Re: [uml-devel] Networking as a non-root user

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

sh...@ti... said:
> My idea was to do something like SSH tunneling

That's not the fully general networking that UML implements with TUN/TAP,
et al.  That's just doing port forwarding for non-privileged ports.

> which does not require root access (TCP described here).

Sure it does.  You can't do ssh tunneling without a running network, and 
setting up the network requires root privileges.

> I thought of uml_router, since this is the only networking that
> doesn't require host IP setup.

Because it doesn't send packets through the host network.

> The uml process would call bind()/listen() on port 8080, and if a
> process in the virtual machine had called bind()/listen() on this
> port, then it would get the packets from the outside world.  At this
> point, NAT should be easy enough:
>
> $ linux eth0=porttunnel,8080:80,4343:43 

Something like this might work.  I have this on my todo list, for unix sockets.
I think it's possible to intercept socket operations for unix sockets at
the filesystem level.  For normal TCP sockets, I don't think UML has any chance
to intercept anything until the low-level network driver gets a completely
formatted packet.

To do what you want, it would have to extract the data, throw out the headers
after making sure that the source port was correct, and send the data to
the host port.

What might be easier is a tunnel daemon running inside UML listening to
port 80 or 43 and forwarding traffic to a special device that's hooked up
to a tunnel driver.  This wouldn't be a general network driver, it would a
special-purpose thing that forwards traffic between a host port and its node
inside UML.

				Jeff