diff options
author | rich cannings <richc@google.com> | 2011-02-16 13:43:44 -0800 |
---|---|---|
committer | rich cannings <richc@google.com> | 2011-02-16 16:18:33 -0800 |
commit | 7339b55944e97077e4f74c4be34cd956ae44198b (patch) | |
tree | fa4d61112a5144ac4932e90693b2b0b281787d69 /slirp-android/libslirp.h | |
parent | bdedc85ca0c7ae3dcb9771595d196e6f533f4492 (diff) | |
download | external_qemu-7339b55944e97077e4f74c4be34cd956ae44198b.zip external_qemu-7339b55944e97077e4f74c4be34cd956ae44198b.tar.gz external_qemu-7339b55944e97077e4f74c4be34cd956ae44198b.tar.bz2 |
Add user mode networking restrictions: a firewall
Command line options added and code is supported for:
QEMU_OPTION_drop_udp
QEMU_OPTION_drop_tcp
QEMU_OPTION_allow_tcp
QEMU_OPTION_drop_log
QEMU_OPTION_net_forward
QEMU_OPTION_max_dns_conns
QEMU_OPTION_allow_udp
QEMU_OPTION_dns_log
Also, this change makes the default max DNS connections unlimited.
Change-Id: I887213149956dda155ef514418365bd80d8f1236
Diffstat (limited to 'slirp-android/libslirp.h')
-rw-r--r-- | slirp-android/libslirp.h | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/slirp-android/libslirp.h b/slirp-android/libslirp.h index 6086384..120e3d3 100644 --- a/slirp-android/libslirp.h +++ b/slirp-android/libslirp.h @@ -2,7 +2,9 @@ #define _LIBSLIRP_H #include <stdint.h> +#include <stdio.h> #include "sockets.h" +#include "slirp.h" #ifdef _WIN32 # define WIN32_LEAN_AND_MEAN # define socket_close winsock2_socket_close3 @@ -16,6 +18,8 @@ extern "C" { #endif +struct mbuf; + int inet_strtoip(const char* str, uint32_t *ip); char* inet_iptostr(uint32_t ip); @@ -32,6 +36,59 @@ void slirp_input(const uint8_t *pkt, int pkt_len); int slirp_can_output(void); void slirp_output(const uint8_t *pkt, int pkt_len); +/* ---------------------------------------------------*/ +/* User mode network stack restrictions */ +void slirp_drop_udp(); +void slirp_drop_tcp(); +void slirp_add_allow(unsigned long dst_addr, int dst_lport, + int dst_hport, u_int8_t proto); +void slirp_drop_log_fd(FILE* fd); +int slirp_should_drop(unsigned long dst_addr, + int dst_port, + u_int8_t proto); +int slirp_drop_log(const char* format, ...); + +/* for network forwards */ +void slirp_add_net_forward(unsigned long dest_ip, unsigned long dest_mask, + int dest_lport, int dest_hport, + unsigned long redirect_ip, int redirect_port); + +int slirp_should_net_forward(unsigned long remote_ip, int remote_port, + unsigned long *redirect_ip, int *redirect_port); +/* ---------------------------------------------------*/ + +/** + * Additional network stack modifications, aiming to detect and log + * any network activity initiated by any binary outisde the context of + * the running browser. + */ + +void slirp_dns_log_fd(FILE* fd); +/** Logs the DNS name in DNS query issued by the VM. */ +int slirp_log_dns(struct mbuf* m, int dropped); +/** IP packet dump of DNS queris and responses. */ +int slirp_dump_dns(struct mbuf* m); +/** Sets an upper limit for the number of allowed DNS requests from + * the VM. + */ +void slirp_set_max_dns_conns(int max_dns_conns); +/* Returns the max number of allowed DNS requests.*/ +int slirp_get_max_dns_conns(); + +/** + * Modifications for implementing "-net-forward-tcp2sink' option. + */ + +void slirp_forward_dropped_tcp2sink(unsigned long sink_ip, int sink_port); +int slirp_should_forward_dropped_tcp2sink(); +unsigned long slirp_get_tcp_sink_ip(); +int slirp_get_tcp_sink_port(); + + + + +/* ---------------------------------------------------*/ + void slirp_redir_loop(void (*func)(void *opaque, int is_udp, const SockAddress *laddr, const SockAddress *faddr), |