[Libguestfs] [PATCH nbdkit v2] New filter: limit: Limit number of clients that can connect.

This is a second version of the limit filter. v1 was posted here: https://www.redhat.com/archives/libguestfs/2020-March/msg00015.html I didn't bother to repost the other three patches because they are the same. The difference is this version of the filter takes security more seriously. It shouldn't be possible for malicious clients to connect more than limit=N times to the plugin now, which should be the main "threat" that this filter protects against. However malicious clients could still play tricks at the TCP level (eg. half-opened connections), connect as many times as they want to the server, and have as many NBD negotiations going on (albeit slowly). It would be possible to mitigate this further in the filter by counting "preconnected" clients separately, but the filter does not do this at present. Most likely if you were serious about this you'd want some other kind of protection outside the server. I'll note here that nbdkit has no time limit on NBD protocol negotiation. Possibly it should. $ nbdkit null $ telnet localhost 10809 Trying ::1... Connected to localhost. Escape character is '^]'. NBDMAGICIHAVEOPT <--- sits forever Rich.