diff options
| author | aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-01-08 19:24:00 +0000 |
|---|---|---|
| committer | aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-01-08 19:24:00 +0000 |
| commit | 02d6845a5fd2fe4f8552b4658914c719a6e00506 (patch) | |
| tree | e45a11e63905d3a231456c272d0e094d7a869974 /slirp/tcp_input.c | |
| parent | 443464587a9c4e66ca14df4816c8448fe2950fab (diff) | |
| download | qemu-02d6845a5fd2fe4f8552b4658914c719a6e00506.tar.gz qemu-02d6845a5fd2fe4f8552b4658914c719a6e00506.tar.bz2 qemu-02d6845a5fd2fe4f8552b4658914c719a6e00506.zip | |
Add slirp_restrict option (Gleb Natapov)
Add "slirp firewall" to permit connection only to vmchannel addresses.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6241 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'slirp/tcp_input.c')
| -rw-r--r-- | slirp/tcp_input.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c index 17a9387f04..408875e8e8 100644 --- a/slirp/tcp_input.c +++ b/slirp/tcp_input.c @@ -253,6 +253,7 @@ tcp_input(m, iphlen, inso) u_long tiwin; int ret; /* int ts_present = 0; */ + struct ex_list *ex_ptr; DEBUG_CALL("tcp_input"); DEBUG_ARGS((dfd," m = %8lx iphlen = %2d inso = %lx\n", @@ -363,6 +364,15 @@ tcp_input(m, iphlen, inso) m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); m->m_len -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); + if (slirp_restrict) { + for (ex_ptr = exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) + if (ex_ptr->ex_fport == ti->ti_dport && + (ntohl(ti->ti_dst.s_addr) & 0xff) == ex_ptr->ex_addr) + break; + + if (!ex_ptr) + goto drop; + } /* * Locate pcb for segment. */ @@ -646,7 +656,6 @@ findso: #endif { /* May be an add exec */ - struct ex_list *ex_ptr; for(ex_ptr = exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { if(ex_ptr->ex_fport == so->so_fport && lastbyte == ex_ptr->ex_addr) { |