[Libguestfs] [PATCH nbdkit 3/4] server: Add nbdkit_peer_name() to return the client address.
Eric Blake
eblake at redhat.com
Mon Sep 16 15:42:01 UTC 2019
On 9/15/19 9:55 AM, Richard W.M. Jones wrote:
> Works essentially just like calling getpeername(2), because that's how
> it is implemented.
> ---
> TODO | 6 ++++++
> docs/nbdkit-plugin.pod | 23 +++++++++++++++++++++++
> include/nbdkit-common.h | 2 ++
> server/nbdkit.syms | 1 +
> server/public.c | 21 +++++++++++++++++++++
> 5 files changed, 53 insertions(+)
>
> diff --git a/TODO b/TODO
> index 04def3c..d2cf0ae 100644
> --- a/TODO
> +++ b/TODO
> @@ -77,6 +77,12 @@ General ideas for improvements
> name(s) that a plugin might want to support. Probably we should
> deprecate the -e option entirely since it does nothing useful.
>
> +* Add plugin "connect" method. This would be called on a connection
> + before handshaking or TLS negotiation, and could be used (with
> + nbdkit_peer_name) to accept or reject connections based on IP
> + address, rather like a poor man's TCP wrappers. See also commit
> + c05686f9577f.
Yes, you now have more justification for why a .connect would be a
useful callback (and we would document that the plugin is responsible
for NOT sticking a lot of code into .connect, so that it does not become
an amplification attack).
> +int
> +nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen)
> +{
> + struct connection *conn = threadlocal_get_conn ();
> + int s;
> +
> + if (!conn) {
> + nbdkit_error ("no connection in this thread");
> + return -1;
> + }
> +
> + s = conn->sockin;
> + if (s == -1) {
> + nbdkit_error ("socket not open");
> + return -1;
> + }
> +
> + return getpeername (s, addr, addrlen);
You need to call nbdkit_error() if getpeername() returns -1
Otherwise, looks reasonable.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20190916/846a4bdb/attachment.sig>
More information about the Libguestfs
mailing list