From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54194) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzZa-0007mx-TV for qemu-devel@nongnu.org; Wed, 04 Feb 2015 08:00:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YIzZX-0002kk-HQ for qemu-devel@nongnu.org; Wed, 04 Feb 2015 08:00:50 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43423) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzZX-0002kI-9h for qemu-devel@nongnu.org; Wed, 04 Feb 2015 08:00:47 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t14D0jJt017901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 4 Feb 2015 08:00:46 -0500 Date: Wed, 4 Feb 2015 13:00:41 +0000 From: "Daniel P. Berrange" Message-ID: <20150204130041.GQ3032@redhat.com> References: <20150204113229.GN3032@redhat.com> <54D213E0.8090408@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <54D213E0.8090408@redhat.com> Subject: Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel@nongnu.org On Wed, Feb 04, 2015 at 01:43:12PM +0100, Paolo Bonzini wrote: > > > On 04/02/2015 12:32, Daniel P. Berrange wrote: > > So my idea would be that we define a QEMUChannel object and set of APIs to > > standardize all interaction with sockets, pipes, RDMA, whatever $channel, > > and then convert the QEMU features I've mentioned over to use that. I think > > that would be simpler than trying to untangle QEMUFile code from migration > > and then extend its features. > > Could it be GIOChannel simply? > > 1) Chardev is already mostly a wrapper around GIOChannel > > 2) NBD and VNC could be converted to GIOChannel with relative ease > > 3) migration is more complicated because (unlike everything else) it > uses a separate thread and blocking sockets, but you could probably > write a GIOChannel-based implementation of QEMUFile. It might be possible to base it on GIOChannel, but IIRC some of the migration code was using iovecs for I/O and GIOChannel API doesn't allow for that. So you'd have to sacrifice performance by issuing a separate syscall for each iovec element which seems sucky to me. If you think that's an acceptable limitation though, I could certainly explore use of GIOChannel. More broadly speaking GIOChannel has fallen out of favour in the glib ecosystem, with most apps/libraries more focused on use of the GIO APIs instead, but IIUC QEMU avoids use of the GIO library due to need to support older glib versions. > I found a GIOChannel wrapper for gnutls at > https://github.com/aldebaran/connman/blob/master/gweb/giognutls.c. It's > not the right license for QEMU (GPLv2-only) but it's only 400 lines of > code. If necessary I can help with clean-room reverse engineering. It doesn't seem todo any thing related to certificate validation which explains why it is so short compared ot the gnutls code we already have for VNC in QEMU. So I don't think it's particularly useful in terms of saving effort. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|