[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH nbdkit 3/4] server: Add nbdkit_peer_name() to return the client address.



On 9/15/19 9:55 AM, Richard W.M. Jones wrote:
> Works essentially just like calling getpeername(2), because that's how
> it is implemented.
> ---
>  TODO                    |  6 ++++++
>  docs/nbdkit-plugin.pod  | 23 +++++++++++++++++++++++
>  include/nbdkit-common.h |  2 ++
>  server/nbdkit.syms      |  1 +
>  server/public.c         | 21 +++++++++++++++++++++
>  5 files changed, 53 insertions(+)
> 
> diff --git a/TODO b/TODO
> index 04def3c..d2cf0ae 100644
> --- a/TODO
> +++ b/TODO
> @@ -77,6 +77,12 @@ General ideas for improvements
>    name(s) that a plugin might want to support.  Probably we should
>    deprecate the -e option entirely since it does nothing useful.
>  
> +* Add plugin "connect" method.  This would be called on a connection
> +  before handshaking or TLS negotiation, and could be used (with
> +  nbdkit_peer_name) to accept or reject connections based on IP
> +  address, rather like a poor man's TCP wrappers.  See also commit
> +  c05686f9577f.

Yes, you now have more justification for why a .connect would be a
useful callback (and we would document that the plugin is responsible
for NOT sticking a lot of code into .connect, so that it does not become
an amplification attack).

> +int
> +nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen)
> +{
> +  struct connection *conn = threadlocal_get_conn ();
> +  int s;
> +
> +  if (!conn) {
> +    nbdkit_error ("no connection in this thread");
> +    return -1;
> +  }
> +
> +  s = conn->sockin;
> +  if (s == -1) {
> +    nbdkit_error ("socket not open");
> +    return -1;
> +  }
> +
> +  return getpeername (s, addr, addrlen);

You need to call nbdkit_error() if getpeername() returns -1

Otherwise, looks reasonable.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]