[Libguestfs] [nbdkit RFC PATCH 4/4] exportname: New filter
Eric Blake
eblake at redhat.com
Fri Aug 7 13:27:33 UTC 2020
On 8/7/20 6:59 AM, Richard W.M. Jones wrote:
> On Thu, Aug 06, 2020 at 09:23:48PM -0500, Eric Blake wrote:
>> Add a new filter to make it easier to add exports to a plugin that
>> does advertise them, to avoid advertising where a plugin's list might
>
> does *not* advertise them(?)
Yep.
>
>> be an information leak, and to alter which export name is used in
>> place of "".
>> +=item B<exportname-list=false>
>> +
>> +This parameter defaults to true to advertise the modified export list,
>> +although in some cases this can be viewed as an information leak.
>> +Setting this parameter to false tells nbdkit to refuse to answer
>> +C<NBD_OPT_LIST> queries, so that exports are no longer advertised.
>> +This does not prevent a client from connecting to an export name that
>> +it learns through other means.
There's a slight difference between advertising a zero-length list and
failing NBD_OPT_LIST altogether (either way, the client can't learn
which exports are available, but some clients hang up if they don't get
the NBD_REP_ACK). I may want to make this be an enum,
export-name-lisit=inherit|replace|error, rather than a bool (inherit
takes the plugin's list, and exportname= adds to it; replace advertises
only exportname= values, which may be empty; error refuses to advertise)
>> +
>> +=item B<exportname-strict=true>
>> +
>> +Normally, a client can pass whatever export name it wants, regardless
>> +of whether that name is advertised. But setting this parameter to
>> +true will cause the connection to fail if a client requests an export
>> +name that was not included via an B<exportname> parameter. (At this
>> +time, it is not possible to restrict a client to exports advertised by
>> +the plugin without repeating that list via B<exportname>; this
>> +technical limitation may be lifted in the future.)
>> +
>> +=item B<exportname=>NAME
>> +
>> +This parameter adds C<NAME> to the list of advertised exports; it may
>> +be set multiple times.
This can either add to the names that the plugin also advertises, or
replace those names (again, a reason why I may want exportname-list to
be an enum instead of a bool).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
More information about the Libguestfs
mailing list