qemu/0015-slirp-nooutgoing.patch

From 789139fbc94dee4839b29c511816c6e3398407b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Wed, 29 Aug 2012 18:42:56 +0200
Subject: [PATCH] slirp: -nooutgoing

TBD (from SUSE Studio team)
---
 qemu-options.hx  | 10 ++++++++++
 slirp/socket.c   |  8 ++++++++
 slirp/tcp_subr.c | 12 ++++++++++++
 vl.c             |  9 +++++++++
 4 files changed, 39 insertions(+)

diff --git a/qemu-options.hx b/qemu-options.hx
index 99af8edf5f..4712277d7c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3215,6 +3215,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
 from a script.
 ETEXI
 
+DEF("nooutgoing", HAS_ARG, QEMU_OPTION_nooutgoing, \
+    "-nooutgoing <IP>\n" \
+    "                incoming traffic only from IP, no outgoing\n", \
+    QEMU_ARCH_ALL)
+STEXI
+@item -nooutgoing
+Forbid userspace networking to make outgoing connections. Only accept incoming
+connections from ip address IP.
+ETEXI
+
 DEF("singlestep", 0, QEMU_OPTION_singlestep, \
     "-singlestep     always run in singlestep mode\n", QEMU_ARCH_ALL)
 STEXI
diff --git a/slirp/socket.c b/slirp/socket.c
index 86927722e1..5c89064e15 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -625,6 +625,8 @@ sorecvfrom(struct socket *so)
 	} /* if ping packet */
 }
 
+extern int slirp_nooutgoing;
+
 /*
  * sendto() a socket
  */
@@ -642,6 +644,12 @@ sosendto(struct socket *so, struct mbuf *m)
 	DEBUG_CALL(" sendto()ing)");
 	sotranslate_out(so, &addr);
 
+	/* Only allow DNS requests */
+	if (slirp_nooutgoing && ntohs(((struct sockaddr_in *)&addr)->sin_port) != 53) {
+		errno = EHOSTUNREACH;
+		return -1;
+	}
+
 	/* Don't care what port we get */
 	ret = sendto(so->s, m->m_data, m->m_len, 0,
 		     (struct sockaddr *)&addr, sockaddr_size(&addr));
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index ed16e1807f..b2c7a8cba0 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -391,6 +391,8 @@ tcp_sockclosed(struct tcpcb *tp)
  * nonblocking.  Connect returns after the SYN is sent, and does
  * not wait for ACK+SYN.
  */
+extern int slirp_nooutgoing;
+
 int tcp_fconnect(struct socket *so, unsigned short af)
 {
   int ret=0;
@@ -398,6 +400,11 @@ int tcp_fconnect(struct socket *so, unsigned short af)
   DEBUG_CALL("tcp_fconnect");
   DEBUG_ARG("so = %p", so);
 
+  if (slirp_nooutgoing) {
+    errno = EHOSTUNREACH;
+    return -1;
+  }
+
   ret = so->s = qemu_socket(af, SOCK_STREAM, 0);
   if (ret >= 0) {
     int opt, s=so->s;
@@ -478,6 +485,11 @@ void tcp_connect(struct socket *inso)
         tcp_close(sototcpcb(so)); /* This will sofree() as well */
         return;
     }
+    if (slirp_nooutgoing && ((struct sockaddr_in *)&addr)->sin_addr.s_addr != slirp_nooutgoing) {
+        tcp_close(sototcpcb(so)); /* This will sofree() as well */
+        closesocket(s);
+        return;
+    }
     qemu_set_nonblock(s);
     socket_set_fast_reuse(s);
     opt = 1;
diff --git a/vl.c b/vl.c
index 0b4ed5241c..e0f2ec86a9 100644
--- a/vl.c
+++ b/vl.c
@@ -168,6 +168,7 @@ int smp_threads = 1;
 int acpi_enabled = 1;
 int no_hpet = 0;
 int fd_bootchk = 1;
+int slirp_nooutgoing = 0;
 static int no_reboot;
 int no_shutdown = 0;
 int cursor_hide = 1;
@@ -3405,6 +3406,14 @@ int main(int argc, char **argv, char **envp)
             case QEMU_OPTION_singlestep:
                 singlestep = 1;
                 break;
+            case QEMU_OPTION_nooutgoing:
+                slirp_nooutgoing = inet_addr(optarg);
+                if (slirp_nooutgoing == INADDR_NONE) {
+                    printf("Invalid address: %s.\nOnly addresses of the format "
+                           "xxx.xxx.xxx.xxx are supported.\n", optarg);
+                    exit(1);
+                }
+                break;
             case QEMU_OPTION_S:
                 autostart = 0;
                 break;