[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 09/13] nbd: pick first exported volume if no

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH v3 09/13] nbd: pick first exported volume if no export name is requested
Date: Thu, 21 Jan 2016 11:30:35 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

On 19/01/2016 17:44, Daniel P. Berrange wrote:
>> > As a first reaction, I would really avoid magic unless the server
>> > provides a single exports.  But even in that case, I would prefer to
>> > have some synchronization between the server and client command-line.
>> > 
>> > Is an empty NBD_OPT_EXPORT_NAME valid?  What about using new-style
>> > negotiation with empty NBD_OPT_EXPORT_NAME if TLS is requested?
> The main goal here is to ensure the NBD client gets a decent error
> message if it tries to connect without TLS. Even if we are using
> the fixed new style protocol, the client code will send
> NBD_OPT_EXPORT_NAME as the first thing it does. Thanks to a bit of
> crazyness is the NBD protocol spec, the server is unable to reply
> with an error message to NBD_OPT_EXPORT_NAME.
> So if the client connected to a server reqiuring TLS and does not
> request TLS enablement, the server will have no choice but to just
> close the connection with no error. I think this will be pretty
> nasty for users trying to debug problems with TLS.

That's fine.  I'm just not sold on using the first answer from
NBD_OPT_LIST as the argument to the subsequent NBD_OPT_EXPORT_NAME.

In other words, I would prefer to do the following for no export name:

1) server, no TLS: accept either old-style negotiation or new-style
negotation with an empty ("") export name; NBD_OPT_LIST returns a single
export name, "".

2) server, TLS: accept only new-style negotiation with an empty ("")
export name; NBD_OPT_LIST returns a single export name, "".

3) client, no TLS: use old-style negotiation; if the server rejects
old-style negotiation, mention the possibility that the server requires TLS

4) client, TLS: use new-style negotiation with an empty ("") export name.

The only interesting case for named exports is client, no TLS.  Then you
can just send a dummy NBD_OPT_LIST unconditionally, and use the result
to provide a good error message if the server requires TLS.  If it makes
the code simpler to use NBD_OPT_LIST always, even if the client supports
TLS (making the sequence NBD_OPT_STARTTLS, NBD_OPT_LIST,
NBD_OPT_EXPOR_NAME), then that's fine too.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]