On Thu, Mar 10, 2016 at 05:42:45PM +0000, Dr. David Alan Gilbert wrote: > * Daniel P. Berrange (berra...@redhat.com) wrote: > > Define two new migration parameters to be used with TLS encryption. > > The 'tls-creds' parameter provides the ID of an instance of the > > 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'. > > Providing these credentials will enable use of TLS on the migration > > data stream. > > > > If using x509 certificates, together with a migration URI that does > > not include a hostname, the 'tls-hostname' parameter provides the > > hostname to use when verifying the server's x509 certificate. This > > allows TLS to be used in combination with fd: and exec: protocols > > where a TCP connection is established by a 3rd party outside of > > QEMU. > > > > For the HMP this sadly requires adding a new monitor command > > 'migration_set_str_parameter', since the existing command > > 'migration_set_parameter' is fixed to take integer values. > > Can you explain why? > The definition of the 's' string type in monitor.c says: > * 's' string (accept optional quote) > > and hmp_block_stream already uses 's' for an integer parameter (why?). > So if you just changed the definition to take a :s parameter it would > work wouldn't it as long as you did an appropriate check in > hmp_migrate_set_parameter?
Hmm, I thought that changing migration_set_parameter from 'i' to 's' would be a non-backwards compatible change. If that change is possible though, its obviously preferrable to adding a new command. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
