[Libvir] Remote patch, 2007-02-26

Richard W.M. Jones rjones at redhat.com
Mon Feb 26 20:05:18 UTC 2007 

I was really hoping to have a patch which could be applied out today. 
This isn't quite that patch, so my apologies.  Nevertheless, this 
demonstrates what can be done, and works on a selection of the important 
libvirt API calls.

http://www.annexia.org/tmp/libvirt-tls-20070226.patch

List of things that need to be done:

* Audit incoming IP addresses / virConnectOpen names to syslog.
* GnuTLS handshake DoS fix (see danpb's email).
* GnuTLS client crashing bug (I have a fix, just needs to be applied).
* Complete the wrappers for the remaining API calls.
* Testing(!)

Apart from that list above, I'm hoping that this patch addresses 
everything that people have raised on list and privately about previous 
patches.  If I've missed anything, let me know.

Rich.

----------------------------------------- "screenshot" ---

rjones at oirase:~/d/libvirt-remote$ src/virsh -c test://localhost/default 
nodeinfo
proceeding with name = test:///default
loading CA file demoCA/cacert.pem
loading client cert and key from files 127001cert.pem and 127001key.pem
CPU model:           i686
CPU(s):              16
CPU frequency:       1400 MHz
CPU socket(s):       2
Core(s) per socket:  2
Thread(s) per core:  2
NUMA cell(s):        2
Memory size:         3145728 kB

rjones at oirase:~/d/libvirt-remote$ src/virsh -c test://localhost/default 
create tests/xmconfigdata/test-fullvirt-new-cdrom.xml
proceeding with name = test:///default
loading CA file demoCA/cacert.pem
loading client cert and key from files 127001cert.pem and 127001key.pem
Domain XenGuest2 created from tests/xmconfigdata/test-fullvirt-new-cdrom.xml



rjones at oirase:~/d/libvirt-remote$ src/libvirtd -d
libvir: error : failed to open /home/rjones/local/etc/libvirtd.conf for 
reading
libvirtd: loading CA cert from demoCA/cacert.pem
libvirtd: loading cert and key from servercert.pem and serverkey.pem
libvirtd: TLS service listening on port 16514
libvirtd: Unix service listening on socket 
/home/rjones/local/var/run/libvirtd/socket
libvirtd: create_mapping: xprt = 0x647680
libvirtd: lookup_connection: xprt = 0x647680
libvirtd: set_connection: xprt = 0x647680
libvirtd: lookup_connection: xprt = 0x647680
libvirtd: lookup_connection: xprt = 0x647680
libvirtd: set_connection: xprt = 0x647680
libvirtd: destroy_mapping: xprt = 0x647680
libvirtd: create_mapping: xprt = 0x647b20
libvirtd: lookup_connection: xprt = 0x647b20
libvirtd: set_connection: xprt = 0x647b20
libvirtd: lookup_connection: xprt = 0x647b20
libvirtd: lookup_connection: xprt = 0x647b20
libvirtd: set_connection: xprt = 0x647b20
libvirtd: destroy_mapping: xprt = 0x647b20




-- 
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
  "[Negative numbers] darken the very whole doctrines of the equations
  and make dark of the things which are in their nature excessively
  obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070226/100ab62c/attachment-0001.bin>

More information about the libvir-list mailing list