Il 28/11/2012 15:46, Daniel P. Berrange ha scritto: > On Wed, Nov 28, 2012 at 03:43:16PM +0100, Paolo Bonzini wrote: >> Il 28/11/2012 11:59, Daniel P. Berrange ha scritto: >>> If the user has requested TUNNELLED migration, we need follow up work done. >>> We need the NBD server to be able to accept a pre-opened file descriptor >>> to rather than listening on a TCP host/port, >> >> This is already supported. However, the pre-opened fd would be for a >> listening socket. >> >> The main problem is that even though a single port is used on the >> destination, it is used for multiple connections. Migration would >> require an arbitrary number of streams, and I'm afraid supporting this >> would basically entail rewriting all the tunnelling code. > > Hmm, yes, that is rather a complex problem. > > I've long thought that QEMU migration should have a mode where it passes > all its data through TLS natively. So you could do secure migration, > without needing to use libvirtd tunnelling. I agree. Hopefully, the various rewrites/refactorings of the upstream migration code will make this easier. > The same is really true of the NBD code. I know the "official" NBD > impl does not do encryption, but there's no strong reason why QEMU > can't layer in TLS below the NBD protocol if it is an explicit > opt-in at both client+server requested by libvirt. That would at > least solve the security issue, without requiring tunnelling. Yes, that's a good idea. Paolo -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list