11:32 a.m.
Hi,
I learned few things about ipv6 lately. Most importantly about
dual-socket that means that a process that opens ::0 automatically
listens on both ipv4 _and_ ipv6 unless it sets IPV6_ONLY option of
setsockopt() to 0.
This is pretty important wrt dual-stack configurations because they can
be implemented with just slight changes to spice server (unlike the old
RFE requesting listening on multiple addresses):
* when no addr= or ipvx options are set, listen on ::0
* when ipv4 and no addr= option is set, listen on 0.0.0.0
* when ipv6 is set, set IPV6_ONLY to 1 to make sure that spice server
won't listen on ipv4
* when conflicting ipvx and addr= options are set, error out (this
already works fine)
This will affect upper layers though, given bugs like
https://bugzilla.redhat.com/show_bug.cgi?id=832121 , but it seems to me
like the step in the right direction. Any thoughts/comments before I
file this as a bug?
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
4:36 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
Hi,
This is pretty important wrt dual-stack configurations because they
can
be implemented with just slight changes to spice server (unlike the old
RFE requesting listening on multiple addresses):
* when no addr= or ipvx options are set, listen on ::0
spice-server sets "ai.ai_flags = AI_PASSIVE | AI_ADDRCONFIG", which
should make getaddrinfo() pick something reasonable, specifically listen
on ipv6 only if the machine actually has ipv6 connectivity.
I think this is the behavior we want here.
* when ipv4 and no addr= option is set, listen on 0.0.0.0
Works today.
* when ipv6 is set, set IPV6_ONLY to 1 to make sure that spice
server
won't listen on ipv4
Trivially to add, see patch.
* when conflicting ipvx and addr= options are set, error out (this
already works fine)
Works today indeed.
cheers,
Gerd
5:02 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
Gerd Hoffmann píše v Pá 15. 06. 2012 v 10:36 +0200:
Hi,
> This is pretty important wrt dual-stack configurations because they can
> be implemented with just slight changes to spice server (unlike the old
> RFE requesting listening on multiple addresses):
>
> * when no addr= or ipvx options are set, listen on ::0
spice-server sets "ai.ai_flags = AI_PASSIVE | AI_ADDRCONFIG", which
should make getaddrinfo() pick something reasonable, specifically listen
on ipv6 only if the machine actually has ipv6 connectivity.
I don't think that listening on IPv6 exclusively is good when the host
has both IPv4 and IPv6 connectivity. Think about dual stack setups where
the spice-server host is defined by host name that can resolve to both
IPv6 and IPv4 addresses.
David
I think this is the behavior we want here.
> * when ipv4 and no addr= option is set, listen on 0.0.0.0
Works today.
> * when ipv6 is set, set IPV6_ONLY to 1 to make sure that spice server
> won't listen on ipv4
Trivially to add, see patch.
> * when conflicting ipvx and addr= options are set, error out (this
> already works fine)
Works today indeed.
cheers,
Gerd
_______________________________________________
Spice-devel mailing list
Spice-devel(a)lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
5:27 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
On 06/15/12 11:02, David Jaša wrote:
Gerd Hoffmann píše v Pá 15. 06. 2012 v 10:36 +0200:
> Hi,
>
>> This is pretty important wrt dual-stack configurations because they can
>> be implemented with just slight changes to spice server (unlike the old
>> RFE requesting listening on multiple addresses):
>>
>> * when no addr= or ipvx options are set, listen on ::0
>
> spice-server sets "ai.ai_flags = AI_PASSIVE | AI_ADDRCONFIG", which
> should make getaddrinfo() pick something reasonable, specifically listen
> on ipv6 only if the machine actually has ipv6 connectivity.
>
I don't think that listening on IPv6 exclusively is good when the host
has both IPv4 and IPv6 connectivity.
Huh? Oh, I see you can read the sentence two ways:
(1) specifically listen on ipv6 only, if the machine actually has ipv6
connectivity
(2) specifically listen on ipv6, only if the machine actually has ipv6
connectivity
I mean (2), i.e. do not create a ipv6 socket if the machine has no ipv6
connectivity.
When creating a ipv6 socket IPV6_ONLY should be clear by default indeed,
so both ipv4 and ipv6 will work.
cheers,
Gerd
4:50 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
(I missed engine-devel@ previously because of typo :()
just two additions I missed yesterday:
David Jaša píše v Čt 14. 06. 2012 v 17:32 +0200:
Hi,
I learned few things about ipv6 lately. Most importantly about
dual-socket that means that a process that opens ::0 automatically
listens on both ipv4 _and_ ipv6 unless it sets IPV6_ONLY option of
setsockopt() to 0.
This is pretty important wrt dual-stack configurations because they can
be implemented with just slight changes to spice server (unlike the old
RFE requesting listening on multiple addresses):
* when no addr= or ipvx options are set, listen on ::0
* when ipv4 and no addr= option is set, listen on 0.0.0.0
* when ipv6 is set, set IPV6_ONLY to 1 to make sure that spice server
won't listen on ipv4
* when conflicting ipvx and addr= options are set, error out (this
already works fine)
* new spice-server feature: add option to bind to a selected interface
regardless of its addresses
This will affect upper layers though, given bugs like
https://bugzilla.redhat.com/show_bug.cgi?id=832121 , but it seems to me
like the step in the right direction. Any thoughts/comments before I
file this as a bug?
oVirt could leverage the last bullet to add dual-stack support pretty
much transparently if the display network is defined by dns name. Is
there an interest in this?
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
6 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
Hi,
> * new spice-server feature: add option to bind to a selected interface
> regardless of its addresses
How does that work?
I presume the client app would request listen=eth0, and the QEMU
would have to call getifaddrs() to determine what IP addresses
currently correspond to eth0.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
6:44 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
On 06/15/12 12:00, Daniel P. Berrange wrote:
On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
> Hi,
>
>> * new spice-server feature: add option to bind to a selected interface
>> regardless of its addresses
>
> How does that work?
I presume the client app would request listen=eth0, and the QEMU
would have to call getifaddrs() to determine what IP addresses
currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a
specific ip address (or multiple), just specified in a different way ;)
Note that supporting this isn't going to work with a single listening
socket. Having ipv6 sockets accept ipv4 connects too works for wildcard
sockets only. If you want listening on all ip{v4,v6} addresses of an
interface you'll need a listening socket for each.
cheers,
Gerd
6:54 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
On 06/15/12 12:00, Daniel P. Berrange wrote:
> On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
>> Hi,
>>
>>> * new spice-server feature: add option to bind to a selected interface
>>> regardless of its addresses
>>
>> How does that work?
>
> I presume the client app would request listen=eth0, and the QEMU
> would have to call getifaddrs() to determine what IP addresses
> currently correspond to eth0.
Ah, so there isn't a direct way I'm not aware of, you still bind to a
specific ip address (or multiple), just specified in a different way ;)
Note that supporting this isn't going to work with a single listening
socket. Having ipv6 sockets accept ipv4 connects too works for wildcard
sockets only. If you want listening on all ip{v4,v6} addresses of an
interface you'll need a listening socket for each.
Yeah, I'm almost certain you'll need to have multiple listening sockets
for this to work
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
9:10 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
Daniel P. Berrange píše v Pá 15. 06. 2012 v 11:54 +0100:
On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
> On 06/15/12 12:00, Daniel P. Berrange wrote:
> > On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
> >> Hi,
> >>
> >>> * new spice-server feature: add option to bind to a selected interface
> >>> regardless of its addresses
> >>
> >> How does that work?
> >
> > I presume the client app would request listen=eth0, and the QEMU
> > would have to call getifaddrs() to determine what IP addresses
> > currently correspond to eth0.
>
> Ah, so there isn't a direct way I'm not aware of, you still bind to a
> specific ip address (or multiple), just specified in a different way ;)
>
> Note that supporting this isn't going to work with a single listening
> socket. Having ipv6 sockets accept ipv4 connects too works for wildcard
> sockets only. If you want listening on all ip{v4,v6} addresses of an
> interface you'll need a listening socket for each.
Yeah, I'm almost certain you'll need to have multiple listening sockets
for this to work
Daniel
Well, I've checked what my local dnsmasq does and it's doing precisely
what you say:
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
29426/dnsmasq
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
29426/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN
29426/dnsmasq
tcp 0 0 fe80::4c03:d0ff:fec2:aa7:53 :::* LISTEN
29426/dnsmasq
In other words, dual-socket won't make dual-stack for selected interface
possible without implementing
https://bugzilla.redhat.com/show_bug.cgi?id=787256
anyway. :(
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
9:33 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
David Jaša píše v Pá 15. 06. 2012 v 15:10 +0200:
Daniel P. Berrange píše v Pá 15. 06. 2012 v 11:54 +0100:
> On Fri, Jun 15, 2012 at 12:44:04PM +0200, Gerd Hoffmann wrote:
> > On 06/15/12 12:00, Daniel P. Berrange wrote:
> > > On Fri, Jun 15, 2012 at 11:48:28AM +0200, Gerd Hoffmann wrote:
> > >> Hi,
> > >>
> > >>> * new spice-server feature: add option to bind to a selected
interface
> > >>> regardless of its addresses
> > >>
> > >> How does that work?
> > >
> > > I presume the client app would request listen=eth0, and the QEMU
> > > would have to call getifaddrs() to determine what IP addresses
> > > currently correspond to eth0.
> >
> > Ah, so there isn't a direct way I'm not aware of, you still bind to a
> > specific ip address (or multiple), just specified in a different way ;)
> >
> > Note that supporting this isn't going to work with a single listening
> > socket. Having ipv6 sockets accept ipv4 connects too works for wildcard
> > sockets only. If you want listening on all ip{v4,v6} addresses of an
> > interface you'll need a listening socket for each.
>
> Yeah, I'm almost certain you'll need to have multiple listening sockets
> for this to work
>
> Daniel
Well, I've checked what my local dnsmasq does and it's doing precisely
what you say:
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
29426/dnsmasq
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
29426/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN
29426/dnsmasq
tcp 0 0 fe80::4c03:d0ff:fec2:aa7:53 :::* LISTEN
29426/dnsmasq
In other words, dual-socket won't make dual-stack for selected interface
possible without implementing
https://bugzilla.redhat.com/show_bug.cgi?id=787256
anyway. :(
David
Scratch that. After some more research, I found this in socket (7):
SO_BINDTODEVICE
Bind this socket to a particular device like "eth0", as speci-
fied in the passed interface name. If the name is an empty
string or the option length is zero, the socket device binding
is removed. The passed option is a variable-length null-termi-
nated interface name string with the maximum size of IFNAMSIZ.
If a socket is bound to an interface, only packets received from
that particular interface are processed by the socket. Note
that this only works for some socket types, particularly AF_INET
sockets. It is not supported for packet sockets (use normal
bind(8) there)
So using wildcard address and this socket option should be the
least-effort way to support dual-stack display networks if I get it
right...
David
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
6:03 a.m.
New subject: [libvirt] [Spice-devel] RFC: spice-server default listen behaviour change
Gerd Hoffmann píše v Pá 15. 06. 2012 v 11:48 +0200:
Hi,
> * new spice-server feature: add option to bind to a selected interface
> regardless of its addresses
How does that work?
I'm aware that for example dnsmasq does this with its --bind-interfaces
option. If I'm grepping their repo correctly, it's done like this:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/option.c#l325
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/dhcp.c#l66
David
cheers,
Gerd
_______________________________________________
Spice-devel mailing list
Spice-devel(a)lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
4748
days inactive
4749
days old
11 comments
3 participants
participants (3)
-
Daniel P. Berrange -
David Jaša -
Gerd Hoffmann