← Back to branch summary

~vcs-imports/qemu/git

« back to all changes in this revision

Viewing changes to slirp/ip_input.c

  • Committer: aliguori
  • Date: 2009-01-08 19:24:00 UTC
  • Revision ID: git-v1:a9ba3a856d8e84f4c32bcfa2b92727b7add4996c
Add slirp_restrict option (Gleb Natapov)

Add "slirp firewall" to permit connection only to vmchannel addresses.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6241 c046a42c-6fe2-441c-8c8c-71466251a162

Show diffs side-by-side

added added

removed removed

Lines of Context:
slirp/ip_input.c
136
136
                STAT(ipstat.ips_tooshort++);
137
137
                goto bad;
138
138
        }
 
139
 
 
140
    if (slirp_restrict) {
 
141
        if (memcmp(&ip->ip_dst.s_addr, &special_addr, 3)) {
 
142
            if (ip->ip_dst.s_addr == 0xffffffff && ip->ip_p != IPPROTO_UDP)
 
143
                goto bad;
 
144
        } else {
 
145
            int host = ntohl(ip->ip_dst.s_addr) & 0xff;
 
146
            struct ex_list *ex_ptr;
 
147
 
 
148
            if (host == 0xff)
 
149
                goto bad;
 
150
 
 
151
            for (ex_ptr = exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next)
 
152
                if (ex_ptr->ex_addr == host)
 
153
                    break;
 
154
 
 
155
            if (!ex_ptr)
 
156
                goto bad;
 
157
        }
 
158
    }
 
159
 
139
160
        /* Should drop packet if mbuf too long? hmmm... */
140
161
        if (m->m_len > ip->ip_len)
141
162
           m_adj(m, ip->ip_len - m->m_len);