Sync from SUSE:SLFO:Main passt revision c6400eef2467e9a3dbafc9289b411e3c

This commit is contained in:
Adrian Schröter 2024-09-17 14:40:23 +02:00
parent 9933c6e284
commit 6fc7e38c5e
6 changed files with 221 additions and 12 deletions

View File

@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
<param name="versionformat">%cs.%h</param>
<param name="revision">2024_06_24.1ee2eca</param>
<param name="revision">2024_09_06.6b38f07</param>
</service>
<service mode="manual" name="recompress">
<param name="file">*.tar</param>

View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://passt.top/passt</param>
<param name="changesrevision">1ee2ecade3f41e2a3e51c1e580b08cba977a7c8d</param></service></servicedata>
<param name="changesrevision">6b38f0723949f8b4b2787ee55d4330249a1a4a3e</param></service></servicedata>

BIN
passt-20240624.1ee2eca.tar.zst (Stored with Git LFS)

Binary file not shown.

BIN
passt-20240906.6b38f07.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,203 @@
-------------------------------------------------------------------
Thu Sep 12 11:08:38 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Fix passt-selinux to use selinux macros instead of calling semodule
by hand, which leads to unwanted policy reload on Micro (bsc#1229132)
-------------------------------------------------------------------
Mon Sep 09 06:57:41 UTC 2024 - dcermak@suse.com
- Update to version 20240906.6b38f07:
* apparmor: Allow read access to /proc/sys/net/ipv4/ip_local_port_range
* selinux: Allow read access to /proc/sys/net/ipv4/ip_local_port_range
* tap: Don't risk truncating frames on full buffer in tap_pasta_input()
* tap: Restructure in tap_pasta_input()
* tap: Improve handling of EINTR in tap_passt_input()
* tap: Split out handling of EPOLLIN events
* util: Fix order of operands and carry of one second in timespec_diff_us()
* cppcheck: Work around some cppcheck 2.15.0 redundantInitialization warnings
* tcp: Use EPOLLET for any state of not established connections
* udp: Handle more error conditions in udp_sock_errs()
* udp: Treat errors getting errors as unrecoverable
* udp: Split socket error handling out from udp_sock_recv()
* flow: Helpers to log details of a flow
* udp: Allow UDP flows to be prematurely closed
* flow: Fix incorrect hash probe in flowside_lookup()
* log: Don't prefix log file messages with time and severity if they're continuations
* Makefile: Enable _FORTIFY_SOURCE iff needed
* fwd, conf: Probe host's ephemeral ports
* conf, fwd: Don't attempt to forward port 0
* conf, fwd: Make ephemeral port logic more flexible
* seccomp.sh: Try to account for terminal width while formatting list of system calls
* udp: Use dual stack sockets for port forwarding when possible
* udp: Remove unnnecessary local from udp_sock_init()
* udp: Merge udp[46]_mh_recv arrays
* test: Look for possible sshd-session paths (if it's there at all) in mbuto's profile
-------------------------------------------------------------------
Thu Aug 22 08:15:06 UTC 2024 - dcermak@suse.com
- Update to version 20240821.1d6142f:
* README: pasta is indeed a supported back-end for rootless Docker
* util: Don't stop on unrelated values when looking for --fd in close_open_files()
* test: Update list of dependencies in README.md
* tcp, udp: Allow timerfd_gettime64() and recvmmsg_time64() on arm (armhf)
* util: Provide own version of close_range(), and no-op fallback
* udp_flow: Add missing unistd.h include for close()
* test: Duplicate existing recvfrom() valgrind suppression for recv()
* test/passt.mbuto: Install sshd-session OpenSSH's split process
* test/passt.mbuto: Run sshd from vsock proxy with absolute path
* test/lib/setup: Transform i686 kernel architecture name into QEMU name (i386)
* treewide: Allow additional system calls for i386/i686
* fwd, conf: Allow NAT of the guest's assigned address
* fwd: Distinguish translatable from untranslatable addresses on inbound
* conf: Allow address remapped to host to be configured
* test: Reconfigure IPv6 address after changing MTU
* conf, fwd: Split notion of gateway/router from guest-visible host address
* Don't take "our" MAC address from the host
* fwd: Split notion of "our tap address" from gateway for IPv4
* fwd: Helpers to clarify what host addresses aren't guest accessible
* Initialise our_tap_ll to ip6.gw when suitable
* Clarify which addresses in ip[46]_ctx are meaningful where
* treewide: Change misleading 'addr_ll' name
* util: Correct sock_l4() binding for link local addresses
* conf: Remove incorrect initialisation of addr_ll_seen
* conf: Treat --dns addresses as guest visible addresses
* conf: Correct setting of dns_match address in add_dns6()
* conf: Move adding of a nameserver from resolv.conf into subfunction
* conf: Move DNS array bounds checks into add_dns[46]
* conf: More accurately count entries added in get_dns()
* conf: Use array indices rather than pointers for DNS array slots
* treewide: Use struct assignment instead of memcpy() for IP addresses
* treewide: Rename MAC address fields for clarity
* util: Helper for formatting MAC addresses
* treewide: Use "our address" instead of "forwarding address"
* netlink: Fix typo in function comment for nl_addr_set()
* pasta: Disable neighbour solicitations on device up to prevent DAD
* netlink, pasta: Fetch link-local address from namespace interface once it's up
* netlink, pasta: Disable DAD for link-local addresses on namespace interface
* netlink, pasta: Turn nl_link_up() into a generic function to set link flags
* netlink, pasta: Split MTU setting functionality out of nl_link_up()
* netlink: Fix typo in function comment for nl_addr_get()
* test: Speed up by cutting on eye candy and performance test duration
-------------------------------------------------------------------
Thu Aug 15 06:18:55 UTC 2024 - dcermak@suse.com
- Update to version 20240814.61c0b0d:
* flow: Don't crash if guest attempts to connect to port 0
* conf: Don't ignore -t and -u options after -D
* ndp.c: Turn NDP responder into more declarative implementation
* conf: Delay handling -D option until after addresses are configured
* Correct inaccurate comments on ip[46]_ctx::addr
* log: Don't prefix message with timestamp on --debug if it's a continuation
* conf: Stop parsing options at first non-option argument
* passt, util: Close any open file that the parent might have leaked
* nstool: Propagate SIGTERM to processes executed in the namespace
* nstool: Fix some trivial typos
* log: Avoid duplicate calls to logtime()
* log: Handle errors from clock_gettime()
* log: Correct formatting of timestamps
* util: Some corrections for timespec_diff_us
* conf, pasta: Make -g and -a skip route/addresses copy for matching IP version only
-------------------------------------------------------------------
Tue Aug 06 16:58:22 UTC 2024 - dcermak@suse.com
- Update to version 20240806.ee36266:
* log, passt: Keep printing to stderr when passt is running in foreground
* tcp_splice: Fix side in OUT_WAIT flag setting
* util: Use unsigned (size_t) value for iov length
* udp_flow: move all udp_flow functions to udp_flow.c
* udp_flow: Remove udp_meta_t from the parameters of udp_flow_from_sock()
* log: Make logfile_write() private
* pasta: Save errno on signal handler entry, restore on return when needed
* pasta: modify hostname when detaching new namespace
* Fix typo in README file
* fedora/rpkg: List myself as author for changelog entries
-------------------------------------------------------------------
Thu Aug 01 05:57:09 UTC 2024 - dcermak@suse.com
- Update to version 20240726.57a21d2:
* tap: Improve handling of partially received frames on qemu socket
* tap: Correctly handle frames of odd length
* tap: Don't use EPOLLET on Qemu sockets
* tap: Don't attempt to carry on if we get a bad frame length from qemu
* tap: Better report errors receiving from QEMU socket
* log: Fetch log times with CLOCK_MONOTONIC, not CLOCK_REALTIME
* log: Initialise timestamp for relative log time also if we use a log file
* log, util: Fix sub-second part in relative log time calculation
* test/lib/perf_report: Fix highlight
* test: Fix spurious test failure with systemd-resolved
* fwd: Broaden what we consider for DNS specific forwarding rules
* fwd: Refactor tests in fwd_nat_from_tap() for clarity
* conf: Accept addresses enclosed by square brackets in port forwarding specifiers
* tap: Exit if we fail to bind a UNIX domain socket with explicit path
* test: iperf3 3.16 introduces multiple threads, drop our own implementation of that
* test: Update names of symbols and slabinfo entries
* test: Fix memory/passt tests, --netns-only is not a valid option for passt
* log: Drop newlines in the middle of the perror()-like messages
* tcp: Change SO_PEEK_OFF support message to debug()
* tap: Don't quit if pasta gets EIO on writev() to tap, interface might be down
* tcp: Correctly update SO_PEEK_OFF when tcp_send_frames() drops frames
* tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6
* udp: Rename UDP listening sockets
* udp: Remove rdelta port forwarding maps
* udp: Remove obsolete socket tracking
* udp: Direct datagrams from host to guest via flow table
* udp: Find or create flows for datagrams from tap interface
* udp: Remove obsolete splice tracking
* udp: Handle "spliced" datagrams with per-flow sockets
* udp: Create flows for datagrams from originating sockets
* fwd: Update flow forwarding logic for UDP
* flow, icmp: Use general flow forwarding rules for ICMP
* flow, tcp: Flow based NAT and port forwarding for TCP
* icmp: Manage outbound socket address via flow table
* flow: Helper to create sockets based on flowside
* icmp: Eliminate icmp_id_map
* icmp: Look up ping flows using flow hash
* icmp: Obtain destination addresses from the flowsides
* icmp: Remove redundant id field from flow table entry
* tcp: Re-use flow hash for initial sequence number generation
* flow, tcp: Generalise TCP hash table to general flow hash table
* tcp, flow: Replace TCP specific hash function with general flow hash
* tcp_splice: Eliminate SPLICE_V6 flag
* tcp: Simplify endpoint validation using flowside information
* tcp: Manage outbound address via flow table
* tcp: Obtain guest address from flowside
* tcp, flow: Remove redundant information, repack connection structures
* flow: Common address information for target side
* flow: Common address information for initiating side
* doc: Extend zero-recv test with methods using msghdr
* doc: Test behaviour of closing duplicate UDP sockets
* tcp_splice: Use parameterised macros for per-side event/flag bits
* flow: Introduce flow_foreach_sidei() macro
* flow, tcp_splice: Prefer 'sidei' for variables referring to side index
* flow, icmp, tcp: Clean up helpers for getting flow from index
* udp: Handle errors on UDP sockets
* util: Add AF_UNSPEC support to sockaddr_ntop()
* udp, tcp: Tweak handling of no_udp and no_tcp flags
* udp: Make udp_sock_recv static
* conf: Don't configure port forwarding for a disabled protocol
* tcp: handle shrunk window advertisements from guest
* tcp: leverage support of SO_PEEK_OFF socket option when available
* doc: Trivial fix for reuseaddr-priority
* doc: Test behaviour of zero length datagram recv()s
* doc: Add program to document and test assumptions about SO_REUSEADDR
* udp: Consolidate datagram batching
* udp: Move some more of sock_handler tasks into sub-functions
* udp: Don't repeatedly initialise udp[46]_eth_hdr
* udp: Unify udp[46]_l2_iov
* udp: Unify udp[46]_mh_splice
* udp: Rename IOV and mmsghdr arrays
* udp: Pass full epoll reference through more of sock handler path
* flow: Add flow_sidx_valid() helper
* util: sock_l4() determine protocol from epoll type rather than the reverse
* conf: Use the right maximum buffer size for c->sock_path
* tcp_splice: Check return value of setsockopt() for SO_RCVLOWAT
* conf: Copy up to MAXDNSRCH - 1 bytes, not MAXDNSRCH
-------------------------------------------------------------------
Thu Jul 4 16:34:45 UTC 2024 - Danish Prakash <danish.prakash@suse.com>

View File

@ -43,8 +43,9 @@
%endif
%endif
%global selinuxtype targeted
Name: passt
Version: 20240624.1ee2eca
Version: 20240906.6b38f07
Release: 0
Summary: User-mode networking daemons for virtual machines and namespaces
License: GPL-2.0-or-later AND BSD-3-Clause
@ -135,13 +136,21 @@ popd
%endif
%if %{with selinux}
%post selinux
semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || :
semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || :
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%preun selinux
semodule -r passt 2>/dev/null || :
semodule -r pasta 2>/dev/null || :
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/passt.pp
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/pasta.pp
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} passt
%selinux_modules_uninstall -s %{selinuxtype} pasta
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%endif
%files