search for: nbds

...50 shot of fallocate() working correctly. I'm checking the return code of fallocate(), and my chunks_pwrite() returns -1 if it fails. No problems there. When I run mkfs.ext2 /dev/nbd0 on the client, I see this on the nbd-server: nbdkit: chunks[1]: error: Unable to fallocate '/home/cell/nbds/default/chunks/00000000000000030723' nbdkit: chunks[1]: error: Unable to fallocate '/home/cell/nbds/default/chunks/00000000000000030724' nbdkit: chunks[1]: error: Unable to fallocate '/home/cell/nbds/default/chunks/00000000000000030725' nbdkit: chunks[1]: error: Unable to falloc...

...; > I'm checking the return code of fallocate(), and my chunks_pwrite() > returns -1 if it fails. No problems there. > > When I run mkfs.ext2 /dev/nbd0 on the client, I see this on the nbd-server: > > > nbdkit: chunks[1]: error: Unable to fallocate > '/home/cell/nbds/default/chunks/00000000000000030723' > nbdkit: chunks[1]: error: Unable to fallocate > '/home/cell/nbds/default/chunks/00000000000000030724' > nbdkit: chunks[1]: error: Unable to fallocate > '/home/cell/nbds/default/chunks/00000000000000030725' > nbdkit: chunks[1]...

...; +Set which TLS settings are allowed to appear in NBD URIs. The > +default is to allow either non-TLS or TLS URIs. > + > +The C<tls> parameter can be: > + > +=over 4 > + > +=item C<LIBNBD_TLS_DISABLE> > + > +TLS URIs are not permitted, ie. a URI such as C<nbds://...> > +will be rejected. > + > +=item C<LIBNBD_TLS_ALLOW> > + > +This is the default. TLS may be used or not, depending on > +whether the URI uses C<nbds> or C<nbd>. > + > +=item C<LIBNBD_TLS_REQUIRE> > + > +TLS URIs are required. All UR...

Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now any libnbd program which takes URIs from less trusted sources will open a local file under the user's control. So it's time to restrict what can appear in URIs. I've added three...

This patch is a straightforward refactoring of libnbd?s nbdcopy program, and not very interesting. However I have plans for nbdcopy (see full todo below). I would like to use this utility for virt-v2v as a replacement for ?qemu-img convert?. qemu-img has caused us a series of problems: - change in zeroing behaviour caused a big performance regression - qemu-img reads extents up-front which

...gt; + set_error (EPERM, "TLS encrypted URIs are not allowed"); > + goto cleanup; > + } > + if (!tls && (allow & LIBNBD_CONNECT_URI_REQUIRE_TLS)) { > + set_error (EPERM, "URI must specify an encrypted connection " > + "(use nbds: or nbds+unix:)"); > + goto cleanup; > + } > + Are there any other flags we might want to support, such as permitting or forbidding an authority section that specifies a username? > /* Insist on the scheme://[authority][/absname][?queries] form. */ > if (strncmp (raw...

...nce then, I've incorporated changes based on Rich's feedback: swap order of patches 2 and 3 less change in patch 1 (including no unsafe eval(%s) for --uri) in patch 2, include -c in list of snippets to store, and use dict of lambdas to map back to the desired action Eric Blake (3): nbdsh: Refactor handling of -c nbdsh: Allow -u interleaved with -c nbdsh: Improve --help and initial banner contents. python/nbdsh.py | 142 +++++++++++++++++++++++++++------------------ sh/test-context.sh | 26 ++++----- sh/test-error.sh | 37 +++++++----- 3 files changed, 119 insertions(+...

..., "TLS encrypted URIs are not allowed"); > > + goto cleanup; > > + } > > + if (!tls && (allow & LIBNBD_CONNECT_URI_REQUIRE_TLS)) { > > + set_error (EPERM, "URI must specify an encrypted connection " > > + "(use nbds: or nbds+unix:)"); > > + goto cleanup; > > + } > > + > > Are there any other flags we might want to support, such as permitting > or forbidding an authority section that specifies a username? Yes this was just an initial set of ideas for flags. I also thought...

...ngs in NBD URIs"; + longdesc = "\ +Set which TLS settings are allowed to appear in NBD URIs. The +default is to allow either non-TLS or TLS URIs. + +The C<tls> parameter can be: + +=over 4 + +=item C<LIBNBD_TLS_DISABLE> + +TLS URIs are not permitted, ie. a URI such as C<nbds://...> +will be rejected. + +=item C<LIBNBD_TLS_ALLOW> + +This is the default. TLS may be used or not, depending on +whether the URI uses C<nbds> or C<nbd>. + +=item C<LIBNBD_TLS_REQUIRE> + +TLS URIs are required. All URIs must use C<nbs>. + +=back"; + see...

...BD_CONNECT_URI_ALLOW_TLS)) { + set_error (EPERM, "TLS encrypted URIs are not allowed"); + goto cleanup; + } + if (!tls && (allow & LIBNBD_CONNECT_URI_REQUIRE_TLS)) { + set_error (EPERM, "URI must specify an encrypted connection " + "(use nbds: or nbds+unix:)"); + goto cleanup; + } + /* Insist on the scheme://[authority][/absname][?queries] form. */ if (strncmp (raw_uri + strlen (uri->scheme), "://", 3)) { set_error (EINVAL, "URI must begin with '%s://'", uri->scheme); diff --git a/te...

Hi all I tried to run bonnie++ disk stresser in dom-U, who''s disk is backed with non-local (on nfs) loop-back file. The machine rebooted pretty quickly. So, how do I tell what''s barfing? Is it Xen? Is it dom-0 (nfs or loop-back)? I looked in dom-0''s /var/log/messages and didn''t see any obvious record of a dom-0 whoopsie (but is that the right place to look

...DNS servers to use. Up to three may be specified #nameserver1 = 208.23.14.2 #nameserver2 = 63.93.12.3 #nameserver3 = 208.23.14.4 [netbios] # This section applies only to Windows. # Timeout for NBNS queries. nbnsTimeout = 2 # Number of retries for each NBNS query. nbnsRetries = 3 # Timeout for NBDS queries. nbdsTimeout = 3 [incomingtcp] # Use these with care - anyone can enter into your virtual machine through these... # FTP (both active and passive FTP is always enabled) # ftp localhost 8887 #8887 = 192.168.27.128:21 # WEB (make sure that if you are using named webhosting, names poin...

This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized

...S handshake, but will continue running unencrypted if the server does not support -encryption. If set to C<require> or if the C<uri> parameter is used +encryption. If set to C<require> or if the C<uri> parameter is used with a scheme that requires encryption (such as C<nbds://host>), then this requires an encrypted connection to the server. -The B<tls> parameter is only available when the plugin was compiled +The C<tls> parameter is only available when the plugin was compiled against libnbd with TLS support; C<nbdkit --dump-plugin nbd> will c...

...S handshake, but will continue running unencrypted if the server does not support -encryption. If set to C<require> or if the C<uri> parameter is used +encryption. If set to C<require> or if the C<uri> parameter is used with a scheme that requires encryption (such as C<nbds://host>), then this requires an encrypted connection to the server. -The B<tls> parameter is only available when the plugin was compiled +The C<tls> parameter is only available when the plugin was compiled against libnbd with TLS support; C<nbdkit --dump-plugin nbd> will c...

The first four patches are fairly routine clean up and can be reviewed/applied on their own. The fifth patch is problematic as described below. At the moment if you want to proxy through to qemu-nbd (eg. for handling qcow2 files) it's rather complicated and you end up having to manage the sockets and clean up yourself. However the library we use for the proxying supports a perfectly good

I fixed the deadlock - turned out to be an actual bug in the nbd plugin (see patch 8). I changed the command syntax so it's now: nbdkit nbd command=qemu arg=-f arg=qcow2 arg=/path/to/disk.qcow2 Nir wrote: 18:08 < nsoffer> rwmjones: regarding the nbd proxy patches, did you have specific flow that help us? 18:08 < nsoffer> rwmjones: or this is just a way to support qcow2 in the