On Mon, Jan 22, 2007 at 02:46:11PM +0000, Mark McLoughlin wrote: > # Dan's patches > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-daemon.patch > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-driver.patch Now updated at: http://people.redhat.com/berrange/libvirt/libvirt-qemu-daemon-2.patch http://people.redhat.com/berrange/libvirt/libvirt-qemu-driver-2.patch The major changes in these two patches since the previous time are: - Client and server now use TLS on TCP sockets (UNIX sockets are plain) - Client must have 4 files in current working dir - ca-cert.pem - CA certificate - ca-crl.pem - CA revocation list - cert.pem - client's certificate - key.pem - client's secret key This should change in future once we decide on how to handle these. - Server can enable TLS support via command line args: libvirt_qemud -l local --tls --tls-cert cert.pem --tls-key key.pem \ --tls-ca-cert ca-cert.pem --tls-ca-crl ca-crl.pem - The wire protocol uses fixed size types & requires network byte order on the wire. - Added a 'hello' message. When first connecting the client sends the max version number it supports & whether it supports clear mode & TLS mode. Server rejects clients with incompatible major, or picks maximum minor version supported by both client & server. If server requires TLS it will reject a client not advertising support of TLS mode. Upon completion of 'hello' request+reply, will do TLS handshake. If successfull, then server will enable the rest of the protocol messages, otherwise it drops the client. NB, there is bucket loads of printf() debugging in these patches since I was still experimenting with the TLS stuff. > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-c99.patch I simply removed -std=c99 and fixed up places I'd used C99 constructs, so should no longer be needed > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-no-kqemu.patch Not merged yet > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-transient.patch Now unneccessary > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-error-overwrite.patch > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-free-xpath-ctxt.patch Merged these two. > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemud-refactor-exec.patch > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-qemu-config-refactor.patch Merged these two. > # Hook up to qemud > http://www.gnome.org/~markmc/code/libvirt-networking/libvirt-network-qemu-stubs.patch When updating this you need two core changes: - Change all 'int' to one of int32_t, uint32_t, int64_t, uint64_t - Use 'qemud_wire_32' or 'qemud_wire_64' when reading or writing data to the qemud_packet members. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|