10.4. Setting a Limit on Device Redirection
To filter out certain devices from redirection, pass the filter property to
-device usb-redir
. The filter property takes a string consisting of filter rules. The format for a rule is:
<class>:<vendor>:<product>:<version>:<allow>
Use the value
-1
to designate it to accept any value for a particular field. You may use multiple rules on the same command line using | as a separator. Note that if a device matches none of the filter rules, the redirection will not be allowed.
Example 10.1. Limiting redirection with a Windows guest virtual machine
- Prepare a Windows 7 guest virtual machine.
- Add the following code excerpt to the guest virtual machine's XML file:
<redirdev bus='usb' type='spicevmc'> <alias name='redir0'/> <address type='usb' bus='0' port='3'/> </redirdev> <redirfilter> <usbdev class='0x08' vendor='0x1234' product='0xBEEF' version='2.0' allow='yes'/> <usbdev class='-1' vendor='-1' product='-1' version='-1' allow='no'/> </redirfilter>
- Start the guest virtual machine and confirm the setting changes by running the following:
#
ps -ef | grep $guest_name
-device usb-redir,chardev=charredir0,id=redir0,
/filter=0x08:0x1234:0xBEEF:0x0200:1|-1:-1:-1:-1:0,bus=usb.0,port=3
- Plug a USB device into a host physical machine, and use virt-viewer to connect to the guest virtual machine.
- Clickin the menu, which will produce the following message: "Some USB devices are blocked by host policy". Click to confirm and continue.The filter takes effect.
- To make sure that the filter captures properly check the USB device vendor and product, then make the following changes in the host physical machine's domain XML to allow for USB redirection.
<redirfilter> <usbdev class='0x08' vendor='0x0951' product='0x1625' version='2.0' allow='yes'/> <usbdev allow='no'/> </redirfilter>
- Restart the guest virtual machine, then use virt-viewer to connect to the guest virtual machine. The USB device will now redirect traffic to the guest virtual machine.