proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-05-02 14:55:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do not open forward tunnel on insecure migrations

Browse Source 
Restore previous behaviour and do not request a forward tunnel on
insecure migrations.

For the migrations of all kind this has no direct impact, they all
worked, but an port to much requested from an limited pool is still
not ideal. Also an open tunnel, if not needed.

This is a light regression introduced from commit 1c9d54b.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2016-06-06 10:58:40 +02:00 committed by Dietmar Maurer
parent 54323eed5f
commit e858e9d241
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
PVE/QemuMigrate.pm
View File

@ -91,7 +91,7 @@ sub finish_command_pipe {
sub fork_tunnel {
my ($self, $tunnel_addr) = @_;
my @localtunnelinfo = ('-L' , $tunnel_addr );
my @localtunnelinfo = defined($tunnel_addr) ? ('-L' , $tunnel_addr ) : ();
my $cmd = [@{$self->{rem_ssh}}, '-o ExitOnForwardFailure=yes', @localtunnelinfo, 'qm', 'mtunnel' ];
@ -439,11 +439,15 @@ sub phase2 {
}
} elsif ($ruri =~ /^tcp:/) {
# for backwards compatibility with older qemu-server versions
my $pfamily = PVE::Tools::get_host_address_family($nodename);
my $lport = PVE::Tools::next_migrate_port($pfamily);
my $tunnel_addr;
if ($raddr eq "localhost") {
# for backwards compatibility with older qemu-server versions
my $pfamily = PVE::Tools::get_host_address_family($nodename);
my $lport = PVE::Tools::next_migrate_port($pfamily);
$tunnel_addr = "$lport:localhost:$rport";
}
$self->{tunnel} = $self->fork_tunnel("$lport:localhost:$rport");
$self->{tunnel} = $self->fork_tunnel($tunnel_addr);
} else {
die "unsupported protocol in migration URI: $ruri\n";