* [PATCH] vnclisten for HVM vnc
@ 2006-09-02 16:55 Jeremy Katz
2006-09-27 19:36 ` Jeremy Katz
0 siblings, 1 reply; 10+ messages in thread
From: Jeremy Katz @ 2006-09-02 16:55 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1: Type: text/plain, Size: 209 bytes --]
Implement a 'vnclisten' option to limit the interface that the VNC
server from qemu listens on. This leaves the default behavior as
listening on all interfaces.
Signed-off-by: Jeremy Katz <katzj@redhat.com>
[-- Attachment #2: xen-vnclisten.patch --]
[-- Type: text/x-patch, Size: 7468 bytes --]
diff -r 5fa9b746d24f tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/examples/xmexample.hvm Sat Sep 02 12:53:35 2006 -0400
@@ -132,6 +132,11 @@ vnc=1
vnc=1
#----------------------------------------------------------------------------
+# address that should be listened on for the VNC server if vnc is set.
+# default is to listen on all interfaces
+#vnclisten="127.0.0.1"
+
+#----------------------------------------------------------------------------
# set VNC display number, default = domid
#vncdisplay=1
diff -r 5fa9b746d24f tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vl.c Sat Sep 02 12:35:55 2006 -0400
@@ -122,6 +122,7 @@ int nographic;
int nographic;
int vncviewer;
int vncunused;
+struct sockaddr_in vnclisten_addr;
const char* keyboard_layout = NULL;
int64_t ticks_per_sec;
char *boot_device = NULL;
@@ -2777,10 +2778,24 @@ fail:
return -1;
}
+int parse_host(struct sockaddr_in *saddr, const char *buf)
+{
+ struct hostent *he;
+
+ if (isdigit(buf[0])) {
+ if (!inet_aton(buf, &saddr->sin_addr))
+ return -1;
+ } else {
+ if ((he = gethostbyname(buf)) == NULL)
+ return - 1;
+ saddr->sin_addr = *(struct in_addr *)he->h_addr;
+ }
+ return 0;
+}
+
int parse_host_port(struct sockaddr_in *saddr, const char *str)
{
char buf[512];
- struct hostent *he;
const char *p, *r;
int port;
@@ -2791,14 +2806,8 @@ int parse_host_port(struct sockaddr_in *
if (buf[0] == '\0') {
saddr->sin_addr.s_addr = 0;
} else {
- if (isdigit(buf[0])) {
- if (!inet_aton(buf, &saddr->sin_addr))
- return -1;
- } else {
- if ((he = gethostbyname(buf)) == NULL)
- return - 1;
- saddr->sin_addr = *(struct in_addr *)he->h_addr;
- }
+ if (parse_host(&saddr, buf) == -1)
+ return -1;
}
port = strtol(p, (char **)&r, 0);
if (r == p)
@@ -5346,6 +5355,7 @@ void help(void)
"-vnc display start a VNC server on display\n"
"-vncviewer start a vncviewer process for this domain\n"
"-vncunused bind the VNC server to an unused port\n"
+ "-vnclisten bind the VNC server to this address\n"
"-timeoffset time offset (in seconds) from local time\n"
"-acpi disable or enable ACPI of HVM domain \n"
"\n"
@@ -5438,6 +5448,7 @@ enum {
QEMU_OPTION_acpi,
QEMU_OPTION_vncviewer,
QEMU_OPTION_vncunused,
+ QEMU_OPTION_vnclisten,
};
typedef struct QEMUOption {
@@ -5516,6 +5527,7 @@ const QEMUOption qemu_options[] = {
{ "vnc", HAS_ARG, QEMU_OPTION_vnc },
{ "vncviewer", 0, QEMU_OPTION_vncviewer },
{ "vncunused", 0, QEMU_OPTION_vncunused },
+ { "vnclisten", HAS_ARG, QEMU_OPTION_vnclisten },
/* temporary options */
{ "usb", 0, QEMU_OPTION_usb },
@@ -5922,6 +5934,8 @@ int main(int argc, char **argv)
nb_nics = 0;
/* default mac address of the first network interface */
+
+ memset(&vnclisten_addr.sin_addr, 0, sizeof(vnclisten_addr.sin_addr));
/* init debug */
sprintf(qemu_dm_logfilename, "/var/log/xen/qemu-dm.%d.log", getpid());
@@ -6306,6 +6320,9 @@ int main(int argc, char **argv)
if (vnc_display == -1)
vnc_display = -2;
break;
+ case QEMU_OPTION_vnclisten:
+ parse_host(&vnclisten_addr, optarg);
+ break;
}
}
}
@@ -6542,7 +6559,7 @@ int main(int argc, char **argv)
if (nographic) {
dumb_display_init(ds);
} else if (vnc_display != -1) {
- vnc_display = vnc_display_init(ds, vnc_display, vncunused);
+ vnc_display = vnc_display_init(ds, vnc_display, vncunused, &vnclisten_addr);
if (vncviewer)
vnc_start_viewer(vnc_display);
xenstore_write_vncport(vnc_display);
diff -r 5fa9b746d24f tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vl.h Sat Sep 02 12:33:57 2006 -0400
@@ -37,6 +37,8 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#include "xenctrl.h"
#include "xs.h"
#include <xen/hvm/e820.h>
@@ -785,7 +787,7 @@ void cocoa_display_init(DisplayState *ds
void cocoa_display_init(DisplayState *ds, int full_screen);
/* vnc.c */
-int vnc_display_init(DisplayState *ds, int display, int find_unused);
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr);
int vnc_start_viewer(int port);
/* ide.c */
diff -r 5fa9b746d24f tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vnc.c Sat Sep 02 12:43:19 2006 -0400
@@ -1183,9 +1183,8 @@ static void vnc_listen_read(void *opaque
}
}
-int vnc_display_init(DisplayState *ds, int display, int find_unused)
-{
- struct sockaddr_in addr;
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr)
+{
int reuse_addr, ret;
VncState *vs;
@@ -1223,11 +1222,10 @@ int vnc_display_init(DisplayState *ds, i
}
retry:
- addr.sin_family = AF_INET;
- addr.sin_port = htons(5900 + display);
- memset(&addr.sin_addr, 0, sizeof(addr.sin_addr));
-
- if (bind(vs->lsock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons(5900 + display);
+
+ if (bind(vs->lsock, (struct sockaddr *)addr, sizeof(struct sockaddr_in)) == -1) {
if (find_unused && errno == EADDRINUSE) {
display++;
goto retry;
diff -r 5fa9b746d24f tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/python/xen/xend/image.py Sat Sep 02 12:49:27 2006 -0400
@@ -347,6 +347,9 @@ class HVMImageHandler(ImageHandler):
vncunused = sxp.child_value(config, 'vncunused')
if vncunused:
ret += ['-vncunused']
+ vnclisten = sxp.child_value(config, 'vnclisten')
+ if vnclisten:
+ ret += ['-vnclisten']
return ret
def createDeviceModel(self):
diff -r 5fa9b746d24f tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/python/xen/xm/create.py Sat Sep 02 12:50:28 2006 -0400
@@ -415,6 +415,10 @@ gopts.var('vncdisplay', val='',
gopts.var('vncdisplay', val='',
fn=set_value, default=None,
use="""VNC display to use""")
+
+gopts.var('vnclisten', val='',
+ fn=set_value, default=None,
+ use="""Address for VNC server to listen on.""")
gopts.var('vncunused', val='',
fn=set_bool, default=1,
@@ -636,8 +640,9 @@ def configure_hvm(config_image, vals):
"""
args = [ 'device_model', 'pae', 'vcpus', 'boot', 'fda', 'fdb',
'localtime', 'serial', 'stdvga', 'isa', 'nographic', 'soundhw',
- 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'sdl', 'display',
- 'acpi', 'apic', 'xauthority', 'usb', 'usbdevice' ]
+ 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'vnclisten',
+ 'sdl', 'display', 'xauthority',
+ 'acpi', 'apic', 'usb', 'usbdevice' ]
for a in args:
if (vals.__dict__[a]):
config_image.append([a, vals.__dict__[a]])
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-02 16:55 [PATCH] vnclisten for HVM vnc Jeremy Katz
@ 2006-09-27 19:36 ` Jeremy Katz
2006-09-27 19:42 ` Daniel P. Berrange
0 siblings, 1 reply; 10+ messages in thread
From: Jeremy Katz @ 2006-09-27 19:36 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1: Type: text/plain, Size: 375 bytes --]
On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote:
> Implement a 'vnclisten' option to limit the interface that the VNC
> server from qemu listens on. This leaves the default behavior as
> listening on all interfaces.
>
> Signed-off-by: Jeremy Katz <katzj@redhat.com>
danpb said something about this and it reminded me I never saw any
feedback.... Bueller? :-)
Jeremy
[-- Attachment #2: xen-vnclisten.patch --]
[-- Type: text/x-patch, Size: 7468 bytes --]
diff -r 5fa9b746d24f tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/examples/xmexample.hvm Sat Sep 02 12:53:35 2006 -0400
@@ -132,6 +132,11 @@ vnc=1
vnc=1
#----------------------------------------------------------------------------
+# address that should be listened on for the VNC server if vnc is set.
+# default is to listen on all interfaces
+#vnclisten="127.0.0.1"
+
+#----------------------------------------------------------------------------
# set VNC display number, default = domid
#vncdisplay=1
diff -r 5fa9b746d24f tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vl.c Sat Sep 02 12:35:55 2006 -0400
@@ -122,6 +122,7 @@ int nographic;
int nographic;
int vncviewer;
int vncunused;
+struct sockaddr_in vnclisten_addr;
const char* keyboard_layout = NULL;
int64_t ticks_per_sec;
char *boot_device = NULL;
@@ -2777,10 +2778,24 @@ fail:
return -1;
}
+int parse_host(struct sockaddr_in *saddr, const char *buf)
+{
+ struct hostent *he;
+
+ if (isdigit(buf[0])) {
+ if (!inet_aton(buf, &saddr->sin_addr))
+ return -1;
+ } else {
+ if ((he = gethostbyname(buf)) == NULL)
+ return - 1;
+ saddr->sin_addr = *(struct in_addr *)he->h_addr;
+ }
+ return 0;
+}
+
int parse_host_port(struct sockaddr_in *saddr, const char *str)
{
char buf[512];
- struct hostent *he;
const char *p, *r;
int port;
@@ -2791,14 +2806,8 @@ int parse_host_port(struct sockaddr_in *
if (buf[0] == '\0') {
saddr->sin_addr.s_addr = 0;
} else {
- if (isdigit(buf[0])) {
- if (!inet_aton(buf, &saddr->sin_addr))
- return -1;
- } else {
- if ((he = gethostbyname(buf)) == NULL)
- return - 1;
- saddr->sin_addr = *(struct in_addr *)he->h_addr;
- }
+ if (parse_host(&saddr, buf) == -1)
+ return -1;
}
port = strtol(p, (char **)&r, 0);
if (r == p)
@@ -5346,6 +5355,7 @@ void help(void)
"-vnc display start a VNC server on display\n"
"-vncviewer start a vncviewer process for this domain\n"
"-vncunused bind the VNC server to an unused port\n"
+ "-vnclisten bind the VNC server to this address\n"
"-timeoffset time offset (in seconds) from local time\n"
"-acpi disable or enable ACPI of HVM domain \n"
"\n"
@@ -5438,6 +5448,7 @@ enum {
QEMU_OPTION_acpi,
QEMU_OPTION_vncviewer,
QEMU_OPTION_vncunused,
+ QEMU_OPTION_vnclisten,
};
typedef struct QEMUOption {
@@ -5516,6 +5527,7 @@ const QEMUOption qemu_options[] = {
{ "vnc", HAS_ARG, QEMU_OPTION_vnc },
{ "vncviewer", 0, QEMU_OPTION_vncviewer },
{ "vncunused", 0, QEMU_OPTION_vncunused },
+ { "vnclisten", HAS_ARG, QEMU_OPTION_vnclisten },
/* temporary options */
{ "usb", 0, QEMU_OPTION_usb },
@@ -5922,6 +5934,8 @@ int main(int argc, char **argv)
nb_nics = 0;
/* default mac address of the first network interface */
+
+ memset(&vnclisten_addr.sin_addr, 0, sizeof(vnclisten_addr.sin_addr));
/* init debug */
sprintf(qemu_dm_logfilename, "/var/log/xen/qemu-dm.%d.log", getpid());
@@ -6306,6 +6320,9 @@ int main(int argc, char **argv)
if (vnc_display == -1)
vnc_display = -2;
break;
+ case QEMU_OPTION_vnclisten:
+ parse_host(&vnclisten_addr, optarg);
+ break;
}
}
}
@@ -6542,7 +6559,7 @@ int main(int argc, char **argv)
if (nographic) {
dumb_display_init(ds);
} else if (vnc_display != -1) {
- vnc_display = vnc_display_init(ds, vnc_display, vncunused);
+ vnc_display = vnc_display_init(ds, vnc_display, vncunused, &vnclisten_addr);
if (vncviewer)
vnc_start_viewer(vnc_display);
xenstore_write_vncport(vnc_display);
diff -r 5fa9b746d24f tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vl.h Sat Sep 02 12:33:57 2006 -0400
@@ -37,6 +37,8 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#include "xenctrl.h"
#include "xs.h"
#include <xen/hvm/e820.h>
@@ -785,7 +787,7 @@ void cocoa_display_init(DisplayState *ds
void cocoa_display_init(DisplayState *ds, int full_screen);
/* vnc.c */
-int vnc_display_init(DisplayState *ds, int display, int find_unused);
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr);
int vnc_start_viewer(int port);
/* ide.c */
diff -r 5fa9b746d24f tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/ioemu/vnc.c Sat Sep 02 12:43:19 2006 -0400
@@ -1183,9 +1183,8 @@ static void vnc_listen_read(void *opaque
}
}
-int vnc_display_init(DisplayState *ds, int display, int find_unused)
-{
- struct sockaddr_in addr;
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr)
+{
int reuse_addr, ret;
VncState *vs;
@@ -1223,11 +1222,10 @@ int vnc_display_init(DisplayState *ds, i
}
retry:
- addr.sin_family = AF_INET;
- addr.sin_port = htons(5900 + display);
- memset(&addr.sin_addr, 0, sizeof(addr.sin_addr));
-
- if (bind(vs->lsock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons(5900 + display);
+
+ if (bind(vs->lsock, (struct sockaddr *)addr, sizeof(struct sockaddr_in)) == -1) {
if (find_unused && errno == EADDRINUSE) {
display++;
goto retry;
diff -r 5fa9b746d24f tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/python/xen/xend/image.py Sat Sep 02 12:49:27 2006 -0400
@@ -347,6 +347,9 @@ class HVMImageHandler(ImageHandler):
vncunused = sxp.child_value(config, 'vncunused')
if vncunused:
ret += ['-vncunused']
+ vnclisten = sxp.child_value(config, 'vnclisten')
+ if vnclisten:
+ ret += ['-vnclisten']
return ret
def createDeviceModel(self):
diff -r 5fa9b746d24f tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Sat Sep 02 12:11:54 2006 +0100
+++ b/tools/python/xen/xm/create.py Sat Sep 02 12:50:28 2006 -0400
@@ -415,6 +415,10 @@ gopts.var('vncdisplay', val='',
gopts.var('vncdisplay', val='',
fn=set_value, default=None,
use="""VNC display to use""")
+
+gopts.var('vnclisten', val='',
+ fn=set_value, default=None,
+ use="""Address for VNC server to listen on.""")
gopts.var('vncunused', val='',
fn=set_bool, default=1,
@@ -636,8 +640,9 @@ def configure_hvm(config_image, vals):
"""
args = [ 'device_model', 'pae', 'vcpus', 'boot', 'fda', 'fdb',
'localtime', 'serial', 'stdvga', 'isa', 'nographic', 'soundhw',
- 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'sdl', 'display',
- 'acpi', 'apic', 'xauthority', 'usb', 'usbdevice' ]
+ 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'vnclisten',
+ 'sdl', 'display', 'xauthority',
+ 'acpi', 'apic', 'usb', 'usbdevice' ]
for a in args:
if (vals.__dict__[a]):
config_image.append([a, vals.__dict__[a]])
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-27 19:36 ` Jeremy Katz
@ 2006-09-27 19:42 ` Daniel P. Berrange
2006-09-27 19:57 ` Jeremy Katz
0 siblings, 1 reply; 10+ messages in thread
From: Daniel P. Berrange @ 2006-09-27 19:42 UTC (permalink / raw)
To: Jeremy Katz; +Cc: xen-devel
On Wed, Sep 27, 2006 at 03:36:16PM -0400, Jeremy Katz wrote:
> On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote:
> > Implement a 'vnclisten' option to limit the interface that the VNC
> > server from qemu listens on. This leaves the default behavior as
> > listening on all interfaces.
> >
> > Signed-off-by: Jeremy Katz <katzj@redhat.com>
>
> danpb said something about this and it reminded me I never saw any
> feedback.... Bueller? :-)
IMHO, we should only listen on 127.0.0.1 by default - particularly since
the Xen 3.0.3 release isn't going to have password authentication on the
VNC servers yet :-( It'll be all too easy for someone to turn on VNC
in the guest config & not realize they just opened themselves up to any
person on the network by default. That kind of default insecure behaviour
is best left in the Windows world
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-27 19:42 ` Daniel P. Berrange
@ 2006-09-27 19:57 ` Jeremy Katz
2006-09-27 20:02 ` Daniel P. Berrange
0 siblings, 1 reply; 10+ messages in thread
From: Jeremy Katz @ 2006-09-27 19:57 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: xen-devel
On Wed, 2006-09-27 at 20:42 +0100, Daniel P. Berrange wrote:
> On Wed, Sep 27, 2006 at 03:36:16PM -0400, Jeremy Katz wrote:
> > On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote:
> > > Implement a 'vnclisten' option to limit the interface that the VNC
> > > server from qemu listens on. This leaves the default behavior as
> > > listening on all interfaces.
> > >
> > > Signed-off-by: Jeremy Katz <katzj@redhat.com>
> >
> > danpb said something about this and it reminded me I never saw any
> > feedback.... Bueller? :-)
>
> IMHO, we should only listen on 127.0.0.1 by default - particularly since
> the Xen 3.0.3 release isn't going to have password authentication on the
> VNC servers yet :-( It'll be all too easy for someone to turn on VNC
> in the guest config & not realize they just opened themselves up to any
> person on the network by default. That kind of default insecure behaviour
> is best left in the Windows world
I don't necessarily disagree, but changing the semantics like that felt
a little bit ugly to me -- it definitely leads to a case where going
from 3.0.2 -> 3.0.3 would break configurations users were actively
using.
Jeremy
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-27 19:57 ` Jeremy Katz
@ 2006-09-27 20:02 ` Daniel P. Berrange
2006-09-27 20:40 ` Ian Pratt
0 siblings, 1 reply; 10+ messages in thread
From: Daniel P. Berrange @ 2006-09-27 20:02 UTC (permalink / raw)
To: Jeremy Katz; +Cc: xen-devel
On Wed, Sep 27, 2006 at 03:57:31PM -0400, Jeremy Katz wrote:
> On Wed, 2006-09-27 at 20:42 +0100, Daniel P. Berrange wrote:
> > On Wed, Sep 27, 2006 at 03:36:16PM -0400, Jeremy Katz wrote:
> > > On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote:
> > > > Implement a 'vnclisten' option to limit the interface that the VNC
> > > > server from qemu listens on. This leaves the default behavior as
> > > > listening on all interfaces.
> > > >
> > > > Signed-off-by: Jeremy Katz <katzj@redhat.com>
> > >
> > > danpb said something about this and it reminded me I never saw any
> > > feedback.... Bueller? :-)
> >
> > IMHO, we should only listen on 127.0.0.1 by default - particularly since
> > the Xen 3.0.3 release isn't going to have password authentication on the
> > VNC servers yet :-( It'll be all too easy for someone to turn on VNC
> > in the guest config & not realize they just opened themselves up to any
> > person on the network by default. That kind of default insecure behaviour
> > is best left in the Windows world
>
> I don't necessarily disagree, but changing the semantics like that felt
> a little bit ugly to me -- it definitely leads to a case where going
> from 3.0.2 -> 3.0.3 would break configurations users were actively
> using.
It is a painful problem I agree, but I think the security benefit is worth
the pain of breaking user's existing configs. Its not a difficult task for
users to re-enable the wide-open-to-anyone config if they really do need
it.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: [PATCH] vnclisten for HVM vnc
2006-09-27 20:02 ` Daniel P. Berrange
@ 2006-09-27 20:40 ` Ian Pratt
2006-09-29 17:24 ` Daniel P. Berrange
0 siblings, 1 reply; 10+ messages in thread
From: Ian Pratt @ 2006-09-27 20:40 UTC (permalink / raw)
To: Daniel P. Berrange, Jeremy Katz; +Cc: xen-devel
> > > IMHO, we should only listen on 127.0.0.1 by default -
particularly
> since
> > > the Xen 3.0.3 release isn't going to have password authentication
on
> the
> > > VNC servers yet :-( It'll be all too easy for someone to turn on
VNC
> > > in the guest config & not realize they just opened themselves up
to any
> > > person on the network by default. That kind of default insecure
> behaviour
> > > is best left in the Windows world
> >
> > I don't necessarily disagree, but changing the semantics like that
felt
> > a little bit ugly to me -- it definitely leads to a case where going
> > from 3.0.2 -> 3.0.3 would break configurations users were actively
> > using.
>
> It is a painful problem I agree, but I think the security benefit is
worth
> the pain of breaking user's existing configs. Its not a difficult task
for
> users to re-enable the wide-open-to-anyone config if they really do
need
> it.
I agree too: we should listen on 127.0.0.1 by default.
Ian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-27 20:40 ` Ian Pratt
@ 2006-09-29 17:24 ` Daniel P. Berrange
2006-09-29 18:03 ` Anthony Liguori
0 siblings, 1 reply; 10+ messages in thread
From: Daniel P. Berrange @ 2006-09-29 17:24 UTC (permalink / raw)
To: Ian Pratt; +Cc: Jeremy Katz, xen-devel
[-- Attachment #1: Type: text/plain, Size: 2112 bytes --]
On Wed, Sep 27, 2006 at 09:40:57PM +0100, Ian Pratt wrote:
> > > > IMHO, we should only listen on 127.0.0.1 by default -
> particularly
> > since
> > > > the Xen 3.0.3 release isn't going to have password authentication
> on
> > the
> > > > VNC servers yet :-( It'll be all too easy for someone to turn on
> VNC
> > > > in the guest config & not realize they just opened themselves up
> to any
> > > > person on the network by default. That kind of default insecure
> > behaviour
> > > > is best left in the Windows world
> > >
> > > I don't necessarily disagree, but changing the semantics like that
> felt
> > > a little bit ugly to me -- it definitely leads to a case where going
> > > from 3.0.2 -> 3.0.3 would break configurations users were actively
> > > using.
> >
> > It is a painful problem I agree, but I think the security benefit is
> worth
> > the pain of breaking user's existing configs. Its not a difficult task
> for
> > users to re-enable the wide-open-to-anyone config if they really do
> need
> > it.
>
> I agree too: we should listen on 127.0.0.1 by default.
Ok, attached is an adaptation of Jeremy's initial patch to do this.
The logic for determining which interface to listen on goes like this:
- If 'vnclisten' is set in guest config, use that (can use 0.0.0.0 to
indicate all interfaces)
- If 'vnc-listen' is set in /etc/xen/xend-config.sxp, use that
(again can set it to 0.0.0.0 to listen on all interfaces by
default)
- Else use 127.0.0.1
So, this makes VNC local only by default using 127.0.0.1. Anyone who wants
the old behaviour can just change xend-config.sxp setting...
(vnc-listen '0.0.0.0')
...which will affect all guests without an explicit setting.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
[-- Attachment #2: xen-vnclisten-2.patch --]
[-- Type: text/plain, Size: 8865 bytes --]
diff -r 593b5623a0d2 tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/examples/xend-config.sxp Fri Sep 29 13:01:11 2006 -0400
@@ -130,3 +130,8 @@
# The tool used for initiating virtual TPM migration
#(external-migration-tool '')
+
+# The interface for VNC servers to listen on. Defaults
+# to 127.0.0.1 To restore old 'listen everywhere' behaviour
+# set this to 0.0.0.0
+#(vnc-listen '127.0.0.1')
diff -r 593b5623a0d2 tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/examples/xmexample.hvm Fri Sep 29 13:01:11 2006 -0400
@@ -132,6 +132,11 @@ vnc=1
vnc=1
#----------------------------------------------------------------------------
+# address that should be listened on for the VNC server if vnc is set.
+# default is to use 'vnc-listen' setting from /etc/xen/xend-config.sxp
+#vnclisten="127.0.0.1"
+
+#----------------------------------------------------------------------------
# set VNC display number, default = domid
#vncdisplay=1
diff -r 593b5623a0d2 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vl.c Fri Sep 29 13:01:11 2006 -0400
@@ -122,6 +122,7 @@ int nographic;
int nographic;
int vncviewer;
int vncunused;
+struct sockaddr_in vnclisten_addr;
const char* keyboard_layout = NULL;
int64_t ticks_per_sec;
char *boot_device = NULL;
@@ -2783,10 +2784,24 @@ fail:
return -1;
}
+int parse_host(struct sockaddr_in *saddr, const char *buf)
+{
+ struct hostent *he;
+
+ if (isdigit(buf[0])) {
+ if (!inet_aton(buf, &saddr->sin_addr))
+ return -1;
+ } else {
+ if ((he = gethostbyname(buf)) == NULL)
+ return - 1;
+ saddr->sin_addr = *(struct in_addr *)he->h_addr;
+ }
+ return 0;
+}
+
int parse_host_port(struct sockaddr_in *saddr, const char *str)
{
char buf[512];
- struct hostent *he;
const char *p, *r;
int port;
@@ -2797,14 +2812,8 @@ int parse_host_port(struct sockaddr_in *
if (buf[0] == '\0') {
saddr->sin_addr.s_addr = 0;
} else {
- if (isdigit(buf[0])) {
- if (!inet_aton(buf, &saddr->sin_addr))
- return -1;
- } else {
- if ((he = gethostbyname(buf)) == NULL)
- return - 1;
- saddr->sin_addr = *(struct in_addr *)he->h_addr;
- }
+ if (parse_host(&saddr, buf) == -1)
+ return -1;
}
port = strtol(p, (char **)&r, 0);
if (r == p)
@@ -5352,6 +5361,7 @@ void help(void)
"-vnc display start a VNC server on display\n"
"-vncviewer start a vncviewer process for this domain\n"
"-vncunused bind the VNC server to an unused port\n"
+ "-vnclisten bind the VNC server to this address\n"
"-timeoffset time offset (in seconds) from local time\n"
"-acpi disable or enable ACPI of HVM domain \n"
"\n"
@@ -5444,6 +5454,7 @@ enum {
QEMU_OPTION_acpi,
QEMU_OPTION_vncviewer,
QEMU_OPTION_vncunused,
+ QEMU_OPTION_vnclisten,
};
typedef struct QEMUOption {
@@ -5522,6 +5533,7 @@ const QEMUOption qemu_options[] = {
{ "vnc", HAS_ARG, QEMU_OPTION_vnc },
{ "vncviewer", 0, QEMU_OPTION_vncviewer },
{ "vncunused", 0, QEMU_OPTION_vncunused },
+ { "vnclisten", HAS_ARG, QEMU_OPTION_vnclisten },
/* temporary options */
{ "usb", 0, QEMU_OPTION_usb },
@@ -5928,6 +5940,8 @@ int main(int argc, char **argv)
nb_nics = 0;
/* default mac address of the first network interface */
+
+ memset(&vnclisten_addr.sin_addr, 0, sizeof(vnclisten_addr.sin_addr));
/* init debug */
sprintf(qemu_dm_logfilename, "/var/log/xen/qemu-dm.%d.log", getpid());
@@ -6312,6 +6326,9 @@ int main(int argc, char **argv)
if (vnc_display == -1)
vnc_display = -2;
break;
+ case QEMU_OPTION_vnclisten:
+ parse_host(&vnclisten_addr, optarg);
+ break;
}
}
}
@@ -6548,7 +6565,7 @@ int main(int argc, char **argv)
if (nographic) {
dumb_display_init(ds);
} else if (vnc_display != -1) {
- vnc_display = vnc_display_init(ds, vnc_display, vncunused);
+ vnc_display = vnc_display_init(ds, vnc_display, vncunused, &vnclisten_addr);
if (vncviewer)
vnc_start_viewer(vnc_display);
xenstore_write_vncport(vnc_display);
diff -r 593b5623a0d2 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vl.h Fri Sep 29 13:01:11 2006 -0400
@@ -37,6 +37,8 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#include "xenctrl.h"
#include "xs.h"
#include <xen/hvm/e820.h>
@@ -786,7 +788,7 @@ void cocoa_display_init(DisplayState *ds
void cocoa_display_init(DisplayState *ds, int full_screen);
/* vnc.c */
-int vnc_display_init(DisplayState *ds, int display, int find_unused);
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr);
int vnc_start_viewer(int port);
/* ide.c */
diff -r 593b5623a0d2 tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vnc.c Fri Sep 29 13:01:11 2006 -0400
@@ -1250,9 +1250,8 @@ static void vnc_listen_read(void *opaque
}
}
-int vnc_display_init(DisplayState *ds, int display, int find_unused)
-{
- struct sockaddr_in addr;
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr)
+{
int reuse_addr, ret;
VncState *vs;
@@ -1290,11 +1289,10 @@ int vnc_display_init(DisplayState *ds, i
}
retry:
- addr.sin_family = AF_INET;
- addr.sin_port = htons(5900 + display);
- memset(&addr.sin_addr, 0, sizeof(addr.sin_addr));
-
- if (bind(vs->lsock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons(5900 + display);
+
+ if (bind(vs->lsock, (struct sockaddr *)addr, sizeof(struct sockaddr_in)) == -1) {
if (find_unused && errno == EADDRINUSE) {
display++;
goto retry;
diff -r 593b5623a0d2 tools/python/xen/xend/XendRoot.py
--- a/tools/python/xen/xend/XendRoot.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xend/XendRoot.py Fri Sep 29 13:01:11 2006 -0400
@@ -95,6 +95,9 @@ class XendRoot:
dom0_min_mem_default = '0'
dom0_vcpus_default = '0'
+
+ """Default interface to listen for VNC connections on"""
+ xend_vnc_listen_default = '127.0.0.1'
components = {}
@@ -272,6 +275,9 @@ class XendRoot:
def get_console_limit(self):
return self.get_config_int('console-limit', 1024)
+ def get_vnclisten_address(self):
+ return self.get_config_value('vnc-listen', self.xend_vnc_listen_default)
+
def instance():
"""Get an instance of XendRoot.
Use this instead of the constructor.
diff -r 593b5623a0d2 tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xend/image.py Fri Sep 29 13:01:11 2006 -0400
@@ -358,6 +358,11 @@ class HVMImageHandler(ImageHandler):
vncunused = sxp.child_value(config, 'vncunused')
if vncunused:
ret += ['-vncunused']
+ vnclisten = sxp.child_value(config, 'vnclisten')
+ if not(vnclisten):
+ vnclisten = xen.xend.XendRoot.instance().get_vnclisten_address()
+ if vnclisten:
+ ret += ['-vnclisten', vnclisten]
return ret
def createDeviceModel(self):
diff -r 593b5623a0d2 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xm/create.py Fri Sep 29 13:01:11 2006 -0400
@@ -414,6 +414,10 @@ gopts.var('vncdisplay', val='',
gopts.var('vncdisplay', val='',
fn=set_value, default=None,
use="""VNC display to use""")
+
+gopts.var('vnclisten', val='',
+ fn=set_value, default=None,
+ use="""Address for VNC server to listen on.""")
gopts.var('vncunused', val='',
fn=set_bool, default=1,
@@ -633,8 +637,9 @@ def configure_hvm(config_image, vals):
"""
args = [ 'device_model', 'pae', 'vcpus', 'boot', 'fda', 'fdb',
'localtime', 'serial', 'stdvga', 'isa', 'nographic', 'soundhw',
- 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'sdl', 'display',
- 'acpi', 'apic', 'xauthority', 'usb', 'usbdevice' ]
+ 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'vnclisten',
+ 'sdl', 'display', 'xauthority',
+ 'acpi', 'apic', 'usb', 'usbdevice' ]
for a in args:
if (vals.__dict__[a]):
config_image.append([a, vals.__dict__[a]])
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-29 17:24 ` Daniel P. Berrange
@ 2006-09-29 18:03 ` Anthony Liguori
2006-09-29 19:02 ` Daniel P. Berrange
2006-09-29 19:43 ` Daniel P. Berrange
0 siblings, 2 replies; 10+ messages in thread
From: Anthony Liguori @ 2006-09-29 18:03 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: Ian Pratt, xen-devel, Jeremy Katz
> Ok, attached is an adaptation of Jeremy's initial patch to do this.
>
> The logic for determining which interface to listen on goes like this:
>
> - If 'vnclisten' is set in guest config, use that (can use 0.0.0.0 to
> indicate all interfaces)
> - If 'vnc-listen' is set in /etc/xen/xend-config.sxp, use that
> (again can set it to 0.0.0.0 to listen on all interfaces by
> default)
> - Else use 127.0.0.1
>
> So, this makes VNC local only by default using 127.0.0.1. Anyone who wants
> the old behaviour can just change xend-config.sxp setting...
>
> (vnc-listen '0.0.0.0')
>
> ...which will affect all guests without an explicit setting.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>
> Regards,
> Dan.
>
> ------------------------------------------------------------------------
>
> diff -r 593b5623a0d2 tools/examples/xend-config.sxp
> --- a/tools/examples/xend-config.sxp Fri Sep 29 15:40:35 2006 +0100
> +++ b/tools/examples/xend-config.sxp Fri Sep 29 13:01:11 2006 -0400
> @@ -130,3 +130,8 @@
>
> # The tool used for initiating virtual TPM migration
> #(external-migration-tool '')
> +
> +# The interface for VNC servers to listen on. Defaults
> +# to 127.0.0.1 To restore old 'listen everywhere' behaviour
> +# set this to 0.0.0.0
> +#(vnc-listen '127.0.0.1')
> diff -r 593b5623a0d2 tools/examples/xmexample.hvm
> --- a/tools/examples/xmexample.hvm Fri Sep 29 15:40:35 2006 +0100
> +++ b/tools/examples/xmexample.hvm Fri Sep 29 13:01:11 2006 -0400
> @@ -132,6 +132,11 @@ vnc=1
> vnc=1
>
> #----------------------------------------------------------------------------
> +# address that should be listened on for the VNC server if vnc is set.
> +# default is to use 'vnc-listen' setting from /etc/xen/xend-config.sxp
> +#vnclisten="127.0.0.1"
> +
> +#----------------------------------------------------------------------------
> # set VNC display number, default = domid
> #vncdisplay=1
>
> diff -r 593b5623a0d2 tools/ioemu/vl.c
> --- a/tools/ioemu/vl.c Fri Sep 29 15:40:35 2006 +0100
> +++ b/tools/ioemu/vl.c Fri Sep 29 13:01:11 2006 -0400
> @@ -122,6 +122,7 @@ int nographic;
> int nographic;
> int vncviewer;
> int vncunused;
> +struct sockaddr_in vnclisten_addr;
> const char* keyboard_layout = NULL;
> int64_t ticks_per_sec;
> char *boot_device = NULL;
> @@ -2783,10 +2784,24 @@ fail:
> return -1;
> }
>
> +int parse_host(struct sockaddr_in *saddr, const char *buf)
> +{
> + struct hostent *he;
> +
> + if (isdigit(buf[0])) {
> + if (!inet_aton(buf, &saddr->sin_addr))
> + return -1;
>
Valid hostnames can begin with a digit as long as there are non-digits
in the name. What I normally do is try inet_aton() iff gethostbyname
fails first.
Regards,
Anthony Liguori
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-29 18:03 ` Anthony Liguori
@ 2006-09-29 19:02 ` Daniel P. Berrange
2006-09-29 19:43 ` Daniel P. Berrange
1 sibling, 0 replies; 10+ messages in thread
From: Daniel P. Berrange @ 2006-09-29 19:02 UTC (permalink / raw)
To: Anthony Liguori; +Cc: Ian Pratt, xen-devel, Jeremy Katz
On Fri, Sep 29, 2006 at 01:03:02PM -0500, Anthony Liguori wrote:
> >
> >+int parse_host(struct sockaddr_in *saddr, const char *buf)
> >+{
> >+ struct hostent *he;
> >+
> >+ if (isdigit(buf[0])) {
> >+ if (!inet_aton(buf, &saddr->sin_addr))
> >+ return -1;
> >
>
> Valid hostnames can begin with a digit as long as there are non-digits
> in the name. What I normally do is try inet_aton() iff gethostbyname
> fails first.
Yeah, should have thought about possibility of using a hostname instead of
IP address. Will update the patch to try what you suggest here. We've also
got an equivalent patch for the para-virt framebuffer which I'll post later
too.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] vnclisten for HVM vnc
2006-09-29 18:03 ` Anthony Liguori
2006-09-29 19:02 ` Daniel P. Berrange
@ 2006-09-29 19:43 ` Daniel P. Berrange
1 sibling, 0 replies; 10+ messages in thread
From: Daniel P. Berrange @ 2006-09-29 19:43 UTC (permalink / raw)
To: Anthony Liguori; +Cc: Ian Pratt, xen-devel, Jeremy Katz
[-- Attachment #1: Type: text/plain, Size: 3859 bytes --]
Attached is a 3rd iteration of the patch which changes address lookup so
that gethostbyname is tried first, then falling back to inet_ntoa. Tested
it working with a variety of hostnames, some starting with digits, and
tested with 0.0.0.0, 127.0.0.1 and a non-localhost IP.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Regards,
Dan.
On Fri, Sep 29, 2006 at 01:03:02PM -0500, Anthony Liguori wrote:
>
> >Ok, attached is an adaptation of Jeremy's initial patch to do this.
> >
> >The logic for determining which interface to listen on goes like this:
> >
> > - If 'vnclisten' is set in guest config, use that (can use 0.0.0.0 to
> > indicate all interfaces)
> > - If 'vnc-listen' is set in /etc/xen/xend-config.sxp, use that
> > (again can set it to 0.0.0.0 to listen on all interfaces by
> > default)
> > - Else use 127.0.0.1
> >
> >So, this makes VNC local only by default using 127.0.0.1. Anyone who wants
> >the old behaviour can just change xend-config.sxp setting...
> >
> > (vnc-listen '0.0.0.0')
> >
> >...which will affect all guests without an explicit setting.
> >
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> >
> >Regards,
> >Dan.
> >
> >------------------------------------------------------------------------
> >
> >diff -r 593b5623a0d2 tools/examples/xend-config.sxp
> >--- a/tools/examples/xend-config.sxp Fri Sep 29 15:40:35 2006 +0100
> >+++ b/tools/examples/xend-config.sxp Fri Sep 29 13:01:11 2006 -0400
> >@@ -130,3 +130,8 @@
> >
> > # The tool used for initiating virtual TPM migration
> > #(external-migration-tool '')
> >+
> >+# The interface for VNC servers to listen on. Defaults
> >+# to 127.0.0.1 To restore old 'listen everywhere' behaviour
> >+# set this to 0.0.0.0
> >+#(vnc-listen '127.0.0.1')
> >diff -r 593b5623a0d2 tools/examples/xmexample.hvm
> >--- a/tools/examples/xmexample.hvm Fri Sep 29 15:40:35 2006 +0100
> >+++ b/tools/examples/xmexample.hvm Fri Sep 29 13:01:11 2006 -0400
> >@@ -132,6 +132,11 @@ vnc=1
> > vnc=1
> >
> > #----------------------------------------------------------------------------
> >+# address that should be listened on for the VNC server if vnc is set.
> >+# default is to use 'vnc-listen' setting from /etc/xen/xend-config.sxp
> >+#vnclisten="127.0.0.1"
> >+
> >+#----------------------------------------------------------------------------
> > # set VNC display number, default = domid
> > #vncdisplay=1
> >
> >diff -r 593b5623a0d2 tools/ioemu/vl.c
> >--- a/tools/ioemu/vl.c Fri Sep 29 15:40:35 2006 +0100
> >+++ b/tools/ioemu/vl.c Fri Sep 29 13:01:11 2006 -0400
> >@@ -122,6 +122,7 @@ int nographic;
> > int nographic;
> > int vncviewer;
> > int vncunused;
> >+struct sockaddr_in vnclisten_addr;
> > const char* keyboard_layout = NULL;
> > int64_t ticks_per_sec;
> > char *boot_device = NULL;
> >@@ -2783,10 +2784,24 @@ fail:
> > return -1;
> > }
> >
> >+int parse_host(struct sockaddr_in *saddr, const char *buf)
> >+{
> >+ struct hostent *he;
> >+
> >+ if (isdigit(buf[0])) {
> >+ if (!inet_aton(buf, &saddr->sin_addr))
> >+ return -1;
> >
>
> Valid hostnames can begin with a digit as long as there are non-digits
> in the name. What I normally do is try inet_aton() iff gethostbyname
> fails first.
>
> Regards,
>
> Anthony Liguori
>
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Xen-devel mailing list
> >Xen-devel@lists.xensource.com
> >http://lists.xensource.com/xen-devel
> >
>
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
[-- Attachment #2: xen-vnclisten-3.patch --]
[-- Type: text/plain, Size: 8810 bytes --]
diff -r 593b5623a0d2 tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/examples/xend-config.sxp Fri Sep 29 15:37:30 2006 -0400
@@ -130,3 +130,8 @@
# The tool used for initiating virtual TPM migration
#(external-migration-tool '')
+
+# The interface for VNC servers to listen on. Defaults
+# to 127.0.0.1 To restore old 'listen everywhere' behaviour
+# set this to 0.0.0.0
+#(vnc-listen '127.0.0.1')
diff -r 593b5623a0d2 tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/examples/xmexample.hvm Fri Sep 29 15:37:30 2006 -0400
@@ -132,6 +132,11 @@ vnc=1
vnc=1
#----------------------------------------------------------------------------
+# address that should be listened on for the VNC server if vnc is set.
+# default is to use 'vnc-listen' setting from /etc/xen/xend-config.sxp
+#vnclisten="127.0.0.1"
+
+#----------------------------------------------------------------------------
# set VNC display number, default = domid
#vncdisplay=1
diff -r 593b5623a0d2 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vl.c Fri Sep 29 15:37:30 2006 -0400
@@ -122,6 +122,7 @@ int nographic;
int nographic;
int vncviewer;
int vncunused;
+struct sockaddr_in vnclisten_addr;
const char* keyboard_layout = NULL;
int64_t ticks_per_sec;
char *boot_device = NULL;
@@ -2783,10 +2784,22 @@ fail:
return -1;
}
+int parse_host(struct sockaddr_in *saddr, const char *buf)
+{
+ struct hostent *he;
+
+ if ((he = gethostbyname(buf)) != NULL) {
+ saddr->sin_addr = *(struct in_addr *)he->h_addr;
+ } else {
+ if (!inet_aton(buf, &saddr->sin_addr))
+ return -1;
+ }
+ return 0;
+}
+
int parse_host_port(struct sockaddr_in *saddr, const char *str)
{
char buf[512];
- struct hostent *he;
const char *p, *r;
int port;
@@ -2797,14 +2810,8 @@ int parse_host_port(struct sockaddr_in *
if (buf[0] == '\0') {
saddr->sin_addr.s_addr = 0;
} else {
- if (isdigit(buf[0])) {
- if (!inet_aton(buf, &saddr->sin_addr))
- return -1;
- } else {
- if ((he = gethostbyname(buf)) == NULL)
- return - 1;
- saddr->sin_addr = *(struct in_addr *)he->h_addr;
- }
+ if (parse_host(&saddr, buf) == -1)
+ return -1;
}
port = strtol(p, (char **)&r, 0);
if (r == p)
@@ -5352,6 +5359,7 @@ void help(void)
"-vnc display start a VNC server on display\n"
"-vncviewer start a vncviewer process for this domain\n"
"-vncunused bind the VNC server to an unused port\n"
+ "-vnclisten bind the VNC server to this address\n"
"-timeoffset time offset (in seconds) from local time\n"
"-acpi disable or enable ACPI of HVM domain \n"
"\n"
@@ -5444,6 +5452,7 @@ enum {
QEMU_OPTION_acpi,
QEMU_OPTION_vncviewer,
QEMU_OPTION_vncunused,
+ QEMU_OPTION_vnclisten,
};
typedef struct QEMUOption {
@@ -5522,6 +5531,7 @@ const QEMUOption qemu_options[] = {
{ "vnc", HAS_ARG, QEMU_OPTION_vnc },
{ "vncviewer", 0, QEMU_OPTION_vncviewer },
{ "vncunused", 0, QEMU_OPTION_vncunused },
+ { "vnclisten", HAS_ARG, QEMU_OPTION_vnclisten },
/* temporary options */
{ "usb", 0, QEMU_OPTION_usb },
@@ -5928,6 +5938,8 @@ int main(int argc, char **argv)
nb_nics = 0;
/* default mac address of the first network interface */
+
+ memset(&vnclisten_addr.sin_addr, 0, sizeof(vnclisten_addr.sin_addr));
/* init debug */
sprintf(qemu_dm_logfilename, "/var/log/xen/qemu-dm.%d.log", getpid());
@@ -6312,6 +6324,9 @@ int main(int argc, char **argv)
if (vnc_display == -1)
vnc_display = -2;
break;
+ case QEMU_OPTION_vnclisten:
+ parse_host(&vnclisten_addr, optarg);
+ break;
}
}
}
@@ -6548,7 +6563,7 @@ int main(int argc, char **argv)
if (nographic) {
dumb_display_init(ds);
} else if (vnc_display != -1) {
- vnc_display = vnc_display_init(ds, vnc_display, vncunused);
+ vnc_display = vnc_display_init(ds, vnc_display, vncunused, &vnclisten_addr);
if (vncviewer)
vnc_start_viewer(vnc_display);
xenstore_write_vncport(vnc_display);
diff -r 593b5623a0d2 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vl.h Fri Sep 29 15:37:30 2006 -0400
@@ -37,6 +37,8 @@
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#include "xenctrl.h"
#include "xs.h"
#include <xen/hvm/e820.h>
@@ -786,7 +788,7 @@ void cocoa_display_init(DisplayState *ds
void cocoa_display_init(DisplayState *ds, int full_screen);
/* vnc.c */
-int vnc_display_init(DisplayState *ds, int display, int find_unused);
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr);
int vnc_start_viewer(int port);
/* ide.c */
diff -r 593b5623a0d2 tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/ioemu/vnc.c Fri Sep 29 15:37:30 2006 -0400
@@ -1250,9 +1250,8 @@ static void vnc_listen_read(void *opaque
}
}
-int vnc_display_init(DisplayState *ds, int display, int find_unused)
-{
- struct sockaddr_in addr;
+int vnc_display_init(DisplayState *ds, int display, int find_unused, struct sockaddr_in *addr)
+{
int reuse_addr, ret;
VncState *vs;
@@ -1290,11 +1289,10 @@ int vnc_display_init(DisplayState *ds, i
}
retry:
- addr.sin_family = AF_INET;
- addr.sin_port = htons(5900 + display);
- memset(&addr.sin_addr, 0, sizeof(addr.sin_addr));
-
- if (bind(vs->lsock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons(5900 + display);
+
+ if (bind(vs->lsock, (struct sockaddr *)addr, sizeof(struct sockaddr_in)) == -1) {
if (find_unused && errno == EADDRINUSE) {
display++;
goto retry;
diff -r 593b5623a0d2 tools/python/xen/xend/XendRoot.py
--- a/tools/python/xen/xend/XendRoot.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xend/XendRoot.py Fri Sep 29 15:37:30 2006 -0400
@@ -95,6 +95,9 @@ class XendRoot:
dom0_min_mem_default = '0'
dom0_vcpus_default = '0'
+
+ """Default interface to listen for VNC connections on"""
+ xend_vnc_listen_default = '127.0.0.1'
components = {}
@@ -272,6 +275,9 @@ class XendRoot:
def get_console_limit(self):
return self.get_config_int('console-limit', 1024)
+ def get_vnclisten_address(self):
+ return self.get_config_value('vnc-listen', self.xend_vnc_listen_default)
+
def instance():
"""Get an instance of XendRoot.
Use this instead of the constructor.
diff -r 593b5623a0d2 tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xend/image.py Fri Sep 29 15:37:30 2006 -0400
@@ -358,6 +358,11 @@ class HVMImageHandler(ImageHandler):
vncunused = sxp.child_value(config, 'vncunused')
if vncunused:
ret += ['-vncunused']
+ vnclisten = sxp.child_value(config, 'vnclisten')
+ if not(vnclisten):
+ vnclisten = xen.xend.XendRoot.instance().get_vnclisten_address()
+ if vnclisten:
+ ret += ['-vnclisten', vnclisten]
return ret
def createDeviceModel(self):
diff -r 593b5623a0d2 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Fri Sep 29 15:40:35 2006 +0100
+++ b/tools/python/xen/xm/create.py Fri Sep 29 15:37:30 2006 -0400
@@ -414,6 +414,10 @@ gopts.var('vncdisplay', val='',
gopts.var('vncdisplay', val='',
fn=set_value, default=None,
use="""VNC display to use""")
+
+gopts.var('vnclisten', val='',
+ fn=set_value, default=None,
+ use="""Address for VNC server to listen on.""")
gopts.var('vncunused', val='',
fn=set_bool, default=1,
@@ -633,8 +637,9 @@ def configure_hvm(config_image, vals):
"""
args = [ 'device_model', 'pae', 'vcpus', 'boot', 'fda', 'fdb',
'localtime', 'serial', 'stdvga', 'isa', 'nographic', 'soundhw',
- 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'sdl', 'display',
- 'acpi', 'apic', 'xauthority', 'usb', 'usbdevice' ]
+ 'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'vnclisten',
+ 'sdl', 'display', 'xauthority',
+ 'acpi', 'apic', 'usb', 'usbdevice' ]
for a in args:
if (vals.__dict__[a]):
config_image.append([a, vals.__dict__[a]])
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2006-09-29 19:43 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-02 16:55 [PATCH] vnclisten for HVM vnc Jeremy Katz
2006-09-27 19:36 ` Jeremy Katz
2006-09-27 19:42 ` Daniel P. Berrange
2006-09-27 19:57 ` Jeremy Katz
2006-09-27 20:02 ` Daniel P. Berrange
2006-09-27 20:40 ` Ian Pratt
2006-09-29 17:24 ` Daniel P. Berrange
2006-09-29 18:03 ` Anthony Liguori
2006-09-29 19:02 ` Daniel P. Berrange
2006-09-29 19:43 ` Daniel P. Berrange
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.