[libvirt PATCH 0/9] remote: introduce a custom netcat impl for ssh tunnelling

Michal Privoznik mprivozn at redhat.com
Fri Jul 10 12:04:04 UTC 2020 

On 7/9/20 8:36 PM, Daniel P. Berrangé wrote:
> We have long had a problem with use of netcat for ssh tunnelling because
> there's no guarantee the UNIX socket path the client builds will match
> the UNIX socket path the remote host uses. We don't even allow session
> mode SSH tunnelling for this reason. We also can't easily auto-spawn
> libvirtd in session mode.
> 
> With the introduction of modular daemons we also have potential for two
> completely different UNIX socket paths even for system mode, and the
> client can't know which to use.
> 
> The solution to all these problems is to introduce a custom netcat impl.
> Instead passing the UNIX socket path, we pass the libvirt driver URI.
> The custom netcat then decides which socket path to use based on the
> remote build host environment.
> 
> We still have to support netcat for interoperability with legacy libvirt
> versions, but we can default to the new virt-nc.
> 
> Daniel P. Berrangé (9):
>    rpc: merge logic for generating remote SSH shell script
>    remote: split off enums into separate source file
>    remote: split out function for parsing URI scheme
>    remote: parse the remote transport string earlier
>    remote: split out function for constructing socket path
>    remote: extract logic for determining daemon to connect to
>    remote: introduce virtd-nc helper binary
>    rpc: switch order of args in virNetClientNewSSH
>    rpc: use new virt-nc binary for remote tunnelling
> 
>   build-aux/syntax-check.mk   |   2 +-
>   docs/uri.html.in            |  18 ++
>   po/POTFILES.in              |   2 +
>   src/libvirt_remote.syms     |   1 +
>   src/remote/Makefile.inc.am  |  32 +++
>   src/remote/remote_driver.c  | 323 +++++----------------------
>   src/remote/remote_nc.c      | 424 ++++++++++++++++++++++++++++++++++++
>   src/remote/remote_sockets.c | 277 +++++++++++++++++++++++
>   src/remote/remote_sockets.h |  70 ++++++
>   src/rpc/virnetclient.c      | 151 ++++++++-----
>   src/rpc/virnetclient.h      |  29 ++-
>   src/rpc/virnetsocket.c      |  37 +---
>   src/rpc/virnetsocket.h      |   4 +-
>   tests/virnetsockettest.c    |  12 +-
>   14 files changed, 1018 insertions(+), 364 deletions(-)
>   create mode 100644 src/remote/remote_nc.c
>   create mode 100644 src/remote/remote_sockets.c
>   create mode 100644 src/remote/remote_sockets.h
> 

If you fix small problems I've raised then:

Reviewed-by: Michal Privoznik <mprivozn at redhat.com>

Michal

More information about the libvir-list mailing list