libvirt users - Oct 2017 - question about how to set rng device on vm

Hi Amos,

I'm a libvirt QE, and I can not understand the setting on libvirt.org for
rng device.
Could you please help to explain a little?
(The xml in  https://libvirt.org/formatdomain.html#elementsRng)
<devices>
  <rng model='virtio'>
    <rate period="2000" bytes="1234"/>
    <backend model='random'>/dev/random</backend>
    <!-- OR -->
    <backend model='egd' type='udp'>
      *<source mode='bind' service='1234'/>*
*      <source mode='connect' host='1.2.3.4'
service='1234'/>*
    </backend>
  </rng>
</devices>

How did it work with source mode='bind' and source
mode='connect' together?
which process on guest or host will act as server part, which for client
part?

One detail example:
start a vm with below device, and no egd running on host:
 <rng model='virtio'>
      <backend model='egd' type='udp'>
        <source mode='bind' service='1234'/>
        <source mode='connect' host='127.0.0.1'
service='1234'/>
      </backend>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x09'
function='0x0'/>
    </rng>

qemu command line:
-chardev udp,id=charrng0,host=127.0.0.1,port=1234,localaddr=,localport=1234
-object rng-egd,id=objrng0,chardev=charrng0 -device
virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x9


In my understanding the purpose of the rng device on guest is to provide
guest a hardware RNG device /dev/hwrng which obtain seeds from the host.
The source can be /dev/random on host, then the xml will be:
<rng model='virtio'>
      <backend model='random'>/dev/random</backend>
    </rng>

can be hardware on host:
<rng model='virtio'>
      <backend model='random'>/dev/hwrng</backend>
    </rng>

can be edg daemon running on host:
   <rng model='virtio'>
      <backend model='egd' type='tcp'>
        <source mode='connect' host='127.0.0.1'
service='1234'/>
      </backend>
    </rng>
(on host, there should be a egd daemon running on tcp 127.0.0.1:1234
 # egd.pl --debug-client --nofork localhost:1234)

Thank you very much and look forward for your response!


-------
Best Regards,
Yalan Zhang
IRC: yalzhang
Internal phone: 8389413

On 10/25/2017 03:41 PM, Yalan Zhang wrote:
> Hi Amos,
> 
> I'm a libvirt QE, and I can not understand the setting on libvirt.org
for
> rng device.
> Could you please help to explain a little?
> (The xml in  https://libvirt.org/formatdomain.html#elementsRng)
> <devices>
>   <rng model='virtio'>
>     <rate period="2000" bytes="1234"/>
>     <backend model='random'>/dev/random</backend>
>     <!-- OR -->
>     <backend model='egd' type='udp'>
>       *<source mode='bind' service='1234'/>*
> *      <source mode='connect' host='1.2.3.4'
service='1234'/>*
>     </backend>
>   </rng>
> </devices>
> 
> How did it work with source mode='bind' and source
mode='connect' together?
It doesn't. That's just an example that you can have two types of
backend. Either the backend connects somewhere (mode='connect'), or
expect somebody to connect (mode='bind'). Just try to define domain with
that RNG, dump the XML back and see what got applied.

Michal

On Thu, Oct 26, 2017 at 09:30:55 +0200, Michal Privoznik
wrote:
> On 10/25/2017 03:41 PM, Yalan Zhang wrote:
> > Hi Amos,
> > 
> > I'm a libvirt QE, and I can not understand the setting on
libvirt.org for
> > rng device.
> > Could you please help to explain a little?
> > (The xml in  https://libvirt.org/formatdomain.html#elementsRng)
> > <devices>
> >   <rng model='virtio'>
> >     <rate period="2000" bytes="1234"/>
> >     <backend model='random'>/dev/random</backend>
> >     <!-- OR -->
> >     <backend model='egd' type='udp'>
> >       *<source mode='bind' service='1234'/>*
> > *      <source mode='connect' host='1.2.3.4'
service='1234'/>*
> >     </backend>
> >   </rng>
> > </devices>
> > 
> > How did it work with source mode='bind' and source
mode='connect' together?
> 
> It doesn't. That's just an example that you can have two types of
> backend. Either the backend connects somewhere (mode='connect'), or
> expect somebody to connect (mode='bind'). Just try to define domain
with
> that RNG, dump the XML back and see what got applied.
Note that both are required to establish a bidirectional connection with
UDP as configured above. For EGD you really need both directions since
it's a bidirectional protocol.