[Spice-devel] are there any new spice protocol document?
Dennis Chen
atticcat at gmail.com
Sat Apr 18 06:56:31 PDT 2015
Hi, Christophe
Thanks for the reply. I will read the information that you shared.
We are developing a cloud solution, the back-end is openstack.
We tried spice-html5 console by embedding openstack console page and found
the performance is not good.
We think using the native client might be faster than html5 and has more
features, however, we can't find any secure way to let native client
connect to internal VM (spice server).
(Say spice://192.168.1.2:5900 is a VM's internal connection url, 192.168.1.2
is internal, should't be public, and 5900 is also too simple to be guessed by
another user that another VM is 5901, or 5902 )
I am trying to write a spice-proxy to provide client to connect with a
dynamic password (a token, with timeout, created by our system when user
acquires console connection).
Then by the valid password(token), the spice-proxy gets the VM (spice
server) connection host-port, and channeling between client and internal VM.
So far, the experiment result is acceptable, it works fine between the last
remote-viewer (in Windows) and openstack(icehouse).
However, because of some data fields are not defined in 1.0 draft and I am
also new to spice,
so I can just mimic unknow fields (by using the value/length in the
real/direct connection),
and this makes this proxy very unstable with other version of client and
spice server.
Maybe there is another way to do this, help anyone could provide some idea.
/Dennis
2015-04-17 18:33 GMT+08:00 Christophe Fergeau <cfergeau at redhat.com>:
> Hi,
>
> On Wed, Apr 15, 2015 at 04:41:41PM +0800, Dennis Chen wrote:
> > Hi,
> > I am studying spice protocol, and I found a document here :
> > http://www.spice-space.org/docs/spice_protocol.pdf,
> > which is draft and version is 1.0.
> >
> > Just want to know is this document new enough ( I try to write a proxy to
> > study from the real communication, but I found there are some extra data
> > fields that is not defined in this document)
> >
> > Are there any new document, If yes, where can I get it?
>
> I'm afraid there is not a more up to date version of this document
> except from
> http://cgit.freedesktop.org/spice/spice-common/tree/spice.proto and more
> generally spice/spice-gtk sources.
> What kind of proxy are you trying to develop? Recent spice-gtk versions
> are able to use a HTTP CONNECT proxy rather than a direct connection to
> the host running the SPICE server.
>
> Christophe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20150418/9715e72a/attachment.html>
More information about the Spice-devel
mailing list