search for: oldstyle

...by Red Hat's security team which may result in a CVE being published later. Description ----------- Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is documented to let a client refuse to connect to a server that is not using TLS encryption. However, if the server uses the oldstyle protocol, a flaw in libnbd meant that the client would proceed with an unencrypted connection without warning. An attacker, perhaps acting as a man-in-the-middle, can proceed to offer the oldstyle protocol rather than the newstyle protocol in an effort to coerce the client to send plaintext data o...

nbdkit <= 1.1.28 defaulted to the oldstyle protocol for compatibility with qemu and libguestfs. However qemu >= 2.6 can now work with either protocol and is widely installed. Also newstyle is required for newer features such as export names and TLS. In addition nbd-client dropped support for oldstyle entirely. You can select the olds...

This commit adds a new API which can be used from the connected to state to read back which NBD protocol (eg. oldstyle, newstyle-fixed) we are using. It was helpful to add a new state in newstyle negotiation (%NEWSTYLE.FINISHED) so we can route all successful option negotiations through a single path before moving to the %READY state, allowing us to set h->protocol in one place. --- generator/generator...

...s: Rich Jones --- Rich noticed this while reviewing the patch for today's CVE fix. It's not a show-stopper if this doesn't get included in today's releases. generator/states-newstyle-opt-starttls.c | 8 ++++---- generator/states-newstyle.c | 4 ++-- generator/states-oldstyle.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/generator/states-newstyle-opt-starttls.c b/generator/states-newstyle-opt-starttls.c index 0a18db0..b050ce0 100644 --- a/generator/states-newstyle-opt-starttls.c +++ b/generator/states-newstyle-opt-starttls.c @...

Similar to nbd_get_tls_negotiated, for observing what we actually settled on with the server, rather than what was requested. --- generator/generator | 30 +++++++++++++++++++++++++----- lib/handle.c | 6 ++++++ tests/meta-base-allocation.c | 15 +++++++++++++++ tests/oldstyle.c | 7 ++++++- 4 files changed, 52 insertions(+), 6 deletions(-) diff --git a/generator/generator b/generator/generator index 5f538b2..3b63665 100755 --- a/generator/generator +++ b/generator/generator @@ -1312,6 +1312,7 @@ rather than find a way to alter the server to fail the negoti...

When LIBNBD_TLS_ALLOW is used we don't have a way to find out if TLS was really negotiated. This adds a flag and a way to read it back. Unfortunately there is no test yet, because LIBNBD_TLS_ALLOW is not tested -- it really should be but requires quite a complicated set of tests because ideally we'd like to find out whether it falls back correctly for all supported servers. --- TODO

I''m installing a new server, and I want know waht is better: - Install xen from source from xen.org version 3.4.2 ? - Install xen fron apt-get from debian package 3.2.1 ? The server has Debian Lenny. What is correct on production server ? -- Martin _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Hi, anyone got a clue how i can enable the old style config files from xen 3.x in xen 4? Thanks! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

...END_TRIM; + flags |= NBD_FLAG_SEND_TRIM; conn->can_trim = 1; } @@ -208,19 +207,17 @@ if (fl == -1) return -1; if (fl) { - eflags |= NBD_FLAG_SEND_MARKNOREMANENCE; + flags |= NBD_FLAG_SEND_MARKNOREMANENCE; conn->can_marknoremanence = 1; } - debug ("oldstyle negotiation: flags: global 0x%x export 0x%x", - gflags, eflags); + debug ("oldstyle negotiation: server flags: 0x%x", flags); memset (&handshake, 0, sizeof handshake); memcpy (handshake.nbdmagic, "NBDMAGIC", 8); handshake.version = htobe64 (OLD_VERSI...

If a plugin's .open or .get_size or .can_write fails, right now that is fatal to the connection. When nbdkit was first implemented, this made sense (there was no way to report errors to oldstyle or NBD_OPT_EXPORT_NAME). But now that newstyle is around, it's rather abrupt to hang up on the client, and better is to return an error to NBD_OPT_GO, and let the client choose what to do (most clients will probably hang up, whether gracefully with NBD_OPT_ABORT or abruptly, rather than try ot...

...to do this, suggest a better alternative, or point me to another package that does something similar? Current attempt is something like the following: setHook(packageEvent("somepkg", "attach"), function(...) { cat("* Register", sQuote("oldstyle"), "as S3 class", "\n") setOldClass(c("oldstyle", "data.frame"), where = asNamespace("mypkg")) }) ----------------- > require(mypkg) Loading required package: mypkg ... &g...

Hi, On 26.09.2016 09:53, Wouter Verhelst wrote: > On Mon, Sep 26, 2016 at 03:22:52AM +0200, Carl-Daniel Hailfinger wrote: >> Running nbd-tester-client against nbdkit with oldstyle negotiation was fun. >> I managed to segfault nbdkit Side note: I'm going to try and get a backtrace from the nbdkit segfault and submit a bug report there. >> and noticed that nbd-tester-client speaks >> the oldstyle protocol incorrectly, ignoring flags sent by the server....

Simple refactoring. --- generator/states-newstyle-opt-export-name.c | 12 +++++------ generator/states-newstyle-opt-go.c | 13 ++++++------ generator/states-oldstyle.c | 10 +++------- lib/flags.c | 22 +++++++++++++++++++++ lib/internal.h | 5 +++++ 5 files changed, 42 insertions(+), 20 deletions(-) diff --git a/generator/states-newstyle-opt-export-name.c b/generator/states-newstyle...

...ons(-) diff --git a/docs/nbdkit-protocol.pod b/docs/nbdkit-protocol.pod index 3ae89063..272f4e5b 100644 --- a/docs/nbdkit-protocol.pod +++ b/docs/nbdkit-protocol.pod @@ -4,8 +4,8 @@ nbdkit - which parts of the NBD protocol nbdkit supports =head1 SYNOPSIS - nbdkit [-n|--newstyle] [--no-sr] [-o|--oldstyle] [-e|--exportname EXPORTNAME] - [...] + nbdkit [-n|--newstyle] [--mask-handshake MASK] [--no-sr] [-o|--oldstyle] + [-e|--exportname EXPORTNAME] [...] =head1 DESCRIPTION @@ -24,15 +24,30 @@ newstyle protocol is better in every respect than the oldstyle protocol and you should prefe...

...b/internal.h | 1 + lib/nbd-protocol.h | 5 +- generator/generator | 72 ++++++++++++++++++++- generator/states-newstyle-opt-export-name.c | 2 +- generator/states-newstyle.c | 14 ++-- generator/states-oldstyle.c | 5 ++ lib/handle.c | 18 ++++++ 7 files changed, 107 insertions(+), 10 deletions(-) diff --git a/lib/internal.h b/lib/internal.h index ccaca32..998ca3d 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -157,6 +157,7 @@ struct nbd_handle {...

More nbd-protocol.h improvements Eric Blake (2): common/protocol: Switch nbdmagic to uint64_t common/protocol: Declare additional constants common/protocol/nbd-protocol.h | 16 ++++++++++------ server/protocol-handshake-newstyle.c | 2 +- server/protocol-handshake-oldstyle.c | 2 +- plugins/nbd/nbd-standalone.c | 2 +- tests/test-layers.c | 2 +- 5 files changed, 14 insertions(+), 10 deletions(-) -- 2.21.0

...nts> parameter diff --git a/docs/nbdkit-protocol.pod b/docs/nbdkit-protocol.pod index ad470bd4..35db07b3 100644 --- a/docs/nbdkit-protocol.pod +++ b/docs/nbdkit-protocol.pod @@ -4,7 +4,7 @@ nbdkit - which parts of the NBD protocol nbdkit supports =head1 SYNOPSIS - nbdkit [-n|--newstyle] [-o|--oldstyle] [-e|--exportname EXPORTNAME] + nbdkit [-n|--newstyle] [--no-sr] [-o|--oldstyle] [-e|--exportname EXPORTNAME] [...] =head1 DESCRIPTION @@ -21,11 +21,17 @@ be negotiated from the server side. nbdkit defaults to the newstyle protocol since nbdkit E<ge> 1.3. The newstyle protocol...

..., or aio_is_dead). > > Is there a case where you might want to influence TLS negotiation? I > can't think of one right now. Something about supplying a client > password from the command line maybe. > > Should setting the opt flag cause a failure if we connect to an > oldstyle server? (I can see arguments both ways.) > > The updated list-exports example certainly shows the advantage of the > new API. > > More comments inline below ... > > On Mon, Aug 10, 2020 at 09:09:11PM -0500, Eric Blake wrote: >> diff --git a/generator/states-magic.c b/...

CentOS 6 has libguestfs-devel 1.20.11, which predates the support in guestfs_add_drive_opts() for requesting an nbd drive instead of a local file (annoyingly, guestfs documentation merely states the function was available since 0.3, without saying which later releases added new options); causing a compilation failure during 'make check'. Maybe the guestfs plugin should still be built,

...am | 10 +++++----- common/protocol/{protocol.h => nbd-protocol.h} | 6 +++--- common/protocol/protostrings.sed | 6 +++--- plugins/nbd/nbd-standalone.c | 2 +- server/protocol-handshake-newstyle.c | 2 +- server/protocol-handshake-oldstyle.c | 2 +- server/protocol-handshake.c | 2 +- server/protocol.c | 2 +- tests/test-layers.c | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/common/protocol/Makefile.am b/common/protocol...