The new version with tag 2026_05_07.1afd4ed includes the following changes: 1afd4ed hooks: Copy static build of pesto and related man page to server 82523bc fedora: Install pesto, its SELinux policy, and the man page from the spec file 5335770 selinux: Add file context and type enforcement for pesto b3b2632 apparmor: Add policy file for pesto 2692ef3 pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules e371d34 fwd_rule: Fix static checkers warnings in fwd_rule_add() 4ff9887 conf, fwd: Allow switching to new rules received from pesto 7c5b1d7 pesto, conf: Send updated rules from pesto back to passt/pasta cbd58d6 pesto: Parse and add new rules from command line fa06768 pesto: Read current ruleset from passt/pasta and optionally display it 24c7ef9 inany: Prepare inany.[ch] for sharing with pesto tool c9f7ed1 ip: Prepare ip.[ch] for sharing with pesto tool ba3047a pesto: Expose list of pifs to pesto and display them f1d893c pesto, conf: Have pesto connect to passt and check versions 8ad7dd4 pesto, log: Share log.h (but not log.c) with pesto tool 02236db pesto: Introduce stub configuration tool 6cf93ed fwd_rule: Fix some format specifiers cbcd428 pif: Limit pif names to 128 bytes 393c87e fwd: Generalise fwd_rules_info() 279b679 fwd_rule: Move conflict checking back within fwd_rule_add() c0e0c2f fwd, conf: Move rule parsing code to fwd_rule.[ch] 21d565d fwd_rule: Move ephemeral port probing to fwd_rule.c 0aeda87 conf, fwd: Stricter rule checking in fwd_rule_add() a458719 tcp: Use SO_MEMINFO for accurate send buffer overhead accounting ec96f01 tcp: Handle errors from tcp_send_flag() a287375 fwd, conf: Add capabilities bits to each forwarding table 2230d5b conf: Don't pass raw commandline argument to conf_ports_spec() 0521f83 conf: Move SO_BINDTODEVICE workaround to conf_ports() 4e09ddf conf: Allow user-specified auto-scanned port forwarding ranges bf7eebc conf: Move "all" handling to port specifier 0a466eb doc: Rework man page description of port specifiers 831857e tcp: Replace send buffer boost with EPOLLOUT monitoring ea5a4bb conf: Rework checking for garbage after a range 42c49e8 conf: Rework stepping through chunks of port specifiers d62a552 conf: Don't be strict about exclusivity of forwarding mode b68cac0 fwd: Improve error handling in fwd_rule_add() 2bffb63 fwd_rule: Move rule conflict checking from fwd_rule_add() to caller 02742fa fwd: Split rule building from rule adding 2093b33 conf: Pass protocol explicitly to conf_ports_range_except() f9d9926 fwd_rule: Move forwarding rule formatting 438b0df fwd: Better split forwarding rule specification from associated sockets dbe0ba1 conf: Permit -[tTuU] all in pasta mode a47b6ac doc: Consolidate -[tu] option descriptions for passt and pasta 189a3c5 conf: Move first pass handling of -[TU] next to handling of -[tu] de8ebc5 conf: Simplify handling of default forwarding mode 4d8aa0a conf: Split parsing of port specifiers from the rest of -[tuTU] parsing 5ac9cf1 tap, tcp, udp: Use rate-limited logging 926f5b4 conf: use a single buffer for print formatting in conf_print() f758d93 log: Add rate-limiting macros for log messages 6dad076 fwd: Split forwarding rule specification from its implementation state 51eaaa7 bitmap: Split bitmap helper functions into their own module 93c3e35 ip: Define a bound for the string returned by ipproto_name() ed187c3 conf: Remove redundant warning when SO_BINDTODEVICE is unavailable 72e7162 conf: Move check for disabled interfaces earlier 9c37a48 conf: Move check for mapping port 0 to caller 66e26b9 conf: Don't bother complaining about overlapping excluded ranges 1f9ee4f fwd, conf: Expose ephemeral ports as bitmap rather than function 35c56c5 fwd: Allow FWD_DUAL_STACK_ANY flag to be passed directly to fwd_rule_add() 559d4dc fwd: Store forwarding tables indexed by (origin) pif 1f974cc fwd: Look up rule index in fwd_sync_one() 0dc9f20 fwd: Move selecting correct scan bitmap into fwd_sync_one() b7a4718 serialise: Add helpers for serialising unsigned integers 8081aa5 serialise: Split functions user for serialisation from util.c 41b0c7b vhost_user: Fix assorted minor cppcheck warnings e2794c7 fwd: Comparing rule can be const 57117e4 conf: runas can be const bc872d9 treewide: Spell ASSERT() as assert() 451fb76 vu_common: Move iovec management into vu_collect() f5391ae vu_handle_tx: Pass actual remaining out_sg capacity to vu_queue_pop() b9d076d virtio: Pass iovec arrays as separate parameters to vu_queue_pop() 47e56fd pif: Remove unused PIF_NAMELEN b5e6ef4 doc: Fix formatting of (DEPRECATED) notes in man page 744d6df Makefile: Use $^ to avoid duplication in static checker rules 1b32bfe conf: Parse all forwarding options at the same time ea239bf conf: Don't defer handling of --dns option ee0e20e fwd: Always open /proc/net{tcp,tcp6,udp,udp6} in pasta mode d460ca3 fwd: Unify TCP and UDP forwarding tables bb2e4dd fwd: Split forwarding table from port scanning state d30e0b7 Fix misnamed field in struct ctx comments 4fa0076 fwd: Don't initialise unused port bitmaps d2438ef tcp: Remove stale description of port_to_tap field 0294fae conf, fwd: Make overall forwarding mode local to conf path 831e983 netlink: Allow NULL to be passed as addr parameter to nl_addr_get (again) 251e676 netlink: Return prefix length for IPv6 addresses in nl_addr_get() 045560c iov: Add iov_truncate() helper and use it in vu handlers 994bb76 tcp: Avoid comparison of expressions with different signedness in RTT_SET() ab77097 tcp: Avoid comparison of expressions with different signedness in tcp_timer_handler() 5766fe8 migrate: Rename v1 address functions to v2 for clarity 71a0d6c vu_common: Always set num_buffers in virtio-net header 685864d clang-tidy: Don't insist on #ifdef over #if defined() 9ee7805 fwd, pif: Replace with pif_sock_l4() with pif_listen() 7d0fe08 tcp: Use flow_foreach_of_type() in tcp_{keepalive,inactivity} adbf5c1 Add missing includes to headers d2f7c21 tcp: Send TCP keepalive segments after a period of tap-side inactivity a681e44 tcp: Extend tcp_send_flag() to send TCP keepalive segments 1820103 tcp: Re-introduce inactivity timeouts based on a clock algorithm e48ce41 tcp: Remove non-working activity timeout mechanism eb3babf tcp_vu, udp_vu: Fix comment headers for header length functions 66e5941 Fix build when HAS_GETRANDOM is undefined 8636c73 tcp_vu, udp_vu: Account for virtio net header in minimum frame size de5b694 tcp_vu: vu_pad() expects l2 length c320191 conf: Support CIDR notation for -a/--address option 02af38d virtio: Introduce VNET_HLEN macro for virtio net header length 812cdb8 tcp: Move tap header update out of tcp_fill_headers() bebafa7 udp: Split activity timeouts for UDP flows 036fb87 checksum: add VSX fast path for POWER8/POWER9 af7b81b migrate: Use forward table information to close() listening sockets 768baf4 tcp, tcp_splice: Check for failures of shutdown(2) 3581ded tcp: Eliminate FIN_TIMEOUT e992b14 tcp: Retransmit FINs like data segments e3f70c0 tcp_splice: Force TCP RST on abnormal close conditions cce94e9 tcp: Properly propagate tap-side RST to socket side 07390d1 doc: Add test program verifying socket RST behaviour 69ce8ee tcp: Add error checking for flow_epoll_set() in tcp_flow_migrate_target() https://passt.top/passt/log/?qt=range&q=2026_01_20.386b5f5..2026_05_07.1afd4ed Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Copr (CentOS Stream, EPEL, Fedora, Mageia): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/10433312/ permanent mirror: https://passt.top/builds/copr/0^20260507.g1afd4ed/ - Debian tracker: https://tracker.debian.org/pkg/passt - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - Homebrew: https://formulae.brew.sh/formula/passt - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - OpenMandriva: https://github.com/OpenMandrivaAssociation/passt/tree/master - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g1afd4ed-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_1afd4ed-1_all.deb -- Stefano