Current libvirt + qemu pair lacks secure migrations in case of VMs with non-shared disks. The only option to migrate securely natively is to use tunneled mode and some kind of secure destination URI. But tunelled mode does not support non-shared disks. The other way to make migration secure is to organize a tunnel by external means. This is possible in case of shared disks migration thru use of proper combination of destination URI, migration URI and VIR_MIGRATE_PARAM_LISTEN_ADDRESS migration param. But again this is not possible in case of non shared disks migration as we have no option to control target nbd server port. But fixing this much more simplier that supporting non-shared disks in tunneled mode. So this patch series adds option to set target ndb port. Finally all qemu migration connections will be secured AFAIK but even in this case this patch could be convinient if one wants all migration traffic be put in a single connection. difference from v2: =================== 1. patch is splitted into API and implementation parts 2. code that starts nbd server is reorganized 3. add check for setting disks port for tunneled case 4. misc small changes according to Jiri comments Nikolay Shirokovskiy (2): migration: add target peer disks port qemu: implement setting target disks migration port include/libvirt/libvirt-domain.h | 10 ++++ src/qemu/qemu_driver.c | 25 ++++++--- src/qemu/qemu_migration.c | 108 +++++++++++++++++++++++++++++---------- src/qemu/qemu_migration.h | 3 ++ tools/virsh-domain.c | 12 +++++ tools/virsh.pod | 5 +- 6 files changed, 127 insertions(+), 36 deletions(-) -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list