On Wed, 24 Oct 2018, 20:34 Anastasiya Ruzhanskaya, <
anastasiya.ruzhanskaya(a)frtk.ru> wrote:
My proxy is based on mitmproxy,
this is http/s proxy...
so I want to analyze messages coming from client to ovirt-engine or from
engine to node and based on the content permit the actions or not. I
know
that there is access control inside oVirt, but I need to implement the
similar thing by myself using proxy. From ovirt-engine to vdsm it is
trickier as there I have no users and session ids to identify the actor, I
can determine only actions.
But anyway, I can decipher normal rpc ( for virt-manager), got familiar
with gwt -rpc ( client-engine) and now trying to understand what is
happening with xml rpc.
but engine and vdsm are using jsonrpc over stomp, which is similar to http,
but not the same.
ср, 24 окт. 2018 г. в 21:41, Nir Soffer <nsoffer(a)redhat.com>:
>
>
> On Wed, 24 Oct 2018, 18:51 Anastasiya Ruzhanskaya, <
> anastasiya.ruzhanskaya(a)frtk.ru> wrote:
>
>> I need this for my proxy,
>>
>
> What is your proxy?
>
> I need to do this analysis "online", not just by analyzing the logs after
>> the action happened.
>>
>> ср, 24 окт. 2018 г. в 19:00, Nir Soffer <nsoffer(a)redhat.com>:
>>
>>>
>>> On Wed, 24 Oct 2018, 13:16 Anastasiya Ruzhanskaya, <
>>> anastasiya.ruzhanskaya(a)frtk.ru> wrote:
>>>
>>>> Hello!
>>>> I was successful in deciphering the traffic between the client and
>>>> ovirt-engine,
>>>>
>>>
>>> Why do you need to do this? it is easier to add logging to vdsm of you
>>> want to see more info about the messages.
>>>
>>> Anyway Piotr may help.
>>>
>>> Nir
>>>
>>> actually, only by dumping the premaster key from the browser, which was
>>>> generated during the session and providing it to wireshark.
>>>>
>>>> How it can be done for ovirt-engine and vdsm communication? Should the
>>>> engine private key be provided? Actually to my surprise I don't see
any ssl
>>>> communication between engine and node when for example turn on the
virtual
>>>> machine, only tcp packets. But this page
>>>>
https://ovirt.org/develop/release-management/features/infra/pki/
>>>> states that there should be one. And also should I look for any xml rpc
>>>> dissector? I know that for example virt-manager uses rpc protocol, I
found
>>>> a dissector for that case, but seems I need another one here.
>>>> _______________________________________________
>>>> Devel mailing list -- devel(a)ovirt.org
>>>> To unsubscribe send an email to devel-leave(a)ovirt.org
>>>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>>>> oVirt Code of Conduct:
>>>>
https://www.ovirt.org/community/about/community-guidelines/
>>>> List Archives:
>>>>
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/HJOBKO5MOF5...
>>>>
>>>