Re: [Qemu-devel] [PULL v1 4/9] io: add QIOChannelSocket class

[Peter Maydell]

On 17 December 2015 at 13:45, Daniel P. Berrange <address@hidden> wrote:
> Implement a QIOChannel subclass that supports sockets I/O.
> The implementation is able to manage a single socket file
> descriptor, whether a TCP/UNIX listener, TCP/UNIX connection,
> or a UDP datagram. It provides APIs which can listen and
> connect either asynchronously or synchronously. Since there
> is no asynchronous DNS lookup API available, it uses the
> QIOTask helper for spawning a background thread to ensure
> non-blocking operation.

(There's GNU adns for async DNS lookups, but I guess we don't
really want the extra dependency.)

> +static void test_io_channel_ipv4(bool async)
> +{
> +    SocketAddress *listen_addr = g_new0(SocketAddress, 1);
> +    SocketAddress *connect_addr = g_new0(SocketAddress, 1);
> +
> +    listen_addr->type = SOCKET_ADDRESS_KIND_INET;
> +    listen_addr->u.inet = g_new0(InetSocketAddress, 1);
> +    listen_addr->u.inet->host = g_strdup("0.0.0.0");
> +    listen_addr->u.inet->port = NULL; /* Auto-select */
> +
> +    connect_addr->type = SOCKET_ADDRESS_KIND_INET;
> +    connect_addr->u.inet = g_new0(InetSocketAddress, 1);
> +    connect_addr->u.inet->host = g_strdup("127.0.0.1");
> +    connect_addr->u.inet->port = NULL; /* Filled in later */

Does this test program really need to create a listening
socket on the host's external interface? Anybody could
connect to it, which means half this test code is suddenly
a security boundary...

(I noticed this because the firewall on my OSX box popped
up  a helpful dialog asking if I really wanted to give
test-io-channel-socket full network access.)

thanks
-- PMM