Re: [Qemu-devel] [PATCH v3 24/27] migration: define 'tls-creds' and 'tls-hostname' migration parameters

[Daniel P. Berrange]

On Thu, Mar 10, 2016 at 05:42:45PM +0000, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (address@hidden) wrote:
> > Define two new migration parameters to be used with TLS encryption.
> > The 'tls-creds' parameter provides the ID of an instance of the
> > 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> > Providing these credentials will enable use of TLS on the migration
> > data stream.
> > 
> > If using x509 certificates, together with a migration URI that does
> > not include a hostname, the 'tls-hostname' parameter provides the
> > hostname to use when verifying the server's x509 certificate. This
> > allows TLS to be used in combination with fd: and exec: protocols
> > where a TCP connection is established by a 3rd party outside of
> > QEMU.
> > 
> > For the HMP this sadly requires adding a new monitor command
> > 'migration_set_str_parameter', since the existing command
> > 'migration_set_parameter' is fixed to take integer values.
> 
> Can you explain why?
> The definition of the 's' string type in monitor.c says:
>  * 's'          string (accept optional quote)
> 
> and hmp_block_stream already uses 's' for an integer parameter (why?).
> So if you just changed the definition to take a :s parameter it would
> work wouldn't it as long as you did an appropriate check in 
> hmp_migrate_set_parameter?

Hmm, I thought that changing  migration_set_parameter from 'i' to 's'
would be a non-backwards compatible change. If that change is possible
though, its obviously preferrable to adding a new command.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|