[libvirt] network: allow tftp port if tftp is defined - Devel - libvirt List Archives

newer
[libvirt] [PATCH 0/2] virsh:...

[libvirt] network: allow tftp port if tftp is defined

older
[libvirt] [PATCH] Add missing...

apevec＠gmail.com

19 Jun 2010 19 Jun '10

2:08 p.m.

From: Alan Pevec <apevec@redhat.com> Libvirt managed virtual network can provide TFTP service, in which case port 69/udp needs to be opened. 1/2 bridge_driver.c: fix file description 2/2 network: allow tftp port if tftp is defined

Reply

Sign in to reply online Use email software

Show replies by date

apevec＠gmail.com

19 Jun 19 Jun

2:08 p.m.

New subject: [libvirt] [PATCH 1/2] bridge_driver.c: fix file description

From: Alan Pevec <apevec@redhat.com> --- src/network/bridge_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index d24bfd0..0cd0978 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1,5 +1,5 @@ /* - * driver.c: core driver methods for managing qemu guests + * bridge_driver.c: core driver methods for managing network * * Copyright (C) 2006-2010 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange -- 1.7.0.1

Reply

Sign in to reply online Use email software

Daniel P. Berrange

21 Jun 21 Jun

7:42 a.m.

New subject: [libvirt] [PATCH 1/2] bridge_driver.c: fix file description

On Sat, Jun 19, 2010 at 08:08:25PM +0200, apevec@gmail.com wrote:

From: Alan Pevec <apevec@redhat.com>

--- src/network/bridge_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index d24bfd0..0cd0978 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1,5 +1,5 @@ /* - * driver.c: core driver methods for managing qemu guests + * bridge_driver.c: core driver methods for managing network * * Copyright (C) 2006-2010 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange

ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Reply

Sign in to reply online Use email software

apevec＠gmail.com

19 Jun 19 Jun

2:08 p.m.

New subject: [libvirt] [PATCH 2/2] network: allow tftp port if tftp is defined

From: Alan Pevec <apevec@redhat.com> add iptables rules to allow TFTP from the virtual network if <tftp> element is defined in the network definition. Fedora bz#580215 * src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if tftproot is defined --- src/network/bridge_driver.c | 14 ++++++++++++++ 1 files changed, 14 insertions(+), 0 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 0cd0978..72255c1 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver, goto err4; } + /* allow TFTP requests through to dnsmasq */ + if (network->def->tftproot && + (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) { + virReportSystemError(err, + _("failed to add iptables rule to allow TFTP requests from '%s'"), + network->def->bridge); + goto err4tftp; + } + /* Catch all rules to block forwarding to/from bridges */ @@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver, iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge); err5: + if (network->def->tftproot) { + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69); + } + err4tftp: iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53); err4: iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53); @@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver, iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge); iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge); iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge); + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69); iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53); iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53); iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67); -- 1.7.0.1

Reply

Sign in to reply online Use email software

Daniel P. Berrange

21 Jun 21 Jun

7:43 a.m.

New subject: [libvirt] [PATCH 2/2] network: allow tftp port if tftp is defined

On Sat, Jun 19, 2010 at 08:08:26PM +0200, apevec@gmail.com wrote:

From: Alan Pevec <apevec@redhat.com>

add iptables rules to allow TFTP from the virtual network if <tftp> element is defined in the network definition.

Fedora bz#580215

* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if tftproot is defined --- src/network/bridge_driver.c | 14 ++++++++++++++ 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 0cd0978..72255c1 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver, goto err4; }

+ /* allow TFTP requests through to dnsmasq */ + if (network->def->tftproot && + (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) { + virReportSystemError(err, + _("failed to add iptables rule to allow TFTP requests from '%s'"), + network->def->bridge); + goto err4tftp; + } +

/* Catch all rules to block forwarding to/from bridges */

@@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver, iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge); err5: + if (network->def->tftproot) { + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69); + } + err4tftp: iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53); err4: iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53); @@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver, iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge); iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge); iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge); + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69); iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53); iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53); iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);

ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Reply

Sign in to reply online Use email software

Eric Blake

23 Jun 23 Jun

10:32 a.m.

New subject: [libvirt] [PATCH 2/2] network: allow tftp port if tftp is defined

On 06/21/2010 05:43 AM, Daniel P. Berrange wrote:

On Sat, Jun 19, 2010 at 08:08:26PM +0200, apevec@gmail.com wrote:

...
From: Alan Pevec <apevec@redhat.com>

add iptables rules to allow TFTP from the virtual network if <tftp> element is defined in the network definition.

Fedora bz#580215

ACK

Pushed both patches, and updated AUTHORS to keep 'make syntax-check' happy. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org

Reply

Sign in to reply online Use email software

5555

Age (days ago)

5559

Last active (days ago)

Download

5 comments

3 participants

tags

participants (3)

apevec＠gmail.com
Daniel P. Berrange
Eric Blake