[Spice-devel] Spice required ports

Alon Levy alevy at redhat.com
Thu Dec 1 09:39:46 PST 2011 

On Thu, Dec 01, 2011 at 11:01:39AM -0500, Richard Mann wrote:
>    Just joined.  Not sure where to ask this question.  It relates to
>    security and opening ports on a firewall through which the Spice
>    clients and server would communicate.  I would like to know how many
>    ports will need to be opened on a firewall to support the 6
>    communications channels between the Spice clients and server.
>    Excerpt from Spice for Newbies PDF.
>    --------------------------------------------------------
>    2.3.2.1 Channels
>    The client and server communicate via channels. Each channel type is
>    dedicated to a specific type
>    of data. Each channel uses a dedicated TCP socket......
>    The available channels are:
>    o Main - implemented by RedClient (see above).
>    o DisplayChannel - handles graphic commands, images and video streams.
>    o InputsChannel - keyboard and mouse inputs.
>    o CursorChannel - pointer device position, visibility and cursor shape.
>    o PlaybackChannel - audio received from the server to be played by the
>    client .
>    o RecordChannel - audio captured on the client side.
>    --------------------------------------------------------
>    After looking at the Spice PDFs it appears to me that 6 ports would
>    need to be opened although the default Spice server port appears to be
>    5930 (just one port and not six).
>    I would like to know how many ports are required (listening) on the
>    Spice server to handle all 6 channels (TCP sockets)?  I am assuming
>    each channel (TCP socket) requires its own port on the Spice server.
>    Thanks,
>    Rich

The docs are correct - it is a single port, opened six times. The same
way that firefox/$BROWSER opens multiple connections to a single server
Broswers do this to speed up downloading of multiple images / css etc.,
but the same idea - single port 80 but multiple connections aka
sockets.

To be exact it can be two ports if you use both a ssl and a non ssl
port, i.e. qemu -spice port=<port>,tls-port=<tls-port>

> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

More information about the Spice-devel mailing list