Re: [Libguestfs] [PATCH nbdkit 3/4] server: Add nbdkit_peer_name() to return the client address.
On 9/15/19 9:55 AM, Richard W.M. Jones wrote:
Works essentially just like calling getpeername(2), because
that's how
it is implemented.
---
TODO | 6 ++++++
docs/nbdkit-plugin.pod | 23 +++++++++++++++++++++++
include/nbdkit-common.h | 2 ++
server/nbdkit.syms | 1 +
server/public.c | 21 +++++++++++++++++++++
5 files changed, 53 insertions(+)
diff --git a/TODO b/TODO
index 04def3c..d2cf0ae 100644
--- a/TODO
+++ b/TODO
@@ -77,6 +77,12 @@ General ideas for improvements
name(s) that a plugin might want to support. Probably we should
deprecate the -e option entirely since it does nothing useful.
+* Add plugin "connect" method. This would be called on a connection
+ before handshaking or TLS negotiation, and could be used (with
+ nbdkit_peer_name) to accept or reject connections based on IP
+ address, rather like a poor man's TCP wrappers. See also commit
+ c05686f9577f.
Yes, you now have more justification for why a .connect would be a
useful callback (and we would document that the plugin is responsible
for NOT sticking a lot of code into .connect, so that it does not become
an amplification attack).
+int
+nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen)
+{
+ struct connection *conn = threadlocal_get_conn ();
+ int s;
+
+ if (!conn) {
+ nbdkit_error ("no connection in this thread");
+ return -1;
+ }
+
+ s = conn->sockin;
+ if (s == -1) {
+ nbdkit_error ("socket not open");
+ return -1;
+ }
+
+ return getpeername (s, addr, addrlen);
You need to call nbdkit_error() if getpeername() returns -1
Otherwise, looks reasonable.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)