- user - passt

passt: new version 2023_06_27.289301b available
by Stefano Brivio 27 Jun '23

27 Jun '23

The new version with tag 2023_06_27.289301b includes the following change: 289301b netlink: Use correct interface index in NL_SET mode https://passt.top/passt/log/?qt=range&q=2023_06_25.32660ce..2023_06_27.2893… Packages: - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/6119154/ permanent mirror: https://passt.top/builds/copr/0^20230627.g289301b/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g289301b-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_289301b-1_all.deb -- Stefano

1 0

passt: new version 2023_06_25.32660ce available
by Stefano Brivio 26 Jun '23

26 Jun '23

The new version with tag 2023_06_25.32660ce includes the following changes: 32660ce pasta: include errno in error message 594dce6 isolation: keep CAP_SYS_PTRACE when required 5b646b9 conf: Accept -a and -g without --config-net in pasta mode d034fb6 conf: Make -a/--address really imply --no-copy-addrs db29fd2 seccomp: Make seccomp.sh re-entrancy safe 3c6d1b9 conf, log: On -h / --help, print usage to stdout, not stderr d072ac2 tap: With pasta, don't reset on tap errors, handle write failures https://passt.top/passt/log/?qt=range&q=2023_06_03.429e1a7..2023_06_25.3266… Packages: - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/6113117/ permanent mirror: https://passt.top/builds/copr/0^20230625.g32660ce/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g32660ce-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_32660ce-1_all.deb -- Stefano

1 0

passt: new version 2023_06_03.429e1a7 available
by Stefano Brivio 03 Jun '23

03 Jun '23

The new version with tag 2023_06_03.429e1a7 includes the following changes: 429e1a7 conf: Fix erroneous check of ip6->gw e3b1953 test/nstool: Fix fd leak in accept() loop 527c822 test/nstool: Provide useful error if given a path that's too long 9f61c5b passt.h: Fix description of pasta_ifi in struct ctx cc9d167 conf, pasta: With --config-net, copy all addresses by default e89da3c netlink: Add functionality to copy addresses from outer namespace a7359f0 conf: Don't exit if sourced default route has no gateway e8fef75 Revert "conf: Adjust netmask on mismatch between IPv4 address/netmask and gateway" da54641 conf, pasta: With --config-net, copy all routes by default 468f19a conf: --config-net option is for pasta mode only 2fe0461 netlink: Add functionality to copy routes from outer namespace f099afb pasta: Improve error handling on failure to join network namespace 1c3c689 netlink: Fix comment about response buffer size for nl_req() 770d1a4 isolation: Initially Keep CAP_SETFCAP if running as UID 0 in non-init b0e450a pasta: Detach mount namespace, (re)mount procfs before spawning command b0881aa util, conf: Add and use ns_is_init() helper 25f1d1a tap: Don't update ip6.addr_seen to :: https://passt.top/passt/log/?qt=range&q=2023_05_09.96f8d55..2023_06_03.429e… Packages: - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/6000164/ permanent mirror: https://passt.top/builds/copr/0^20230603.g429e1a7/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g429e1a7-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_429e1a7-1_all.deb -- Stefano

1 0

IPv6 UDP not working
by Juan Orti 29 May '23

29 May '23

Hi, I'm testing a DNS server in a rootless container using pasta, and I have seen that the IPv6 UDP packets are not reaching the service: $ dig www.google.com @fddc:f797:78ef:70::5 +short ;; communications error to fddc:f797:78ef:70::5#53: timed out ;; communications error to fddc:f797:78ef:70::5#53: timed out ;; communications error to fddc:f797:78ef:70::5#53: timed out ; <<>> DiG 9.18.15 <<>> www.google.com @fddc:f797:78ef:70::5 +short ;; global options: +cmd ;; no servers could be reached TCP over IPv6 and UDP, TCP over IPv4 works fine: $ dig www.google.com @fddc:f797:78ef:70::5 +short +tcp 216.239.38.120 $ dig www.google.com @192.168.7.5 +short 216.239.38.120 $ dig www.google.com @192.168.7.5 +short +tcp216.239.38.120 The pasta process is running with these arguments: /usr/bin/pasta --config-net -u 53-53:53-53 -t 53-53:53-53 -t 3003-3003:3003-3003 -T none -U none --no-map-gw --netns /run/user/1002/netns/netns-378b62b8-bf27-3b51-1fb1-e2ebb7119647 I'm using passt-0^20230509.g96f8d55-1.fc38.x86_64 from Fedora CoreOS 38. Is this a known bug? or am I doing something wrong? Thank you.

3 6

passt: new version 2023_05_09.96f8d55 available
by Stefano Brivio 10 May '23

10 May '23

The new version with tag 2023_05_09.96f8d55 includes the following changes: 96f8d55 correct -6 option in manpage 940bd3e passt: Fix error check for signal(), improve error messages 1a3ade9 nstool: Enter holder's cwd when changing mount ns with nstool exec 98031be nstool: Advertise the holder's cwd (in its mountns) across the socket 469b69a test: Use "nstool exec" to slightly simplify tests 3372cd0 test: Initialise ${TRACE} properly 329149d nstool: Add --keep-caps option to nstool exec 0b66944 nstool: Add nstool exec command to execute commands in an nstool namespace 3bcbca5 nstool: Helpers to iterate through namespace types f6a9ea3 nstool: Add magic number to advertized information 4311066 nstool: Detect what namespaces target is in fd4a752 nstool: Replace "pid" subcommand with "info" subcommand a4b017d nstool: Split some command line parsing and socket setup to subcommands 42fb218 nstool: Move description of its operation modes from comment to usage 2884ccd nstool: Reverse parameters to nstool 4914fce nstool: Rename nsholder to nstool 55bbe3d test: Remove race between commands run in the same context ca2749e passt: Relicense to GPL 2.0, or any later version https://passt.top/passt/log/?qt=range&q=2023_03_29.b10b983..2023_05_09.96f8… Note that this is the first GPLv2+ version of passt, changing from AGPLv3+. Packages: - Arch Linux AUR: https://aur.archlinux.org/packages/passt - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/5906538/ permanent mirror: https://passt.top/builds/copr/0^20230509.g96f8d55/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g96f8d55-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_96f8d55-1_all.deb -- Stefano

1 0

passt: new version 2023_03_29.b10b983 available
by Stefano Brivio 30 Mar '23

30 Mar '23

The new version with tag 2023_03_29.b10b983 includes the following changes: b10b983 fedora: Adjust path for SELinux policy and interface file to latest guidelines 387f4ac fedora: Don't install useless SELinux interface file for pasta dafd92d selinux: Drop useless interface file for pasta 98a9a7d conf: Allow binding to ports on an interface without a specific address 33d88f7 tcp: Clear ACK_FROM_TAP_DUE also on unchanged ACK sequence from peer 4e73e9b tcp: Don't special case the handling of the ack of a syn 085672f tcp: Clarify allowed state for tcp_data_from_tap() https://passt.top/passt/log/?qt=range&q=2023_03_21.1ee2f7c..2023_03_29.b10b… Packages: - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/5727640/ permanent mirror: https://passt.top/builds/copr/0^20230329.gb10b983/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g02130bb-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_02130bb-1_all.deb -- Stefano

1 0

Failed to open tun socket in namespace
by Gianluca Stivan 27 Mar '23

27 Mar '23

Hi, Thank you so much for this project! I'm running a rootless container using pasta. Everything works great but after a while (anything from minutes to hours) I see the error "Failed to open tun socket in namespace" in my systemd logs, and my container loses access to the internet. Do you happen to have any idea how I would go about debugging this? Thanks a lot in advance :) PS: I'm running pasta from podman with arguments --map-gw,--dns,<my-dns>,-i,wlan0,--outbound-if4,wireguard0,--outbound-if6,wireguard0,--config-net

2 4

passt: new version 2023_03_21.1ee2f7c available
by Stefano Brivio 22 Mar '23

22 Mar '23

The new version with tag 2023_03_21.1ee2f7c includes the following changes: 1ee2f7c tcp: Don't reset ACK_TO_TAP_DUE on any ACK, reschedule timer as needed 9ffccf7 tcp: When a connection flag it set, don't negate it for debug print 89d1494 Fix false positive if cppcheck doesn't give a false positive 34ade90 Work around weird false positives with cppcheck-2.9.1 ccf6d2a udp: Actually bind detected namespace ports in init namespace 418f75a pasta: fix tcp port forwarding in auto mode https://passt.top/passt/log/?qt=range&q=2023_03_17.dd23496..2023_03_21.1ee2… Packages: - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/5694155/ permanent mirror: https://passt.top/builds/copr/0^20230321.g1ee2f7c/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g1ee2f7c-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_1ee2f7c-1_all.deb -- Stefano

1 0

passt: new version 2023_03_17.dd23496 available
by Stefano Brivio 17 Mar '23

17 Mar '23

The new version with tag 2023_03_17.dd23496 includes the following changes: dd23496 fedora: Refresh SELinux labels in scriptlets, require -selinux package 87a6550 Makefile: Enable external override for TARGET 7727804 passt.1: Fix description of --mtu option 4e6178f log: Avoid time_t/__syscall_slong_t format mismatch with long int on X32 ABI https://passt.top/passt/log/?qt=range&q=2023_03_10.70c0765..2023_03_17.dd23… Packages: - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/5653690/ permanent mirror: https://passt.top/builds/copr/0^20230317.gdd23496/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-gdd23496-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_0dd23496-1_all.deb -- Stefano

1 0

passt: new version 2023_03_09.7c7625d available
by Stefano Brivio 09 Mar '23

09 Mar '23

The new version with tag 2023_03_09.7c7625d includes the following changes: 7c7625d README: Update Features section, plus minor improvements 294d6dc contrib: Drop libvirt out-of-tree patch, integration mostly works in 9.1.0 42fb625 contrib: Drop QEMU out-of-tree patches f3cd0f9 contrib: Drop Podman out-of-tree patch, integration is upstream now d7272f1 tcp: Clamp MSS value when queueing data to tap, also for pasta bb2b67c conf: Terminate on EMFILE or ENFILE on sockets for port mapping 5aea2f8 tcp, udp: Fix partial success return codes in {tcp,udp}_sock_init() 73992c4 tcp, udp, util: Pass socket creation errors all the way up 5068761 util: Carry own definition of __bswap_constant{16,32} 89e38f5 treewide: Fix header includes to build with musl 5c58fea conf, passt: Rename stderr to force_stderr fde8004 netlink: Use 8 KiB * netlink message header size as response buffer a9c59dd conf, icmp, tcp, udp: Add options to bind to outbound address and interface 70148ce conf, passt.h: Rename "outbound" interface to "template" interface d361fe6 contrib/selinux: Let interface users set paths for log, PID, socket files de9b0cb contrib/selinux: Allow binding and connecting to all UDP and TCP ports 41bc669 contrib/selinux: Let passt write to stdout and stderr when it starts 009af75 contrib/selinux: Drop duplicate init_daemon_domain() rule 8323621 udp: Fix signedness warning on 32-bits architectures f6b6b66 Makefile: Fix SuperH 4 builds: it's AUDIT_ARCH_SH, not AUDIT_ARCH_SH4 0d8c114 Makefile, seccomp.sh: Fix cross-builds, adjust syscalls list to compiler https://passt.top/passt/log/?qt=range&q=2023_02_27.c538ee8..2023_03_09.7c76… Packages: - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia, openSUSE): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/5617634/ permanent mirror: https://passt.top/builds/copr/0^20230309.g7c7625d/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Ubuntu tracker: https://packages.ubuntu.com/lunar/passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g7c7625d-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_7c7625d-1_all.deb -- Stefano

1 0

2024

2023

2022

2021

user