[Libvir] Virtual networking
Daniel P. Berrange
berrange at redhat.com
Mon Jan 22 21:20:14 UTC 2007
On Mon, Jan 22, 2007 at 02:46:11PM +0000, Mark McLoughlin wrote:
> # Dan's patches
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-daemon.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-driver.patch
Now updated at:
http://people.redhat.com/berrange/libvirt/libvirt-qemu-daemon-2.patch
http://people.redhat.com/berrange/libvirt/libvirt-qemu-driver-2.patch
The major changes in these two patches since the previous time are:
- Client and server now use TLS on TCP sockets (UNIX sockets are plain)
- Client must have 4 files in current working dir
- ca-cert.pem - CA certificate
- ca-crl.pem - CA revocation list
- cert.pem - client's certificate
- key.pem - client's secret key
This should change in future once we decide on how to handle these.
- Server can enable TLS support via command line args:
libvirt_qemud -l local --tls --tls-cert cert.pem --tls-key key.pem \
--tls-ca-cert ca-cert.pem --tls-ca-crl ca-crl.pem
- The wire protocol uses fixed size types & requires network byte order
on the wire.
- Added a 'hello' message. When first connecting the client sends the max
version number it supports & whether it supports clear mode & TLS mode.
Server rejects clients with incompatible major, or picks maximum minor
version supported by both client & server. If server requires TLS it
will reject a client not advertising support of TLS mode.
Upon completion of 'hello' request+reply, will do TLS handshake. If
successfull, then server will enable the rest of the protocol messages,
otherwise it drops the client.
NB, there is bucket loads of printf() debugging in these patches since I was
still experimenting with the TLS stuff.
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-c99.patch
I simply removed -std=c99 and fixed up places I'd used C99 constructs, so should
no longer be needed
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-kqemu.patch
Not merged yet
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-transient.patch
Now unneccessary
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-error-overwrite.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-free-xpath-ctxt.patch
Merged these two.
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemud-refactor-exec.patch
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-config-refactor.patch
Merged these two.
> # Hook up to qemud
> http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-network-qemu-stubs.patch
When updating this you need two core changes:
- Change all 'int' to one of int32_t, uint32_t, int64_t, uint64_t
- Use 'qemud_wire_32' or 'qemud_wire_64' when reading or writing data
to the qemud_packet members.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the libvir-list
mailing list