[Qemu-commits] [qemu/qemu] 5e059b: sockets: ensure we can bind to both i

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 5e059b: sockets: ensure we can bind to both i

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 5e059b: sockets: ensure we can bind to both ipv4 & ipv6 se...
Date:	Fri, 14 Jul 2017 09:00:45 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 5e059be4c7b75e20c29afb0e03b646864ae93f32
      
https://github.com/qemu/qemu/commit/5e059be4c7b75e20c29afb0e03b646864ae93f32
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-07-14 (Fri, 14 Jul 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: ensure we can bind to both ipv4 & ipv6 separately

When binding to an IPv6 socket we currently force the
IPV6_V6ONLY flag to off. This means that the IPv6 socket
will accept both IPv4 & IPv6 sockets when QEMU is launched
with something like

  -vnc :::1

While this is good for that case, it is bad for other
cases. For example if an empty hostname is given,
getaddrinfo resolves it to 2 addresses 0.0.0.0 and ::,
in that order. We will thus bind to 0.0.0.0 first, and
then fail to bind to :: on the same port. The same
problem can happen if any other hostname lookup causes
the IPv4 address to be reported before the IPv6 address.

When we get an IPv6 bind failure, we should re-try the
same port, but with IPV6_V6ONLY turned on again, to
avoid clash with any IPv4 listener.

This ensures that

  -vnc :1

will bind successfully to both 0.0.0.0 and ::, and also
avoid

  -vnc :1,to=2

from mistakenly using a 2nd port for the :: listener.

This is a regression due to commit 396f935 "ui: add ability to
specify multiple VNC listen addresses".

Acked-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 4dc5d815c43b0138e5d6753e788343f6e2cb6b5f
      
https://github.com/qemu/qemu/commit/4dc5d815c43b0138e5d6753e788343f6e2cb6b5f
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-07-14 (Fri, 14 Jul 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: don't block IPv4 clients when listening on "::"

When inet_parse() parses the hostname, it is forcing the
has_ipv6 && ipv6 flags if the address contains a ":". This
means that if the user had set the ipv4=on flag, to try to
restrict the listener to just ipv4, an error would not have
been raised.  eg

   -incoming tcp:[::]:9000,ipv4

should have raised an error because listening for IPv4
on "::" is a non-sensical combination. With this removed,
we now call getaddrinfo() on "::" passing PF_INET and
so getaddrinfo reports an error about the hostname being
incompatible with the requested protocol:

 qemu-system-x86_64: -incoming tcp:[::]:9000,ipv4: address resolution
    failed for :::9000: Address family for hostname not supported

Likewise it is explicitly setting the has_ipv4 & ipv4
flags when the address contains only digits + '.'. This
has no ill-effect, but also has no benefit, so is removed.

Acked-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 94bc0d19789b6f5ce881c4a06a3e1c431874cbbd
      
https://github.com/qemu/qemu/commit/94bc0d19789b6f5ce881c4a06a3e1c431874cbbd
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-07-14 (Fri, 14 Jul 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: ensure we don't accept IPv4 clients when IPv4 is disabled

Currently if you disable listening on IPv4 addresses, via the
CLI flag ipv4=off, we still mistakenly accept IPv4 clients via
the IPv6 listener socket due to IPV6_V6ONLY flag being unset.

We must ensure IPV6_V6ONLY is always set if ipv4=off

This fixes the following scenarios

  -incoming tcp::9000,ipv6=on
  -incoming tcp:[::]:9000,ipv6=on
  -chardev socket,id=cdev0,host=,port=9000,server,nowait,ipv4=off
  -chardev socket,id=cdev0,host=,port=9000,server,nowait,ipv6=on
  -chardev socket,id=cdev0,host=::,port=9000,server,nowait,ipv4=off
  -chardev socket,id=cdev0,host=::,port=9000,server,nowait,ipv6=on

which all mistakenly accepted IPv4 clients

Acked-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 563a3987b980a36e6941720a99d5cf36960f78ea
      
https://github.com/qemu/qemu/commit/563a3987b980a36e6941720a99d5cf36960f78ea
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-07-14 (Fri, 14 Jul 2017)

  Changed paths:
    M io/dns-resolver.c

  Log Message:
  -----------
  io: preserve ipv4/ipv6 flags when resolving InetSocketAddress

The original InetSocketAddress struct may have has_ipv4 and
has_ipv6 fields set, which will control both the ai_family
used during DNS resolution, and later use of the V6ONLY
flag.

Currently the standalone DNS resolver code drops the
has_ipv4 & has_ipv6 flags after resolving, which means
the later bind() code won't correctly set V6ONLY.

This fixes the following scenarios

  -vnc :0,ipv4=off
  -vnc :0,ipv6=on
  -vnc :::0,ipv4=off
  -vnc :::0,ipv6=on

which all mistakenly accepted IPv4 clients

Acked-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 23f87b9973b3755f0e8acd38be7087b7cc601cbe
      
https://github.com/qemu/qemu/commit/23f87b9973b3755f0e8acd38be7087b7cc601cbe
  Author: Peter Maydell <address@hidden>
  Date:   2017-07-14 (Fri, 14 Jul 2017)

  Changed paths:
    M io/dns-resolver.c
    M util/qemu-sockets.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/berrange/tags/pull-sockets-2017-07-11-3' into staging

Merge sockets 2017/07/11 v3

# gpg: Signature made Fri 14 Jul 2017 16:09:03 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg:                 aka "Daniel P. Berrange <address@hidden>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-sockets-2017-07-11-3:
  io: preserve ipv4/ipv6 flags when resolving InetSocketAddress
  sockets: ensure we don't accept IPv4 clients when IPv4 is disabled
  sockets: don't block IPv4 clients when listening on "::"
  sockets: ensure we can bind to both ipv4 & ipv6 separately

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/fbc8ea1ed070...23f87b9973b3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 5e059b: sockets: ensure we can bind to both ipv4 & ipv6 se..., GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 03f47e: s390x/kvm: Rework cmma management
Next by Date: [Qemu-commits] [qemu/qemu] 4871b5: vmgenid-test: use boot-sector infrastructure
Previous by thread: [Qemu-commits] [qemu/qemu] 03f47e: s390x/kvm: Rework cmma management
Next by thread: [Qemu-commits] [qemu/qemu] 4871b5: vmgenid-test: use boot-sector infrastructure
Index(es):
- Date
- Thread