On Fri, Oct 30, 2015 at 03:52:56PM -0500, Jeremy White wrote: > We do this by auto detecting the inbound http(s) 'GET' and probing > for a well formulated WebSocket binary connection, such as used > by the spice-html5 client. If detected, we implement a set of > cover functions that abstract the read/write/writev functions, > in a fashion similar to the SASL implemented. I'm not really a huge fan of overloading two protocols on the same socket in this way. I'd be rather inclined to have a separate port open for the websockets protocol, in the same way that QEMU does the VNC server. Admins should be able to choose which protocol is available to their clients. For example, they might launch QEMU with both protocols available, but only wish to make one of the protocols available to the public internet. By overloading both protocols on the same port, you prevent them from being able todo this in firewall rules. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel