When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 51 ++-
1 file changed, 26
u-io --object secret,id=sec0,file=mypasswd.txt \
...other args...
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 34 ++
1 file changed, 34 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index 6c0c028..969c8bf 100644
--- a/qemu-io.c
++
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 30 +++---
1 file changed, 15 insertions(+), 15
filename should be interpreted as a full option string, not
just a filename.
qemu-img info --image-opts
driver=https,url=https://127.0.0.1/images,sslverify=off
This flag is mutually exclusive with the '-f' / '-F' flags.
Signed-off-by: Daniel P. Berrange
---
qe
0.1/images,sslverify=off
qemu-io --image-opts driver=qcow2,file.filename=/home/berrange/demo.qcow2
This flag is mutually exclusive with the '-f' flag and with
the '-o' flag to the 'open' command
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 57 +
the '-f' flag.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 43 ++-
qemu-nbd.texi | 7 ++-
2 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 130c306..fd658ba 100644
--- a/qemu-nbd.c
+++ b/
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 47 ---
1 file changed, 24
u-io --object secret,id=sec0,file=mypasswd.txt \
...other args...
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 35 +++
1 file changed, 35 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index 83c48f4..969c8bf 100644
--- a/qemu-io
_foreach - variant on
user_creatable_add_opts which can be directly used
in conjunction with qemu_opts_foreach.
- user_creatable_del - takes an ID and deletes the
corresponding object
The existing code is updated to use these new methods.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P.
When defining values for long options, the normal practice is
to start numbering from 256, to avoid overlap with the range
of valid values for short options.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions
qemu-img info --object secret,id=sec0,file=mypasswd.txt \
...other info args...
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-img-cmds.hx | 44 +-
qemu-img.c | 261 +--
qemu-img.texi| 8 ++
3 files
-nbd --object secret,id=sec0,file=mypasswd.txt \
...other nbd args...
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 34 ++
qemu-nbd.texi | 6 ++
2 files changed, 40 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
source code width
- Update qemu-nbd/qemu-io to use constants for options
- Update qemu-nbd to avoid overlapping option values
Daniel P. Berrange (10):
qom: add helpers for UserCreatable object types
qemu-io: add support for --object command line arg
qemu-nbd: add support for --object co
On Fri, Feb 12, 2016 at 02:28:33PM +0100, Kashyap Chamarthy wrote:
> On Wed, Feb 10, 2016 at 06:40:58PM +0000, Daniel P. Berrange wrote:
>
> [...]
>
> I've applied all the series in this patches, to yesterday's Git master,
> so I'm here:
>
> $ git desc
k qemu-nbd, because it
fortunately only ever uses NBD_OPT_EXPORT_NAME, so was never
triggering the non-compliant server behaviour.
Signed-off-by: Daniel P. Berrange
---
nbd/server.c | 69
1 file changed, 46 insertions(+), 23 deletions(-)
di
export name ""
TLS is only supported when using an IPv4/IPv6 socket listener.
It is not possible to use with UNIX sockets, which includes
when connecting the NBD server to a host device.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd
t listener.
Signed-off-by: Daniel P. Berrange
---
blockdev-nbd.c | 122 ++--
hmp.c | 2 +-
qapi/block.json | 4 +-
qmp-commands.hx | 2 +-
4 files changed, 105 insertions(+), 25 deletions(-)
diff --git a/blockdev-nbd.c b/blockdev-n
This extends the NBD protocol handling code so that it is capable
of negotiating TLS support during the connection setup. This involves
requesting the STARTTLS protocol option before any other NBD options.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 12 +++--
blockdev-nbd.c
rios.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 4 ++--
nbd/server.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/nbd/client.c b/nbd/client.c
index be5f08d..5e47ac7 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -315,8 +315,8 @@ int nbd_receive_negotiate(QIOChan
exist on the server.
If the server does not support NBD_OPT_LIST, we just ignore
that and carry on with NBD_OPT_EXPORT_NAME as before.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 195 -
nbd/server.c | 2 +
tests/qemu
e/berrange/security/qemutls \
-drive driver=nbd,host=localhost,port=9000,tls-creds=tls0
The client will drop the connection if the NBD server does not
provide TLS.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 10 ---
block/nbd-client.h | 2 ++
block/nbd.c
w the user to set an explicit export name. When an
export name is set the server will always use the new style
NBD protocol.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 14 --
qemu-nbd.texi | 3 +++
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/qemu-nbd.
This converts the blockdev NBD server to use the QIOChannelSocket
class for initial listener socket setup and accepting of client
connections. Actual I/O is still being performed against the
socket file descriptor using the POSIX socket APIs.
Signed-off-by: Daniel P. Berrange
---
blockdev-nbd.c
If the server advertizes support for the fixed new style
negotiation, the client should in turn enable new style.
This will allow the client to negotiate further NBD
options besides the export name.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 27 +--
1 file
Now that all callers are converted to use I/O channels for
initial connection setup, it is possible to switch the core
NBD protocol handling core over to use QIOChannel APIs for
actual sockets I/O.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 19 +++
blockdev-nbd.c
if name is NULL or not as needed.
This facilitates later code which allows the client to
be capable of using the new style protocol regardless
of whether an export name is listed or not.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 60 +
-nbd --object secret,id=sec0,file=mypasswd.txt \
...other nbd args...
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 34 ++
qemu-nbd.texi | 6 ++
2 files changed, 40 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
actually done
using the raw POSIX sockets APIs.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 91 --
1 file changed, 53 insertions(+), 38 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 130c306..bc309e0 100644
--- a/qemu-nbd.c
o)
- Rename qemu-nbd --exportname to --export-name (Paolo)
- Use iov_discard_front() to simplify iov handling (Paolo)
Changed in v3:
- Rebase to resolve conflicts with recently merged NBD patches
Changed in v2:
- Fix error codes used during NBD TLS option negotiate
- Update patch with hel
I/O is still actually done
using the raw POSIX sockets APIs.
Signed-off-by: Daniel P. Berrange
---
Makefile | 6 ++---
block/nbd-client.c | 76 +-
block/nbd-client.h | 8 --
block/nbd.c| 39 ++--
_foreach - variant on
user_creatable_add_opts which can be directly used
in conjunction with qemu_opts_foreach.
- user_creatable_del - takes an ID and deletes the
corresponding object
The existing code is updated to use these new methods.
Signed-off-by: Daniel P. Berrange
---
hmp.c
On Mon, Feb 08, 2016 at 02:26:54PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Refuse to use images with the legacy AES-CBC encryption
> > format in the system emulators. They are still fully
> > supported in the qemu-img, qemu-io & qe
On Mon, Feb 08, 2016 at 02:23:40PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Now that all encryption keys must be provided upfront via
> > the QCryptoSecret API and associated block driver properties
> > there is no need for any explici
On Mon, Feb 08, 2016 at 11:12:37AM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > This converts the qcow2 driver to make use of the QCryptoBlock
> > APIs for encrypting image content. As well as continued support
> > for the legacy QCow2 e
On Mon, Feb 08, 2016 at 01:30:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Instead of requiring separate input/output buffers for
> > encrypting data, change encrypt_sectors() to assume
> > use of a single buffer, encrypting in place. O
On Mon, Feb 08, 2016 at 01:23:28PM -0700, Eric Blake wrote:
> On 02/08/2016 09:28 AM, Daniel P. Berrange wrote:
>
> >> My vote: do the same as we do for qcow2 or any other format. Make the
> >> size requested by the user as the size visible to the guest, and a
> &g
On Fri, Feb 05, 2016 at 03:20:43PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Add a block driver that is capable of supporting any full disk
> > encryption format. This utilizes the previously added block
> > encryption code, and at this t
On Fri, Feb 05, 2016 at 10:38:45AM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Provide a block encryption implementation that follows the
> > LUKS/dm-crypt specification.
> >
> > This supports all combinations of hash, cipher algori
On Fri, Feb 05, 2016 at 10:23:18AM +, Daniel P. Berrange wrote:
> On Thu, Feb 04, 2016 at 03:57:33PM -0700, Eric Blake wrote:
> > On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > > There are a number of different algorithms that can be used
> > > to generate
On Thu, Feb 04, 2016 at 05:23:32PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Add a generic framework for support different block encryption
> > formats. Upon instantiating a QCryptoBlock object, it will read
> > the encryption h
On Thu, Feb 04, 2016 at 04:26:42PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > The LUKS format specifies an anti-forensic split algorithm which
> > is used to artificially expand the size of the key material on
> > disk. This is an i
On Thu, Feb 04, 2016 at 04:26:42PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > +++ b/crypto/afsplit.c
> > @@ -0,0 +1,162 @@
> > +/*
> > + * QEMU Crypto anti forensic information splitter
> > + *
> > +
On Thu, Feb 04, 2016 at 03:57:33PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > There are a number of different algorithms that can be used
> > to generate initialization vectors for disk encryption. This
> > introduces a simple internal QCr
On Thu, Feb 04, 2016 at 03:14:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, b
On Thu, Feb 04, 2016 at 03:14:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > +int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
> > + const uint8_t *key, size_t nkey,
> > + const uint8_
On Thu, Feb 04, 2016 at 05:06:06PM +0100, Kevin Wolf wrote:
> Am 04.02.2016 um 16:47 hat Daniel P. Berrange geschrieben:
> > On Thu, Feb 04, 2016 at 04:42:06PM +0100, Kevin Wolf wrote:
> > > Am 02.02.2016 um 13:57 hat Daniel P. Berrange geschrieben:
> > > > @@
On Thu, Feb 04, 2016 at 08:59:56AM -0700, Eric Blake wrote:
> On 02/02/2016 05:57 AM, Daniel P. Berrange wrote:
> > Currently qemu-img allows an image filename to be passed on the
> > command line, but unless using the JSON format, it does not have
> > a way to set any options
On Thu, Feb 04, 2016 at 04:42:06PM +0100, Kevin Wolf wrote:
> Am 02.02.2016 um 13:57 hat Daniel P. Berrange geschrieben:
> > Currently qemu-img allows an image filename to be passed on the
> > command line, but unless using the JSON format, it does not have
> > a way to set a
On Thu, Feb 04, 2016 at 02:08:23PM +0100, Kevin Wolf wrote:
> Am 03.02.2016 um 18:06 hat Daniel P. Berrange geschrieben:
> > On Wed, Feb 03, 2016 at 05:33:16PM +0100, Max Reitz wrote:
> > > We have to introduce a new object (BlockdevOptionsNbd) for several
> > >
On Wed, Feb 03, 2016 at 08:37:15AM -0700, Eric Blake wrote:
> On 02/02/2016 05:57 AM, Daniel P. Berrange wrote:
> > Currently qemu-io allows an image filename to be passed on the
> > command line, but unless using the JSON format, it does not have
> > a way to set any options
On Wed, Feb 03, 2016 at 05:33:16PM +0100, Max Reitz wrote:
> We have to introduce a new object (BlockdevOptionsNbd) for several
> reasons:
> - Neither of InetSocketAddress nor UnixSocketAddress alone is
> sufficient, because both are supported
> - We cannot use SocketAddress because NBD does not
On Tue, Feb 02, 2016 at 05:24:32PM -0700, Eric Blake wrote:
> On 02/02/2016 05:57 AM, Daniel P. Berrange wrote:
> > Allow creation of user creatable object types with qemu-img
> > via a new --object command line arg. This will be used to supply
> > passwords and/or encryptio
On Tue, Feb 02, 2016 at 12:28:24PM -0500, Programmingkid wrote:
>
> On Feb 2, 2016, at 12:16 PM, Daniel P. Berrange wrote:
>
> > On Tue, Feb 02, 2016 at 12:08:31PM -0500, Programmingkid wrote:
> >> https://patchwork.ozlabs.org/patch/570128/
> >>
> >&
On Tue, Feb 02, 2016 at 12:08:31PM -0500, Programmingkid wrote:
> https://patchwork.ozlabs.org/patch/570128/
>
> Mac OS X can be picky when it comes to allowing the user
> to use physical devices in QEMU. Most mounted volumes
> appear to be off limits to QEMU. If an issue is detected,
> a message
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 47 ---
1 file changed, 24
#x27; flag.
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 31 ++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/qemu-io.c b/qemu-io.c
index 65a28e4..3544fd7 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -366,6 +366,7 @@ static void reenable_tty_echo(voi
qemu-img info --object secret,id=sec0,file=mypasswd.txt \
...other info args...
Signed-off-by: Daniel P. Berrange
---
qemu-img-cmds.hx | 44 -
qemu-img.c | 269 +--
qemu-img.texi| 8 ++
3 files changed, 291 insertions(+),
filename should be interpreted as a full option string, not
just a filename.
qemu-img info --image-opts
driver=https,url=https://127.0.0.1/images,sslverify=off
This flag is mutually exclusive with the '-f' / '-F' flags.
Signed-off-by: Daniel P. Berrange
---
qe
When defining values for long options, the normal practice is
to start numbering from 256, to avoid overlap with the range
of valid values for short options.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 30 +++---
1 file changed, 15 insertions(+), 15
u-io --object secret,id=sec0,file=mypasswd.txt \
...other args...
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 35 +++
1 file changed, 35 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index d593f19..65a28e4 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@
the '-f' flag.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 42 +-
1 file changed, 37 insertions(+), 5 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 0e019c1..ee91e47 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -47,6 +47,7 @
-nbd --object secret,id=sec0,file=mypasswd.txt \
...other nbd args...
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 34 ++
qemu-nbd.texi | 6 ++
2 files changed, 40 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index ede4a54..0e019c1 100644
---
_foreach - variant on
user_creatable_add_opts which can be directly used
in conjunction with qemu_opts_foreach.
- user_creatable_del - takes an ID and deletes the
corresponding object
The existing code is updated to use these new methods.
Signed-off-by: Daniel P. Berrange
---
hmp.c
ource code width
- Update qemu-nbd/qemu-io to use constants for options
- Update qemu-nbd to avoid overlapping option values
Daniel P. Berrange (10):
qom: add helpers for UserCreatable object types
qemu-img: add support for --object command line arg
qemu-nbd: add support for --object comma
On Wed, Jan 27, 2016 at 03:30:29PM +0100, Kevin Wolf wrote:
> Am 26.01.2016 um 14:34 hat Daniel P. Berrange geschrieben:
> > Currently qemu-img allows an image filename to be passed on the
> > command line, but unless using the JSON format, it does not have
> > a way to set a
On Wed, Jan 27, 2016 at 02:57:51PM +0100, Kevin Wolf wrote:
> Am 26.01.2016 um 14:34 hat Daniel P. Berrange geschrieben:
> > Allow creation of user creatable object types with qemu-nbd
> > via a new --object command line arg. This will be used to supply
> > passwords and/or e
On Wed, Jan 27, 2016 at 02:26:53PM +0100, Kevin Wolf wrote:
> Am 26.01.2016 um 14:34 hat Daniel P. Berrange geschrieben:
> > Allow creation of user creatable object types with qemu-img
> > via a new --object command line arg. This will be used to supply
> > passwords and/or e
On Wed, Jan 27, 2016 at 03:26:51PM +0100, Kevin Wolf wrote:
> Am 26.01.2016 um 14:34 hat Daniel P. Berrange geschrieben:
> > -if ((argc - optind) == 1) {
> > +if (imageOpts) {
> > +char *file;
> > +qopts = qemu_opts_parse_noisily(&
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 30 +++---
1 file changed, 15 insertions(+), 15
When declaring the 'struct option' array, use the standard
constants no_argument/required_argument, instead of magic
values 0 and 1.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 47 ---
1 file changed, 24
u-io --object secret,id=sec0,file=mypasswd.txt \
...other args...
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 54 ++
1 file changed, 54 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index d593f19..d1432ea 100644
--- a/qemu-io.c
++
When defining values for long options, the normal practice is
to start numbering from 256, to avoid overlap with the range
of valid values for short options.
Reviewed-by: Eric Blake
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions
filename should be interpreted as a full option string, not
just a filename.
qemu-img info --source driver=http,url=https://127.0.0.1/images,sslverify=off
This flag is mutually exclusive with the '-f' / '-F' flags.
Signed-off-by: Daniel P. Berrange
---
qemu-img-cmds.hx
#x27; flag.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 45 -
1 file changed, 40 insertions(+), 5 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 8e5d36c..764698f 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -48,6 +48,7 @@
#define QEMU_NBD_O
ned-off-by: Daniel P. Berrange
---
qemu-io.c | 34 +-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/qemu-io.c b/qemu-io.c
index d1432ea..51d8272 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -367,6 +367,7 @@ static void reenable_tty_echo(voi
qemu-img info --object secret,id=sec0,file=mypasswd.txt \
...other info args...
Signed-off-by: Daniel P. Berrange
---
qemu-img-cmds.hx | 44 -
qemu-img.c | 284 +--
qemu-img.texi| 8 ++
3 files changed, 306 insertions(+),
ed-off-by: Daniel P. Berrange
---
hmp.c | 52 ---
include/monitor/monitor.h | 3 -
include/qom/object_interfaces.h | 48 ++
qmp.c | 76 ++
qom/object_interface
idth
- Update qemu-nbd/qemu-io to use constants for options
- Update qemu-nbd to avoid overlapping option values
Daniel P. Berrange (10):
qom: add helpers for UserCreatable object types
qemu-img: add support for --object command line arg
qemu-nbd: add support for --object command line arg
-nbd --object secret,id=sec0,file=mypasswd.txt \
...other nbd args...
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 54 ++
qemu-nbd.texi | 6 ++
2 files changed, 60 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index ede
On Mon, Jan 25, 2016 at 07:41:08PM +0100, Max Reitz wrote:
> Use client_close() if an error in nbd_co_client_start() occurs instead
> of manually inlining parts of it. This fixes an assertion error on the
> server side if nbd_negotiate() fails.
>
> Signed-off-by: Max Reitz
> ---
> nbd/server.c |
e/berrange/security/qemutls \
-drive driver=nbd,host=localhost,port=9000,tls-creds=tls0
The client will drop the connection if the NBD server does not
provide TLS.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 10 ---
block/nbd-client.h | 2 ++
block/nbd.c
t listener.
Signed-off-by: Daniel P. Berrange
---
blockdev-nbd.c | 122 ++--
hmp.c | 2 +-
qapi/block.json | 4 +-
qmp-commands.hx | 2 +-
4 files changed, 105 insertions(+), 25 deletions(-)
diff --git a/blockdev-nbd.c b/blockdev-n
export name ""
TLS is only supported when using an IPv4/IPv6 socket listener.
It is not possible to use with UNIX sockets, which includes
when connecting the NBD server to a host device.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd
This extends the NBD protocol handling code so that it is capable
of negotiating TLS support during the connection setup. This involves
requesting the STARTTLS protocol option before any other NBD options.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 12 +++--
blockdev-nbd.c
exist on the server.
If the server does not support NBD_OPT_LIST, we just ignore
that and carry on with NBD_OPT_EXPORT_NAME as before.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 195 ++-
nbd/server.c | 2 +
2 files changed, 194
If the server advertizes support for the fixed new style
negotiation, the client should in turn enable new style.
This will allow the client to negotiate further NBD
options besides the export name.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 27 +--
1 file
k qemu-nbd, because it
fortunately only ever uses NBD_OPT_EXPORT_NAME, so was never
triggering the non-compliant server behaviour.
Signed-off-by: Daniel P. Berrange
---
nbd/server.c | 69
1 file changed, 46 insertions(+), 23 deletions(-)
di
if name is NULL or not as needed.
This facilitates later code which allows the client to
be capable of using the new style protocol regardless
of whether an export name is listed or not.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 60 +
rios.
Signed-off-by: Daniel P. Berrange
---
nbd/client.c | 4 ++--
nbd/server.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/nbd/client.c b/nbd/client.c
index e91821a..89e172e 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -314,8 +314,8 @@ int nbd_receive_negotiate(QIOChan
Now that all callers are converted to use I/O channels for
initial connection setup, it is possible to switch the core
NBD protocol handling core over to use QIOChannel APIs for
actual sockets I/O.
Signed-off-by: Daniel P. Berrange
---
block/nbd-client.c | 19 +++
blockdev-nbd.c
w the user to set an explicit export name. When an
export name is set the server will always use the new style
NBD protocol.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 14 --
qemu-nbd.texi | 3 +++
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/qemu-nbd.
the two point to the same object, but when
TLS support is added, they will point to different objects.
In this initial conversion though, all I/O is still actually done
using the raw POSIX sockets APIs.
Signed-off-by: Daniel P. Berrange
---
Makefile | 6 ++---
block/nbd-client.c | 76
This converts the blockdev NBD server to use the QIOChannelSocket
class for initial listener socket setup and accepting of client
connections. Actual I/O is still being performed against the
socket file descriptor using the POSIX socket APIs.
Signed-off-by: Daniel P. Berrange
---
blockdev-nbd.c
v2:
- Fix error codes used during NBD TLS option negotiate
- Update patch with helpers for UserCreatable object types
Daniel P. Berrange (14):
nbd: convert block client to use I/O channels for connection setup
nbd: convert qemu-nbd server to use I/O channels for connection setup
nbd: convert blockde
actually done
using the raw POSIX sockets APIs.
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 89 +++---
1 file changed, 51 insertions(+), 38 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 58e1610..682cb33 100644
--- a/qemu-nbd.c
On Tue, Jan 19, 2016 at 10:37:04AM +, Daniel P. Berrange wrote:
> Allow creation of user creatable object types with qemu-img
> via a new --object command line arg. This will be used to supply
> passwords and/or encryption keys to the various block driver
> backends via the re
On Thu, Jan 21, 2016 at 11:30:35AM +0100, Paolo Bonzini wrote:
>
>
> On 19/01/2016 17:44, Daniel P. Berrange wrote:
> >> > As a first reaction, I would really avoid magic unless the server
> >> > provides a single exports. But even in that case, I
=iscsi,url=iscsi://example.com/target-foo/lun1,\
user=dan,password-secret=sec0
Signed-off-by: Daniel P. Berrange
---
block/iscsi.c | 24 +++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index bffd707..c22d8a2 100644
-
et' (Paolo)
Changed in v3:
- Rename 'passwordid' to 'password-id', 'proxypasswordid'
to 'proxy-password-id' and 'proxyusername' to 'proxy-username'
(Markus)
Daniel P. Berrange (3):
rbd: add support for getting password fro
901 - 1000 of 1230 matches
Mail list logo