search for: nbd_rep_err_tls_reqd

I'm easily able to provoke NBD_REP_ERR_TLS_REQD (use nbd_set_tls(0) to talk to a server that requires encryption) and NBD_REP_ERR_UNKNOWN (forget to use nbd_set_export_name for qemu-nbd); it's nice to display a useful error for these rather than "unknown reply from NBD_OPT_GO: 0x80000005" or similar. Other errors are less common,...

...1 -#define NBD_REP_SERVER 2 -#define NBD_REP_INFO 3 -#define NBD_REP_META_CONTEXT 4 -#define NBD_REP_ERR_UNSUP NBD_REP_ERR (1) -#define NBD_REP_ERR_POLICY NBD_REP_ERR (2) -#define NBD_REP_ERR_INVALID NBD_REP_ERR (3) -#define NBD_REP_ERR_PLATFORM NBD_REP_ERR (4) -#define NBD_REP_ERR_TLS_REQD NBD_REP_ERR (5) +#define NBD_REP_ACK 1 +#define NBD_REP_SERVER 2 +#define NBD_REP_INFO 3 +#define NBD_REP_META_CONTEXT 4 +#define NBD_REP_ERR_UNSUP NBD_REP_ERR (1) +#define NBD_REP_ERR_POLICY NBD_REP_ERR (2) +#define NBD_RE...

...e NBD_OPT_INFO 6 #define NBD_OPT_GO 7 +extern const char *name_of_nbd_rep (int); #define NBD_REP_ACK 1 #define NBD_REP_SERVER 2 #define NBD_REP_INFO 3 @@ -110,6 +114,7 @@ struct fixed_new_option_reply { #define NBD_REP_ERR_PLATFORM 0x80000004 #define NBD_REP_ERR_TLS_REQD 0x80000005 +extern const char *name_of_nbd_info (int); #define NBD_INFO_EXPORT 0 /* NBD_INFO_EXPORT reply (follows fixed_new_option_reply). */ @@ -148,6 +153,8 @@ struct reply { #define NBD_REQUEST_MAGIC 0x25609513 #define NBD_REPLY_MAGIC 0x67446698 +/* NBD commands. */ +extern const...

...efine NBD_OPT_GO 7 #define NBD_REP_ACK 1 #define NBD_REP_SERVER 2 +#define NBD_REP_INFO 3 #define NBD_REP_ERR_UNSUP 0x80000001 #define NBD_REP_ERR_POLICY 0x80000002 #define NBD_REP_ERR_INVALID 0x80000003 #define NBD_REP_ERR_PLATFORM 0x80000004 #define NBD_REP_ERR_TLS_REQD 0x80000005 +#define NBD_INFO_EXPORT 0 + +/* NBD_INFO_EXPORT reply (follows fixed_new_option_reply). */ +struct fixed_new_option_reply_info_export { + uint16_t info; /* NBD_INFO_EXPORT */ + uint64_t exportsize; /* size of export */ + uint16_t eflags; /*...

..._IS_ERR(val) (!!((val) & 0x80000000)) -extern const char *name_of_nbd_rep (int); #define NBD_REP_ACK 1 #define NBD_REP_SERVER 2 #define NBD_REP_INFO 3 @@ -124,7 +120,6 @@ extern const char *name_of_nbd_rep (int); #define NBD_REP_ERR_PLATFORM NBD_REP_ERR (4) #define NBD_REP_ERR_TLS_REQD NBD_REP_ERR (5) -extern const char *name_of_nbd_info (int); #define NBD_INFO_EXPORT 0 /* NBD_INFO_EXPORT reply (follows fixed_new_option_reply). */ @@ -197,14 +192,12 @@ struct structured_reply_error { #define NBD_STRUCTURED_REPLY_MAGIC 0x668e33ef /* Structured reply flags. */ -exte...

We should have only one NBD protocol file. Let's make nbdkit's version the canonical one, and use it in libnbd. Rich.

This is only lightly tested (against just qemu NBD client), and the code might be structured a little better as the _negotiate_handshake_newstyle_options function has now grown to be huge. Anyway works for me. Rich.

There's no substantial difference over v1, I simply fixed a few whitespace issues, moved one struct around and tidied up the comments. Rich.

I'm hoping to implement .extents for the nbd plugin; this is a prerequisite. I'm not sure about patch 3 - if we like it, I'll squash it to 2, if we don't, I think we are okay just dropping it. I'm also wondering if we have to worry about malicious plugins that don't populate the entire .pread buffer in an effort to get nbdkit to expose portions of the heap; my patch 7 loses

With some crufty sed scripts we can generate functions that map from NBD protocol flags (eg. NBD_CMD_READ) to strings ("NBD_CMD_READ"). This works on GNU sed and with FreeBSD, also with GNU sed's --posix option, so I guess the sed code is POSIX-compatible. Rich.

...RCEDTLS mode the only options allowed - * before TLS negotiation are NBD_OPT_ABORT and NBD_OPT_STARTTLS. - */ - if (tls == 2 && !conn->using_tls && - !(option == NBD_OPT_ABORT || option == NBD_OPT_STARTTLS)) { - if (send_newstyle_option_reply (conn, option, NBD_REP_ERR_TLS_REQD)) - return -1; - continue; - } - - switch (option) { - case NBD_OPT_EXPORT_NAME: - if (conn_recv_full (conn, data, optlen, - "read: %s: %m", name_of_nbd_opt (option)) == -1) - return -1; - /* Apart from printing it, ignore the...

These are a couple of patches in preparation for the Block Status implementation. While the patches (especially the second one) are very large they are really just elementary code motion. Rich.

...s the client to + utilize extended headers. While this may make it easier to + implement a server with fewer considerations for backwards + compatibility, it limits connections to only recent clients. Additionally, if TLS has not been initiated, the server MAY reply with `NBD_REP_ERR_TLS_REQD` (instead of `NBD_REP_ERR_UNKNOWN`) to @@ -1350,6 +1451,9 @@ of the newstyle negotiation. server MUST use structured replies to the `NBD_CMD_READ` transmission request. Other extensions that require structured replies may now be negotiated. + - `NBD_REP_ERR_EXT_HEADER_REQD`...

...continue; } @@ -312,31 +313,30 @@ negotiate_handshake_newstyle_options (struct connection *conn) */ if (tls == 2 && !conn->using_tls && !(option == NBD_OPT_ABORT || option == NBD_OPT_STARTTLS)) { - if (send_newstyle_option_reply (conn, option, NBD_REP_ERR_TLS_REQD)) + if (send_newstyle_option_reply (option, NBD_REP_ERR_TLS_REQD)) return -1; continue; } switch (option) { case NBD_OPT_EXPORT_NAME: - if (conn_recv_full (conn, data, optlen, + if (conn_recv_full (data, optlen, "read:...

v1 was here: https://www.redhat.com/archives/libguestfs/2020-February/msg00081.html v2 replaces struct connection *conn = GET_CONN; with GET_CONN; which sets conn implicitly and asserts that it is non-NULL. If we actually want to test if conn is non-NULL or behave differently, then you must use threadlocal_get_conn() instead, and some existing uses do that. Rich.

The third patch is a large but mechanical change which gets rid of passing around struct connection * entirely within the server, preferring instead to reference the connection through thread-local storage. I hope this is a gateway to simplifying other parts of the code. Rich.

v2 was here: https://lists.debian.org/nbd/2022/11/msg00030.html The bulk of the changes since then are: - forbid NBD_OPT_EXPORT_NAME once extended headers are negotiated (Wouter) - consistently use 'maximum payload', rather than a haphazard mix of 'maximum block payload' (Vladimir) At this point, I want to make sure we are happy with the spec before re-posting patches for