Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 0/2] Expose tls and structured_reply in nbdinfo
Indirectly related to my recent additions of nbd_opt_starttls() and nbd_opt_structured_reply(); also a precursor to further extending this part of nbdinfo to expose when 64-bit extensions are negotiated. Eric Blake (2): info: Expose whether structured replies were negotiated info: Add --is tls, --can structured-reply info/nbdinfo.pod | 37 ++++++++++++++++++++++++++----------- info/Makefile.am | 3 ++- info/can.c | 15 ++++++++++++++- info/info-can-connect.sh | 9 ++++++++- info/info-can.sh | 35 ++++++++++++++++++++++++++++++++--- info/info-packets.sh | 38 ++++++++++++++++++++++++++++++++++++++ info/info-uri-nbds.sh | 5 +++-- info/main.c | 7 +++++++ 8 files changed, 130 insertions(+), 19 deletions(-) create mode 100755 info/info-packets.sh -- 2.37.3
Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 1/2] info: Expose whether structured replies were negotiated
This is a per-connection setting, rather than per-export; and becomes
more interesting in light of future extensions to the NBD protocol
that will add 64-bit support needing similar output, to make it easier
to quickly determine whether a given server supports particular NBD
extensions.
---
info/nbdinfo.pod | 3 ++-
info/Makefile.am | 3 ++-
info/info-packets.sh | 38 ++++++++++++++++++++++++++++++++++++++
info/main.c | 7 +++++++
4 files changed, 49 insertions(+), 2 deletions(-)
create mode 100755 info/info-packets.sh
diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod
index c3ec3ee7..a95b64f2 100644
--- a/info/nbdinfo.pod
+++ b/info/nbdinfo.pod
@@ -47,7 +47,7 @@ The single required parameter can be the NBD URI of the server
(see
L<https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md>):
$ nbdinfo nbd://localhost
- protocol: newstyle-fixed without TLS
+ protocol: newstyle-fixed without TLS, using structured packets
export="":
export-size: 1048576 (1M)
content: data
@@ -85,6 +85,7 @@ the I<--json> parameter:
{
"protocol": "newstyle-fixed",
"TLS": false,
+ "structured": true,
"exports": [
{
"export-name": "",
diff --git a/info/Makefile.am b/info/Makefile.am
index 88e1e21b..5c830226 100644
--- a/info/Makefile.am
+++ b/info/Makefile.am
@@ -1,5 +1,5 @@
# nbd client library in userspace
-# Copyright (C) 2020 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -33,6 +33,7 @@ info_sh_files = \
info-list-uris.sh \
info-json.sh \
info-oldstyle.sh \
+ info-packets.sh \
info-null.sh \
info-size.sh \
info-text.sh \
diff --git a/info/info-packets.sh b/info/info-packets.sh
new file mode 100755
index 00000000..60b01865
--- /dev/null
+++ b/info/info-packets.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# nbd client library in userspace
+# Copyright (C) 2020-2022 Red Hat Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+. ../tests/functions.sh
+
+set -e
+set -x
+
+requires nbdkit --version
+requires nbdkit memory --version
+
+out=info-packets.out
+cleanup_fn rm -f $out
+
+nbdkit --no-sr -U - memory size=1M \
+ --run '$VG nbdinfo "nbd+unix:///?socket=$unixsocket"'
> $out
+cat $out
+grep "protocol: .*using simple packets" $out
+
+nbdkit -U - memory size=1M \
+ --run '$VG nbdinfo "nbd+unix:///?socket=$unixsocket"'
> $out
+cat $out
+grep "protocol: .*using structured packets" $out
diff --git a/info/main.c b/info/main.c
index 5ea23928..47fb1799 100644
--- a/info/main.c
+++ b/info/main.c
@@ -302,10 +302,12 @@ main (int argc, char *argv[])
else { /* not --size or --map */
const char *protocol;
int tls_negotiated;
+ int sr_negotiated;
/* Print per-connection fields. */
protocol = nbd_get_protocol (nbd);
tls_negotiated = nbd_get_tls_negotiated (nbd);
+ sr_negotiated = nbd_get_structured_replies_negotiated (nbd);
if (!json_output) {
if (protocol) {
@@ -313,6 +315,9 @@ main (int argc, char *argv[])
fprintf (fp, "protocol: %s", protocol);
if (tls_negotiated >= 0)
fprintf (fp, " %s TLS", tls_negotiated ? "with" :
"without");
+ if (sr_negotiated >= 0)
+ fprintf (fp, ", using %s packets",
+ sr_negotiated ? "structured" :
"simple");
fprintf (fp, "\n");
ansi_restore (fp);
}
@@ -327,6 +332,8 @@ main (int argc, char *argv[])
if (tls_negotiated >= 0)
fprintf (fp, "\"TLS\": %s,\n", tls_negotiated ?
"true" : "false");
+ if (sr_negotiated >= 0)
+ fprintf (fp, "\"structured\": %s,\n", sr_negotiated
? "true" : "false");
}
if (!list_all)
--
2.37.3
Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply
While these are per-connection rather than per-export settings, it is
still useful to have a quick-and-silent command-line query rather than
having to parse full info output.
While touching info-can.sh, strengthen it to insist that an
unsupported feature is reported with status 2, rather than any
non-zero status.
---
info/nbdinfo.pod | 34 ++++++++++++++++++++++++----------
info/can.c | 15 ++++++++++++++-
info/info-can-connect.sh | 9 ++++++++-
info/info-can.sh | 35 ++++++++++++++++++++++++++++++++---
info/info-uri-nbds.sh | 5 +++--
5 files changed, 81 insertions(+), 17 deletions(-)
diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod
index a95b64f2..abc56f62 100644
--- a/info/nbdinfo.pod
+++ b/info/nbdinfo.pod
@@ -156,6 +156,15 @@ All NBD servers must support read, so this always exits
with success
Test if we can connect to the NBD URI.
+=item nbdinfo --is tls URI
+
+Test if the NBD URI connection is using TLS.
+
+=item nbdinfo --can structured-reply URI
+
+Test if server can respond with structured replies (a prerequisite
+for supporting block status commands).
+
=item nbdinfo --is rotational URI
Test if the server export is backed by something which behaves like a
@@ -313,23 +322,25 @@ Display brief command line help and exit.
=item B<--can read>
+=item B<--can structured-reply>
+
=item B<--can trim>
=item B<--can write>
=item B<--can zero>
-Test properties of the NBD server export. The command does not print
-anything. Instead it exits with success (S<exit code 0>) if true, or
-failure (S<exit code 2>) if false. (Other exit codes indicate an
-error querying the flag).
+Test properties of the NBD server export or the connection itself.
+The command does not print anything. Instead it exits with success
+(S<exit code 0>) if true, or failure (S<exit code 2>) if false.
+(Other exit codes indicate an error querying the flag).
For further information see the L<NBD
protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md>
and the following libnbd functions: L<nbd_can_cache(3)>,
L<nbd_can_df(3)>, L<nbd_can_fast_zero(3)>,
L<nbd_can_flush(3)>,
L<nbd_can_fua(3)>, L<nbd_can_multi_conn(3)>,
L<nbd_can_trim(3)>,
-L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>.
+L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>,
L<nbd_get_tls_negotiated(3)>.
=item B<--color>
@@ -362,15 +373,18 @@ use I<--list --content>.
=item B<--is rotational>
-Test if the NBD server export is read-only and rotational. The
-command does not print anything. Instead it exits with success
-(S<exit code 0>) if true, or failure (S<exit code 2>) if false.
-(Other exit codes indicate an error querying the flag).
+=item B<--is tls>
+
+Test if the NBD server export is read-only and rotational, or whether
+the connection itself is using TLS. The command does not print
+anything. Instead it exits with success (S<exit code 0>) if true, or
+failure (S<exit code 2>) if false. (Other exit codes indicate an
+error querying the flag).
For further information see the L<NBD
protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md>
and the following libnbd functions: L<nbd_is_read_only(3)>,
-L<nbd_is_rotational(3)>.
+L<nbd_is_rotational(3)>, L<nbd_get_tls_negotiated(3)>.
=item B<--json>
diff --git a/info/can.c b/info/can.c
index ee8bbb76..08d6bcd5 100644
--- a/info/can.c
+++ b/info/can.c
@@ -1,5 +1,5 @@
/* NBD client library in userspace
- * Copyright (C) 2020-2021 Red Hat Inc.
+ * Copyright (C) 2020-2022 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -37,6 +37,19 @@ do_can (void)
strcasecmp (can, "read") == 0)
feature = 1;
+ else if (strcasecmp (can, "tls") == 0)
+ feature = nbd_get_tls_negotiated (nbd);
+
+ else if (strcasecmp (can, "sr") == 0 ||
+ strcasecmp (can, "structured") == 0 ||
+ strcasecmp (can, "structured reply") == 0 ||
+ strcasecmp (can, "structured-reply") == 0 ||
+ strcasecmp (can, "structured_reply") == 0 ||
+ strcasecmp (can, "structured replies") == 0 ||
+ strcasecmp (can, "structured-replies") == 0 ||
+ strcasecmp (can, "structured_replies") == 0)
+ feature = nbd_get_structured_replies_negotiated (nbd);
+
else if (strcasecmp (can, "readonly") == 0 ||
strcasecmp (can, "read-only") == 0 ||
strcasecmp (can, "read_only") == 0)
diff --git a/info/info-can-connect.sh b/info/info-can-connect.sh
index eecc290a..2520e5ab 100755
--- a/info/info-can-connect.sh
+++ b/info/info-can-connect.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -27,3 +27,10 @@ requires nbdkit null --version
nbdkit -v -U - null \
--run '$VG nbdinfo --can connect
"nbd+unix:///?socket=$unixsocket"'
+
+# --is tls is false for unencrypted connections.
+
+st=0
+nbdkit -v -U - null \
+ --run '$VG nbdinfo --is tls
"nbd+unix:///?socket=$unixsocket"' || st=$?
+test $st = 2
diff --git a/info/info-can.sh b/info/info-can.sh
index 6f13665c..3edc3948 100755
--- a/info/info-can.sh
+++ b/info/info-can.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -26,6 +26,8 @@ requires bash -c "nbdkit sh --dump-plugin | grep
has_can_cache=1"
# --is read-only and --can write are tested in info-is-read-only.sh
+# --is tls is tested in info-uri-nbds.sh and info-can-connect.sh
+
# --can connect is tested in info-can-connect.sh
# --can read is tested in info-can-read.sh
@@ -36,6 +38,29 @@ requires bash -c "nbdkit sh --dump-plugin | grep
has_can_cache=1"
# and oldstyle never, but that feels like depending a bit too much on
# the implementation.
+# --can structured-reply is not a per-export setting, but rather
+# something set on the server as a whole.
+
+nbdkit -v -U - sh - \
+ --run '$VG nbdinfo --can structured-reply
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+case "$1" in
+ get_size) echo 1024 ;;
+ pread) ;;
+ *) exit 2 ;;
+esac
+EOF
+
+st=0
+nbdkit -v -U - --no-sr sh - \
+ --run '$VG nbdinfo --can structured-reply
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
+case "$1" in
+ get_size) echo 1024 ;;
+ pread) ;;
+ *) exit 2 ;;
+esac
+EOF
+test $st = 2
+
# --can cache and --can fua require special handling because in
# nbdkit-sh-plugin we must print "native" or "none". Also
the can_fua
# flag is only sent if the export is writable (hence can_write below).
@@ -53,8 +78,9 @@ case "$1" in
esac
EOF
+ st=0
nbdkit -v -U - sh - \
- --run '! $VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+ --run '$VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
case "$1" in
get_size) echo 1024 ;;
pread) ;;
@@ -63,6 +89,7 @@ case "$1" in
*) exit 2 ;;
esac
EOF
+ test $st = 2
done
# These ones are normal booleans.
@@ -80,8 +107,9 @@ case "$1" in
esac
EOF
+ st=0
nbdkit -v -U - sh - \
- --run '! $VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+ --run '$VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
case "$1" in
get_size) echo 1024 ;;
pread) ;;
@@ -90,4 +118,5 @@ case "$1" in
*) exit 2 ;;
esac
EOF
+ test $st = 2
done
diff --git a/info/info-uri-nbds.sh b/info/info-uri-nbds.sh
index f9637a92..afefe58b 100755
--- a/info/info-uri-nbds.sh
+++ b/info/info-uri-nbds.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -47,7 +47,8 @@ cleanup_fn rm -rf $d
export pki
nbdkit -U - --tls=require --tls-verify-peer --tls-certificates=$pki \
null size=1M \
- --run '$VG nbdinfo --json
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' >
$out
+ --run '$VG nbdinfo --json
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"
&&
+ $VG nbdinfo --is tls
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' >
$out
cat $out
jq . < $out
--
2.37.3