[Libvir] Virtual networking

Daniel P. Berrange berrange at redhat.com
Mon Jan 22 21:20:14 UTC 2007 

On Mon, Jan 22, 2007 at 02:46:11PM +0000, Mark McLoughlin wrote:
> # Dan's patches
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-daemon.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-driver.patch

Now updated at:

http://people.redhat.com/berrange/libvirt/libvirt-qemu-daemon-2.patch
http://people.redhat.com/berrange/libvirt/libvirt-qemu-driver-2.patch

The major changes in these two patches since the previous time are:

 - Client and server now use TLS on TCP sockets (UNIX sockets are plain)

     - Client must have 4 files in current working dir
          - ca-cert.pem  - CA certificate
          - ca-crl.pem   - CA revocation list
          - cert.pem     - client's certificate
          - key.pem      - client's secret key 
       This should change in future once we decide on how to handle these.

     - Server can enable TLS support via command line args:

        libvirt_qemud -l local --tls --tls-cert cert.pem --tls-key key.pem \
            --tls-ca-cert ca-cert.pem --tls-ca-crl ca-crl.pem

 - The wire protocol uses fixed size types & requires network byte order
   on the wire.

 - Added a 'hello' message. When first connecting the client sends the max
   version number it supports & whether it supports clear mode & TLS mode.
   Server rejects clients with incompatible major, or picks maximum minor
   version supported by both client & server. If server requires TLS it
   will reject a client not advertising support of TLS mode.

   Upon completion of 'hello' request+reply, will do TLS handshake. If
   successfull, then server will enable the rest of the protocol messages,
   otherwise it drops the client.


NB, there is bucket loads of printf() debugging in these patches since I was
still experimenting with the TLS stuff.

> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-c99.patch

I simply removed -std=c99 and fixed up places I'd used C99 constructs, so should
no longer be needed

> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-kqemu.patch

Not merged yet

> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-transient.patch

Now unneccessary

> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-error-overwrite.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-free-xpath-ctxt.patch

Merged these two.

> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemud-refactor-exec.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-config-refactor.patch

Merged these two.

> # Hook up to qemud
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-network-qemu-stubs.patch

When updating this you need two core changes:

  - Change all 'int'  to one of int32_t, uint32_t, int64_t, uint64_t
  - Use 'qemud_wire_32' or 'qemud_wire_64' when reading or writing data
    to the qemud_packet members.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the libvir-list mailing list