From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41953)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1ZYyiD-0005kR-HZ
	for qemu-devel@nongnu.org; Mon, 07 Sep 2015 11:52:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1ZYyiC-0002cN-Cd
	for qemu-devel@nongnu.org; Mon, 07 Sep 2015 11:52:05 -0400
Received: from mx1.redhat.com ([209.132.183.28]:48795)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1ZYyiC-0002c7-6L
	for qemu-devel@nongnu.org; Mon, 07 Sep 2015 11:52:04 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (Postfix) with ESMTPS id D8E118E689
	for <qemu-devel@nongnu.org>; Mon,  7 Sep 2015 15:52:03 +0000 (UTC)
Date: Mon, 7 Sep 2015 16:51:59 +0100
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Message-ID: <20150907155158.GF2337@work-vm>
References: <1441294768-8712-1-git-send-email-berrange@redhat.com>
	<1441294768-8712-13-git-send-email-berrange@redhat.com>
	<20150907153107.GD2337@work-vm> <20150907154116.GR29882@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150907154116.GR29882@redhat.com>
Subject: Re: [Qemu-devel] [PATCH FYI 12/46] io: add QIOChannelTLS class
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>, qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>, Amit Shah <amit.shah@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>

* Daniel P. Berrange (berrange@redhat.com) wrote:
> On Mon, Sep 07, 2015 at 04:31:08PM +0100, Dr. David Alan Gilbert wrote:
> > * Daniel P. Berrange (berrange@redhat.com) wrote:
> > > Add a QIOChannel subclass that can run the TLS protocol over
> > > the top of another QIOChannel instance. The object provides a
> > > simplified API to perform the handshake when starting the TLS
> > > session. The layering of TLS over the underlying channel does
> > > not have to be setup immediately. It is possible to take an
> > > existing QIOChannel that has done some handshake and then swap
> > > in the QIOChannelTLS layer. This allows for use with protocols
> > > which start TLS right away, and those which start plain text
> > > and then negotiate TLS.
> > > 
> > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > 
> > > ---
> > > +#ifdef QIO_DEBUG
> > > +#define DPRINTF(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
> > > +#else
> > > +#define DPRINTF(fmt, ...) do { } while (0)
> > > +#endif
> > 
> > Can you use the trace_ stuff rather than dprintf's; I've been trying
> > to remove them all from the migration code (and with trace configured in
> > stderr mode it works pretty easily).
> 
> Yeah, that's a good idea.
> 
> > On a different question; if this TLS channel is backed by a socket, can I do
> > a shutdown call that will bubble down to the socket?
> 
> The QIOChannel abstract base class did not define any shutdown method,
> since that's not a generally applicable concept - essentially only the
> sockets interface can do that. So I defined it as a method just on the
> QIOChannelSocket class. Given this, the QIOChannelTLS class does not
> know about the shutdown call.
> 
> This isn't a big deal though - the QIOChannelTLS struct exposes a
> pointer to the underling QIOChannel transport, so code that needs
> to do a shutdown, can get hold of the underlying channel and call
> shutdown on that.

You can imagine something like   compression->TLS->socket  and then it gets 
into the caller having to do a generic walk to figure out if it can
do it;  I'd rather not have to do that in caller.
I think I'd rather it was a facility on QIOChannel and then it gets
some type of ENOTSUPP error if it hits a layer that doesn't support it;
I guess the same might be true for socket behaviours like nagling and
maybe blocking.

> I forgot to do this properly when I integrated with the migration
> QEMUFile interface, so I'll fix that up, so shutdown works correctly
> with migration when TLS is enabled.

Dave

> 
> Regards,
> Daniel
> -- 
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org              -o-             http://virt-manager.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK