[Nbd] Get Instant e Approval on Car Loan

If you are dreaming for a New Car? We are here to to take care of it Get Instant e-Approval from Top Banks: Apply Now

[Nbd] Get your Dream Home Now !

Yes!! It’s True, Now Get Home Loan e-Approval Instantly *Minimum Paper Work Required Apply Online Now

[Nbd] [PATCH v2] doc: Add new NBD_REP_INFO reply, for advertising block size

Existing NBD servers often have limitations, such as requiring actions to be aligned to block sizes or limiting maximum transactions to avoid denial of service attacks; for example, qemu's NBD server refuses any transaction larger than 32M. But to date, clients have to learn these limitations via

Re: [Nbd] [PATCH] Docs: improve description of disconnection methods

On 04/12/2016 01:31 PM, Alex Bligh wrote: > Improve the documentation as per the mailing list discussion. > Here's what we deciced (broadly). s/deciced/decided/ > > * One side MAY drop the connection if the other end violates a > MUST condition. > > * The server MUST drop the connection in

[Nbd] [PATCH] Docs: improve description of disconnection methods

Improve the documentation as per the mailing list discussion. Here's what we deciced (broadly). * One side MAY drop the connection if the other end violates a MUST condition. * The server MUST drop the connection in the 'no way out' situations during the negotiation phase (error on

[Nbd] [PATCHv7] docs/proto.md: Clarify SHOULD / MUST / MAY etc

These are changes which possibly have semantic effect * Clarify that SHOULD / MUST / MAY etc. when in capitals have an RFC 2119 meaning using the wording within that RFC. * Fix some lowercase use of these words which actually were meant to be uppercase. * Fix some lowercase 'should' which

[Nbd] [PATCH] Two nits on STARTTLS documentation

These two nits from Eric Blake got missed as Wouter merged v9 when I was doing v10. Signed-off-by: Alex Bligh --- doc/proto.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/proto.md b/doc/proto.md index 255fd11..05fef3c 100644 --- a/doc/proto.md

[Nbd] [PATCHv10] Improve documentation for TLS

* Call out TLS into a separate section * Add details of the TLS protocol itself * Emphasise that actual TLS session initiation (i.e. the TLS handshake) can be initiated from either side (as required by the TLS standard I believe and as actually works in practice) * Clarify what is a

[Nbd] [PATCHv4 6/6] Add TLS support to NBD client

Signed-off-by: Alex Bligh --- nbd-client.c | 119 +-- 1 file changed, 116 insertions(+), 3 deletions(-) diff --git a/nbd-client.c b/nbd-client.c index ff79a27..74ba7d9 100644 --- a/nbd-client.c +++ b/nbd-client.c @@ -47,6

[Nbd] [PATCHv4 1/6] Add GnuTLS infrastructure

Add configure.ac section to detect GnuTLS Add buffer.[ch] and crypto-gnutls.[ch] from https://github.com/abligh/tlsproxy Add Makefile.am changes to link these new files in Signed-off-by: Alex Bligh --- Makefile.am | 5 + buffer.c | 225

[Nbd] [PATCHv4 3/6] Add TLS support to server

Known problems / potential issues: * It now passes a pointer to genconf around so handle_starttls can get at the certificates. This is a pity. * It forks() the TLS proxy child using spawn_child. If we use fork() we get complaints about unknown children on SIGCHILD. If we use this method,

Re: [Nbd] [RFC PATCH] doc: Add new NBD_FLAG_BLOCK_SIZE extension

On 12 Apr 2016, at 15:22, Eric Blake wrote: > In other words, you're proposing that we limit the advertisement of > block size ONLY via NBD_CMD_INFO/GO, so that gives people a reason to > upgrade. I can buy that, if Wouter likes it. Yes > I think it's probably time to

Re: [Nbd] [PATCHv2 6/6] Add TLS testing to nbd-tester-client.c

On 12 Apr 2016, at 15:15, Wouter Verhelst wrote: > On Mon, Apr 11, 2016 at 06:15:39PM +0100, Alex Bligh wrote: >> This commit adds TLS testing to nbd-tester-client and 'make check'. >> If TLS is not compiled in, then the test is skipped. > > Alternatively, it could check that

Re: [Nbd] [PATCHv2 5/6] Add TLS support to server

On Tue, Apr 12, 2016 at 03:15:27PM +0100, Alex Bligh wrote: > Wouter, > > On 12 Apr 2016, at 15:04, Wouter Verhelst wrote: > > > On Mon, Apr 11, 2016 at 06:15:38PM +0100, Alex Bligh wrote: > > [...] > >> +#ifdef WITH_GNUTLS > > [...] > >> +#else > >> + > >> + send_reply(opt,

Re: [Nbd] NBD_CMD_DISC

On 04/12/2016 03:48 AM, Daniel P. Berrange wrote: > gnutls_bye should return GNUTLS_E_AGAIN on blocking and > require that you call it again. > > QEMU should absolutely ensure all pending buffers are flushed > before it drops the connection, but I'm not sure it is needed > to actually call

Re: [Nbd] [RFC PATCH] doc: Add new NBD_FLAG_BLOCK_SIZE extension

On 04/12/2016 04:34 AM, Alex Bligh wrote: > > On 12 Apr 2016, at 05:04, Eric Blake wrote: > >> Existing NBD servers often have limitations, such as requiring >> actions to be aligned to block sizes or limiting maximum >> transactions to avoid denial of service attacks; for

Re: [Nbd] [PATCHv2 5/6] Add TLS support to server

Wouter, On 12 Apr 2016, at 15:04, Wouter Verhelst wrote: > On Mon, Apr 11, 2016 at 06:15:38PM +0100, Alex Bligh wrote: > [...] >> +#ifdef WITH_GNUTLS > [...] >> +#else >> + >> +send_reply(opt, *net, NBD_REP_ERR_UNSUP, 0, NULL); > > NBD_REP_ERR_POLICY (or NBD_REP_ERR_PLATFORM,

Re: [Nbd] [PATCHv2 6/6] Add TLS testing to nbd-tester-client.c

On Mon, Apr 11, 2016 at 06:15:39PM +0100, Alex Bligh wrote: > This commit adds TLS testing to nbd-tester-client and 'make check'. > If TLS is not compiled in, then the test is skipped. Alternatively, it could check that nbd-server produces an error in that case. > Signed-off-by: Alex Bligh

[Nbd] [PATCHv3 4/6] Add TLS testing to nbd-tester-client.c

This commit adds TLS testing to nbd-tester-client and 'make check'. If TLS is not compiled in, then the test is skipped. Signed-off-by: Alex Bligh --- nbd.h | 2 + tests/run/Makefile.am | 11 ++- tests/run/certs/ca-cert.pem | 20

Re: [Nbd] [PATCHv2 5/6] Add TLS support to server

On Mon, Apr 11, 2016 at 06:15:38PM +0100, Alex Bligh wrote: [...] > +#ifdef WITH_GNUTLS [...] > +#else > + > + send_reply(opt, *net, NBD_REP_ERR_UNSUP, 0, NULL); NBD_REP_ERR_POLICY (or NBD_REP_ERR_PLATFORM, perhaps). You should think of NBD_REP_ERR_INVALID as 4xx errors (i.e., "you're doing

[Nbd] [PATCHv3 5/6] Add options to nbd-client for TLS support

Signed-off-by: Alex Bligh --- nbd-client.c | 60 +--- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/nbd-client.c b/nbd-client.c index d9cdb19..ff79a27 100644 --- a/nbd-client.c +++ b/nbd-client.c @@ -344,7

[Nbd] [PATCHv3 3/6] Add TLS support to server

Known problems / potential issues: * It now passes a pointer to genconf around so handle_starttls can get at the certificates. This is a pity. * It forks() the TLS proxy child using spawn_child. If we use fork() we get complaints about unknown children on SIGCHILD. If we use this method,

[Nbd] [PATCHv3 0/6] Introduce TLS support on nbdserver & nbdclient

This is an RFC patch to introduce TLS support on nbdserver & nbdclient. This is *NOT* production ready by any means, and is submitted for comment. I have added crypto-gnutls.[ch] from: github.com/abligh/tlsproxy which is my attempt at an MIT licenced GnuTLS proxy. The proxy element is

[Nbd] [PATCHv3 2/6] Add options for TLS support for server

Signed-off-by: Alex Bligh --- man/nbd-server.5.in.sgml | 65 nbd-server.c | 8 ++ nbdsrv.h | 1 + 3 files changed, 74 insertions(+) diff --git a/man/nbd-server.5.in.sgml

[Nbd] [PATCHv9] Improve documentation for TLS

* Call out TLS into a separate section * Add details of the TLS protocol itself * Emphasise that actual TLS session initiation (i.e. the TLS handshake) can be initiated from either side (as required by the TLS standard I believe and as actually works in practice) * Clarify what is a

Re: [Nbd] [PATCHv2 3/6] Add GnuTLS infrastructure

Alex, On Mon, Apr 11, 2016 at 06:15:36PM +0100, Alex Bligh wrote: > diff --git a/Makefile.am b/Makefile.am > index 304db6d..554860e 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -1,3 +1,10 @@ > +if GNUTLS > +TLSSRC = crypto-gnutls.c crypto-gnutls.h buffer.c buffer.h > +TLSEXTRA = > +else >

Re: [Nbd] NBD_CMD_DISC

On 12 Apr 2016, at 11:34, Daniel P. Berrange wrote: > On Tue, Apr 12, 2016 at 10:48:20AM +0100, Daniel P. Berrange wrote: >> On Sun, Apr 10, 2016 at 10:49:00AM +0100, Alex Bligh wrote: >>> (Daniel: if you want to replicate the issue, just run qemu-img info >>> against my

Re: [Nbd] NBD_CMD_DISC

On Tue, Apr 12, 2016 at 10:48:20AM +0100, Daniel P. Berrange wrote: > On Sun, Apr 10, 2016 at 10:49:00AM +0100, Alex Bligh wrote: > > (Daniel: if you want to replicate the issue, just run qemu-img info > > against my gonbdserver with TLS. Every fifth NBD_CMD_DISC doesn't > > get through before the

Re: [Nbd] [PATCH v2] doc: In STRUCTURED_REPLY, make error types easy to recognize

On 11 Apr 2016, at 22:29, Eric Blake wrote: > We may add future structured error replies; making it easy > for older clients to properly treat such new reply types as > an error gives us a bit more flexibility on introducing new > errors to existing commands. Of course, good

Re: [Nbd] [PATCHv8] Improve documentation for TLS

Wouter, On 12 Apr 2016, at 10:20, Wouter Verhelst wrote: > To summarize, there are three ways for the connection to end: > > - The client wishes to end the session, and sends the appropriate > termination message (OPT_ABORT or CMD_DISC). This is a normal > disconnect. > -

[Nbd] Get protection for your car at a price you can afford.

Re: [Nbd] [PATCHv8] Improve documentation for TLS

On Tue, Apr 12, 2016 at 08:47:49AM +0100, Alex Bligh wrote: > > On 12 Apr 2016, at 07:01, Wouter Verhelst wrote: > > > hat doesn't mean OPT_ABORT not having a reply is necessarily a good > > idea. Since it's only used by reference nbd-client in just one use case > > at this point,

Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver

On Mon, Apr 11, 2016 at 11:47:00PM +0100, Alex Bligh wrote: > Wouter, > > >> just found ANOTHER reason for that - see below for the bad news. > >> > >> I think I'd quite like to get this in as is and get the refactoring > >> done later (given SSL is in the standard now :-) ) > > > > Sure. Like

Re: [Nbd] [PATCHv8] Improve documentation for TLS

On 12 Apr 2016, at 07:01, Wouter Verhelst wrote: > hat doesn't mean OPT_ABORT not having a reply is necessarily a good > idea. Since it's only used by reference nbd-client in just one use case > at this point, I don't think it's particularly bad to change the > definition to say

Re: [Nbd] [PATCHv8] Improve documentation for TLS

On Mon, Apr 11, 2016 at 09:34:44PM +0100, Alex Bligh wrote: > Eric, > > On 11 Apr 2016, at 21:14, Eric Blake wrote: > > Current qemu NBD server implementation does NOT send a reply to > > NBD_OPT_ABORT, but immediately closes the connection. I don't know if > > that is a bug