Re: [Nbd] client-server via non TCP socket

[Goswin von Brederlow <goswin-v-b@...186...>]

Tschaeche IT-Services <services@...1102...> writes:

> Hi,
>
> i searched around in the archive without success for my wish:
>
> i would like to backup data over unsecure network on an host with
> secure user authentication using nbd with dmcrypt. from my point
> of view, something like this would be nice:
>
> # nbd-client ssh://myuser@...1103.../my/home/image /dev/nbd0
>
> in the background i would expect something like:
>
> 	socat TCP-LISTEN:1234 'EXEC:ssh myuser@...1103... nbd-server 0 /my/home/image -d'
> 	nbd-client localhost 1234 /dev/nbd0
> 	...(my local) crypt setup...mount filesystem...
>
> unfortunately, nbd-server fails on the sshd-pipes with the getpeername() call
> (for evaluating the IP-address to replace the %s in the filename). On the other
> side it would be nice if nbd-client directly works on stdio handles without
> wrapping communication through TCP.

Have you tried making the getpeername() optional? If you don't use %s in
the filename then there is no need to replace it so it makes no sense to
getpeername(). If you fix that maybe the server side already works. It
should since nbd-server should still work when started by inetd.

> Key issue for me:
>
> i don't want to have open TCP ports (opening race conditions when connecting)
> on the local as well as on the remote host
>
> did i miss an already existent solution?
>
> Best regards,
>
> 	Olli

You will have to patch the nbd-client to initiate the ssh connection to
start the server instead of using socat or use some LD_PRELOAD lib that
changes socket() calls into opening a ssh connection. One problem there
might be that the kernel nbd module might expect a socket.

MfG
        Goswin