From nobody Mon Feb 9 09:08:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1598334552; cv=none; d=zohomail.com; s=zohoarc; b=iwlT0VyfeGfz5odPFLxQo6D+wi0DaJAwE6aluzRfl3SD2ejtUP2X9aGqHOChgPwd3z2w2Xosr6ECO6DgsDsCjRfklfoYF1qnNxj3SeIeyQWyPnnybsRRl8XN4diqWxNuSq9olv+xIAkt4X2Ui9/ER3fZxnW7RXIA1ZhWnfr21BE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1598334552; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Btea4ah8NZ5+oZ+gMbZLxfm2DI8nt47CQ2vgh9Juyuw=; b=R0vxGf8gYnaXDRdnlhiXmzKHcC7qBBNSHzdhNV8sw8w0UzVShdfUW2Eif8M/4/XKrmvk3N89At7VGIhBhlHjz+ChNeU1apik9g1p3khYVNl6wlDgFfrzCLtBCa6Ia/6UBmHlPSDzk6Dum+qEvzXVewNjDSkLiWKOEa5bHIVFkJw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1598334552538102.5766915913398; Mon, 24 Aug 2020 22:49:12 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-411-RDMrS-bFOp2_I8Q4hW1UDg-1; Tue, 25 Aug 2020 01:49:09 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E99C681F023; Tue, 25 Aug 2020 05:49:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C4E4A6198B; Tue, 25 Aug 2020 05:49:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 91BC4181A07B; Tue, 25 Aug 2020 05:49:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07P5lLr0008077 for ; Tue, 25 Aug 2020 01:47:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7B0245DD6E; Tue, 25 Aug 2020 05:47:21 +0000 (UTC) Received: from carol.localdomain (unknown [10.40.192.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19E4B5D9D5 for ; Tue, 25 Aug 2020 05:47:21 +0000 (UTC) Received: from carol.redhat.com (carol.k8r.cz [127.0.0.1]) by carol.localdomain (Postfix) with ESMTP id 7D34CC200B1 for ; Tue, 25 Aug 2020 07:47:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598334551; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Btea4ah8NZ5+oZ+gMbZLxfm2DI8nt47CQ2vgh9Juyuw=; b=NyMlORQ4hPHrhwrtRMx6yz18KXq/8DPUbq2dYVlTeVHylGeOqDYLqs5x9zY0v7z6OS9LIH Xe4jAiVzmpeY5RSGpQOwF7zIQsK5fsPQc7UxHKpzDnbmV7KERdLQIOOcaiixkUM34AnA3k 95+2dR6qSm8WVgZnECwaugoYiG1inrg= X-MC-Unique: RDMrS-bFOp2_I8Q4hW1UDg-1 From: Martin Kletzander To: libvir-list@redhat.com Subject: [libvirt PATCH 7/9] peer2peer migration: allow connecting to local sockets Date: Tue, 25 Aug 2020 07:47:13 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Local socket connections were outright disabled because there was no "serve= r" part in the URI. However, given how requirements and usage scenarios are evolving, some management apps might need the source libvirt daemon to conn= ect to the destination daemon over a UNIX socket for peer2peer migration. Sinc= e we cannot know where the socket leads (whether the same daemon or not) let's d= ecide that based on whether the socket path is non-standard, or rather explicitly specified in the URI. Checking non-standard path would require to ask the daemon for configuration and the only misuse that it would prevent would be= a pretty weird one. And that's not worth it. The assumption is that whenever someone uses explicit UNIX socket paths in the URI for migration they better know what they are doing. Partially resolves: https://bugzilla.redhat.com/1638889 Signed-off-by: Martin Kletzander Reviewed-by: Jiri Denemark --- docs/manpages/virsh.rst | 9 +++++++++ src/libvirt-domain.c | 8 +++++++- src/remote/remote_driver.c | 8 ++++++-- src/util/viruri.c | 30 ++++++++++++++++++++++++++++++ src/util/viruri.h | 2 ++ tests/virmigtest.c | 2 +- 6 files changed, 55 insertions(+), 4 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 75f475eea6ad..cbb3c18deb30 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -3235,6 +3235,15 @@ has different semantics: =20 * peer2peer migration: the *desturi* is an address of the target host as s= een from the source machine. =20 +In a special circumstance where you require a complete control of the conn= ection +and/or libvirt does not have network access to the remote side you can use= a +unix transport in the URI and specify a socket path in the query, for exam= ple +with the qemu driver you could use this: + +.. code-block:: + + qemu+unix://?socket=3D/path/to/socket + When *migrateuri* is not specified, libvirt will automatically determine t= he hypervisor specific URI. Some hypervisors, including QEMU, have an option= al "migration_host" configuration parameter (useful when the host has multiple diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 4d958ca5219d..fba4302e3d00 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -3276,7 +3276,13 @@ virDomainMigrateCheckNotLocal(const char *dconnuri) =20 if (!(tempuri =3D virURIParse(dconnuri))) return -1; - if (!tempuri->server || STRPREFIX(tempuri->server, "localhost")) { + + /* + * If someone migrates explicitly to a unix socket, then they have to = know + * what they are doing and it most probably was not a mistake. + */ + if ((tempuri->server && STRPREFIX(tempuri->server, "localhost")) || + (!tempuri->server && !virURICheckProxied(tempuri))) { virReportInvalidArg(dconnuri, "%s", _("Attempt to migrate guest to the same host")= ); return -1; diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0331060a2d5d..77a1c00c63a5 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1430,9 +1430,13 @@ remoteConnectOpen(virConnectPtr conn, =20 /* If there's a driver registered we must defer to that. * If there isn't a driver, we must connect in "direct" - * mode - see doRemoteOpen */ + * mode - see doRemoteOpen. + * One exception is if we are trying to connect to an + * unknown socket path as that might be proxied to remote + * host */ if (!conn->uri->server && - virHasDriverForURIScheme(driver)) { + virHasDriverForURIScheme(driver) && + !virURICheckProxied(conn->uri)) { ret =3D VIR_DRV_OPEN_DECLINED; goto cleanup; } diff --git a/src/util/viruri.c b/src/util/viruri.c index 0112186fdbc4..91f86de19a8e 100644 --- a/src/util/viruri.c +++ b/src/util/viruri.c @@ -393,3 +393,33 @@ virURIGetParam(virURIPtr uri, const char *name) _("Missing URI parameter '%s'"), name); return NULL; } + + +/** + * virCheckURIProxied: + * @uri: URI to check + * + * Check if the URI looks like it refers to a non-standard socket path. I= n such + * scenario the socket might be proxied to a remote server even though the= URI + * looks like it is only local. + * + * Returns: true if the URI might be proxied to a remote server + */ +bool +virURICheckProxied(virURIPtr uri) +{ + size_t i =3D 0; + + if (!uri->scheme) + return false; + + if (STRNEQ_NULLABLE(strchr(uri->scheme, '+'), "+unix")) + return false; + + for (i =3D 0; i < uri->paramsCount; i++) { + if (STREQ(uri->params[i].name, "socket")) + return true; + } + + return false; +} diff --git a/src/util/viruri.h b/src/util/viruri.h index e607ecc109e7..b71f5501df07 100644 --- a/src/util/viruri.h +++ b/src/util/viruri.h @@ -62,4 +62,6 @@ int virURIResolveAlias(virConfPtr conf, const char *alias= , char **uri); =20 const char *virURIGetParam(virURIPtr uri, const char *name); =20 +bool virURICheckProxied(virURIPtr uri); + #define VIR_URI_SERVER(uri) ((uri) && (uri)->server ? (uri)->server : "loc= alhost") diff --git a/tests/virmigtest.c b/tests/virmigtest.c index 9539aadb5157..5f52beab1421 100644 --- a/tests/virmigtest.c +++ b/tests/virmigtest.c @@ -82,7 +82,7 @@ mymain(void) =20 TEST("scheme://some.cryptorandom.fqdn.tld"); =20 - TEST_FAIL("hehe+unix:///?socket=3D/path/to/some-sock"); + TEST("hehe+unix:///?socket=3D/path/to/some-sock"); =20 return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } --=20 2.28.0