Re: [Libguestfs] [PATCH nbdkit 0/4] Reflection plugin, peer name.

This series is based on my blog posting here: https://rwmj.wordpress.com/2019/09/13/nbdkit-supports-exportnames/ It depends on the fix for realloc: https://www.redhat.com/archives/libguestfs/2019-September/thread.html#00103 This series adds a fun plugin, and also an semi-related feature I've long thought to be desirable. You can consider patches 1 & 4, and patches 2 & 3 as forming standalone patch series (but they do depend on each other). The fun plugin is a reflection plugin which "reflects" client information back to the client. We have a few fun plugins like this (hello there, nbdkit-full-plugin) and normally I would push these without review, but in this particular case there's a specific danger that sending back data under control of the client might lead to a security problem. I _believe_ I have avoided that pitfall, but my belief isn't as good as having experts review it :-)

The new feature is nbdkit_peer_name() which returns the sockaddr of the peer. It's essentially a wrapper around getpeername(2). This

would allow several features to be implemented in future: - Plugins could accept or reject connections based on IP address. - Plugins could change content based on client. (The fourth patch in the series is a PoC of this implemented in the new reflection plugin.) Be cautious about combining this feature with multi-conn as it's not obviously always safe to do. - Some filters could usefully modify their behaviour based on client address: The TODO file currently notes that the rate filter could be changed to limit traffic based on client IP. Rich. _______________________________________________ Libguestfs mailing list Libguestfs(a)redhat.com https://www.redhat.com/mailman/listinfo/libguestfs