Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support

From:	Laurent Vivier
Subject:	Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support
Date:	Mon, 27 Mar 2017 20:58:50 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Le 27/03/2017 à 20:41, Eric Blake a écrit :
> On 03/27/2017 01:21 PM, Laurent Vivier wrote:
>> When the VM is used behind a firewall, This allows
>> to use a SOCKS5 proxy server to connect the VM IP stack
> 
> "allows to $verb" is not idiomatic English; the correct forms are
> generally "allows $subject to $verb" or "allows ${verb}ing".  In this
> case, I'd lean towards "this allows the use of a SOCKS5 proxy server"

Thank you, and sorry.

> 
>> directly to the Internet.
>>
>> This implementation doesn't manage UDP packets, so they
>> are simply dropped (as with restrict=on), except for
>> the localhost as we need it for DNS.
>>
>> Signed-off-by: Laurent Vivier <address@hidden>
>> ---
> 
>> +++ b/qapi-schema.json
>> @@ -3680,6 +3680,9 @@
>>      '*ipv6-dns':         'str',
>>      '*smb':       'str',
>>      '*smbserver': 'str',
>> +    '*proxy-server': 'str',
>> +    '*proxy-user':   'str',
>> +    '*proxy-passwd': 'str',
> 
> Why can't we spell this out as password, instead of abbreviating?

because of unix command "passwd" ;) . I will fix.

> Should this hook into the "secrets object" framework so that someone
> does not have to pass the password in plaintext?
> 
>>      '*hostfwd':   ['String'],
>>      '*guestfwd':  ['String'] } }
> 
> Missing documentation.

I will fix.

> Do we want all three proxy elements to be in a substruct? The difference
> is between:
> 
> { ... "smb": "foo", "proxy-server": "bar", "proxy-user": "noone",
> "proxy-passwd": "hello" }
> 
> and a substruct:
> 
> { ... "smb": "foo", "proxy": { "server": "bar", "user", "noone",
> "passwd": "hello" } }

yes, substruct looks better.

> 
>>  
>> address@hidden address@hidden:@var{port}[,address@hidden,address@hidden
> 
> Yes, you DEFINITELY need to hook into the "secrets object" framework to
> avoid having to pass a password in plaintext on the command line.  Dan
> Berrange may have more advice on doing that.
> 

OK

Thank you for the review.

Laurent

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/1] slirp: add SOCKS5 support, Laurent Vivier, 2017/03/27
- [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support, Laurent Vivier, 2017/03/27
  - Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support, Eric Blake, 2017/03/27
    - Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support, Laurent Vivier <=

Prev by Date: Re: [Qemu-devel] [PATCH RFC v3 for-2.9 02/11] rbd: Fix to cleanly reject -drive without pool or image
Next by Date: Re: [Qemu-devel] [PATCH RFC v3 for-2.9 08/11] rbd: Revert -blockdev and -drive parameter auth-supported
Previous by thread: Re: [Qemu-devel] [PATCH 1/1] slirp: add SOCKS5 support
Next by thread: [Qemu-devel] [PATCH v3] Fix input-linux reading from device
Index(es):
- Date
- Thread