Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 0/2] Expose tls and structured_reply in nbdinfo
Indirectly related to my recent additions of nbd_opt_starttls() and nbd_opt_structured_reply(); also a precursor to further extending this part of nbdinfo to expose when 64-bit extensions are negotiated. Eric Blake (2): info: Expose whether structured replies were negotiated info: Add --is tls, --can structured-reply info/nbdinfo.pod | 37 ++++++++++++++++++++++++++----------- info/Makefile.am | 3 ++- info/can.c | 15 ++++++++++++++- info/info-can-connect.sh | 9 ++++++++- info/info-can.sh | 35 ++++++++++++++++++++++++++++++++--- info/info-packets.sh | 38 ++++++++++++++++++++++++++++++++++++++ info/info-uri-nbds.sh | 5 +++-- info/main.c | 7 +++++++ 8 files changed, 130 insertions(+), 19 deletions(-) create mode 100755 info/info-packets.sh -- 2.37.3
Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 1/2] info: Expose whether structured replies were negotiated
This is a per-connection setting, rather than per-export; and becomes more interesting in light of future extensions to the NBD protocol that will add 64-bit support needing similar output, to make it easier to quickly determine whether a given server supports particular NBD extensions. --- info/nbdinfo.pod | 3 ++- info/Makefile.am | 3 ++- info/info-packets.sh | 38 ++++++++++++++++++++++++++++++++++++++ info/main.c | 7 +++++++ 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100755 info/info-packets.sh diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod index c3ec3ee7..a95b64f2 100644 --- a/info/nbdinfo.pod +++ b/info/nbdinfo.pod @@ -47,7 +47,7 @@ The single required parameter can be the NBD URI of the server (see L<https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md>): $ nbdinfo nbd://localhost - protocol: newstyle-fixed without TLS + protocol: newstyle-fixed without TLS, using structured packets export="": export-size: 1048576 (1M) content: data @@ -85,6 +85,7 @@ the I<--json> parameter: { "protocol": "newstyle-fixed", "TLS": false, + "structured": true, "exports": [ { "export-name": "", diff --git a/info/Makefile.am b/info/Makefile.am index 88e1e21b..5c830226 100644 --- a/info/Makefile.am +++ b/info/Makefile.am @@ -1,5 +1,5 @@ # nbd client library in userspace -# Copyright (C) 2020 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -33,6 +33,7 @@ info_sh_files = \ info-list-uris.sh \ info-json.sh \ info-oldstyle.sh \ + info-packets.sh \ info-null.sh \ info-size.sh \ info-text.sh \ diff --git a/info/info-packets.sh b/info/info-packets.sh new file mode 100755 index 00000000..60b01865 --- /dev/null +++ b/info/info-packets.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# nbd client library in userspace +# Copyright (C) 2020-2022 Red Hat Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +. ../tests/functions.sh + +set -e +set -x + +requires nbdkit --version +requires nbdkit memory --version + +out=info-packets.out +cleanup_fn rm -f $out + +nbdkit --no-sr -U - memory size=1M \ + --run '$VG nbdinfo "nbd+unix:///?socket=$unixsocket"' > $out +cat $out +grep "protocol: .*using simple packets" $out + +nbdkit -U - memory size=1M \ + --run '$VG nbdinfo "nbd+unix:///?socket=$unixsocket"' > $out +cat $out +grep "protocol: .*using structured packets" $out diff --git a/info/main.c b/info/main.c index 5ea23928..47fb1799 100644 --- a/info/main.c +++ b/info/main.c @@ -302,10 +302,12 @@ main (int argc, char *argv[]) else { /* not --size or --map */ const char *protocol; int tls_negotiated; + int sr_negotiated; /* Print per-connection fields. */ protocol = nbd_get_protocol (nbd); tls_negotiated = nbd_get_tls_negotiated (nbd); + sr_negotiated = nbd_get_structured_replies_negotiated (nbd); if (!json_output) { if (protocol) { @@ -313,6 +315,9 @@ main (int argc, char *argv[]) fprintf (fp, "protocol: %s", protocol); if (tls_negotiated >= 0) fprintf (fp, " %s TLS", tls_negotiated ? "with" : "without"); + if (sr_negotiated >= 0) + fprintf (fp, ", using %s packets", + sr_negotiated ? "structured" : "simple"); fprintf (fp, "\n"); ansi_restore (fp); } @@ -327,6 +332,8 @@ main (int argc, char *argv[]) if (tls_negotiated >= 0) fprintf (fp, "\"TLS\": %s,\n", tls_negotiated ? "true" : "false"); + if (sr_negotiated >= 0) + fprintf (fp, "\"structured\": %s,\n", sr_negotiated ? "true" : "false"); } if (!list_all) -- 2.37.3
Eric Blake
2022-Oct-11 21:52 UTC
[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply
While these are per-connection rather than per-export settings, it is still useful to have a quick-and-silent command-line query rather than having to parse full info output. While touching info-can.sh, strengthen it to insist that an unsupported feature is reported with status 2, rather than any non-zero status. --- info/nbdinfo.pod | 34 ++++++++++++++++++++++++---------- info/can.c | 15 ++++++++++++++- info/info-can-connect.sh | 9 ++++++++- info/info-can.sh | 35 ++++++++++++++++++++++++++++++++--- info/info-uri-nbds.sh | 5 +++-- 5 files changed, 81 insertions(+), 17 deletions(-) diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod index a95b64f2..abc56f62 100644 --- a/info/nbdinfo.pod +++ b/info/nbdinfo.pod @@ -156,6 +156,15 @@ All NBD servers must support read, so this always exits with success Test if we can connect to the NBD URI. +=item nbdinfo --is tls URI + +Test if the NBD URI connection is using TLS. + +=item nbdinfo --can structured-reply URI + +Test if server can respond with structured replies (a prerequisite +for supporting block status commands). + =item nbdinfo --is rotational URI Test if the server export is backed by something which behaves like a @@ -313,23 +322,25 @@ Display brief command line help and exit. =item B<--can read> +=item B<--can structured-reply> + =item B<--can trim> =item B<--can write> =item B<--can zero> -Test properties of the NBD server export. The command does not print -anything. Instead it exits with success (S<exit code 0>) if true, or -failure (S<exit code 2>) if false. (Other exit codes indicate an -error querying the flag). +Test properties of the NBD server export or the connection itself. +The command does not print anything. Instead it exits with success +(S<exit code 0>) if true, or failure (S<exit code 2>) if false. +(Other exit codes indicate an error querying the flag). For further information see the L<NBD protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md> and the following libnbd functions: L<nbd_can_cache(3)>, L<nbd_can_df(3)>, L<nbd_can_fast_zero(3)>, L<nbd_can_flush(3)>, L<nbd_can_fua(3)>, L<nbd_can_multi_conn(3)>, L<nbd_can_trim(3)>, -L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>. +L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>, L<nbd_get_tls_negotiated(3)>. =item B<--color> @@ -362,15 +373,18 @@ use I<--list --content>. =item B<--is rotational> -Test if the NBD server export is read-only and rotational. The -command does not print anything. Instead it exits with success -(S<exit code 0>) if true, or failure (S<exit code 2>) if false. -(Other exit codes indicate an error querying the flag). +=item B<--is tls> + +Test if the NBD server export is read-only and rotational, or whether +the connection itself is using TLS. The command does not print +anything. Instead it exits with success (S<exit code 0>) if true, or +failure (S<exit code 2>) if false. (Other exit codes indicate an +error querying the flag). For further information see the L<NBD protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md> and the following libnbd functions: L<nbd_is_read_only(3)>, -L<nbd_is_rotational(3)>. +L<nbd_is_rotational(3)>, L<nbd_get_tls_negotiated(3)>. =item B<--json> diff --git a/info/can.c b/info/can.c index ee8bbb76..08d6bcd5 100644 --- a/info/can.c +++ b/info/can.c @@ -1,5 +1,5 @@ /* NBD client library in userspace - * Copyright (C) 2020-2021 Red Hat Inc. + * Copyright (C) 2020-2022 Red Hat Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -37,6 +37,19 @@ do_can (void) strcasecmp (can, "read") == 0) feature = 1; + else if (strcasecmp (can, "tls") == 0) + feature = nbd_get_tls_negotiated (nbd); + + else if (strcasecmp (can, "sr") == 0 || + strcasecmp (can, "structured") == 0 || + strcasecmp (can, "structured reply") == 0 || + strcasecmp (can, "structured-reply") == 0 || + strcasecmp (can, "structured_reply") == 0 || + strcasecmp (can, "structured replies") == 0 || + strcasecmp (can, "structured-replies") == 0 || + strcasecmp (can, "structured_replies") == 0) + feature = nbd_get_structured_replies_negotiated (nbd); + else if (strcasecmp (can, "readonly") == 0 || strcasecmp (can, "read-only") == 0 || strcasecmp (can, "read_only") == 0) diff --git a/info/info-can-connect.sh b/info/info-can-connect.sh index eecc290a..2520e5ab 100755 --- a/info/info-can-connect.sh +++ b/info/info-can-connect.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -27,3 +27,10 @@ requires nbdkit null --version nbdkit -v -U - null \ --run '$VG nbdinfo --can connect "nbd+unix:///?socket=$unixsocket"' + +# --is tls is false for unencrypted connections. + +st=0 +nbdkit -v -U - null \ + --run '$VG nbdinfo --is tls "nbd+unix:///?socket=$unixsocket"' || st=$? +test $st = 2 diff --git a/info/info-can.sh b/info/info-can.sh index 6f13665c..3edc3948 100755 --- a/info/info-can.sh +++ b/info/info-can.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -26,6 +26,8 @@ requires bash -c "nbdkit sh --dump-plugin | grep has_can_cache=1" # --is read-only and --can write are tested in info-is-read-only.sh +# --is tls is tested in info-uri-nbds.sh and info-can-connect.sh + # --can connect is tested in info-can-connect.sh # --can read is tested in info-can-read.sh @@ -36,6 +38,29 @@ requires bash -c "nbdkit sh --dump-plugin | grep has_can_cache=1" # and oldstyle never, but that feels like depending a bit too much on # the implementation. +# --can structured-reply is not a per-export setting, but rather +# something set on the server as a whole. + +nbdkit -v -U - sh - \ + --run '$VG nbdinfo --can structured-reply "nbd+unix:///?socket=$unixsocket"' <<'EOF' +case "$1" in + get_size) echo 1024 ;; + pread) ;; + *) exit 2 ;; +esac +EOF + +st=0 +nbdkit -v -U - --no-sr sh - \ + --run '$VG nbdinfo --can structured-reply "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? +case "$1" in + get_size) echo 1024 ;; + pread) ;; + *) exit 2 ;; +esac +EOF +test $st = 2 + # --can cache and --can fua require special handling because in # nbdkit-sh-plugin we must print "native" or "none". Also the can_fua # flag is only sent if the export is writable (hence can_write below). @@ -53,8 +78,9 @@ case "$1" in esac EOF + st=0 nbdkit -v -U - sh - \ - --run '! $VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' + --run '$VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? case "$1" in get_size) echo 1024 ;; pread) ;; @@ -63,6 +89,7 @@ case "$1" in *) exit 2 ;; esac EOF + test $st = 2 done # These ones are normal booleans. @@ -80,8 +107,9 @@ case "$1" in esac EOF + st=0 nbdkit -v -U - sh - \ - --run '! $VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' + --run '$VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? case "$1" in get_size) echo 1024 ;; pread) ;; @@ -90,4 +118,5 @@ case "$1" in *) exit 2 ;; esac EOF + test $st = 2 done diff --git a/info/info-uri-nbds.sh b/info/info-uri-nbds.sh index f9637a92..afefe58b 100755 --- a/info/info-uri-nbds.sh +++ b/info/info-uri-nbds.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -47,7 +47,8 @@ cleanup_fn rm -rf $d export pki nbdkit -U - --tls=require --tls-verify-peer --tls-certificates=$pki \ null size=1M \ - --run '$VG nbdinfo --json "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' > $out + --run '$VG nbdinfo --json "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki" && + $VG nbdinfo --is tls "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' > $out cat $out jq . < $out -- 2.37.3