Displaying 13 results from an estimated 13 matches for "allow_transport_flags".
2019 Oct 20
2
[PATCH libnbd] api: Allow NBD URIs to be restricted.
Previous discussion:
https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html
Last night I experimentally added support for URIs that contain the
query parameter tls-psk-file, as part of rewriting the tests to cover
more of the URI code. So you can now have a URI like:
nbds://alice@localhost/?tls-psk-file=keys.psk
However there's an obvious security problem here because now
2019 Oct 20
0
[PATCH libnbd] api: Allow NBD URIs to be restricted.
...eletions(-)
diff --git a/generator/generator b/generator/generator
index 6cfe1fd..c2ff0db 100755
--- a/generator/generator
+++ b/generator/generator
@@ -991,7 +991,15 @@ let handshake_flags = {
"NO_ZEROES", 1 lsl 1;
]
}
-let all_flags = [ cmd_flags; handshake_flags ]
+let allow_transport_flags = {
+ flag_prefix = "ALLOW_TRANSPORT";
+ flags = [
+ "TCP", 1 lsl 0;
+ "UNIX", 1 lsl 1;
+ "VSOCK", 1 lsl 2;
+ ]
+}
+let all_flags = [ cmd_flags; handshake_flags; allow_transport_flags ]
(* Calls.
*
@@ -1445,6 +1453,75 @@ C<\"qemu:d...
2020 Sep 04
0
[libnbd PATCH 1/2] api: Add nbd_set_strict_mode
...enerator/API.ml
@@ -169,7 +169,13 @@ let handshake_flags = {
flags = [
"FIXED_NEWSTYLE", 1 lsl 0;
"NO_ZEROES", 1 lsl 1;
- ]
+ ]
+}
+let strict_flags = {
+ flag_prefix = "STRICT";
+ flags = [
+ "COMMANDS", 1 lsl 0;
+ ]
}
let allow_transport_flags = {
flag_prefix = "ALLOW_TRANSPORT";
@@ -179,7 +185,8 @@ let allow_transport_flags = {
"VSOCK", 1 lsl 2;
]
}
-let all_flags = [ cmd_flags; handshake_flags; allow_transport_flags ]
+let all_flags = [ cmd_flags; handshake_flags; strict_flags;
+ allow_t...
2020 Sep 11
3
[libnbd PATCH] api: Add LIBNBD_SHUTDOWN_IMMEDIATE flag
...nt ev);
extern const char *nbd_internal_state_short_string (enum state state);
extern enum state_group nbd_internal_state_group (enum state state);
diff --git a/generator/API.ml b/generator/API.ml
index 1d920cf..6cdab34 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -181,7 +181,14 @@ let allow_transport_flags = {
"VSOCK", 1 lsl 2;
]
}
-let all_flags = [ cmd_flags; handshake_flags; allow_transport_flags ]
+let shutdown_flags = {
+ flag_prefix = "SHUTDOWN";
+ flags = [
+ "IMMEDIATE", 1 lsl 1;
+ ]
+}
+let all_flags = [ cmd_flags; handshake_flags; allow_transport...
2020 Sep 17
0
Re: [libnbd PATCH] api: Add LIBNBD_SHUTDOWN_IMMEDIATE flag
...d_internal_state_short_string (enum state state);
> extern enum state_group nbd_internal_state_group (enum state state);
> diff --git a/generator/API.ml b/generator/API.ml
> index 1d920cf..6cdab34 100644
> --- a/generator/API.ml
> +++ b/generator/API.ml
> @@ -181,7 +181,14 @@ let allow_transport_flags = {
> "VSOCK", 1 lsl 2;
> ]
> }
> -let all_flags = [ cmd_flags; handshake_flags; allow_transport_flags ]
> +let shutdown_flags = {
> + flag_prefix = "SHUTDOWN";
> + flags = [
> + "IMMEDIATE", 1 lsl 1;
> + ]
> +}
> +let al...
2020 Sep 04
4
[RFC libnbd PATCH 0/2] Add knobs for client- vs. server-side validation
We have been inconsistent on how much we reject client-side without
even consulting the server, vs. how much we depend on the server to
detect failure (even if our request can be deemed undefined per NBD
protocol). I'd like to change it so that by default, we reject as
much as we can client-side for less traffic, but where the user can
also change things on the fly for server-side integration
2020 Sep 11
0
[libnbd PATCH v2 4/5] api: Add STRICT_FLAGS to set_strict_mode
...WSTYLE", 1 lsl 0;
"NO_ZEROES", 1 lsl 1;
@@ -182,12 +185,15 @@ let handshake_flags = {
}
let strict_flags = {
flag_prefix = "STRICT";
+ guard = None;
flags = [
"COMMANDS", 1 lsl 0;
+ "FLAGS", 1 lsl 1;
]
}
let allow_transport_flags = {
flag_prefix = "ALLOW_TRANSPORT";
+ guard = None;
flags = [
"TCP", 1 lsl 0;
"UNIX", 1 lsl 1;
@@ -196,6 +202,7 @@ let allow_transport_flags = {
}
let shutdown_flags = {
flag_prefix = "SHUTDOWN";
+ guard = None;
flags = [
&q...
2020 Sep 11
0
[libnbd PATCH v2 3/5] api: Add nbd_set_strict_mode
...andshake."
@@ -171,7 +178,13 @@ let handshake_flags = {
flags = [
"FIXED_NEWSTYLE", 1 lsl 0;
"NO_ZEROES", 1 lsl 1;
- ]
+ ]
+}
+let strict_flags = {
+ flag_prefix = "STRICT";
+ flags = [
+ "COMMANDS", 1 lsl 0;
+ ]
}
let allow_transport_flags = {
flag_prefix = "ALLOW_TRANSPORT";
@@ -187,8 +200,8 @@ let shutdown_flags = {
"IMMEDIATE", 1 lsl 1;
]
}
-let all_flags = [ cmd_flags; handshake_flags; allow_transport_flags;
- shutdown_flags ]
+let all_flags = [ cmd_flags; handshake_flags; strict_f...
2019 Nov 04
1
Re: [PATCH libnbd] api: Allow NBD URIs to be restricted.
...t; ---
> @@ -1445,6 +1453,75 @@ C<\"qemu:dirty-bitmap:...\"> for qemu-nbd
> see_also = ["L<nbd_block_status(3)>"];
> };
>
> + "set_uri_allow_transports", {
> + default_call with
> + args = [ Flags ("mask", allow_transport_flags) ]; ret = RErr;
> + permitted_states = [ Created ];
> + shortdesc = "set the allowed transports in NBD URIs";
> + longdesc = "\
> +Set which transports are allowed to appear in NBD URIs. The
> +default is to allow any transports.
'any transport.'
&g...
2020 Sep 17
2
Re: [libnbd PATCH v2 4/5] api: Add STRICT_FLAGS to set_strict_mode
...1 lsl 1;
> @@ -182,12 +185,15 @@ let handshake_flags = {
> }
> let strict_flags = {
> flag_prefix = "STRICT";
> + guard = None;
> flags = [
> "COMMANDS", 1 lsl 0;
> + "FLAGS", 1 lsl 1;
> ]
> }
> let allow_transport_flags = {
> flag_prefix = "ALLOW_TRANSPORT";
> + guard = None;
> flags = [
> "TCP", 1 lsl 0;
> "UNIX", 1 lsl 1;
> @@ -196,6 +202,7 @@ let allow_transport_flags = {
> }
> let shutdown_flags = {
> flag_prefix = "SHUTDOWN...
2020 Sep 04
0
[libnbd PATCH 2/2] api: Add STRICT_BOUNDS to nbd_set_strict_mode
...generator/API.ml b/generator/API.ml
index 8811d3c..10d145c 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -175,6 +175,7 @@ let strict_flags = {
flag_prefix = "STRICT";
flags = [
"COMMANDS", 1 lsl 0;
+ "BOUNDS", 1 lsl 1;
]
}
let allow_transport_flags = {
@@ -728,6 +729,12 @@ set of advertised server flags (for example, attempting a write on
a read-only server). If clear, this flag relies on the server to
reject unexpected commands or unknown flags to supported commands.
+=item C<LIBNBD_STRICT_BOUNDS> = 2
+
+If set, this flag rejects c...
2020 Sep 11
0
[libnbd PATCH v2 5/5] api: Add STRICT_BOUNDS/ZERO_SIZE to nbd_set_strict_mode
...5b..d3b1d1b 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -189,6 +189,8 @@ let strict_flags = {
flags = [
"COMMANDS", 1 lsl 0;
"FLAGS", 1 lsl 1;
+ "BOUNDS", 1 lsl 2;
+ "ZERO_SIZE", 1 lsl 3;
]
}
let allow_transport_flags = {
@@ -772,6 +774,18 @@ Note that the NBD protocol only supports 16 bits of command flags,
even though the libnbd API uses C<uint32_t>; bits outside of the
range permitted by the protocol are always a client-side error.
+=item C<LIBNBD_STRICT_BOUNDS> = 3
+
+If set, this flag rejects...
2020 Sep 11
10
[libnbd PATCH v2 0/5] Add knobs for client- vs. server-side validation
In v2:
- now based on my proposal to add LIBNBD_SHUTDOWN_IMMEDIATE
- four flags instead of two: STRICT_FLAGS is new (patch 4),
and STRICT_BOUNDS is separate from STRICT_ZERO_SIZE (patch 5)
- various refactorings for more shared code and less duplication
Eric Blake (5):
api: Add xxx_MASK constant for each Flags type
generator: Refactor filtering of accepted OFlags
api: Add