From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqpuH-00040V-Aw for qemu-devel@nongnu.org; Thu, 14 Apr 2016 18:38:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aqpuG-0003J3-Bs for qemu-devel@nongnu.org; Thu, 14 Apr 2016 18:38:37 -0400 References: <1460671343-18485-1-git-send-email-eblake@redhat.com> From: Max Reitz Message-ID: <57101BE2.8070605@redhat.com> Date: Fri, 15 Apr 2016 00:38:26 +0200 MIME-Version: 1.0 In-Reply-To: <1460671343-18485-1-git-send-email-eblake@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HfFgbDW8OfBp7fcbMDaHwo9v1ftXKhk7g" Subject: Re: [Qemu-devel] [PATCH v2 for-2.6] nbd: Don't kill server on client that doesn't request TLS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake , qemu-devel@nongnu.org Cc: pbonzini@redhat.com, alex@alex.org.uk, qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HfFgbDW8OfBp7fcbMDaHwo9v1ftXKhk7g Content-Type: multipart/mixed; boundary="IDrhr1qmRub7GNjMcGvLLWSk8AvPNpLX2" From: Max Reitz To: Eric Blake , qemu-devel@nongnu.org Cc: pbonzini@redhat.com, alex@alex.org.uk, qemu-block@nongnu.org Message-ID: <57101BE2.8070605@redhat.com> Subject: Re: [PATCH v2 for-2.6] nbd: Don't kill server on client that doesn't request TLS References: <1460671343-18485-1-git-send-email-eblake@redhat.com> In-Reply-To: <1460671343-18485-1-git-send-email-eblake@redhat.com> --IDrhr1qmRub7GNjMcGvLLWSk8AvPNpLX2 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable On 15.04.2016 00:02, Eric Blake wrote: > Upstream NBD documents (as of commit 4feebc95) that servers MAY > choose to operate in a conditional mode, where it is up to the > client whether to use TLS. For qemu's case, we want to always be > in FORCEDTLS mode, because of the risk of man-in-the-middle > attacks, and since we never export more than one device; likewise, > the qemu client will ALWAYS send NBD_OPT_STARTTLS as its first > option. But now that SELECTIVETLS servers exist, it is feasible > to encounter a (non-qemu) client that is programmed to talk to > such a server, and does not do NBD_OPT_STARTTLS first, but rather > wants to probe if it can use a non-encrypted export. >=20 > The NBD protocol documents that we should let such a client > continue trying, on the grounds that maybe the client will get the > hint to send NBD_OPT_STARTTLS, rather than immediately dropping > the connection. >=20 > Note that NBD_OPT_EXPORT_NAME is a special case: since it is the > only option request that can't have an error return, we have to > (continue to) drop the connection on that one; rather, what we are > fixing here is that all other replies prior to TLS initiation tell > the client NBD_REP_ERR_TLS_REQD, but keep the connection alive. >=20 > Signed-off-by: Eric Blake > --- >=20 > In v2: tweak commit message, continue to drop connection on > NBD_OPT_EXPORT_NAME >=20 > nbd/server.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) Thanks Eric, applied to my block branch: https://github.com/XanClic/qemu/commits/block Max --IDrhr1qmRub7GNjMcGvLLWSk8AvPNpLX2-- --HfFgbDW8OfBp7fcbMDaHwo9v1ftXKhk7g Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXEBviAAoJEDuxQgLoOKytkBsIAKsg9RLKkD7LqNIgTwx9oInd jIddwn9Yn2oPhrfwPa8MBhLqYMOg8JSzFnjXK39a+Ntu/m2MCsM+U0c3bjESw+D6 SBh8cPqRwvqQEofya/0GjxjP1GB9NdpFjYki/g5NfpZsz6rzglYw2+enn6WT12EJ SoCFZjiKOfUy535ywxmWqLpIwak+yszKoVuu7r2FP5XDronZlHuBs0EfYep9+m1s f3c81atnhGVOIeqyiWFSHtYpHMgDh4CewdD81KUSzfIYbvWr5wnYEb4/toOslhCv dnKLJyfpUeTSjfKe1JctFRricgUhF07IcOfF71UFsByLcZfB9D4FmdF1UrhtY94= =XPQI -----END PGP SIGNATURE----- --HfFgbDW8OfBp7fcbMDaHwo9v1ftXKhk7g--