[Libvir] Remote patch, 2007/02/19

Richard W.M. Jones rjones at redhat.com
Wed Feb 21 18:13:40 UTC 2007 

Daniel P. Berrange wrote:
> On Mon, Feb 19, 2007 at 03:30:25PM +0000, Richard W.M. Jones wrote:
>> Just for everyone's information.
>>
>> http://annexia.org/tmp/libvirt-tls-20070219.patch
> 
> I'm really not at all a fan of the magic cookie being passed around all the
> time on the wire
> 
[cookies]

> 
> I understand that SunRPC is at its core a stateless protocol, because it is
> intended to be able to run apps over both unreliable datagram & reliable
> stream sockets. For libvirt's purposes though I don't see us ever caring
> about running over anything other than TCP / UNIX domain sockets which are
> stateful and reliable.

Right, and the other thing to observe is that in fact SunRPC over TCP / 
Unix domain sockets doesn't automatically reconnect anyway, as I once 
thought it did.  We shouldn't try to do manual reconnection because that 
has all sorts of other interesting ways to fail and in any case would 
make the code really too complicated.
[Gory details and test code in case anyone is interested: 
http://et.redhat.com/~rjones/sunrpc_reconnection/ ]

> With that in mind I'd venture to suggest we ditch the whole idea of cookies
> completely.
> 
> Every method on the server end is already given a 
> 
>      'struct svc_req *req'
> 
> This struct contains a field
> 
>      ' SVCXPRT *rq_xprt;'
> 
> Which represents the data transport of the client. And the SVCXPRT struct
> has as its first member the '  int xp_sock' which is the socket associated
> with the client. 
> 
> So we can trivially & securely map from a client's TCP connetion to the
> virConnectPtr without needing any magic cookies.

What concerns me here is that xp_sock is just a file descriptor and fds 
can be reused.  It is also an fd that could be any of:
  * a TCPv6 socket
  * a TCPv4 socket
  * a Unix domain socket
  * on the client side, a socketpair (which on Linux is a funny type of 
Unix domain socket)
So finding something unique about it may be tricky.  What happens if two 
clients connect in succession over the local Unix domain socket?

I need to think about this some more, so watch this space ...

Also worth noting is that cookies may represent other server-side 
objects, in particular domains and networks.  We can have multiple 
domains per connection.  The relationship between networks and 
connections is complicated (and I don't pretend to understand it at the 
moment either).  I will be thinking about this too ...

Rich.

-- 
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
  "[Negative numbers] darken the very whole doctrines of the equations
  and make dark of the things which are in their nature excessively
  obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070221/33029bd2/attachment-0001.bin>

More information about the libvir-list mailing list