From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58186) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ae4j1-0007kL-2g for qemu-devel@nongnu.org; Thu, 10 Mar 2016 12:50:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ae4ix-0000uW-Oy for qemu-devel@nongnu.org; Thu, 10 Mar 2016 12:50:15 -0500 Received: from mx1.redhat.com ([209.132.183.28]:45332) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ae4ix-0000tr-Iw for qemu-devel@nongnu.org; Thu, 10 Mar 2016 12:50:11 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 10A7A7F089 for ; Thu, 10 Mar 2016 17:50:10 +0000 (UTC) Date: Thu, 10 Mar 2016 17:50:07 +0000 From: "Daniel P. Berrange" Message-ID: <20160310175007.GA25607@redhat.com> References: <1456499430-8558-1-git-send-email-berrange@redhat.com> <1456499430-8558-25-git-send-email-berrange@redhat.com> <20160310174244.GJ10196@work-vm> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160310174244.GJ10196@work-vm> Subject: Re: [Qemu-devel] [PATCH v3 24/27] migration: define 'tls-creds' and 'tls-hostname' migration parameters Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Dr. David Alan Gilbert" Cc: Amit Shah , qemu-devel@nongnu.org, Juan Quintela On Thu, Mar 10, 2016 at 05:42:45PM +0000, Dr. David Alan Gilbert wrote: > * Daniel P. Berrange (berrange@redhat.com) wrote: > > Define two new migration parameters to be used with TLS encryption. > > The 'tls-creds' parameter provides the ID of an instance of the > > 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'. > > Providing these credentials will enable use of TLS on the migration > > data stream. > > > > If using x509 certificates, together with a migration URI that does > > not include a hostname, the 'tls-hostname' parameter provides the > > hostname to use when verifying the server's x509 certificate. This > > allows TLS to be used in combination with fd: and exec: protocols > > where a TCP connection is established by a 3rd party outside of > > QEMU. > > > > For the HMP this sadly requires adding a new monitor command > > 'migration_set_str_parameter', since the existing command > > 'migration_set_parameter' is fixed to take integer values. > > Can you explain why? > The definition of the 's' string type in monitor.c says: > * 's' string (accept optional quote) > > and hmp_block_stream already uses 's' for an integer parameter (why?). > So if you just changed the definition to take a :s parameter it would > work wouldn't it as long as you did an appropriate check in hmp_migrate_set_parameter? Hmm, I thought that changing migration_set_parameter from 'i' to 's' would be a non-backwards compatible change. If that change is possible though, its obviously preferrable to adding a new command. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|