[Xen-devel] Fix handle of vncunused parameter for HVM framebuffe

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] Fix handle of vncunused parameter for HVM framebuffer
From:	"Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date:	Tue, 3 Oct 2006 22:02:12 +0100
Delivery-date:	Tue, 03 Oct 2006 14:02:45 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	"Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.4.1i

The 'vncunused' parameter for a guest config file is supposed to instruct
XenD (well qemu-dm) to bind to the first unused VNC display port that is
available. 

In the current xen-unstable.hg tree tough, XenD will always pass an explicit
'-vnc <display num>' parameter to qemu-dm, regardless of whether 'vncunused'
is set. So the 'vncunused' bit only takes effect if the explicitly passed
display already has something bound to it.

For example it runs

/usr/lib64/xen/bin/qemu-dm \
    -d 136 \
    -m 500  \ 
    -boot c  \
    -serial pty  \
    -vcpus 1 \
    -domain-name rhel4x86_64 \
    -net nic,vlan=1,macaddr=00:16:3e:38:17:80,model=rtl8139 \
    -net tap,vlan=1,bridge=xenbr0 \
    -vnc 136 \
    -vncunused \
    -k en-us 

This may not look too bad, but consider what happens when the host machine
has been up for a while - the Domin ID's start getting very high - in this
example domain ID is merely 136, which makes VNC attach to 6036, but as time
goes by it'll be binding to higher & higher ports. 

This plays havoc with firewalls - for example an admin may know that only
10 domains will  ever be running at any time, so they should be able to
simply open up ports 5900 -> 5910.

The correct behaviour should be:

   - If 'vncdisplay' is set, use that explicit display
   - If 'vncunused' is set non-zero, allocate first port about 5900
   - Allocate fixed port based on domain-ID

The attached patch fixes XenD so that if 'vncused' is set, it won't specify
an explicit display num to QEMU. It also fixes a dumb error in QEMU which
caused it to start trying ports from 5898 instead of 5900. This brings the
behaviour into compliance with the rules above.

   Signed-of-By: Daniel P. Berrange <berrange@xxxxxxxxxx>

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

xen-vncunusedhvm.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] Fix handle of vncunused parameter for HVM framebuffer