From 7e5a554ec10e4332bd5863541199321cf2be0070 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Tue, 5 May 2026 06:24:09 -0400 Subject: [PATCH] import UBI passt-0^20250512.g8ec1341-5.el10_1 --- ...ove-sockets-from-epoll-loop-when-con.patch | 49 +++++ ...n-working-activity-timeout-mechanism.patch | 80 ++++++++ ...-inactivity-timeouts-based-on-a-cloc.patch | 181 ++++++++++++++++++ ...end_flag-to-send-TCP-keepalive-segme.patch | 66 +++++++ ...palive-segments-after-a-period-of-ta.patch | 161 ++++++++++++++++ passt.spec | 10 +- 6 files changed, 546 insertions(+), 1 deletion(-) create mode 100644 0004-tcp-Properly-remove-sockets-from-epoll-loop-when-con.patch create mode 100644 0005-tcp-Remove-non-working-activity-timeout-mechanism.patch create mode 100644 0006-tcp-Re-introduce-inactivity-timeouts-based-on-a-cloc.patch create mode 100644 0007-tcp-Extend-tcp_send_flag-to-send-TCP-keepalive-segme.patch create mode 100644 0008-tcp-Send-TCP-keepalive-segments-after-a-period-of-ta.patch diff --git a/0004-tcp-Properly-remove-sockets-from-epoll-loop-when-con.patch b/0004-tcp-Properly-remove-sockets-from-epoll-loop-when-con.patch new file mode 100644 index 0000000..d8c48d9 --- /dev/null +++ b/0004-tcp-Properly-remove-sockets-from-epoll-loop-when-con.patch @@ -0,0 +1,49 @@ +From a7d9ce6cacf8d62ca78fa98d469902c900659cb9 Mon Sep 17 00:00:00 2001 +From: David Gibson +Date: Tue, 4 Nov 2025 16:40:43 +1100 +Subject: [PATCH 4/8] tcp: Properly remove sockets from epoll loop when + connection is closed + +Most of the handling for closing a TCP connectin is in conn_event_do() when +it receives a 'CLOSED' event. We specifically check for this case and, +correctly, remove the connection from the flow hash table. However, we +also bypass the call tp tcp_epoll_ctl() which is not correct. By skipping +tcp_epoll_ctl() we skip it's specific handling of the CLOSED event, which +includes removing the TCP socket from epoll. + +If we somehow get an event on such a stale socket, we'll get a stale flow +reference. That flow slot might have been re-used, leading to to a crash +in conn_at_sidx(). + +Fixes: b86afe3559c0 ("tcp: Don't defer hash table removal") +Signed-off-by: David Gibson +(cherry picked from commit 60ade6cae70dc48f7f777c38e7c70fc3696784c4) +--- + tcp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/tcp.c b/tcp.c +index 0ac298a..17e99af 100644 +--- a/tcp.c ++++ b/tcp.c +@@ -681,12 +681,13 @@ void conn_event_do(const struct ctx *c, struct tcp_tap_conn *conn, + flow_dbg(conn, "%s", + num == -1 ? "CLOSED" : tcp_event_str[num]); + +- if (event == CLOSED) +- flow_hash_remove(c, TAP_SIDX(conn)); +- else if ((event == TAP_FIN_RCVD) && !(conn->events & SOCK_FIN_RCVD)) ++ if ((event == TAP_FIN_RCVD) && !(conn->events & SOCK_FIN_RCVD)) { + conn_flag(c, conn, ACTIVE_CLOSE); +- else ++ } else { ++ if (event == CLOSED) ++ flow_hash_remove(c, TAP_SIDX(conn)); + tcp_epoll_ctl(c, conn); ++ } + + if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) + tcp_timer_ctl(c, conn); +-- +2.47.1 + diff --git a/0005-tcp-Remove-non-working-activity-timeout-mechanism.patch b/0005-tcp-Remove-non-working-activity-timeout-mechanism.patch new file mode 100644 index 0000000..154136f --- /dev/null +++ b/0005-tcp-Remove-non-working-activity-timeout-mechanism.patch @@ -0,0 +1,80 @@ +From 34a346e3eb83b33bd6d62a57e0e990c5c698fe85 Mon Sep 17 00:00:00 2001 +From: David Gibson +Date: Wed, 4 Feb 2026 21:41:34 +1000 +Subject: [PATCH 5/8] tcp: Remove non-working activity timeout mechanism + +This mechanism was intended to remove connections which have had no +activity for two hours, even if they haven't closed or been reset +internally. It operated by setting the two hour timeout if there are +no sooner TCP timeouts to schedule. + +However, when the timer fires, the way we detect the case of the activity +timeout doesn't work: it resets the timer for another two hours, then +checks if the old timeout was two hours. But the old timeout returned +by timerfd_settime() is not the original value of the timer, but the +remaining time. Since the timer has just fired it will essentially always +be 0. + +For now, just remove the mechanism, disarming the timer entirely if there +isn't another upcoming event. We'll re-introduce some sort of activity +timeout by a different means later. + +Signed-off-by: David Gibson +Signed-off-by: Stefano Brivio +(cherry picked from commit e48ce41a1ec2f05846fb66d3847c2c2b6448ca71) +--- + tcp.c | 24 +++--------------------- + 1 file changed, 3 insertions(+), 21 deletions(-) + +diff --git a/tcp.c b/tcp.c +index 17e99af..7a7ca24 100644 +--- a/tcp.c ++++ b/tcp.c +@@ -197,9 +197,6 @@ + * TAP_FIN_ACKED), but no socket activity is detected from the socket within + * this time, reset the connection + * +- * - ACT_TIMEOUT, in the presence of any event: if no activity is detected on +- * either side, the connection is reset +- * + * - ACK_INTERVAL elapsed after data segment received from tap without having + * sent an ACK segment, or zero-sized window advertised to tap/guest (flag + * ACK_TO_TAP_DUE): forcibly check if an ACK segment can be sent +@@ -578,7 +575,9 @@ static void tcp_timer_ctl(const struct ctx *c, struct tcp_tap_conn *conn) + } else if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) { + it.it_value.tv_sec = FIN_TIMEOUT; + } else { +- it.it_value.tv_sec = ACT_TIMEOUT; ++ /* Disarm */ ++ it.it_value.tv_sec = 0; ++ it.it_value.tv_nsec = 0; + } + + flow_dbg(conn, "timer expires in %llu.%03llus", +@@ -2294,23 +2293,6 @@ void tcp_timer_handler(const struct ctx *c, union epoll_ref ref) + tcp_timer_ctl(c, conn); + } + } +- } else { +- struct itimerspec new = { { 0 }, { ACT_TIMEOUT, 0 } }; +- struct itimerspec old = { { 0 }, { 0 } }; +- +- /* Activity timeout: if it was already set, reset the +- * connection, otherwise, it was a left-over from ACK_TO_TAP_DUE +- * or ACK_FROM_TAP_DUE, so just set the long timeout in that +- * case. This avoids having to preemptively reset the timer on +- * ~ACK_TO_TAP_DUE or ~ACK_FROM_TAP_DUE. +- */ +- if (timerfd_settime(conn->timer, 0, &new, &old)) +- flow_perror(conn, "failed to set timer"); +- +- if (old.it_value.tv_sec == ACT_TIMEOUT) { +- flow_dbg(conn, "activity timeout"); +- tcp_rst(c, conn); +- } + } + } + +-- +2.47.1 + diff --git a/0006-tcp-Re-introduce-inactivity-timeouts-based-on-a-cloc.patch b/0006-tcp-Re-introduce-inactivity-timeouts-based-on-a-cloc.patch new file mode 100644 index 0000000..32d302b --- /dev/null +++ b/0006-tcp-Re-introduce-inactivity-timeouts-based-on-a-cloc.patch @@ -0,0 +1,181 @@ +From 479c464c767e655fad65b9bedc496570bb40c997 Mon Sep 17 00:00:00 2001 +From: David Gibson +Date: Wed, 4 Feb 2026 21:41:35 +1000 +Subject: [PATCH 6/8] tcp: Re-introduce inactivity timeouts based on a clock + algorithm + +We previously had a mechanism to remove TCP connections which were +inactive for 2 hours. That was broken for a long time, due to poor +interactions with the timerfd handling, so we removed it. + +Adding this long scale timer onto the timerfd handling, which mostly +handles much shorter timeouts is tricky to reason about. However, for the +inactivity timeouts, we don't require precision. Instead, we can use +a 1-bit page replacement / "clock" algorithm. Every INACTIVITY_INTERVAL +(2 hours), a global timer marks every TCP connection as tentatively +inactive. That flag is cleared if we get any events, either tap side or +socket side. + +If the inactive flag is still set when the next INACTIVITY_INTERVAL expires +then the connection has been inactive for an extended period and we reset +and close it. In practice this means that connections will be removed +after 2-4 hours of inactivity. + +This is not a true fix for bug 179, but it does mitigate the damage, by +limiting the time that inactive connections will remain around, + +Link: https://bugs.passt.top/show_bug.cgi?id=179 +Signed-off-by: David Gibson +Signed-off-by: Stefano Brivio +(cherry picked from commit 1820103fbbf13df98257a3f5c3ba625de624b0b3) +--- + tcp.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- + tcp.h | 2 ++ + tcp_conn.h | 3 +++ + 3 files changed, 53 insertions(+), 1 deletion(-) + +diff --git a/tcp.c b/tcp.c +index 7a7ca24..394fc35 100644 +--- a/tcp.c ++++ b/tcp.c +@@ -201,6 +201,13 @@ + * sent an ACK segment, or zero-sized window advertised to tap/guest (flag + * ACK_TO_TAP_DUE): forcibly check if an ACK segment can be sent + * ++ * We also use a global interval timer for an activity timeout which doesn't ++ * require precision: ++ * ++ * - INACTIVITY_INTERVAL: if a connection has had no activity for an entire ++ * interval, close and reset it. This means that idle connections (without ++ * keepalives) will be removed between INACTIVITY_INTERVAL s and ++ * 2*INACTIVITY_INTERVAL s after the last activity. + * + * Summary of data flows (with ESTABLISHED event) + * ---------------------------------------------- +@@ -330,7 +337,8 @@ enum { + #define SYN_TIMEOUT 10 /* s */ + #define ACK_TIMEOUT 2 + #define FIN_TIMEOUT 60 +-#define ACT_TIMEOUT 7200 ++ ++#define INACTIVITY_INTERVAL 7200 /* s */ + + #define LOW_RTT_TABLE_SIZE 8 + #define LOW_RTT_THRESHOLD 10 /* us */ +@@ -2000,6 +2008,8 @@ int tcp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af, + return 1; + } + ++ conn->inactive = false; ++ + if (th->ack && !(conn->events & ESTABLISHED)) + tcp_update_seqack_from_tap(c, conn, ntohl(th->ack_seq)); + +@@ -2318,6 +2328,8 @@ void tcp_sock_handler(const struct ctx *c, union epoll_ref ref, + return; + } + ++ conn->inactive = false; ++ + if ((conn->events & TAP_FIN_SENT) && (events & EPOLLHUP)) { + conn_event(c, conn, CLOSED); + return; +@@ -2696,6 +2708,7 @@ static void tcp_port_rebind(struct ctx *c, bool outbound) + } + } + ++ + /** + * tcp_port_rebind_outbound() - Rebind ports in namespace + * @arg: Execution context +@@ -2714,6 +2727,38 @@ static int tcp_port_rebind_outbound(void *arg) + return 0; + } + ++/** ++ * tcp_inactivity() - Scan for and close long-inactive connections ++ * @: Execution context ++ */ ++static void tcp_inactivity(struct ctx *c, const struct timespec *now) ++{ ++ union flow *flow; ++ ++ if (now->tv_sec - c->tcp.inactivity_run < INACTIVITY_INTERVAL) ++ return; ++ ++ debug("TCP inactivity scan"); ++ c->tcp.inactivity_run = now->tv_sec; ++ ++ flow_foreach(flow) { ++ struct tcp_tap_conn *conn = &flow->tcp; ++ ++ if (flow->f.type != FLOW_TCP) ++ continue; ++ ++ if (conn->inactive) { ++ /* No activity in this interval, reset */ ++ flow_dbg(conn, "Inactive for at least %us, resetting", ++ INACTIVITY_INTERVAL); ++ tcp_rst(c, conn); ++ } ++ ++ /* Ready to check fot next interval */ ++ conn->inactive = true; ++ } ++} ++ + /** + * tcp_timer() - Periodic tasks: port detection, closed connections, pool refill + * @c: Execution context +@@ -2738,6 +2783,8 @@ void tcp_timer(struct ctx *c, const struct timespec *now) + tcp_sock_refill_init(c); + if (c->mode == MODE_PASTA) + tcp_splice_refill(c); ++ ++ tcp_inactivity(c, now); + } + + /** +diff --git a/tcp.h b/tcp.h +index 234a803..b75e9a7 100644 +--- a/tcp.h ++++ b/tcp.h +@@ -59,12 +59,14 @@ union tcp_listen_epoll_ref { + * @fwd_out: Port forwarding configuration for outbound packets + * @timer_run: Timestamp of most recent timer run + * @pipe_size: Size of pipes for spliced connections ++ * @inactivity_run: Time we last scanned for inactive connections + */ + struct tcp_ctx { + struct fwd_ports fwd_in; + struct fwd_ports fwd_out; + struct timespec timer_run; + size_t pipe_size; ++ time_t inactivity_run; + }; + + #endif /* TCP_H */ +diff --git a/tcp_conn.h b/tcp_conn.h +index 35d813d..93f9440 100644 +--- a/tcp_conn.h ++++ b/tcp_conn.h +@@ -17,6 +17,7 @@ + * @ws_from_tap: Window scaling factor advertised from tap/guest + * @ws_to_tap: Window scaling factor advertised to tap/guest + * @tap_mss: MSS advertised by tap/guest, rounded to 2 ^ TCP_MSS_BITS ++ * @inactive: No activity within the current INACTIVITY_INTERVAL + * @sock: Socket descriptor number + * @events: Connection events, implying connection states + * @listening_sock: Listening socket this socket was accept()ed from, or -1 +@@ -52,6 +53,8 @@ struct tcp_tap_conn { + #define MSS_SET(conn, mss) (conn->tap_mss = (mss >> (16 - TCP_MSS_BITS))) + #define MSS_GET(conn) (conn->tap_mss << (16 - TCP_MSS_BITS)) + ++ bool inactive :1; ++ + int sock :FD_REF_BITS; + + uint8_t events; +-- +2.47.1 + diff --git a/0007-tcp-Extend-tcp_send_flag-to-send-TCP-keepalive-segme.patch b/0007-tcp-Extend-tcp_send_flag-to-send-TCP-keepalive-segme.patch new file mode 100644 index 0000000..526e283 --- /dev/null +++ b/0007-tcp-Extend-tcp_send_flag-to-send-TCP-keepalive-segme.patch @@ -0,0 +1,66 @@ +From d2f7c36df97e287e2c665d4caedf1137755bfd54 Mon Sep 17 00:00:00 2001 +From: David Gibson +Date: Wed, 4 Feb 2026 21:41:36 +1000 +Subject: [PATCH 7/8] tcp: Extend tcp_send_flag() to send TCP keepalive + segments + +TCP keepalives aren't technically a flag, but they are a zero-data segment +so they can be generated with only a small modification to +tcp_{buf,vu}_send_flag(). Implement this, using a new "pseudo-flag" +value (similar to DUP_ACK), KEEPALIVE. + +Signed-off-by: David Gibson +[sbrivio: Fix trivial merge conflict with 812cdb802c6e] +Signed-off-by: Stefano Brivio +(cherry picked from commit a681e44ec60179567fb10f34351d7dfdbd2e7c7e) +--- + tcp_buf.c | 4 ++++ + tcp_internal.h | 2 ++ + tcp_vu.c | 3 +++ + 3 files changed, 9 insertions(+) + +diff --git a/tcp_buf.c b/tcp_buf.c +index 0530563..a324eee 100644 +--- a/tcp_buf.c ++++ b/tcp_buf.c +@@ -212,6 +212,10 @@ int tcp_buf_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags) + tcp_payload_used++; + l4len = optlen + sizeof(struct tcphdr); + iov[TCP_IOV_PAYLOAD].iov_len = l4len; ++ ++ if (flags & KEEPALIVE) ++ seq--; ++ + tcp_l2_buf_fill_headers(conn, iov, NULL, seq, false); + + if (flags & DUP_ACK) { +diff --git a/tcp_internal.h b/tcp_internal.h +index 36c6533..371a5f5 100644 +--- a/tcp_internal.h ++++ b/tcp_internal.h +@@ -30,6 +30,8 @@ + + /* Flags for internal usage */ + #define DUP_ACK (1 << 5) ++#define KEEPALIVE (1 << 6) ++ + #define OPT_EOL 0 + #define OPT_NOP 1 + #define OPT_MSS 2 +diff --git a/tcp_vu.c b/tcp_vu.c +index 57587cc..cb3f80f 100644 +--- a/tcp_vu.c ++++ b/tcp_vu.c +@@ -135,6 +135,9 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags) + flags_elem[0].in_sg[0].iov_len = hdrlen + optlen; + payload = IOV_TAIL(flags_elem[0].in_sg, 1, hdrlen); + ++ if (flags & KEEPALIVE) ++ seq--; ++ + tcp_fill_headers(conn, NULL, ip4h, ip6h, th, &payload, + NULL, seq, !*c->pcap); + +-- +2.47.1 + diff --git a/0008-tcp-Send-TCP-keepalive-segments-after-a-period-of-ta.patch b/0008-tcp-Send-TCP-keepalive-segments-after-a-period-of-ta.patch new file mode 100644 index 0000000..6575585 --- /dev/null +++ b/0008-tcp-Send-TCP-keepalive-segments-after-a-period-of-ta.patch @@ -0,0 +1,161 @@ +From e349a1b2416f220a8cf518c88bec8b6a7dea201d Mon Sep 17 00:00:00 2001 +From: David Gibson +Date: Wed, 4 Feb 2026 21:41:37 +1000 +Subject: [PATCH 8/8] tcp: Send TCP keepalive segments after a period of + tap-side inactivity + +There are several circumstances in which a live, but idle TCP connection +can be forgotten by a guest, with no "on the wire" indication that this has +happened. The most obvious is if the guest abruptly reboots. A more +subtle case can happen with a half-closed connection, specifically one +in FIN_WAIT_2 state on the guest. A connection can, legitimately, remain +in this state indefinitely. If however, a socket in this state is closed +by userspace, Linux at least will remove the kernel socket after 60s +(or as configured in the net.ipv4.tcp_fin_timeout sysctl). + +Because there's no on the wire indication in these cases, passt will +pointlessly retain the connection in its flow table, at least until it is +removed by the inactivity timeout after several hours. + +To avoid keeping connections around for so long in this state, add +functionality to periodically send TCP keepalive segments to the guest if +we've seen no activity on the tap interface. If the guest is no longer +aware of the connection, it should respond with an RST which will let +passt remove the stale entry. + +To do this we use a method similar to the inactivity timeout - a 1-bit +page replacement / clock algorithm, but with a shorter interval, and only +checking for tap side activity. Currently we use a 300s interval, meaning +we'll send a keepalive after 5-10 minutes of (tap side) inactivity. + +Link: https://bugs.passt.top/show_bug.cgi?id=179 +Signed-off-by: David Gibson +Signed-off-by: Stefano Brivio +(cherry picked from commit d2f7c21cfb949f2b1587b9475917efdd6ac549fd) +--- + tcp.c | 39 +++++++++++++++++++++++++++++++++++++++ + tcp.h | 2 ++ + tcp_conn.h | 2 ++ + 3 files changed, 43 insertions(+) + +diff --git a/tcp.c b/tcp.c +index 394fc35..8ea7794 100644 +--- a/tcp.c ++++ b/tcp.c +@@ -209,6 +209,12 @@ + * keepalives) will be removed between INACTIVITY_INTERVAL s and + * 2*INACTIVITY_INTERVAL s after the last activity. + * ++ * - KEEPALIVE_INTERVAL: if a connection has had no tap-side activity for an ++ * entire interval, send a tap-side keepalive. If the endpoint is no longer ++ * aware of the connection (due to a reboot, or a kernel timeout in FIN_WAIT_2 ++ * state) that should trigger an RST, so we won't keep track of connections ++ * that the guest endpoint no longer cares about. ++ * + * Summary of data flows (with ESTABLISHED event) + * ---------------------------------------------- + * +@@ -339,6 +345,7 @@ enum { + #define FIN_TIMEOUT 60 + + #define INACTIVITY_INTERVAL 7200 /* s */ ++#define KEEPALIVE_INTERVAL 30 /* s */ + + #define LOW_RTT_TABLE_SIZE 8 + #define LOW_RTT_THRESHOLD 10 /* us */ +@@ -2009,6 +2016,7 @@ int tcp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af, + } + + conn->inactive = false; ++ conn->tap_inactive = false; + + if (th->ack && !(conn->events & ESTABLISHED)) + tcp_update_seqack_from_tap(c, conn, ntohl(th->ack_seq)); +@@ -2727,6 +2735,36 @@ static int tcp_port_rebind_outbound(void *arg) + return 0; + } + ++/** ++ * tcp_keepalive() - Send keepalives for connections which need it ++ * @: Execution context ++ */ ++static void tcp_keepalive(struct ctx *c, const struct timespec *now) ++{ ++ union flow *flow; ++ ++ if (now->tv_sec - c->tcp.keepalive_run < KEEPALIVE_INTERVAL) ++ return; ++ ++ c->tcp.keepalive_run = now->tv_sec; ++ ++ flow_foreach(flow) { ++ struct tcp_tap_conn *conn = &flow->tcp; ++ ++ if (flow->f.type != FLOW_TCP) ++ continue; ++ ++ if (conn->tap_inactive) { ++ flow_dbg(conn, "No tap activity for least %us, send keepalive", ++ KEEPALIVE_INTERVAL); ++ tcp_send_flag(c, conn, KEEPALIVE); ++ } ++ ++ /* Ready to check fot next interval */ ++ conn->tap_inactive = true; ++ } ++} ++ + /** + * tcp_inactivity() - Scan for and close long-inactive connections + * @: Execution context +@@ -2784,6 +2822,7 @@ void tcp_timer(struct ctx *c, const struct timespec *now) + if (c->mode == MODE_PASTA) + tcp_splice_refill(c); + ++ tcp_keepalive(c, now); + tcp_inactivity(c, now); + } + +diff --git a/tcp.h b/tcp.h +index b75e9a7..7433f15 100644 +--- a/tcp.h ++++ b/tcp.h +@@ -59,6 +59,7 @@ union tcp_listen_epoll_ref { + * @fwd_out: Port forwarding configuration for outbound packets + * @timer_run: Timestamp of most recent timer run + * @pipe_size: Size of pipes for spliced connections ++ * @keepalive_run: Time we last issued tap-side keepalives + * @inactivity_run: Time we last scanned for inactive connections + */ + struct tcp_ctx { +@@ -66,6 +67,7 @@ struct tcp_ctx { + struct fwd_ports fwd_out; + struct timespec timer_run; + size_t pipe_size; ++ time_t keepalive_run; + time_t inactivity_run; + }; + +diff --git a/tcp_conn.h b/tcp_conn.h +index 93f9440..23ef5bd 100644 +--- a/tcp_conn.h ++++ b/tcp_conn.h +@@ -17,6 +17,7 @@ + * @ws_from_tap: Window scaling factor advertised from tap/guest + * @ws_to_tap: Window scaling factor advertised to tap/guest + * @tap_mss: MSS advertised by tap/guest, rounded to 2 ^ TCP_MSS_BITS ++ * @tapinactive: No tao activity within the current KEEPALIVE_INTERVAL + * @inactive: No activity within the current INACTIVITY_INTERVAL + * @sock: Socket descriptor number + * @events: Connection events, implying connection states +@@ -53,6 +54,7 @@ struct tcp_tap_conn { + #define MSS_SET(conn, mss) (conn->tap_mss = (mss >> (16 - TCP_MSS_BITS))) + #define MSS_GET(conn) (conn->tap_mss << (16 - TCP_MSS_BITS)) + ++ bool tap_inactive :1; + bool inactive :1; + + int sock :FD_REF_BITS; +-- +2.47.1 + diff --git a/passt.spec b/passt.spec index b624bfa..30a2518 100644 --- a/passt.spec +++ b/passt.spec @@ -12,7 +12,7 @@ Name: passt Version: 0^20250512.g8ec1341 -Release: 4%{?dist} +Release: 5%{?dist} Summary: User-mode networking daemons for virtual machines and namespaces License: GPL-2.0-or-later AND BSD-3-Clause Group: System Environment/Daemons @@ -22,6 +22,11 @@ Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz Patch1: 0001-treewide-By-default-don-t-quit-source-after-migratio.patch Patch2: 0002-tcp-Cast-operands-of-sequence-comparison-macros-to-u.patch Patch3: 0003-tcp-Don-t-consider-FIN-flags-with-mismatching-sequen.patch +Patch4: 0004-tcp-Properly-remove-sockets-from-epoll-loop-when-con.patch +Patch5: 0005-tcp-Remove-non-working-activity-timeout-mechanism.patch +Patch6: 0006-tcp-Re-introduce-inactivity-timeouts-based-on-a-cloc.patch +Patch7: 0007-tcp-Extend-tcp_send_flag-to-send-TCP-keepalive-segme.patch +Patch8: 0008-tcp-Send-TCP-keepalive-segments-after-a-period-of-ta.patch BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) @@ -134,6 +139,9 @@ fi %{_datadir}/selinux/packages/%{selinuxtype}/passt-repair.pp %changelog +* Wed Apr 22 2026 Stefano Brivio - 0^20250512.g8ec1341-5 +- Resolves: RHEL-169974 RHEL-169634 + * Thu Oct 23 2025 Stefano Brivio - 0^20250512.g8ec1341-4 - Resolves: RHEL-123415 RHEL-123424