The driver function implemented by this patch checks the configuration
if the connection is allowed and opens the connection to the socked
using the fdstream handler.
---
src/qemu/qemu_driver.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e099c5c..57145e7 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -14868,6 +14868,50 @@ endjob:
cleanup:
if (vm)
virDomainObjUnlock(vm);
+
+ return ret;
+}
+
+static int
+nodeTunnelTCP(virConnectPtr conn,
+ virStreamPtr stream,
+ const char *address,
+ const char *service,
+ unsigned int flags)
+{
+ virQEMUDriverPtr driver = conn->privateData;
+ int config = driver->tunnelTcpRw;
+ int ret = -1;
+
+ virCheckFlags(VIR_NODE_TUNNEL_TCP_IPV4 |
+ VIR_NODE_TUNNEL_TCP_IPV6, -1);
+
+ if (conn->flags & VIR_CONNECT_RO)
+ config = driver->tunnelTcpRo;
+
+ switch (config) {
+ case QEMU_TCP_TUNNEL_DISABLE:
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("Can't open TCP tunnel: disabled in configuration"));
+ goto cleanup;
+ break;
+ case QEMU_TCP_TUNNEL_LOCAL:
+ if (address && STRNEQ(address, "localhost")) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("Tunneling to host '%s' forbidden. "
+ "Only local connections are allowed"),
+ address);
+ goto cleanup;
+ }
+ break;
+ default:
+ /* ok - can be only reached if enabled */
+ break;
+ }
+
+ ret = virFDStreamConnectTCP(stream, address, service, flags);
+
+cleanup:
return ret;
}
@@ -15045,6 +15089,7 @@ static virDriver qemuDriver = {
.nodeSetMemoryParameters = nodeSetMemoryParameters, /* 0.10.2 */
.nodeGetCPUMap = nodeGetCPUMap, /* 1.0.0 */
.domainFSTrim = qemuDomainFSTrim, /* 1.0.1 */
+ .nodeTunnelTCP = nodeTunnelTCP, /* 1.0.1 */
};
--
1.8.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list