udp_flow.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 fix podman issue #26073 (assertion failed on outbound broadcast packets)

This patch is the equivalent of upstream commits eea8a76caf85 ("flow:
fix podman issue #26073") and 8ec134109eb1 ("flow: close socket fd on
error"), and is needed to ensure we don't unexpectedly terminate on
failure to connect() UDP sockets on new UDP outbound flows, as well as
avoiding a file descriptor leak in that case.

This issue was originally reported as Podman issue #26073:

  https://github.com/containers/podman/issues/26073

and, at least in that specific case, the connect() failure is caused
by an outbound message directed to an IPv4 broadcast address, which
leads to a new UDP flow directed to 255.255.255.255, which we can't
connect() to.

On connect() failure, we didn't remove the UDP socket from the epoll
list, and leave the flow table in an inconsistent state, which would
typically cause unexpected termination on a subsequent flow creation.

Further, we also need to close the socket corresponding to the failed
UDP flow, otherwise we'll (resource-wise) leak a file descriptor.