On Mon, Aug 06, 2018 at 08:05:00PM +0300, Nir Soffer wrote:
On Mon, Aug 6, 2018 at 5:46 PM Eric Blake <eblake(a)redhat.com>
wrote:
> On 08/06/2018 09:31 AM, Nir Soffer wrote:
> > Eric, can you point us to the part of the spec allowing ignoring the
> export
> > name sent by the client?
>
> Nothing in the NBD spec requires the server to reject unknown export
> names. So nbdkit never rejects export names (which means it behaves as
> if all names work, regardless of whether or not it was the name it was
> configured with, since it exports exactly one volume all the time).
>
The spec mention this about NBD_OPT_EXPORT_NAME:
If the chosen export does not exist or requirements for the chosen
export are not met
(e.g., the client did not initiate TLS for an export where the server
requires it), the
server MUST terminate the session.
and for NBD_OPT_GO, we have NBD_REP_ERR_UNKNOWN:
The chosen export does not exist on this server. In this case, the
server SHOULD NOT
send NBD_REP_INFO replies.
And the spec also says:
If the server is unwilling to allow the export, it MUST terminate the
session
Why would a server want to allow an export using different name? What is
the point
of the export name in this case?
Again, if export name is not useful when a server export only one export,
both server and
client can use the default empty export name.
I still don't believe that we're contravening the protocol, since we
get to define what the "requirements" are (ie. none). Also "SHOULD"
not "MUST".
The real problem is that export name is a barrier to usage. Beginners
have no idea what it is, why it's needed, what it is set to, or how to
find out. They will connect to the server, it will fail, they'll give
up and think NBD or nbdkit is broken.
So I don't want to enforce export names until they have a purpose,
which they don't have in nbdkit because we can only ever have a single
plugin loaded.
In the case you mentioned before of a client connecting to the wrong
server, I would suggest using PSK with a fresh key each time. This
has the additional benefit of being secure.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages.
http://libguestfs.org