Skip to content

Merge Feature/limit vnc console sessions to master#6820

Merged
robhoes merged 15 commits intomasterfrom
feature/limit-vnc-console-sessions
Jan 12, 2026
Merged

Merge Feature/limit vnc console sessions to master#6820
robhoes merged 15 commits intomasterfrom
feature/limit-vnc-console-sessions

Conversation

@stephenchengCloud
Copy link
Copy Markdown
Collaborator

@stephenchengCloud stephenchengCloud commented Jan 7, 2026
edited
Loading

Merge feature VNC console session limitation
This feature adds two new pool-level controls for VNC console connections.

  1. Connection Limiting
    New field: pool.limit_console_sessions (boolean, default: false)
    When enabled, only one user can connect to each VM/host console at a time. Additional connection attempts are rejected with an error message showing who is currently connected.

How it works:

  • Tracks active connections per VM/host using unique connection IDs
  • Rejects new connections when limit is enabled and one exists
  • Automatically cleans up on disconnect
  • WebSocket connections are blocked when limiting is enabled
  1. Idle Timeout
    New field: pool.vm_console_idle_timeout (seconds, default: 0 = no timeout)
    Automatically disconnects idle console sessions after the specified time. Separate host.console_idle_timeout field exists for control domain consoles.

How it works:

  • Monitors keyboard and mouse activity via RFB protocol parsing
  • Resets timer on user input (KeyEvent, PointerEvent)
  • Disconnects when idle timeout exceeded
  • Default value of 0 preserves existing behavior (no timeout)

stephenchengCloud and others added 13 commits September 12, 2025 09:25
@stephenchengCloud
CP-54217: Add a new pool level field to limit the vnc console access
15aaaed 
This change introduces a new pool-level parameter that restricts VNC console access
to a single active session per VM/host.
This prevents multiple users from simultaneously connecting to the same VM console,
preventing one user 'watching' another user operating a session.
When the `limit_console_sessions` is true.
- Enforced a single active VNC console connection per VM/host
- Disable connection to websocket

Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
@stephenchengCloud
CP-54217: Add a new pool level field to limit the vnc console access (#…
1b8e3c6 
…6660)

This change introduces a new pool-level parameter that restricts VNC
console access to a single active session per VM/host.
This prevents multiple users from simultaneously connecting to the same
VM console, preventing one user 'watching' another user operating a
session. When the `limit_console_sessions` is true.
- Enforced a single active VNC console connection per VM/host
- Disable connection to websocket
@stephenchengCloud
CP-54216: Add a new pool level field to set guest console idle timeout
2bbbae7 
The field sets the maximum time (in seconds) that a VM's console can be idle
before it is automatically disconnected. The default value 0 means never timeout.
This setting applies only to VM consoles;
for host consoles, use the separate parameter 'host.console_idle_timeout'.

Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
@stephenchengCloud
CP-54393: A simple RFB protocol parser for VNC console connections
2f461c7 
The parser only parses the message types for client-to-server messsages,
aiming to identify message types from clients.

Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
@stephenchengCloud
CP-54393: VNC console idle timeout
c730416 
This commit adds idle timeout feature for vnc console connections.

Key changes:
- Add idle timeout detection by monitoring RFB keyEvent and
  pointerEvent.
- Add callback function to `proxy` to parse the RFB messages and
  determine if the connection is idle or not.

Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
@robhoes
CP-54393: VNC console idle timeout (#6692)
0ecfda2 
This commit adds idle timeout feature for vnc console connections.

Key changes:
- Add idle timeout detection by monitoring RFB keyEvent and
pointerEvent.
- Add callback function to `proxy` to parse the RFB messages and
determine if the connection is idle or not.
@stephenchengCloud
CP-54274: Send a meaningful error message for vnc connection limits
01444d2 
Add detailed reason in http response when console
connection limits are exceeded.

Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
Merge branch 'master' into limit_vnc_console_sync_with_master
84ae4d1 
Fix conflicts

Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
@stephenchengCloud
Limit vnc console sync with master (#6735)
4452f95
@stephenchengCloud
CP-310425: Add username in VNC console error messages
8c88947 
When a VNC console connection is rejected due to the session limit,
users want to know which user(s) are currently connected. However,
displaying usernames in HTTP error responses may raise privacy concerns
in some deployments, so also add a configure to enable/disable the
display of the usernames.

The main changes are:
1. To contain the active users in the response message,
changed the active_connections to record the existing users
and use the unique session id to identify them in case
multiple connections have the same user name.

2. Use Http_svr.escape to escape html special characters

3. Added `include_console_username_in_error` to enable/disable
   the display of user names

Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
Merge branch 'master' into private/stephenche/vnc_sync_260107
27199eb 
Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
Update datamodel lifecycle
74f91b5 
Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
@stephenchengCloud
Sync feature limit vnc console with master (#6819)
64fda7a 
Sync feature branch with master. No code changed.

```
$ git show 27199eb
commit 27199eb (HEAD -> private/stephenche/vnc_sync_260107, mygit/private/stephenche/vnc_sync_260107, bb/private/stephenche/vnc_sync_260107)
Merge: 8c88947 19f2398
Author: Stephen Cheng <stephen.cheng@citrix.com>
Date:   Wed Jan 7 09:56:17 2026 +0800

    Merge branch 'master' into private/stephenche/vnc_sync_260107

    Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>

diff --cc ocaml/idl/schematest.ml
index 7dc03c9,e0658e78a..a90bf86
--- a/ocaml/idl/schematest.ml
+++ b/ocaml/idl/schematest.ml
@@@ -3,7 -3,7 +3,7 @@@ let hash x = Digest.string x |> Digest.
  (* BEWARE: if this changes, check that schema has been bumped accordingly in
     ocaml/idl/datamodel_common.ml, usually schema_minor_vsn *)

- let last_known_schema_hash = "9e085767a7a70fb84747776c4d6cc663"
 -let last_known_schema_hash = "d8cb04ccddfd91ca3f0f9074dcf7c219"
++let last_known_schema_hash = "a01358e3ff5f42d5aee162e995d2ec05"

  let current_schema_hash : string =
    let open Datamodel_types in
```
@psafont
Copy link
Copy Markdown
Member

psafont commented Jan 9, 2026

Can a description of the design be added to the first message of the PR? It would be added into the git history as the commit message of the merge commit. And allow for others to understand the minifeature.

I would prefer to have a design docs in the documentation folder, but I think adding an explanation here would be a nice middle-ground

@stormi
Copy link
Copy Markdown
Contributor

stormi commented Jan 9, 2026
edited
Loading

If I may allow myself to be a bit demanding, in addition to what Pau asked, the feature doesn't seem so big to me that it was impossible to rebase on master rather than merging master into the feature branch. The resulting branch of the PR has a convoluted history due to these merges. We could have a linear history in the branch for not much more effort on the developer part, and instead we have this:

image

But I'm not a XAPI maintainer myself, so maybe that's how the XAPI project works.

@stephenchengCloud
Copy link
Copy Markdown
Collaborator Author

stephenchengCloud commented Jan 12, 2026

@stormi I've asked the team, and this is how the XAPI project works.

Stephen Cheng and others added 2 commits January 12, 2026 17:42
@robhoes robhoes added this pull request to the merge queue Jan 12, 2026
Merged via the queue into master with commit a6aa363 Jan 12, 2026
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robhoes robhoes robhoes approved these changes

@lindig lindig lindig approved these changes

@changlei-li changlei-li changlei-li approved these changes

@minglumlu minglumlu Awaiting requested review from minglumlu

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@stephenchengCloud @psafont @stormi @robhoes @lindig @changlei-li