[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [Qemu-devel] [PATCH] make user networking hostfwd wor
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-trivial] [Qemu-devel] [PATCH] make user networking hostfwd work with restrict=y |
Date: |
Mon, 14 Nov 2011 13:56:56 +0000 |
On Fri, Nov 11, 2011 at 3:04 PM, Gertjan Halkes <address@hidden> wrote:
> On Fri, 11 Nov 2011 08:24:04 -0600, Anthony Liguori <address@hidden>
> wrote:
>
>>Please submit against qemu.git master with a Signed-off-by.
>
> Ok, here goes:
>
> This patch allows the hostfwd option to override the restrict=y setting in
> the user network stack, as explicitly stated in the documentation on the
> restrict option:
>
> restrict=on|off
> If this option is enabled, the guest will be isolated, i.e. it
> will not be able to contact the host and no guest IP packets
> will be routed over the host to the outside. This option does
> not affect any explicitly set forwarding rules.
>
> Qemu bug tracker:
> https://bugs.launchpad.net/qemu/+bug/829455
>
> Signed-off-by: Gertjan Halkes <address@hidden>
> ---
> slirp/tcp_input.c | 28 +++++++++++++++++-----------
> 1 files changed, 17 insertions(+), 11 deletions(-)
Jan: Want to take a look at this as SLIRP maintainer?
> diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
> index 942aaf4..ed09c27 100644
> --- a/slirp/tcp_input.c
> +++ b/slirp/tcp_input.c
> @@ -316,16 +316,6 @@ tcp_input(struct mbuf *m, int iphlen, struct socket
> *inso)
> m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr);
> m->m_len -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr);
>
> - if (slirp->restricted) {
> - for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) {
> - if (ex_ptr->ex_fport == ti->ti_dport &&
> - ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) {
> - break;
> - }
> - }
> - if (!ex_ptr)
> - goto drop;
> - }
> /*
> * Locate pcb for segment.
> */
> @@ -354,7 +344,23 @@ findso:
> * the only flag set, then create a session, mark it
> * as if it was LISTENING, and continue...
> */
> - if (so == NULL) {
> + if (so == NULL) {
> + if (slirp->restricted) {
> + /* Any hostfwds will have an existing socket, so we only get here
> + * for non-hostfwd connections. These should be dropped, unless
> it
> + * happens to be a guestfwd.
> + */
> + for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr =
> ex_ptr->ex_next) {
> + if (ex_ptr->ex_fport == ti->ti_dport &&
> + ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) {
> + break;
> + }
> + }
> + if (!ex_ptr) {
> + goto dropwithreset;
> + }
> + }
> +
> if ((tiflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK)) != TH_SYN)
> goto dropwithreset;
>
> --
> 1.7.1
>
>
>