diff options
-rw-r--r-- | net/slirp.c | 12 | ||||
-rw-r--r-- | slirp/tcp_input.c | 26 |
2 files changed, 22 insertions, 16 deletions
diff --git a/net/slirp.c b/net/slirp.c index b3f35d5..124e953 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -212,19 +212,19 @@ static int net_slirp_init(NetClientState *peer, const char *model, return -1; } - if (vdhcp_start && !inet_aton(vdhcp_start, &dhcp)) { + if (vnameserver && !inet_aton(vnameserver, &dns)) { return -1; } - if ((dhcp.s_addr & mask.s_addr) != net.s_addr || - dhcp.s_addr == host.s_addr || dhcp.s_addr == dns.s_addr) { + if ((dns.s_addr & mask.s_addr) != net.s_addr || + dns.s_addr == host.s_addr) { return -1; } - if (vnameserver && !inet_aton(vnameserver, &dns)) { + if (vdhcp_start && !inet_aton(vdhcp_start, &dhcp)) { return -1; } - if ((dns.s_addr & mask.s_addr) != net.s_addr || - dns.s_addr == host.s_addr) { + if ((dhcp.s_addr & mask.s_addr) != net.s_addr || + dhcp.s_addr == host.s_addr || dhcp.s_addr == dns.s_addr) { return -1; } diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c index 6440eae..f946db8 100644 --- a/slirp/tcp_input.c +++ b/slirp/tcp_input.c @@ -316,16 +316,6 @@ tcp_input(struct mbuf *m, int iphlen, struct socket *inso) m->m_data += sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); m->m_len -= sizeof(struct tcpiphdr)+off-sizeof(struct tcphdr); - if (slirp->restricted) { - for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { - if (ex_ptr->ex_fport == ti->ti_dport && - ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) { - break; - } - } - if (!ex_ptr) - goto drop; - } /* * Locate pcb for segment. */ @@ -355,6 +345,22 @@ findso: * as if it was LISTENING, and continue... */ if (so == NULL) { + if (slirp->restricted) { + /* Any hostfwds will have an existing socket, so we only get here + * for non-hostfwd connections. These should be dropped, unless it + * happens to be a guestfwd. + */ + for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { + if (ex_ptr->ex_fport == ti->ti_dport && + ti->ti_dst.s_addr == ex_ptr->ex_addr.s_addr) { + break; + } + } + if (!ex_ptr) { + goto dropwithreset; + } + } + if ((tiflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK)) != TH_SYN) goto dropwithreset; |