From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LwLfu-0004H0-MC for qemu-devel@nongnu.org; Tue, 21 Apr 2009 15:30:34 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LwLfq-0004Ed-G8 for qemu-devel@nongnu.org; Tue, 21 Apr 2009 15:30:34 -0400 Received: from [199.232.76.173] (port=45750 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LwLfq-0004EP-7b for qemu-devel@nongnu.org; Tue, 21 Apr 2009 15:30:30 -0400 Received: from sj-iport-6.cisco.com ([171.71.176.117]:51883) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.60) (envelope-from ) id 1LwLfp-0004fl-FZ for qemu-devel@nongnu.org; Tue, 21 Apr 2009 15:30:29 -0400 Message-ID: <49EE1EC4.502@cisco.com> Date: Tue, 21 Apr 2009 13:30:12 -0600 From: "David S. Ahern" MIME-Version: 1.0 Subject: Re: [Qemu-devel] resetting a stale VNC connection References: <49EDC3B4.7030508@cisco.com> <49EDCC6F.1020703@redhat.com> <20090421164023.GE26731@redhat.com> <49EDF907.5030100@codemonkey.ws> <20090421171701.GH26731@redhat.com> In-Reply-To: <20090421171701.GH26731@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , Anthony Liguori Cc: Avi Kivity , qemu-devel@nongnu.org Daniel P. Berrange wrote: > On Tue, Apr 21, 2009 at 11:49:11AM -0500, Anthony Liguori wrote: >> Daniel P. Berrange wrote: >>> On Tue, Apr 21, 2009 at 04:38:55PM +0300, Avi Kivity wrote: >>> >>>> David S. Ahern wrote: >>>> >>>>> Is there a monitor command (or other method) to force a VNC client >>>>> connection to close? >>>>> >>>>> It looks like the vnc code does not use keepalive probes. If the >>>>> connection is left hanging the VNC server will never drop it. I have hit >>>>> this condition a couple of times when a VPN connection drops while the >>>>> vncviewer is connected to a VM. >>>>> >>>>> Specific software version at the moment is kvm-81. >>>>> >>>>> >>>> Why not just enable tcp keepalives? >>>> >>> Independant of killing off stale VNC clients, it could be desirable to >>> have a monitor command to kill a client, to allow revoking of end user >>> access to VNC. >>> >> I'm surprised change vnc none doesn't kill off all VNC connections. > > It may well do that - i've not tried it :-) It did not kill off established connections for me; it closed the server socket, but not client connections. david > >> I don't see a compelling use case to boot off individual clients other >> than we can. Is there something specific you were thinking someone >> would want to do? > > I've no pressing need for this - i was just thinking of possible use > cases for the command. Now we allow multiple concurrent VNC clients, and > can authenticate them, I just thought that it might be desirable to be > able to drop individual authenticated clients. eg if you've revoked > their credentials, but they still have a session open. Turning off+on > the whole VNC server would work as a big stick too. > > Daniel