We piled up 13 critical fixes as patches, some rather large, since 10.0. Backporting fixes is becoming more complicated at this stage and upstream meanwhile is shipping a number of fixes for issues that might be relevant for cusomers, such as:

• https://bugs.passt.top/show_bug.cgi?id=99 UDP response packets always use primary IP address
• https://bugs.passt.top/show_bug.cgi?id=122 passt/pasta requires a global address (RT_SCOPE_UNIVERSE) when site local would do
• https://bugs.passt.top/show_bug.cgi?id=159 Pasta segfault
• https://bugs.passt.top/show_bug.cgi?id=153 Retry SYN for inbound connections
• https://bugs.passt.top/show_bug.cgi?id=113 UDP/TCP sockets bound on non-default localhost are bound but inaccessible
• https://bugs.passt.top/show_bug.cgi?id=120 Add ARP table lookup to reflect source MAC address on inbound packets
• https://bugs.passt.top/show_bug.cgi?id=128 Enable local mode separately per IP version
• https://bugs.passt.top/show_bug.cgi?id=129 Don't enable explicitly disabled IP version if local mode is enabled
• https://bugs.passt.top/show_bug.cgi?id=166 passt not working with Windows 2000 guest and rtl8139 qemu NIC

Other components in the virtualisation area are being rebased as well, so take the chance to go ahead and rebase from upstream for RHEL 10.2.