[Qemu-devel] Re: [Nbd] Transforming stdin and stdout pair into a socket

["Ciprian Dorin, Craciun" <ciprian.craciun@gmail.com>]

On Mon, May 11, 2009 at 11:03 AM, Laurent Vivier
<Laurent.Vivier@bull.net> wrote:
> Le dimanche 10 mai 2009 à 21:19 +0300, Ciprian Dorin, Craciun a écrit :
>> Hello all!
>
> Hi,
>
> perhaps the attached patch I wrote last year (november) is what you
> want...
>
> I didn't try to apply it to an up-to-date qemu-nbd.
>
> Regards,
> Laurent
>
>>     Today I've played around with NBD (Network Block Disk), and
>> qemu-nbd (a NBD client that exports QEMU disks as NBD's).
>>
>>     My problem is the following: both NBD kernel module and qemu-nbd
>> implementation expect to use a socket in order to communicate.
>>     This means that in order to securely tunnel the connection over
>> SSH (OpenSSH), I need an intermediary process that creates a socket
>> and forwards all input / output between this socket and stdin / stdout
>> (which are in fact pipes received from OpenSSH).
>>
>>     My question is: can I somehow make the pair of stdin / stdout seem
>> as a socket to the Linux syscalls (read and write)? (I would have to
>> make stdin / stdout pair look like a single file descriptor.) (This
>> would eliminate the intermediate process that just pipes data, and
>> thus reduce the overhead.)
>>
>>     Just to be clear: I know how to trick an application to have it's
>> stdin and stdout be an opened socket (by using dup syscall). But in
>> this case I need to trick the Linux kernel into thinking that stdin /
>> stdout pair is a socket (or a single file descriptor).
>>
>>     Thank you,
>>     Ciprian Craciun.
>>
>> ------------------------------------------------------------------------------
>> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
>> production scanning environment may not be a perfect world - but thanks to
>> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
>> Series Scanner you'll get full speed at 300 dpi even with all image
>> processing features enabled. http://p.sf.net/sfu/kodak-com
>> _______________________________________________
>> Nbd-general mailing list
>> Nbd-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nbd-general
>>
> --
> ------------------ Laurent.Vivier@bull.net  ------------------
> "Tout ce qui est impossible reste à accomplir"    Jules Verne
> "Things are only impossible until they're not" Jean-Luc Picard

    Well, very clever! :) From what I've seen you are actually using
the stdin as the socket descriptor, knowing that if qemu-nbd was
started with the -i flag it means that inetd has already set both
stdin and stdout to a real socket, and thus everything works Ok.

    Unfortunately this works only with inetd (or compatible system)
without any SSL/TLS wrapping. My problem is that if the stdin and
stdout are instead pipes (as it would happen in case of sshd?, or
socat with SSL connector?) this would not work...

    Thank you for the idea. I could use if I don't find another solution.

    Ciprian.