[et-mgmt-tools] [PATCH] Strengthen port number validation

Masayuki Sunou fj1826dm at aa.jp.fujitsu.com
Mon Nov 12 08:24:06 UTC 2007 

Hi

I understand your suggestion.
Therefore, I decline applying this patch and examine fixing Xen.

Thanks,
Masayuki Sunou

In message <20071108143811.GA16895 at redhat.com>
   "Re: [et-mgmt-tools] [PATCH] Strengthen port number validation"
   ""Daniel P. Berrange" <berrange at redhat.com>" wrote:

> On Wed, Nov 07, 2007 at 04:44:29PM -0500, Cole Robinson wrote:
> > Masayuki Sunou wrote:
> > > Hi
> > > 
> > > Installation fails when port number used by other processes is set 
> > > to --vncport of virt-install, because graphical console is not displayed.
> > > The same problem occurs when port number exceeds upper bound. 
> > > 
> > > One of patches fixes to request re-input when port number used is set.
> > >  --> check_vncport_used.patch
> > > Other fixes to output error message when port number exceeds upper bound. 
> > >  --> check_vncport_upperbound.patch
> > > 
> > > Signed-off-by: Masayuki Sunou <fj1826dm at aa.jp.fujitsu.com>
> > > 
> > > Thanks,
> > > Masayuki Sunou.
> > 
> > 
> > Hi,
> > 
> > The upperbound check looks good, I just applied it.
> > 
> > The vncport collision detection though I'm a bit worried about. Parsing
> > 'netstat' doesn't seem like a nice solution: its a lot of output to parse
> > for little gain and requires an external utility to do it.
> > 
> > I think the nice way to check the port would be to have a function that
> > actually attempts to bind the port, to test that it is empty. You would
> > understandably have to release it if you succeeded so the install can use
> > it in the future. I'm not sure if this would carry any residual effects,
> > maybe someone else has a better idea?
> 
> This kind of check does not belong in virt-install.  It is not merely a
> problem when installing the guest. If you allocate a fixed port to a guest
> it can clash any time you start the guest. The *ONLY* viable place to 
> check & report errors for this is the code which actually opens the port
> ie QEMU itself.  QEMU can propagate errors back to XenD / libvirt and in
> turn back to the user.
> 
> 
> Dan.
> -- 
> |=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
> |=-           Perl modules: http://search.cpan.org/~danberr/              -=|
> |=-               Projects: http://freshmeat.net/~danielpb/               -=|
> |=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 
> 
> _______________________________________________
> et-mgmt-tools mailing list
> et-mgmt-tools at redhat.com
> https://www.redhat.com/mailman/listinfo/et-mgmt-tools

More information about the et-mgmt-tools mailing list