search for: limit_preconnect

Displaying 7 results from an estimated 7 matches for "limit_preconnect".

2020 Mar 04
2
[PATCH nbdkit v2] New filter: limit: Limit number of clients that can connect.
This is a second version of the limit filter. v1 was posted here: https://www.redhat.com/archives/libguestfs/2020-March/msg00015.html I didn't bother to repost the other three patches because they are the same. The difference is this version of the filter takes security more seriously. It shouldn't be possible for malicious clients to connect more than limit=N times to the plugin now,
2020 Mar 04
0
[PATCH nbdkit v2] New filter: limit: Limit number of clients that can connect.
...connection rejected"); +} + +/* We limit connections in the preconnect stage (in particular before + * any heavyweight NBD or TLS negotiations has been done). However we + * count connections in the open/close calls since clients can drop + * out between preconnect and open. + */ +static int +limit_preconnect (nbdkit_next_preconnect *next, nbdkit_backend *nxdata, + int readonly) +{ + if (next (nxdata, readonly) == -1) + return -1; + + ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock); + + if (limit > 0 && connections >= limit) { + too_many_clients_error (); + return -...
2020 Mar 06
1
Re: [PATCH nbdkit v2] New filter: limit: Limit number of clients that can connect.
...ections in the preconnect stage (in particular before > + * any heavyweight NBD or TLS negotiations has been done). However we > + * count connections in the open/close calls since clients can drop > + * out between preconnect and open. > + */ Seems reasonable. > +static int > +limit_preconnect (nbdkit_next_preconnect *next, nbdkit_backend *nxdata, > + int readonly) > +{ > + if (next (nxdata, readonly) == -1) > + return -1; > + > + ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock); > + > + if (limit > 0 && connections >= limit) { >...
2020 Mar 04
7
[PATCH nbdkit 0/4] server: Add nbdkit_shutdown() call and two new filters.
This adds a new nbdkit_shutdown() API whereby plugins and filters can request that the server shuts down (asynchronously) during the serving phase. Two new filters are added, one of which depends on this feature and the other not needing it but being somewhat related. Rich.
2020 Aug 07
0
[nbdkit PATCH 1/3] server: Implement nbdkit_is_tls for use during .open
...char *exportname, int is_tls) { /* Always pass readonly=1 to the underlying plugin. */ if (next (nxdata, 1, exportname) == -1) diff --git a/filters/limit/limit.c b/filters/limit/limit.c index 7c4477eb..fb862df7 100644 --- a/filters/limit/limit.c +++ b/filters/limit/limit.c @@ -91,7 +91,7 @@ limit_preconnect (nbdkit_next_preconnect *next, nbdkit_backend *nxdata, static void * limit_open (nbdkit_next_open *next, nbdkit_backend *nxdata, - int readonly, const char *exportname) + int readonly, const char *exportname, int is_tls) { if (next (nxdata, readonly, exportname) == -1)...
2020 Jul 21
4
[PATCH nbdkit] server: Pass the export name through filter .open calls.
.... */ - if (next (nxdata, 1) == -1) + if (next (nxdata, 1, exportname) == -1) return NULL; return NBDKIT_HANDLE_NOT_NEEDED; diff --git a/filters/limit/limit.c b/filters/limit/limit.c index 563481fa..7c4477eb 100644 --- a/filters/limit/limit.c +++ b/filters/limit/limit.c @@ -91,9 +91,9 @@ limit_preconnect (nbdkit_next_preconnect *next, nbdkit_backend *nxdata, static void * limit_open (nbdkit_next_open *next, nbdkit_backend *nxdata, - int readonly) + int readonly, const char *exportname) { - if (next (nxdata, readonly) == -1) + if (next (nxdata, readonly, exportname) == -...
2020 Aug 07
7
[nbdkit PATCH 0/3] Content differentiation during --tls=on
Patch 3 still needs tests added, but it is at least working from my simple command line tests. Eric Blake (3): server: Implement nbdkit_is_tls for use during .open server: Expose final thread_model to filter's .get_ready tlsdummy: New filter docs/nbdkit-filter.pod | 21 +- docs/nbdkit-plugin.pod | 34 ++- docs/nbdkit-tls.pod