Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver

To: Wouter Verhelst <w@...112...>
Cc: "nbd-general@lists.sourceforge.net" <nbd-general@lists.sourceforge.net>
Subject: Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
From: Alex Bligh <alex@...872...>
Date: Mon, 11 Apr 2016 07:53:16 +0100
Message-id: <CE44E706-7452-46AB-BAAC-A63255C3C90B@...872...>
In-reply-to: <20160411060707.GD28660@...3...>
References: <1460314748-64921-1-git-send-email-alex@...872...> <20160411060707.GD28660@...3...>

Wouter,

On 11 Apr 2016, at 07:07, Wouter Verhelst <w@...112...> wrote:
> I'm going to reply to this series in more detail later (have to go to
> work soon), but some quick notes for now:
> 
> - I'm not sure I like the idea of having a proxy to do TLS *at the
>  server side*, although I do agree that there's an upside of "more
>  shared code with client". To be discussed (and I have some more
>  thoughts on this that I don't currently have the time to write down).

I don't particularly like it either. But putting it in the main
code means wrapping (and thus changing) every read and write,
which would have been far more invasive. I thought better in
the first instance to get it in and working, then maybe refactor.

OTOH wrapping every read and write may not be a bad idea. I stumbled
across some problems in negotiate() yesterday where I was getting
a short read. This is partly because read() is not currently
retrying when it receives EINTR (I was getting a SIGCHLD).

> - The check for GnuTLS in configure.ac should probably be done after the
>  AC_PROG_* checks (you shouldn't check for a library before you've
>  checked for the compiler etc), and should probably use
>  PKG_CHECK_MODULES rather than AC_CHECK_LIB.
> - I prefer using an AM_CONDITIONAL to compile certain features
>  conditionally over using an #ifdef for an entire file.

My configure.ac skills are somewhere between rusty and rubbish.

Alex

> 
> On Sun, Apr 10, 2016 at 07:59:05PM +0100, Alex Bligh wrote:
>> This is an RFC patch to introduce TLS support on nbdserver.
>> 
>> This is *NOT* production ready by any means, and is submitted for comment.
>> 
>> I have added crypto-gnutls.[ch] from:
>>  github.com/abligh/tlsproxy
>> which is my attempt at an MIT licenced GnuTLS proxy. The proxy element
>> is standalone, and is incorporated here. Whilst it's not GPL licensed,
>> MIT is compatible. Also it uses GNU format indentation (sorry about that).
>> However, it (together with buffer.[ch]) is almost entirely self-contained.
>> 
>> The same approach (believe it or not) could be taken for nbdclient (which
>> is my plan). As the proxy runs as an independent process, nbdclient can
>> launch it, then call the DOIT ioctl() on one end of the created socketpair().
>> The proxy process then drops into the background and closes after
>> either the kernel closes the socket or the other end closes the socket.
>> 
>> I have tested this to a minimal extent against qemu-img (i.e. qemu
>> acting as a client). The problem (see nbdgeneral ad nauseam) we have
>> with NBD_CMD_DISC means that we see false reports of 'magic number mismatch'.
>> This appears to be because read() returns 0 in negotiate(), and nbdserver
>> does not check for this. It then reverses (again) the *previous* magic
>> number, using ntohll(), and this causes the 'magic number mismatch' issue.
>> This isn't really a problem but causes confusing errors.
>> 
>> The first two patches are preparatory work, and the third patch actually
>> adds NBD_OPT_STARTTLS. The comment in that patch shows what is left to
>> figure out.
>> 
>> Alex Bligh (3):
>>  Add GnuTLS infrastructure
>>  Add options for TLS support for server
>>  Add TLS support to server
>> 
>> Makefile.am              |   4 +-
>> buffer.c                 | 225 +++++++++++++++++
>> buffer.h                 |  45 ++++
>> cliserv.h                |   1 +
>> configure.ac             |  11 +
>> crypto-gnutls.c          | 615 +++++++++++++++++++++++++++++++++++++++++++++++
>> crypto-gnutls.h          |  43 ++++
>> man/nbd-server.5.in.sgml |  65 +++++
>> nbd-server.c             | 204 +++++++++++++---
>> nbdsrv.h                 |   1 +
>> 10 files changed, 1185 insertions(+), 29 deletions(-)
>> create mode 100644 buffer.c
>> create mode 100644 buffer.h
>> create mode 100644 crypto-gnutls.c
>> create mode 100644 crypto-gnutls.h
>> 
>> -- 
>> 1.9.1
>> 
>> 
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications Manager
>> Applications Manager provides deep performance insights into multiple tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
>> gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
>> _______________________________________________
>> Nbd-general mailing list
>> Nbd-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nbd-general
>> 
> 
> -- 
> < ron> I mean, the main *practical* problem with C++, is there's like a dozen
>       people in the world who think they really understand all of its rules,
>       and pretty much all of them are just lying to themselves too.
> -- #debian-devel, OFTC, 2016-02-12
> 

-- 
Alex Bligh

Reply to:

Follow-Ups:
- Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
  - From: Wouter Verhelst <w@...112...>

References:
- [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
  - From: Alex Bligh <alex@...872...>
- Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
  - From: Wouter Verhelst <w@...112...>

Prev by Date: Re: [Nbd] [PATCHv8] Improve documentation for TLS
Next by Date: Re: [Nbd] [PATCHv8] Improve documentation for TLS
Previous by thread: Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
Next by thread: Re: [Nbd] [PATCH/RFC 0/3] Introduce TLS on nbdserver
Index(es):
- Date
- Thread