On Fri, Mar 27, 2020 at 11:19:36AM -0500, Eric Blake wrote: > Although the remote end should always be tolerant of a socket being > arbitrarily closed, there are situations where it is a lot easier if > the remote end can be guaranteed to read EOF even before the socket > has closed. In particular, when using gnutls, if we fail to inform > the remote end about an impending teardown, the remote end cannot > distinguish between our closing the socket as intended vs. a malicious > intermediary interrupting things, and may result in spurious error > messages.
Does this actually matter in the NBD case ? It has an explicit NBD command for requesting shutdown, and once that's processed, it is fine to just close the socket abruptly - I don't see a benefit to a TLS shutdown sequence on top. AFAIK, the TLS level clean shutdown is only required if the application protocol does not have any way to determine an unexpected shutdown itself. This is relevant for HTTP where the connection data stream may not have a well defined end condition. In the NBD case though, we have an explicit NBD_CMD_DISC to trigger the disconnect. After processing that message, an EOF is acceptable regardless of whether , before processing that message, any EOF is a unexpected. > Or, we can end up with a deadlock where both ends are stuck > on a read() from the other end but neither gets an EOF. If the socket has been closed abruptly why would it get stuck in read() - it should see EOF surely ? > Thus, after > any time a client sends NBD_OPT_ABORT or NBD_CMD_DISC, or a server has > finished replying (where appropriate) to such a request, it is worth > informing the channel that we will not be transmitting anything else. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|