On Tue, Aug 25, 2020 at 07:47:13 +0200, Martin Kletzander wrote: > Local socket connections were outright disabled because there was no "server" > part in the URI. However, given how requirements and usage scenarios are > evolving, some management apps might need the source libvirt daemon to connect > to the destination daemon over a UNIX socket for peer2peer migration. Since we > cannot know where the socket leads (whether the same daemon or not) let's decide > that based on whether the socket path is non-standard, or rather explicitly > specified in the URI. Checking non-standard path would require to ask the > daemon for configuration and the only misuse that it would prevent would be a > pretty weird one. And that's not worth it. The assumption is that whenever > someone uses explicit UNIX socket paths in the URI for migration they better > know what they are doing. > > Partially resolves: https://bugzilla.redhat.com/1638889 > > Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx> > --- > docs/manpages/virsh.rst | 9 +++++++++ > src/libvirt-domain.c | 8 +++++++- > src/remote/remote_driver.c | 8 ++++++-- > src/util/viruri.c | 30 ++++++++++++++++++++++++++++++ > src/util/viruri.h | 2 ++ > tests/virmigtest.c | 2 +- > 6 files changed, 55 insertions(+), 4 deletions(-) ... > diff --git a/src/util/viruri.c b/src/util/viruri.c > index 0112186fdbc4..91f86de19a8e 100644 > --- a/src/util/viruri.c > +++ b/src/util/viruri.c > @@ -393,3 +393,33 @@ virURIGetParam(virURIPtr uri, const char *name) > _("Missing URI parameter '%s'"), name); > return NULL; > } > + > + > +/** > + * virCheckURIProxied: > + * @uri: URI to check > + * > + * Check if the URI looks like it refers to a non-standard socket path. In such > + * scenario the socket might be proxied to a remote server even though the URI > + * looks like it is only local. > + * > + * Returns: true if the URI might be proxied to a remote server > + */ > +bool > +virURICheckProxied(virURIPtr uri) I'd call this function virURICheckUnixSocket or similar as that's what it's actually doing. It doesn't really care whether the socket is connected to a proxy or not. > +{ > + size_t i = 0; > + > + if (!uri->scheme) > + return false; > + > + if (STRNEQ_NULLABLE(strchr(uri->scheme, '+'), "+unix")) > + return false; > + > + for (i = 0; i < uri->paramsCount; i++) { > + if (STREQ(uri->params[i].name, "socket")) > + return true; > + } > + > + return false; > +} Reviewed-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
