From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1M3VcP-0000E8-SL for qemu-devel@nongnu.org; Mon, 11 May 2009 09:32:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1M3VcK-0008Ut-UG for qemu-devel@nongnu.org; Mon, 11 May 2009 09:32:33 -0400 Received: from [199.232.76.173] (port=42642 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1M3VcK-0008UQ-Ia for qemu-devel@nongnu.org; Mon, 11 May 2009 09:32:28 -0400 Received: from mail-fx0-f219.google.com ([209.85.220.219]:45183) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1M3VcK-0004a7-3e for qemu-devel@nongnu.org; Mon, 11 May 2009 09:32:28 -0400 Received: by fxm19 with SMTP id 19so2466192fxm.34 for ; Mon, 11 May 2009 06:32:27 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <4A0813D6.3050609@codemonkey.ws> References: <8e04b5820905101119u39ae84bfp1bae24be6e057086@mail.gmail.com> <4A0813D6.3050609@codemonkey.ws> Date: Mon, 11 May 2009 16:32:26 +0300 Message-ID: <8e04b5820905110632q1a3b9ad4u49d4f3208d994755@mail.gmail.com> Subject: Re: [Qemu-devel] Transforming stdin and stdout pair into a socket From: "Ciprian Dorin, Craciun" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: nbd-general@lists.sourceforge.net, linux-newbie@vger.kernel.org, qemu-devel@nongnu.org On Mon, May 11, 2009 at 3:02 PM, Anthony Liguori wr= ote: > Ciprian Dorin, Craciun wrote: >> >> =C2=A0 =C2=A0Hello all! >> >> =C2=A0 =C2=A0Today I've played around with NBD (Network Block Disk), and >> qemu-nbd (a NBD client that exports QEMU disks as NBD's). >> >> =C2=A0 =C2=A0My problem is the following: both NBD kernel module and qem= u-nbd >> implementation expect to use a socket in order to communicate. >> =C2=A0 =C2=A0This means that in order to securely tunnel the connection = over >> SSH (OpenSSH), I need an intermediary process that creates a socket >> and forwards all input / output between this socket and stdin / stdout >> (which are in fact pipes received from OpenSSH). >> >> =C2=A0 =C2=A0My question is: can I somehow make the pair of stdin / stdo= ut seem >> as a socket to the Linux syscalls (read and write)? (I would have to >> make stdin / stdout pair look like a single file descriptor.) (This >> would eliminate the intermediate process that just pipes data, and >> thus reduce the overhead.) >> > > Something like socat should to do the trick. > > For instance, if you have qemu-nbd on localhost:1025: > > ssh -l user hostname.com socat stdio tcp:localhost:1025 > > Alternative, you could just do ssh based port forwarding. =C2=A0For insta= nce: > > ssh -l user -L 1025:localhost:1025 hostname.com > > And then connect locally with nbd-client > > Regards, > > Anthony Liguori I've seen socat, and I could use it as you described. My only objection to this solution is that there is an unneeded process in the middle that just pipes data around... (Instead of socat, I think it would be more efficient to just write a simple application that uses the "new" Linux syscall "splice" that I've just found by mistake yesterday...) About the other solution with SSH port forwarding, I don't really like it, because it has some security implications: any process on the local machine can access the block device... (I know I can use iptables to actually restrict the process.) Still on the same topic I would have liked something like UNIX domain socket forwarding for SSH. (Which is available as a patch but on top of an older version...) Ciprian.