This does two minor fixes to the NBD code and adds significant coverage
of the NBD TLS support to detect future problems.

The first two patches should be for 3.1.

The tests can wait till 4.0 if desired.

Daniel P. Berrangé (6):
  nbd: fix whitespace in server error message
  nbd: stop waiting for a NBD response with NBD_CMD_DISC
  tests: pull qemu-nbd iotest helpers into common.nbd file
  tests: check if qemu-nbd is still alive before waiting
  tests: add iotests helpers for dealing with TLS certificates
  tests: exercise NBD server in TLS mode

 block/nbd-client.c            |   1 +
 nbd/server.c                  |   2 +-
 tests/qemu-iotests/058        |  47 ++----------
 tests/qemu-iotests/233        |  99 ++++++++++++++++++++++++
 tests/qemu-iotests/233.out    |  33 ++++++++
 tests/qemu-iotests/common.nbd | 111 +++++++++++++++++++++++++++
 tests/qemu-iotests/common.tls | 139 ++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/group      |   1 +
 8 files changed, 393 insertions(+), 40 deletions(-)
 create mode 100755 tests/qemu-iotests/233
 create mode 100644 tests/qemu-iotests/233.out
 create mode 100644 tests/qemu-iotests/common.nbd
 create mode 100644 tests/qemu-iotests/common.tls

-- 
2.19.1

On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
> This does two minor fixes to the NBD code and adds significant coverage
> of the NBD TLS support to detect future problems.
> 
> The first two patches should be for 3.1.
> 
> The tests can wait till 4.0 if desired.
> 
> Daniel P. Berrangé (6):
>    nbd: fix whitespace in server error message
>    nbd: stop waiting for a NBD response with NBD_CMD_DISC
>    tests: pull qemu-nbd iotest helpers into common.nbd file
>    tests: check if qemu-nbd is still alive before waiting
>    tests: add iotests helpers for dealing with TLS certificates
>    tests: exercise NBD server in TLS mode
> 

I'm still missing your S-o-b on 6. I've posted a preliminary version of 
your series with my touchups incorporated, if you'd like to double check 
it, at:

https://repo.or.cz/qemu/ericb.git/shortlog/refs/heads/nbd


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
> This does two minor fixes to the NBD code and adds significant coverage
> of the NBD TLS support to detect future problems.
> 
> The first two patches should be for 3.1.
> 
> The tests can wait till 4.0 if desired.

Although this series is now in 3.1, I can think of further enhancements 
we should add for 4.0 (summarizing an IRC conversation with Dan). 
Capturing it here to remember things...

- we need iotests coverage of Pre-Shared Keys (PSK) as an alternative to 
certificates (either add on to 233, or a new test)
- add an optional QMP parameter for specifying the hostname to validate 
a certificate against when using a Unix socket with TLS (compare 
tls-hostname added to 'migrate'), rather than the current restriction 
that using TLS with an NBD client requires TCP

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org