version: 0^20240806.gee36266
Release: 6%{?dist} Release: 7%{?dist}
Summary: User-mode networking daemons for virtual machines and namespaces Summary: User-mode networking daemons for virtual machines and namespaces
License: GPL-2.0-or-later AND BSD-3-Clause License: GPL-2.0-or-later AND BSD-3-Clause
Group: System Environment/Daemons Group: System Environment/Daemons
@ -25,6 +25,7 @@ Patch3: 0003-tcp-Acknowledge-keep-alive-segments-ignore-them-for-.patch
Patch4: 0004-tcp_splice-Set-again-TCP_NODELAY-on-both-sides.patch Patch4: 0004-tcp_splice-Set-again-TCP_NODELAY-on-both-sides.patch
Patch5: 0005-flow-Fix-incorrect-hash-probe-in-flowside_lookup.patch Patch5: 0005-flow-Fix-incorrect-hash-probe-in-flowside_lookup.patch
Patch6: 0006-tcp-Set-ACK-flag-on-all-RST-segments-even-for-client.patch Patch6: 0006-tcp-Set-ACK-flag-on-all-RST-segments-even-for-client.patch
Patch7: 0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@ -131,6 +132,9 @@ fi
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
%changelog %changelog
* Wed Mar 12 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-7
- Resolves: RHEL-83155
* Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-6 * Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-6
- Resolves: RHEL-75645 - Resolves: RHEL-75645