From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NKDaA-0008DO-Nr
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 11:15:34 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NKDa4-0008BS-VJ
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 11:15:33 -0500
Received: from [199.232.76.173] (port=52032 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NKDa4-0008BJ-Jw
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 11:15:28 -0500
Received: from mail-qy0-f194.google.com ([209.85.221.194]:60021)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1NKDa4-0000cx-FF
	for qemu-devel@nongnu.org; Mon, 14 Dec 2009 11:15:28 -0500
Received: by qyk32 with SMTP id 32so1472336qyk.4
	for <qemu-devel@nongnu.org>; Mon, 14 Dec 2009 08:15:27 -0800 (PST)
Message-ID: <4B26649D.6060906@codemonkey.ws>
Date: Mon, 14 Dec 2009 10:15:25 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: Spice project is now open
References: <hfuq4h$u0a$2@ger.gmane.org> <4B231182.1080208@codemonkey.ws>
	<20091212144433.GA26966@random.random>
	<4B23B0BE.7080408@codemonkey.ws>
	<20091212160626.GB26966@random.random>
	<4B23D585.70400@codemonkey.ws> <4B241A99.2000704@redhat.com>
	<4B242B40.4050409@codemonkey.ws> <4B24C5EF.2090607@redhat.com>
	<4B264EC4.7020500@codemonkey.ws>
	<20091214151056.GG23733@redhat.com> <4B266125.8010005@redhat.com>
In-Reply-To: <4B266125.8010005@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, dlaor@redhat.com, qemu-devel@nongnu.org

Avi Kivity wrote:
> You can still implement this with SCM_RIGHTS.  Authenticate, select 
> guest, drop tls, pass fd to qemu, authenticate, hack hack hack, drop 
> tls, pass fd back to proxy, goto 10.

Here's how I'd envision this working.

Start qemu with:

qemu -vnc proxy:/path/to/unix/domain/socket

We connect to /path/to/unix/domain/socket and wait to recv file 
descriptors after telling the server it's name and what protocol version 
it supports.  We treat each received file descriptor as a new 
connection.  We use do full protocol with no specific authentication.

The server runs and opens /path/to/unix/domain/socket.  Whenever a 
client connects to the server socket, it does protocol negotiation using 
the least common denominator of protocol versions given it.  We use a 
protocol extension to list and negotiate which client to connect to.  
Once that's been established, we send a socketpair() over the 
appropriate domain socket, and do appropriate negotiation to get us up 
to the ServerInit stage.  We use a combination of DesktopResize and WMVi 
in the server to get the client at the appropriate state to match the 
ServerInit.

We then (in the server) blindly proxy any data from the qemu instance to 
the client (encrypting it if necessary).

We won't need to reencode any traffic in this model and it's pretty 
reasonable from a UI perspective.  In fact, if we use a helper, we can 
probably have an even better command line for qemu.

Regards,

Anthony Liguori