diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2016-02-10 18:41:11 +0000 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-02-16 17:16:28 +0100 |
commit | f95910fe6bbf64bb9b5cea7546a1778ba96ce782 (patch) | |
tree | ca32a89428ee209e5de8c7da9f7c52139a91ef6b /include/block | |
parent | 69b49502d8b7b582af79fac5bef7b7ccc2dc9c1e (diff) | |
download | qemu-f95910fe6bbf64bb9b5cea7546a1778ba96ce782.zip qemu-f95910fe6bbf64bb9b5cea7546a1778ba96ce782.tar.gz qemu-f95910fe6bbf64bb9b5cea7546a1778ba96ce782.tar.bz2 |
nbd: implement TLS support in the protocol negotiation
This extends the NBD protocol handling code so that it is capable
of negotiating TLS support during the connection setup. This involves
requesting the STARTTLS protocol option before any other NBD options.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455129674-17255-14-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'include/block')
-rw-r--r-- | include/block/nbd.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/block/nbd.h b/include/block/nbd.h index 1080ef8..b197adc 100644 --- a/include/block/nbd.h +++ b/include/block/nbd.h @@ -24,6 +24,7 @@ #include "qemu-common.h" #include "qemu/option.h" #include "io/channel-socket.h" +#include "crypto/tlscreds.h" struct nbd_request { uint32_t magic; @@ -56,7 +57,10 @@ struct nbd_reply { #define NBD_REP_ACK (1) /* Data sending finished. */ #define NBD_REP_SERVER (2) /* Export description. */ #define NBD_REP_ERR_UNSUP ((UINT32_C(1) << 31) | 1) /* Unknown option. */ +#define NBD_REP_ERR_POLICY ((UINT32_C(1) << 31) | 2) /* Server denied */ #define NBD_REP_ERR_INVALID ((UINT32_C(1) << 31) | 3) /* Invalid length. */ +#define NBD_REP_ERR_TLS_REQD ((UINT32_C(1) << 31) | 5) /* TLS required */ + #define NBD_CMD_MASK_COMMAND 0x0000ffff #define NBD_CMD_FLAG_FUA (1 << 16) @@ -81,6 +85,8 @@ ssize_t nbd_wr_syncv(QIOChannel *ioc, size_t length, bool do_read); int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags, + QCryptoTLSCreds *tlscreds, const char *hostname, + QIOChannel **outioc, off_t *size, Error **errp); int nbd_init(int fd, QIOChannelSocket *sioc, uint32_t flags, off_t size); ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request); @@ -106,6 +112,8 @@ void nbd_export_close_all(void); void nbd_client_new(NBDExport *exp, QIOChannelSocket *sioc, + QCryptoTLSCreds *tlscreds, + const char *tlsaclname, void (*close)(NBDClient *)); void nbd_client_get(NBDClient *client); void nbd_client_put(NBDClient *client); |