From f351094462c6afee9427d13e60cbf6213c892a53 Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Wed, 19 Mar 2025 15:07:27 +0000
Subject: [PATCH] import passt-0%5E20240806.gee36266-7.el9_5
---
.passt.checksum | 2 +-
...t-outbound-connection-on-SYN-retries.patch | 44 +++++++++++++++++++
SPECS/passt.spec | 6 ++-
3 files changed, 50 insertions(+), 2 deletions(-)
create mode 100644 SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
diff --git a/.passt.checksum b/.passt.checksum
index 525e07c..1a22cc9 100644
--- a/.passt.checksum
+++ b/.passt.checksum
@@ -1 +1 @@
-176700ad32d1ca16983a0e1c9b311e0c5c048e8d815f181227105c0339396b03
+a45f2813ca382bd13c464efad2076ae6e421de5c60e885594513f3afe8e97a37
diff --git a/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch b/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
new file mode 100644
index 0000000..4420126
--- /dev/null
+++ b/SOURCES/0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
@@ -0,0 +1,44 @@
+From 2d5181f7363a09b24b225b9d7c07f999a1f89e63 Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Mon, 3 Feb 2025 08:19:16 +0100
+Subject: [PATCH] tcp: Don't reset outbound connection on SYN retries
+
+Reported by somebody on IRC: if the server has considerable latency,
+it might happen that the client retries sending SYN segments for the
+same flow while we're still in a TAP_SYN_RCVD, non-ESTABLISHED state.
+
+In that case, we should go with the blanket assumption that we need
+to reset the connection on any unexpected segment: RFC 9293 explicitly
+mentions this case in Figure 8: Recovery from Old Duplicate SYN,
+section 3.5. It doesn't make sense for us to set a specific sequence
+number, socket-side, but we should definitely wait and see.
+
+Ignoring the duplicate SYN segment should also be compatible with
+section 3.10.7.3. SYN-SENT STATE, which mentions updating sequences
+socket-side (which we can't do anyway), but certainly not reset the
+connection.
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
+(cherry picked from commit 722d347c1932f630a53ba05ea0270a651ed601b2)
+---
+ tcp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tcp.c b/tcp.c
+index bbc5687..babd02a 100644
+--- a/tcp.c
++++ b/tcp.c
+@@ -1962,6 +1962,9 @@ int tcp_tap_handler(struct ctx *c, uint8_t pif, sa_family_t af,
+
+ /* Establishing connection from tap */
+ if (conn->events & TAP_SYN_RCVD) {
++ if (th->syn && !th->ack && !th->fin)
++ return 1; /* SYN retry: ignore and keep waiting */
++
+ if (!(conn->events & TAP_SYN_ACK_SENT))
+ goto reset;
+
+--
+2.47.1
+
diff --git a/SPECS/passt.spec b/SPECS/passt.spec
index b3147e2..224e848 100644
--- a/SPECS/passt.spec
+++ b/SPECS/passt.spec
@@ -12,7 +12,7 @@
Name: passt
Version: 0^20240806.gee36266
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: User-mode networking daemons for virtual machines and namespaces
License: GPL-2.0-or-later AND BSD-3-Clause
Group: System Environment/Daemons
@@ -25,6 +25,7 @@ Patch3: 0003-tcp-Acknowledge-keep-alive-segments-ignore-them-for-.patch
Patch4: 0004-tcp_splice-Set-again-TCP_NODELAY-on-both-sides.patch
Patch5: 0005-flow-Fix-incorrect-hash-probe-in-flowside_lookup.patch
Patch6: 0006-tcp-Set-ACK-flag-on-all-RST-segments-even-for-client.patch
+Patch7: 0007-tcp-Don-t-reset-outbound-connection-on-SYN-retries.patch
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@@ -131,6 +132,9 @@ fi
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
%changelog
+* Wed Mar 12 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-7
+- Resolves: RHEL-83155
+
* Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-6
- Resolves: RHEL-75645
--
GitLab