[elbe-devel] [PATCH] init: prevent host forwarding conflicts

Torben Hohn torben.hohn at linutronix.de
Wed Sep 11 09:22:31 CEST 2019 

On Tue, Sep 10, 2019 at 04:01:35PM +0200, Bastian Germann wrote:
> Am 10.09.19 um 14:15 schrieb Torben Hohn:
> > On Tue, Sep 10, 2019 at 11:01:40AM +0200, bage at linutronix.de wrote:
> >> From: Bastian Germann <bage at linutronix.de>
> >>
> >> Override the host side port of a user defined host forwarding rule if it matches
> >> the ssh or soap port.  This will prevent a libvirt/qemu error.
> > 
> > cant we terminate with an error here ?
> > because silently ignoring the forward, will lead to hard to debug
> > problems.
> 
> The problem with an error in that case is that you have so many XMLs
> with a initvm section out there that all specify the SSH and SOAP
> forwardings. Rebuilding an initvm from them would then error but in fact
> probably all of them do not change the port semantics to a different
> guest service.
> 
> I think a warning should be sufficient here to not break all the Elbe XMLs.

Ok. you have convinced me, that we have to do something.

But lets change the logic a bit...

a) lets look at the port number inside the initvm.
   these numbers are fixed, and we can actually know,
   whether a soap port or an ssh port is mapped.

b) we could use the preprocessor to remove offending redirections.

c) i think we dont handle warnings yet. the validation machinery,
   can only produce errors, i think.


> 
> > 
> >>
> >> Signed-off-by: Bastian Germann <bage at linutronix.de>
> >> ---
> >>  elbepack/init/libvirt.xml.mako | 6 ++++--
> >>  1 file changed, 4 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/elbepack/init/libvirt.xml.mako b/elbepack/init/libvirt.xml.mako
> >> index a0e1f2ef..8adfdc18 100644
> >> --- a/elbepack/init/libvirt.xml.mako
> >> +++ b/elbepack/init/libvirt.xml.mako
> >> @@ -30,8 +30,10 @@ emulator = prj.text('interpreter', default=defs, key='interpreter')
> >>  nicmac = prj.text('buildimage/NIC/MAC', default=defs, key='nicmac')
> >>  forward = ''
> >>  for f in prj.node("portforwarding"):
> >> -    forward += ',hostfwd=%s::%s-:%s' % (
> >> -        f.text("proto"), f.text("host"), f.text("buildenv"))
> >> +    if f.text("proto") != "tcp" or (f.text("host") != cfg['soapport']
> >> +            and f.text("host") != cfg['sshport']):
> >> +        forward += ',hostfwd=%s::%s-:%s' % (
> >> +            f.text("proto"), f.text("host"), f.text("buildenv"))
> >>  
> >>  forward += ',hostfwd=%s::%s-:%s' % ("tcp", cfg['soapport'], "7588")
> >>  if cfg['sshport'] != '-1':

-- 
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99

Hinweise zum Datenschutz finden Sie hier (Informations on data privacy 
can be found here): https://linutronix.de/kontakt/Datenschutz.php

Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen | 
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700 
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner

More information about the elbe-devel mailing list