From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NKC7y-0002js-3N for qemu-devel@nongnu.org; Mon, 14 Dec 2009 09:42:22 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1NKC7t-0002f5-7V for qemu-devel@nongnu.org; Mon, 14 Dec 2009 09:42:21 -0500 Received: from [199.232.76.173] (port=44026 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NKC7t-0002et-1b for qemu-devel@nongnu.org; Mon, 14 Dec 2009 09:42:17 -0500 Received: from mail-yw0-f171.google.com ([209.85.211.171]:35268) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NKC7s-0004YN-W1 for qemu-devel@nongnu.org; Mon, 14 Dec 2009 09:42:17 -0500 Received: by ywh1 with SMTP id 1so2810617ywh.18 for ; Mon, 14 Dec 2009 06:42:16 -0800 (PST) Message-ID: <4B264EC4.7020500@codemonkey.ws> Date: Mon, 14 Dec 2009 08:42:12 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] Re: Spice project is now open References: <20091211213911.0dce90dc@redhat.com> <4B22A2D9.6020602@codemonkey.ws> <20091211223250.129675fc@redhat.com> <4B22B035.3010601@codemonkey.ws> <20091211233158.22e6681f@redhat.com> <4B22C093.2090806@codemonkey.ws> <4B231182.1080208@codemonkey.ws> <20091212144433.GA26966@random.random> <4B23B0BE.7080408@codemonkey.ws> <20091212160626.GB26966@random.random> <4B23D585.70400@codemonkey.ws> <4B241A99.2000704@redhat.com> <4B242B40.4050409@codemonkey.ws> <4B24C5EF.2090607@redhat.com> In-Reply-To: <4B24C5EF.2090607@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Avi Kivity Cc: Andrea Arcangeli , Paolo Bonzini , dlaor@redhat.com, qemu-devel@nongnu.org Avi Kivity wrote: > On 12/13/2009 01:46 AM, Anthony Liguori wrote: >> >> Dan Berrange and I have been talking about being able to move VNC >> server into a central process such that all of the VMs can have a >> single VNC port that can be connected to. This greatly simplifies >> the firewalling logic that an administrator has to deal with. >> That's a problem I've already had to deal with for our management >> tools. We use a private network for management and we bridge the VNC >> traffic into the customers network so they can see the VGA session. >> But since that traffic can be a large range of ports and we have to >> tunnel the traffic through a central server to get into the customer >> network, it's very difficult to setup without opening up a mess of >> ports. I think we're currently opening a few thousand just for VNC. > > Seems to me the best way to handle this is to run an accept() in a > server and hand the resulting fd to the vnc server in qemu using ... > wait for it ... SCM_RIGHTS. > > I'm just happy every time someone lobs a question into the air that > can be answered using SCM_RIGHTS. That's actually a great idea made even better by the use of SCM_RIGHTS :-) I think it's a bit trickier though because ideally you would want to use the vnc protocol to negotiate which vm you're connecting to. That implies that you actually need to hand over the fd in a setup state. It's complicated by any encryption protocol too. Regards, Anthony Liguori