From: Laurent Vivier <laurent@vivier.eu>
To: Eric Blake <eblake@redhat.com>,
Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Jason Wang <jasowang@redhat.com>,
qemu-devel@nongnu.org, "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support
Date: Mon, 27 Mar 2017 20:58:50 +0200 [thread overview]
Message-ID: <3a712e65-045d-3dc2-9c07-a13c8268aa6f@vivier.eu> (raw)
In-Reply-To: <237b2650-da58-c844-d594-390f41e23e65@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2056 bytes --]
Le 27/03/2017 à 20:41, Eric Blake a écrit :
> On 03/27/2017 01:21 PM, Laurent Vivier wrote:
>> When the VM is used behind a firewall, This allows
>> to use a SOCKS5 proxy server to connect the VM IP stack
>
> "allows to $verb" is not idiomatic English; the correct forms are
> generally "allows $subject to $verb" or "allows ${verb}ing". In this
> case, I'd lean towards "this allows the use of a SOCKS5 proxy server"
Thank you, and sorry.
>
>> directly to the Internet.
>>
>> This implementation doesn't manage UDP packets, so they
>> are simply dropped (as with restrict=on), except for
>> the localhost as we need it for DNS.
>>
>> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
>> ---
>
>> +++ b/qapi-schema.json
>> @@ -3680,6 +3680,9 @@
>> '*ipv6-dns': 'str',
>> '*smb': 'str',
>> '*smbserver': 'str',
>> + '*proxy-server': 'str',
>> + '*proxy-user': 'str',
>> + '*proxy-passwd': 'str',
>
> Why can't we spell this out as password, instead of abbreviating?
because of unix command "passwd" ;) . I will fix.
> Should this hook into the "secrets object" framework so that someone
> does not have to pass the password in plaintext?
>
>> '*hostfwd': ['String'],
>> '*guestfwd': ['String'] } }
>
> Missing documentation.
I will fix.
> Do we want all three proxy elements to be in a substruct? The difference
> is between:
>
> { ... "smb": "foo", "proxy-server": "bar", "proxy-user": "noone",
> "proxy-passwd": "hello" }
>
> and a substruct:
>
> { ... "smb": "foo", "proxy": { "server": "bar", "user", "noone",
> "passwd": "hello" } }
yes, substruct looks better.
>
>>
>> +@item proxy-server=@var{addr}:@var{port}[,proxy-user=@var{user},proxy-passwd=@var{passwd}]]
>
> Yes, you DEFINITELY need to hook into the "secrets object" framework to
> avoid having to pass a password in plaintext on the command line. Dan
> Berrange may have more advice on doing that.
>
OK
Thank you for the review.
Laurent
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2017-03-27 18:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-27 18:21 [Qemu-devel] [PATCH 0/1] slirp: add SOCKS5 support Laurent Vivier
2017-03-27 18:21 ` [Qemu-devel] [PATCH 1/1] " Laurent Vivier
2017-03-27 18:41 ` Eric Blake
2017-03-27 18:58 ` Laurent Vivier [this message]
2017-04-03 11:41 ` Daniel P. Berrange
2017-04-03 11:49 ` Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a712e65-045d-3dc2-9c07-a13c8268aa6f@vivier.eu \
--to=laurent@vivier.eu \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=samuel.thibault@ens-lyon.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).