[libvirt PATCH] conf: Restrict use of <portForward> to the passt backend

Tuesday, 18 April 2023

That's already the case in practice, but it's a better
experience for the user if we reject this configuration
outright instead of silently ignoring part of it.

Signed-off-by: Andrea Bolognani <abologna(a)redhat.com&gt;
---
 src/conf/domain_validate.c                    |  9 +++++++++
 ...t-user-slirp-portforward.x86_64-latest.err |  1 +
 .../net-user-slirp-portforward.xml            | 20 +++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  1 +
 4 files changed, 31 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/net-user-slirp-portforward.x86_64-latest.err
 create mode 100644 tests/qemuxml2argvdata/net-user-slirp-portforward.xml

diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index ce6b8bf5a0..9c7ee6d75d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2097,6 +2097,15 @@ virDomainNetDefValidate(const virDomainNetDef *net)
         }
     }
 
+    if (net->nPortForwards > 0 &&
+        (net->type != VIR_DOMAIN_NET_TYPE_USER ||
+         (net->type == VIR_DOMAIN_NET_TYPE_USER &&
+          net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("The <portForward> element can only be used with
<interface type='user'> and its 'passt' backend"));
+        return -1;
+    }
+
     switch (net->type) {
     case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
         if (!virDomainNetIsVirtioModel(net)) {
diff --git a/tests/qemuxml2argvdata/net-user-slirp-portforward.x86_64-latest.err
b/tests/qemuxml2argvdata/net-user-slirp-portforward.x86_64-latest.err
new file mode 100644
index 0000000000..f296db1e8c
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-user-slirp-portforward.x86_64-latest.err
@@ -0,0 +1 @@
+internal error: The <portForward> element can only be used with <interface
type='user'> and its 'passt' backend
diff --git a/tests/qemuxml2argvdata/net-user-slirp-portforward.xml
b/tests/qemuxml2argvdata/net-user-slirp-portforward.xml
new file mode 100644
index 0000000000..721f04c878
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-user-slirp-portforward.xml
@@ -0,0 +1,20 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <interface type='user'>
+      <mac address='00:11:22:33:44:55'/>
+      <portForward proto='tcp'>
+        <range start='443' to='344'/>
+      </portForward>
+      <model type='virtio'/>
+    </interface>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 1808d9fc02..23e0c4054c 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1413,6 +1413,7 @@ mymain(void)
     DO_TEST_NOCAPS("net-user-addr");
     DO_TEST_CAPS_LATEST("net-user-passt");
     DO_TEST_CAPS_VER("net-user-passt", "7.2.0");
+    DO_TEST_CAPS_LATEST_PARSE_ERROR("net-user-slirp-portforward");
     DO_TEST_NOCAPS("net-virtio");
     DO_TEST_NOCAPS("net-virtio-device");
     DO_TEST_NOCAPS("net-virtio-disable-offloads");
-- 
2.39.2


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005