user August 2024

passt-user@passt.top

3 participants
4 discussions

passt: new version 2024_08_21.1d6142f available
by Stefano Brivio 21 Aug '24

21 Aug '24

The new version with tag 2024_08_21.1d6142f includes the following changes: 1d6142f README: pasta is indeed a supported back-end for rootless Docker f00ebda util: Don't stop on unrelated values when looking for --fd in close_open_files() 05453ea test: Update list of dependencies in README.md 1a66806 tcp, udp: Allow timerfd_gettime64() and recvmmsg_time64() on arm (armhf) 6e9ecf5 util: Provide own version of close_range(), and no-op fallback 7291b70 udp_flow: Add missing unistd.h include for close() 3963075 test: Duplicate existing recvfrom() valgrind suppression for recv() d6817b3 test/passt.mbuto: Install sshd-session OpenSSH's split process 34be8ee test/passt.mbuto: Run sshd from vsock proxy with absolute path aded2b6 test/lib/setup: Transform i686 kernel architecture name into QEMU name (i386) 2aea1da treewide: Allow additional system calls for i386/i686 57b7bd2 fwd, conf: Allow NAT of the guest's assigned address 8436c0d fwd: Distinguish translatable from untranslatable addresses on inbound e813a4d conf: Allow address remapped to host to be configured dbaaebb test: Reconfigure IPv6 address after changing MTU 935bd81 conf, fwd: Split notion of gateway/router from guest-visible host address 90e83d5 Don't take "our" MAC address from the host 356de97 fwd: Split notion of "our tap address" from gateway for IPv4 4d8dd1f fwd: Helpers to clarify what host addresses aren't guest accessible 975cfa5 Initialise our_tap_ll to ip6.gw when suitable 8d4baa4 Clarify which addresses in ip[46]_ctx are meaningful where a42fb9c treewide: Change misleading 'addr_ll' name c9f0ec3 util: Correct sock_l4() binding for link local addresses 57532f1 conf: Remove incorrect initialisation of addr_ll_seen 0b25cac conf: Treat --dns addresses as guest visible addresses a6066f4 conf: Correct setting of dns_match address in add_dns6() 7c083ee conf: Move adding of a nameserver from resolv.conf into subfunction 1d10760 conf: Move DNS array bounds checks into add_dns[46] 6852bd0 conf: More accurately count entries added in get_dns() c679894 conf: Use array indices rather than pointers for DNS array slots ceea52c treewide: Use struct assignment instead of memcpy() for IP addresses 905ecd2 treewide: Rename MAC address fields for clarity 066e699 util: Helper for formatting MAC addresses e6feb5a treewide: Use "our address" instead of "forwarding address" 32c3868 netlink: Fix typo in function comment for nl_addr_set() f4e9f26 pasta: Disable neighbour solicitations on device up to prevent DAD d6f0220 netlink, pasta: Fetch link-local address from namespace interface once it's up 74e508c netlink, pasta: Disable DAD for link-local addresses on namespace interface 0c74068 netlink, pasta: Turn nl_link_up() into a generic function to set link flags 8231ce5 netlink, pasta: Split MTU setting functionality out of nl_link_up() b91d337 netlink: Fix typo in function comment for nl_addr_get() 9462064 test: Speed up by cutting on eye candy and performance test duration https://passt.top/passt/log/?qt=range&q=2024_08_14.61c0b0d..2024_08_21.1d61… Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia): ...nope, see https://github.com/fedora-copr/copr/issues/3380 - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - Homebrew: https://formulae.brew.sh/formula/passt - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g1d6142f-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_1d6142f-1_all.deb -- Stefano

1 0

Pasta 20240726 and newer crash with ASSERTION FAILED in flow_hash
by Matt Hamilton 14 Aug '24

14 Aug '24

I am using Podman in Fedora 40, which uses pasta by default for rootless container networking. Fedora 40's base version of passt is `passt-0^20240326.g4988e2b-1.fc40`, but recently two newer versions were released, `passt-0^20240726.g57a21d2-1.fc40` and `0^20240806.gee36266-1.fc40`. After upgrading, one pod kept going offline after a few minutes. The containers remained running, but could not make outbound connections. Journalctl revealed that the pasta process for the pod had crashed with: Aug 08 23:07:55 dev pasta[95859]: ASSERTION FAILED in flow_hash (flow.c:566): pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) && side->eport != 0 && side->fport != 0 Aug 08 23:07:55 dev audit[95859]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 pid=95859 comm="pasta.avx2" exe="/usr/bin/pasta.avx2" sig=31 arch=c000003e syscall=186 compat=0 ip=0x7f8f8c23b64f code=0x80000000 Aug 08 23:07:55 dev audit[95859]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 pid=95859 comm="pasta.avx2" exe="/usr/bin/pasta.avx2" sig=31 res=1 After much debugging, I isolated the trigger to a particular container making a peer-to-peer TCP connection to a remote address with port 0. Reverting passt to version 20240326 works as expected, and the container stays online. It's been a long time since I wrote any C, but the code seems clear and checks that the endpoint and forwarding ports do not equal 0. I assume that a port 0 connection is not realistic or useful, and that actual attempt to connect over this port indicate a bug in the client code. Is this correct? I've reported the behavior to the container authors, but am checking here too in case I'm off base.

3 7

passt: new version 2024_08_14.61c0b0d available
by Stefano Brivio 14 Aug '24

14 Aug '24

The new version with tag 2024_08_14.61c0b0d includes the following changes: 61c0b0d flow: Don't crash if guest attempts to connect to port 0 baba284 conf: Don't ignore -t and -u options after -D c16141e ndp.c: Turn NDP responder into more declarative implementation f6d5a52 conf: Delay handling -D option until after addresses are configured 86bdd96 Correct inaccurate comments on ip[46]_ctx::addr fecb1b6 log: Don't prefix message with timestamp on --debug if it's a continuation baccfb9 conf: Stop parsing options at first non-option argument 09603ca passt, util: Close any open file that the parent might have leaked 755f9fd nstool: Propagate SIGTERM to processes executed in the namespace 5ca61c2 nstool: Fix some trivial typos a628cb9 log: Avoid duplicate calls to logtime() 2c7558d log: Handle errors from clock_gettime() b91bae1 log: Correct formatting of timestamps 95569e4 util: Some corrections for timespec_diff_us fbb0c95 conf, pasta: Make -g and -a skip route/addresses copy for matching IP version only https://passt.top/passt/log/?qt=range&q=2024_08_06.ee36266..2024_08_14.61c0… Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/7907497/ permanent mirror: https://passt.top/builds/copr/0^20240814.g61c0b0d/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - Homebrew: https://formulae.brew.sh/formula/passt - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g61c0b0d-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_61c0b0d-1_all.deb -- Stefano

1 0

passt: new version 2024_08_06.ee36266 available
by Stefano Brivio 06 Aug '24

06 Aug '24

The new version with tag 2024_08_06.ee36266 includes the following changes: ee36266 log, passt: Keep printing to stderr when passt is running in foreground 3a082c4 tcp_splice: Fix side in OUT_WAIT flag setting 031df33 util: Use unsigned (size_t) value for iov length e877f90 udp_flow: move all udp_flow functions to udp_flow.c 623ceb1 udp_flow: Remove udp_meta_t from the parameters of udp_flow_from_sock() a5bbefa log: Make logfile_write() private f30ed68 pasta: Save errno on signal handler entry, restore on return when needed 0149d11 pasta: modify hostname when detaching new namespace 8fae3b7 Fix typo in README file f87b11c fedora/rpkg: List myself as author for changelog entries https://passt.top/passt/log/?qt=range&q=2024_07_26.57a21d2..2024_08_06.ee36… Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/7871011/ permanent mirror: https://passt.top/builds/copr/0^20240806.gee36266/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-gee36266-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_0ee36266-1_all.deb -- Stefano

1 0

2024

2023

2022

2021

user August 2024