Re: [Engine-devel] [Spice-devel] RFC: spice-server default listen behaviour change

(I missed engine-devel@ previously because of typo :() just two additions I missed yesterday: David Jaša píše v Čt 14. 06. 2012 v 17:32 +0200:
Hi,
I learned few things about ipv6 lately. Most importantly about dual-socket that means that a process that opens ::0 automatically listens on both ipv4 _and_ ipv6 unless it sets IPV6_ONLY option of setsockopt() to 0.
This is pretty important wrt dual-stack configurations because they can be implemented with just slight changes to spice server (unlike the old RFE requesting listening on multiple addresses):
* when no addr= or ipvx options are set, listen on ::0
* when ipv4 and no addr= option is set, listen on 0.0.0.0
* when ipv6 is set, set IPV6_ONLY to 1 to make sure that spice server won't listen on ipv4
* when conflicting ipvx and addr= options are set, error out (this already works fine)
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
This will affect upper layers though, given bugs like https://bugzilla.redhat.com/show_bug.cgi?id=832121 , but it seems to me like the step in the right direction. Any thoughts/comments before I file this as a bug?
oVirt could leverage the last bullet to add dual-stack support pretty much transparently if the display network is defined by dns name. Is there an interest in this?
David
-- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU would have to call getifaddrs() to determine what IP addresses currently correspond to eth0. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

On 06/15/12 12:00, Daniel P. Berrange wrote:
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU would have to call getifaddrs() to determine what IP addresses currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a specific ip address (or multiple), just specified in a different way ;) Note that supporting this isn't going to work with a single listening socket. Having ipv6 sockets accept ipv4 connects too works for wildcard sockets only. If you want listening on all ip{v4,v6} addresses of an interface you'll need a listening socket for each. cheers, Gerd

On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
On 06/15/12 12:00, Daniel P. Berrange wrote:
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU would have to call getifaddrs() to determine what IP addresses currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a specific ip address (or multiple), just specified in a different way ;)
Note that supporting this isn't going to work with a single listening socket. Having ipv6 sockets accept ipv4 connects too works for wildcard sockets only. If you want listening on all ip{v4,v6} addresses of an interface you'll need a listening socket for each.
Yeah, I'm almost certain you'll need to have multiple listening sockets for this to work Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

Daniel P. Berrange píše v Pá 15. 06. 2012 v 11:54 +0100:
On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
On 06/15/12 12:00, Daniel P. Berrange wrote:
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU would have to call getifaddrs() to determine what IP addresses currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a specific ip address (or multiple), just specified in a different way ;)
Note that supporting this isn't going to work with a single listening socket. Having ipv6 sockets accept ipv4 connects too works for wildcard sockets only. If you want listening on all ip{v4,v6} addresses of an interface you'll need a listening socket for each.
Yeah, I'm almost certain you'll need to have multiple listening sockets for this to work
Daniel
Well, I've checked what my local dnsmasq does and it's doing precisely what you say: tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29426/dnsmasq tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 29426/dnsmasq tcp 0 0 ::1:53 :::* LISTEN 29426/dnsmasq tcp 0 0 fe80::4c03:d0ff:fec2:aa7:53 :::* LISTEN 29426/dnsmasq In other words, dual-socket won't make dual-stack for selected interface possible without implementing https://bugzilla.redhat.com/show_bug.cgi?id=787256 anyway. :( David -- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

David Jaša píše v Pá 15. 06. 2012 v 15:10 +0200:
Daniel P. Berrange píše v Pá 15. 06. 2012 v 11:54 +0100:
On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
On 06/15/12 12:00, Daniel P. Berrange wrote:
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU would have to call getifaddrs() to determine what IP addresses currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a specific ip address (or multiple), just specified in a different way ;)
Note that supporting this isn't going to work with a single listening socket. Having ipv6 sockets accept ipv4 connects too works for wildcard sockets only. If you want listening on all ip{v4,v6} addresses of an interface you'll need a listening socket for each.
Yeah, I'm almost certain you'll need to have multiple listening sockets for this to work
Daniel
Well, I've checked what my local dnsmasq does and it's doing precisely what you say: tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29426/dnsmasq tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 29426/dnsmasq tcp 0 0 ::1:53 :::* LISTEN 29426/dnsmasq tcp 0 0 fe80::4c03:d0ff:fec2:aa7:53 :::* LISTEN 29426/dnsmasq
In other words, dual-socket won't make dual-stack for selected interface possible without implementing https://bugzilla.redhat.com/show_bug.cgi?id=787256 anyway. :(
David
Scratch that. After some more research, I found this in socket (7): SO_BINDTODEVICE Bind this socket to a particular device like "eth0", as speci- fied in the passed interface name. If the name is an empty string or the option length is zero, the socket device binding is removed. The passed option is a variable-length null-termi- nated interface name string with the maximum size of IFNAMSIZ. If a socket is bound to an interface, only packets received from that particular interface are processed by the socket. Note that this only works for some socket types, particularly AF_INET sockets. It is not supported for packet sockets (use normal bind(8) there) So using wildcard address and this socket option should be the least-effort way to support dual-stack display networks if I get it right... David -- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

Gerd Hoffmann píše v Pá 15. 06. 2012 v 11:48 +0200:
Hi,
* new spice-server feature: add option to bind to a selected interface regardless of its addresses
How does that work?
I'm aware that for example dnsmasq does this with its --bind-interfaces option. If I'm grepping their repo correctly, it's done like this: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/option.c#l325 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/dhcp.c#l66 David
cheers, Gerd _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
-- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
participants (3)
-
Daniel P. Berrange
-
David Jaša
-
Gerd Hoffmann