Re: [Qemu-devel] [Qemu-trivial] [PATCH] make user networking hostfwd work with restrict=y

Mon, 14 Nov 2011 05:57:21 -0800 

On Fri, Nov 11, 2011 at 3:04 PM, Gertjan Halkes <q...@ghalkes.nl> wrote:
> On Fri, 11 Nov 2011 08:24:04 -0600, Anthony Liguori <anth...@codemonkey.ws>
> wrote:
>
>>Please submit against qemu.git master with a Signed-off-by.
>
> Ok, here goes:
>
> This patch allows the hostfwd option to override the restrict=y setting in
> the user network stack, as explicitly stated in the documentation on the
> restrict option:
>
>     restrict=on|off
>         If this option is enabled, the guest will be isolated, i.e. it
>         will not be able to contact the host and no guest IP packets
>         will be routed over the host to the outside. This option does
>         not affect any explicitly set forwarding rules.
>
> Qemu bug tracker:
> https://bugs.launchpad.net/qemu/+bug/829455
>
> Signed-off-by: Gertjan Halkes <q...@ghalkes.nl>
> ---
>  slirp/tcp_input.c |   28 +++++++++++++++++-----------
>  1 files changed, 17 insertions(+), 11 deletions(-)

Jan: Want to take a look at this as SLIRP maintainer?

> diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
> index 942aaf4..ed09c27 100644
> --- a/slirp/tcp_input.c
> +++ b/slirp/tcp_input.c
> @@ -316,16 +316,6 @@ tcp_input(struct mbuf *m, int iphlen, struct socket 
> *inso)
>        m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr);
>        m->m_len  -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr);
>
> -    if (slirp->restricted) {
> -        for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) {
> -            if (ex_ptr->ex_fport == ti->ti_dport &&
> -                ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) {
> -                break;
> -            }
> -        }
> -        if (!ex_ptr)
> -            goto drop;
> -    }
>        /*
>         * Locate pcb for segment.
>         */
> @@ -354,7 +344,23 @@ findso:
>         * the only flag set, then create a session, mark it
>         * as if it was LISTENING, and continue...
>         */
> -        if (so == NULL) {
> +    if (so == NULL) {
> +        if (slirp->restricted) {
> +            /* Any hostfwds will have an existing socket, so we only get here
> +             * for non-hostfwd connections. These should be dropped, unless 
> it
> +             * happens to be a guestfwd.
> +             */
> +            for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = 
> ex_ptr->ex_next) {
> +                if (ex_ptr->ex_fport == ti->ti_dport &&
> +                    ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) {
> +                    break;
> +                }
> +            }
> +            if (!ex_ptr) {
> +                goto dropwithreset;
> +            }
> +        }
> +
>          if ((tiflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK)) != TH_SYN)
>            goto dropwithreset;
>
> --
> 1.7.1
>
>
>

Reply via email to