diff options
| author | Anthony Liguori <aliguori@us.ibm.com> | 2013-06-20 16:53:08 -0500 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2013-06-20 16:53:08 -0500 |
| commit | b1588c3fd6daf6e23ba727c758f84ada279ae731 (patch) | |
| tree | 3dad4f8f63a95e26d7d20582d5688c7f5dfaad3c | |
| parent | 4eda32f588086b6cd0ec2be6a7a6c131f8c2b427 (diff) | |
| parent | b5a87d26e848945eb891f4d7e4a7f2be514e08d5 (diff) | |
| download | focaccia-qemu-b1588c3fd6daf6e23ba727c758f84ada279ae731.tar.gz focaccia-qemu-b1588c3fd6daf6e23ba727c758f84ada279ae731.zip | |
Merge remote-tracking branch 'kiszka/queues/slirp' into staging
# By Bas van Sisseren (1) and Gertjan Halkes (1) # Via Jan Kiszka * kiszka/queues/slirp: make user networking hostfwd work with restrict=y fix -net user checks by reordering checks Message-id: cover.1371638848.git.jan.kiszka@siemens.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| -rw-r--r-- | net/slirp.c | 12 | ||||
| -rw-r--r-- | slirp/tcp_input.c | 26 |
2 files changed, 22 insertions, 16 deletions
diff --git a/net/slirp.c b/net/slirp.c index b3f35d5861..124e953d9c 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -212,19 +212,19 @@ static int net_slirp_init(NetClientState *peer, const char *model, return -1; } - if (vdhcp_start && !inet_aton(vdhcp_start, &dhcp)) { + if (vnameserver && !inet_aton(vnameserver, &dns)) { return -1; } - if ((dhcp.s_addr & mask.s_addr) != net.s_addr || - dhcp.s_addr == host.s_addr || dhcp.s_addr == dns.s_addr) { + if ((dns.s_addr & mask.s_addr) != net.s_addr || + dns.s_addr == host.s_addr) { return -1; } - if (vnameserver && !inet_aton(vnameserver, &dns)) { + if (vdhcp_start && !inet_aton(vdhcp_start, &dhcp)) { return -1; } - if ((dns.s_addr & mask.s_addr) != net.s_addr || - dns.s_addr == host.s_addr) { + if ((dhcp.s_addr & mask.s_addr) != net.s_addr || + dhcp.s_addr == host.s_addr || dhcp.s_addr == dns.s_addr) { return -1; } diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c index 6440eae7fa..f946db8dc0 100644 --- a/slirp/tcp_input.c +++ b/slirp/tcp_input.c @@ -316,16 +316,6 @@ tcp_input(struct mbuf *m, int iphlen, struct socket *inso) m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); m->m_len -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); - if (slirp->restricted) { - for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { - if (ex_ptr->ex_fport == ti->ti_dport && - ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) { - break; - } - } - if (!ex_ptr) - goto drop; - } /* * Locate pcb for segment. */ @@ -355,6 +345,22 @@ findso: * as if it was LISTENING, and continue... */ if (so == NULL) { + if (slirp->restricted) { + /* Any hostfwds will have an existing socket, so we only get here + * for non-hostfwd connections. These should be dropped, unless it + * happens to be a guestfwd. + */ + for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { + if (ex_ptr->ex_fport == ti->ti_dport && + ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) { + break; + } + } + if (!ex_ptr) { + goto dropwithreset; + } + } + if ((tiflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK)) != TH_SYN) goto dropwithreset; |