NAME

nbd_connect_uri - connect to NBD URI

SYNOPSIS

 #include <libnbd.h>

 int nbd_connect_uri (
       struct nbd_handle *h, const char *uri
     );

DESCRIPTION

Connect (synchronously) to an NBD server and export by specifying the NBD URI. NBD URIs are a standard way to specify a network block device endpoint, using a syntax like "nbd://example.com" which is convenient, well defined and future proof.

This call works by parsing the URI parameter and calling nbd_set_export_name(3) and nbd_set_tls(3) and other calls as needed, followed by nbd_connect_tcp(3), nbd_connect_unix(3) or nbd_connect_vsock(3).

This call returns when the connection has been made. By default, this proceeds all the way to transmission phase, but nbd_set_opt_mode(3) can be used for manual control over option negotiation performed before transmission phase.

Example URIs supported

nbd://example.com

Connect over TCP, unencrypted, to example.com port 10809.

nbds://example.com

Connect over TCP with TLS, to example.com port 10809. If the server does not support TLS then this will fail.

nbd+unix:///foo?socket=/tmp/nbd.sock

Connect over the Unix domain socket /tmp/nbd.sock to an NBD server running locally. The export name is set to foo (note without any leading / character).

nbds+unix://alice@/?socket=/tmp/nbd.sock&tls-certificates=certs

Connect over a Unix domain socket, enabling TLS and setting the path to a directory containing certificates and keys.

nbd+vsock:///

In this scenario libnbd is running in a virtual machine. Connect over AF_VSOCK to an NBD server running on the hypervisor.

nbd+ssh://server/

Connect to remote server using Secure Shell, and tunnel NBD to an NBD server listening on port 10809.

NBD URI standard

https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md documents the NBD URI standard.

In the documentation below, Non-standard indicates features supported in libnbd which are not a part of the NBD URI standard, meaning that other NBD URI parsers might not support them or might implement things differently.

URI scheme

The scheme is the part before the first :. The following schemes are supported in the current version of libnbd:

nbd:

Connect over TCP without using TLS.

nbds:

Connect over TCP. TLS is required and the connection will fail if the server does not support TLS.

nbd+unix:
nbds+unix:

Connect over a Unix domain socket, without or with TLS respectively. The socket parameter is required.

nbd+vsock:
nbds+vsock:

Non-standard

Connect over the AF_VSOCK transport, without or with TLS respectively. You can use nbd_supports_vsock(3) to see if this build of libnbd supports AF_VSOCK.

nbd+ssh:
nbds+ssh:

Non-standard, libnbd ≥ 1.22

Tunnel NBD over a Secure Shell connection. This requires that ssh(1) is installed locally, and that nc(1) (from the nmap project) is installed on the remote server.

URI authority

The authority part of the URI [username@][servername][:port] is parsed depending on the transport. For TCP it specifies the server to connect to and optional port number. For +unix it should not be present. For +vsock the server name is the numeric CID (eg. 2 to connect to the host), and the optional port number may be present. For +ssh the Secure Shell server and optional port. If the username is present it is used for TLS authentication or the SSH username.

URI export name

For all transports, an export name may be present, parsed in accordance with the NBD URI specification. Note that the initial / character is not part of the export name:

 URI                    export name
 nbd://localhost/       ""        (empty string)
 nbd://localhost/export "export"

It is possible to override the export name programmatically by using nbd_set_opt_mode(3) to enable option mode, then using nbd_set_export_name(3) and nbd_opt_go(3) as part of subsequent negotiation.

URI query

Finally the query part of the URI can contain:

nbd-port=PORT

Non-standard, libnbd ≥ 1.24

Override the port number from the authority part of the URI.

For SSH transport, this specifies the port used to connect to the NBD server, but the port in the authority field is used for the SSH connection.

socket=SOCKET

Specifies the Unix domain socket to connect on. Must be present for the +unix transport, optional for +ssh, and must not be present for the other transports.

tls-certificates=DIR

Non-standard, libnbd ≥ 1.10

Set the certificates directory. See nbd_set_tls_certificates(3). Note this is not allowed by default - see next section.

tls-psk-file=PSKFILE

Non-standard

Set the PSK file. See nbd_set_tls_psk_file(3). Note this is not allowed by default - see next section.

tls-hostname=SERVER

libnbd ≥ 1.22

Set the TLS hostname. See nbd_set_tls_hostname(3).

tls-username=USER

Non-standard, libnbd ≥ 1.24

Override the username from the authority part of the URI.

For SSH transport, this specifies the TLS username for connecting to the NBD server, but the user in the authority field is used for the SSH connection.

tls-verify-peer=false

Do not verify the server certificate. See nbd_set_tls_verify_peer(3). The default is true.

Disabling URI features

For security reasons you might want to disable certain URI features. Pre-filtering URIs is error-prone and should not be attempted. Instead use the libnbd APIs below to control what can appear in URIs. Note you must call these functions on the same handle before calling nbd_connect_uri(3) or nbd_aio_connect_uri(3).

TCP, Unix domain socket, AF_VSOCK or SSH transports

Default: all allowed

To select which transports are allowed call nbd_set_uri_allow_transports(3).

TLS

Default: both non-TLS and TLS connections allowed

To force TLS off or on in URIs call nbd_set_uri_allow_tls(3).

Connect to Unix domain socket in the local filesystem

Default: allowed

To prevent this you must disable the +unix transport using nbd_set_uri_allow_transports(3).

Read from local files

Default: denied

To allow URIs to contain references to local files (eg. for parameters like tls-psk-file) call nbd_set_uri_allow_local_file(3).

Optional features

This call will fail if libnbd was not compiled with libxml2; you can test whether this is the case with nbd_supports_uri(3).

Support for URIs that require TLS will fail if libnbd was not compiled with gnutls; you can test whether this is the case with nbd_supports_tls(3).

Constructing a URI from an existing connection

See nbd_get_uri(3).

See if a string is an NBD URI

See nbd_is_uri(3).

Differences from qemu and glib parsing of NBD URIs

qemu(1) also supports NBD URIs and has a separate URI parser. In qemu ≤ 9.0 this was done using their own parser. In qemu ≥ 9.1 this is done using glib g_uri functions. The current (glib-based) parser does not parse the export name part of the URI in exactly the same way as libnbd, which may cause URIs to work in libnbd but not in qemu or vice versa. Only URIs using exportnames should be affected. For details see https://gitlab.com/qemu-project/qemu/-/issues/2584.

Limitations on vsock port numbers

The vsock(7) protocol allows 32 bit unsigned ports, reserving ports 0, 1 and 2 for special purposes. In Linux, ports < 1024 are reserved for privileged processes.

libxml2 (used to parse the URI) imposes additional restrictions. libxml2 < 2.9 limited port numbers to 99,999,999. libxml2 ≥ 2.9 limits port numbers to ≤ 0x7fff_ffff (31 bits).

libnbd ≥ 1.24 allows you to override the port field by adding ?nbd-port=PORT to the URI, allowing you to use any vsock port number.

RETURN VALUE

If the call is successful the function returns 0.

ERRORS

On error -1 is returned.

Refer to "ERROR HANDLING" in libnbd(3) for how to get further details of the error.

The following parameters must not be NULL: h, uri. For more information see "Non-NULL parameters" in libnbd(3).

HANDLE STATE

nbd_connect_uri can be called when the handle is in the following state:

 ┌─────────────────────────────────────┬─────────────────────────┐
 │ Handle created, before connecting   │ ✅ allowed              │
 │ Connecting                          │ ❌ error                │
 │ Connecting & handshaking (opt_mode) │ ❌ error                │
 │ Connected to the server             │ ❌ error                │
 │ Connection shut down                │ ❌ error                │
 │ Handle dead                         │ ❌ error                │
 └─────────────────────────────────────┴─────────────────────────┘

VERSION

This function first appeared in libnbd 1.0.

If you need to test if this function is available at compile time check if the following macro is defined:

 #define LIBNBD_HAVE_NBD_CONNECT_URI 1

EXAMPLE

This example is also available as examples/connect-uri.c in the libnbd source code.

 /* This example shows how to connect to an NBD
  * server using the server's NBD URI.
  *
  * To test this with a recent version of nbdkit
  * that supports the '$uri' syntax, do:
  *
  * nbdkit -U - random 1M \
  *   --run './connect-uri $uri'
  *
  * To test connecting to a remote NBD server
  * listening on port 10809, do:
  *
  * ./connect-uri nbd://remote/
  */

 #include <stdio.h>
 #include <stdlib.h>
 #include <stdbool.h>
 #include <string.h>
 #include <stdint.h>
 #include <inttypes.h>

 #include <libnbd.h>

 int
 main (int argc, char *argv[])
 {
   struct nbd_handle *nbd;
   char *s;
   int64_t size;

   if (argc != 2) {
     fprintf (stderr, "usage: %s URI\n",
              argv[0]);
     exit (EXIT_FAILURE);
   }

   /* Create the libnbd handle. */
   nbd = nbd_create ();
   if (nbd == NULL) {
     fprintf (stderr, "%s\n", nbd_get_error ());
     exit (EXIT_FAILURE);
   }

   /* Request full information
    * (for nbd_get_canonical_export_name below)
    */
 #if LIBNBD_HAVE_NBD_SET_FULL_INFO
   if (nbd_set_full_info (nbd, true) == -1) {
     fprintf (stderr, "%s\n", nbd_get_error ());
     exit (EXIT_FAILURE);
   }
 #endif

   /* Connect to the NBD URI. */
   printf ("connecting to %s ...\n", argv[1]);
   fflush (stdout);
   if (nbd_connect_uri (nbd, argv[1]) == -1) {
     fprintf (stderr, "%s\n", nbd_get_error ());
     exit (EXIT_FAILURE);
   }
   printf ("connected\n");

   /* Print the URI, export name, size and other info. */
   printf ("requested URI: %s\n", argv[1]);
   s = nbd_get_uri (nbd);
   printf ("generated URI: %s\n", s ? s : "NULL");
   free (s);
   size = nbd_get_size (nbd);
   if (size == -1) {
     fprintf (stderr, "%s\n", nbd_get_error ());
     exit (EXIT_FAILURE);
   }
   printf ("size: %" PRIi64 "\n", size);
   s = nbd_get_export_name (nbd);
   printf ("requested export name: %s\n", s ? s : "NULL");
   free (s);
 #if LIBNBD_HAVE_NBD_GET_CANONICAL_EXPORT_NAME
   s = nbd_get_canonical_export_name (nbd);
   printf ("canonical export name: %s\n", s ? s : "NULL");
   free (s);
 #endif
 #if LIBNBD_HAVE_NBD_GET_EXPORT_DESCRIPTION
   s = nbd_get_export_description (nbd);
   printf ("export description: %s\n", s ? s : "NULL");
   free (s);
 #endif

   /* Close the libnbd handle. */
   nbd_close (nbd);

   exit (EXIT_SUCCESS);
 }

SEE ALSO

nbd_aio_connect_uri(3), nbd_connect_tcp(3), nbd_connect_unix(3), nbd_connect_uri(3), nbd_connect_vsock(3), nbd_create(3), nbd_get_uri(3), nbd_is_uri(3), nbd_opt_go(3), nbd_set_export_name(3), nbd_set_opt_mode(3), nbd_set_tls(3), nbd_set_tls_certificates(3), nbd_set_tls_hostname(3), nbd_set_tls_psk_file(3), nbd_set_tls_verify_peer(3), nbd_set_uri_allow_local_file(3), nbd_set_uri_allow_tls(3), nbd_set_uri_allow_transports(3), nbd_supports_tls(3), nbd_supports_uri(3), nbd_supports_vsock(3), libnbd(3), nc(1), qemu(1), ssh(1), vsock(7), https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md.

AUTHORS

Eric Blake

Richard W.M. Jones

COPYRIGHT

Copyright Red Hat

LICENSE

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA