Re: [libvirt] [PATCH v1 00/11] Rework storage migration

On Wed, Nov 28, 2012 at 03:43:16PM +0100, Paolo Bonzini wrote: > Il 28/11/2012 11:59, Daniel P. Berrange ha scritto: >> If the user has requested TUNNELLED migration, we need follow up work done. >> We need the NBD server to be able to accept a pre-opened file descriptor >> to rather than listening on a TCP host/port, > > This is already supported. However, the pre-opened fd would be for a > listening socket. > > The main problem is that even though a single port is used on the > destination, it is used for multiple connections. Migration would > require an arbitrary number of streams, and I'm afraid supporting this > would basically entail rewriting all the tunnelling code. Hmm, yes, that is rather a complex problem. I've long thought that QEMU migration should have a mode where it passes all its data through TLS natively. So you could do secure migration, without needing to use libvirtd tunnelling.

The same is really true of the NBD code. I know the "official" NBD impl does not do encryption, but there's no strong reason why QEMU can't layer in TLS below the NBD protocol if it is an explicit opt-in at both client+server requested by libvirt. That would at least solve the security issue, without requiring tunnelling.