The driver function implemented by this patch checks the configuration if the connection is allowed and opens the connection to the socked using the fdstream handler. --- src/qemu/qemu_driver.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e099c5c..77a404f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -14868,6 +14868,53 @@ endjob: cleanup: if (vm) virDomainObjUnlock(vm); + + return ret; +} + +static int +nodeTunnelTCP(virConnectPtr conn, + virStreamPtr stream, + const char *address, + const char *service, + unsigned int flags) +{ + virQEMUDriverPtr driver = conn->privateData; + int config = driver->tunnelTcpRw; + int ret = -1; + + virCheckFlags(VIR_NODE_TUNNEL_TCP_IPV4 | + VIR_NODE_TUNNEL_TCP_IPV6, -1); + + if (!address) + address = "localhost"; + + if (conn->flags & VIR_CONNECT_RO) + config = driver->tunnelTcpRo; + + switch (config) { + case QEMU_TCP_TUNNEL_DISABLE: + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("Can't open TCP tunnel: disabled in configuration")); + goto cleanup; + break; + case QEMU_TCP_TUNNEL_LOCAL: + if (STRNEQ(address, "localhost")) { + virReportError(VIR_ERR_INVALID_ARG, + _("Tunneling to host '%s' forbidden. " + "Only connections to 'localhost' are allowed"), + address); + goto cleanup; + } + break; + default: + /* ok - can be only reached if enabled */ + break; + } + + ret = virFDStreamConnectTCP(stream, address, service, flags); + +cleanup: return ret; } @@ -15045,6 +15092,7 @@ static virDriver qemuDriver = { .nodeSetMemoryParameters = nodeSetMemoryParameters, /* 0.10.2 */ .nodeGetCPUMap = nodeGetCPUMap, /* 1.0.0 */ .domainFSTrim = qemuDomainFSTrim, /* 1.0.1 */ + .nodeTunnelTCP = nodeTunnelTCP, /* 1.0.1 */ }; -- 1.8.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list