Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-19 Thread Daisuke Nojiri
I'll take a look at libpcap and update the thread. Thanks, Avi. Dai On Sun, Apr 17, 2011 at 5:36 AM, Avi Kivity wrote: > On 04/14/2011 11:04 PM, Daisuke Nojiri wrote: > >> Hi, Avi, >> >> Complex and complete firewalling is probably out of my focus for now. I'

[Qemu-devel] [PATCH 4/4] Slirp Reverse UDP Firewall

2011-04-15 Thread Daisuke Nojiri
. [80-81]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. TCP support will follow in another patch series. Signed-off-by: Daisuke Nojiri diff --git a/net/slirp.c b/net/slirp.c index 51e4728..a22ca5c 100644 --- a/net

Re: [Qemu-devel] [PATCH 3/4] Slirp Reverse UDP Firewall

2011-04-15 Thread Daisuke Nojiri
. [80-81]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. TCP support will follow in another patch series. Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 0707188..35ec2ae 100644 --- a/net.c +++ b/net.c

[Qemu-devel] [PATCH 3/4] Slirp Reverse UDP Firewall

2011-04-15 Thread Daisuke Nojiri
. [80-81]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. If PROTO is omitted, all protocols match the rule. TCP support will follow in another patch series. Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c

[Qemu-devel] [PATCH 2/4] Slirp Reverse UDP Firewall

2011-04-15 Thread Daisuke Nojiri
]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. If PROTO is omitted, all protocols match the rule. TCP support will follow in another patch series. Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 2742741

[Qemu-devel] [PATCH 1/4] Slirp Reverse UDP Firewall

2011-04-15 Thread Daisuke Nojiri
]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. If PROTO is omitted, all protocols match the rule. TCP support will follow in another patch series. Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 8d6a555

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Daisuke Nojiri
Hi, Avi, Complex and complete firewalling is probably out of my focus for now. I'm trying to introduce a simple reverse firewall functionality which filters outgoing patckets based on only destination address and port. Since Qemu doesn't have any reverse firewall currently, I believe this is a goo

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Daisuke Nojiri
n the file specified by FILE. PORT can be a single number (e.g. 53) or a range (e.g. [80-81]). ADDR can be a single address (e.g. 1.2.3.4) or a range (e.g. 1.2.3.4/24). If ADDR is ommitted, all addresses match the rule. If PROTO is omitted, all protocols match the rule. TCP support will follow in ano

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-13 Thread Daisuke Nojiri
Thanks, Jan. I split my patch into three and started a new thread. I also put all options in -net user. Yes, TCP firewall is coming. You'll see some of the added functions will be shared. Dai On Tue, Apr 12, 2011 at 9:38 AM, Jan Kiszka wrote: > On 2011-04-12 18:19, Daisuke Noji

[Qemu-devel] [PATCH 3/3] Slirp Reverse UDP Firewall

2011-04-12 Thread Daisuke Nojiri
ommitted, all addresses match the rule. TCP support will follow (in another patch series). Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 38ca29a..a1048ad 100644 --- a/net.c +++ b/net.c @@ -933,6 +933,10 @@ static const struct { .name = "dr

[Qemu-devel] [PATCH 1/3] Slirp Reverse UDP Firewall

2011-04-12 Thread Daisuke Nojiri
ommitted, all addresses match the rule. TCP support will follow (in another patch series). Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 8d6a555..95256ce 100644 --- a/net.c +++ b/net.c @@ -925,6 +925,10 @@ static const struct { .name = "gue

[Qemu-devel] [PATCH 2/3] Slirp Reverse UDP Firewal

2011-04-12 Thread Daisuke Nojiri
ommitted, all addresses match the rule. TCP support will follow (in another patch series). Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 95256ce..38ca29a 100644 --- a/net.c +++ b/net.c @@ -929,6 +929,10 @@ static const struct { .name = "dr

[Qemu-devel] [PATCH 3/3] Slirp Reverse UDP Firewall

2011-04-12 Thread Daisuke Nojiri
ommitted, all addresses match the rule. TCP support will follow (in another patch series). Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 38ca29a..a1048ad 100644 --- a/net.c +++ b/net.c @@ -933,6 +933,10 @@ static const struct { .name = "dr

[Qemu-devel] [PATCH 3/3] Slirp Reverse UDP Firewall

2011-04-12 Thread Daisuke Nojiri
ommitted, all addresses match the rule. TCP support will follow (in another patch series). Signed-off-by: Daisuke Nojiri diff --git a/net.c b/net.c index 38ca29a..a1048ad 100644 --- a/net.c +++ b/net.c @@ -933,6 +933,10 @@ static const struct { .name = "dr

[Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-12 Thread Daisuke Nojiri
packets are logged in the file specified by FILE. PORT can be a single number (e.g. 53) or a range (e.g. [80-81]). If ADDR is ommitted, all addresses match the rule. Signed-off-by: Daisuke Nojiri --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1119,6 +1119,24 @@ DEF("netdev"