Provided by: nbdkit-plugin-dev_1.36.3-1ubuntu10_amd64 bug

NAME

       nbdkit-plugin - how to write nbdkit plugins

SYNOPSIS

        #define NBDKIT_API_VERSION 2
        #include <nbdkit-plugin.h>

        #define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_ALL_REQUESTS

        static void *
        myplugin_open (void)
        {
          /* create a handle ... */
          return handle;
        }

        static struct nbdkit_plugin plugin = {
          .name              = "myplugin",
          .open              = myplugin_open,
          .get_size          = myplugin_get_size,
          .pread             = myplugin_pread,
          .pwrite            = myplugin_pwrite,
          /* etc */
        };
        NBDKIT_REGISTER_PLUGIN(plugin)

       Compile the plugin as a shared library:

        gcc -fPIC -shared myplugin.c -o myplugin.so

       and load it into nbdkit:

        nbdkit [--args ...] ./myplugin.so [key=value ...]

       When debugging, use the -fv options:

        nbdkit -fv ./myplugin.so [key=value ...]

DESCRIPTION

       An nbdkit plugin is a new source device which can be served using the Network Block Device
       (NBD) protocol.  This manual page describes how to create an nbdkit plugin in C.

       To see example plugins: https://gitlab.com/nbdkit/nbdkit/tree/master/plugins

       To write plugins in other languages, see: nbdkit-cc-plugin(3), nbdkit-golang-plugin(3),
       nbdkit-lua-plugin(3), nbdkit-ocaml-plugin(3), nbdkit-perl-plugin(3),
       nbdkit-python-plugin(3), nbdkit-ruby-plugin(3), nbdkit-rust-plugin(3),
       nbdkit-sh-plugin(3), nbdkit-tcl-plugin(3) .

   API and ABI guarantee for C plugins
       Plugins written in C have an ABI guarantee: a plugin compiled against an older version of
       nbdkit will still work correctly when loaded with a newer nbdkit.  We also try (but cannot
       guarantee) to support plugins compiled against a newer version of nbdkit when loaded with
       an older nbdkit, although the plugin may have reduced functionality if it depends on
       features only provided by newer nbdkit.

       For plugins written in C, we also provide an API guarantee: a plugin written against an
       older header will still compile unmodified with a newer nbdkit.

       The API guarantee does not always apply to plugins written in other (non-C) languages
       which may have to adapt to changes when recompiled against a newer nbdkit.

WRITING AN NBDKIT PLUGIN

   "#define NBDKIT_API_VERSION 2"
       Plugins must choose which API version they want to use, by defining NBDKIT_API_VERSION
       before including "<nbdkit-plugin.h>" (or any other nbdkit header).

       If omitted, the default version is 1 for backwards-compatibility with nbdkit v1.1.26 and
       earlier; however, it is recommended that new plugins be written to the maximum version
       (currently 2) as it enables more features and better interaction with nbdkit filters.

       The rest of this document only covers the version 2 interface.  A newer nbdkit will always
       support plugins written in C which use any prior API version.

   "#include <nbdkit-plugin.h>"
       All plugins should start by including this header file (after optionally choosing an API
       version).

   "#define THREAD_MODEL ..."
       All plugins must define a thread model.  See "Threads" below for details.  It is generally
       safe to use:

        #define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_ALL_REQUESTS

   "struct nbdkit_plugin"
       All plugins must define and register one "struct nbdkit_plugin", which contains the name
       of the plugin and pointers to callback functions, and use the
       NBDKIT_REGISTER_PLUGIN(plugin) macro:

        static struct nbdkit_plugin plugin = {
          .name              = "myplugin",
          .longname          = "My Plugin",
          .description       = "This is my great plugin for nbdkit",
          .open              = myplugin_open,
          .get_size          = myplugin_get_size,
          .pread             = myplugin_pread,
          .pwrite            = myplugin_pwrite,
          /* etc */
        };
        NBDKIT_REGISTER_PLUGIN(plugin)

       The ".name" field is the name of the plugin.

       The callbacks are described below (see "CALLBACKS").  Only ".name", ".open", ".get_size"
       and ".pread" are required.  All other callbacks can be omitted, although typical plugins
       need to use more.

   Callback lifecycle
       Callbacks are called in the following order over the lifecycle of the plugin:

                ┌──────────────────┐
                │ load             │
                └─────────┬────────┘
                          │           configuration phase starts     ─┐
                ┌─────────┴────────┐                                  ┆
                │ config           │  config is called once per       ┆
                └─────────┬────────┘↺ key=value on the command line   ┆
                ┌─────────┴────────┐                                  ┆
                │ config_complete  │                                  ┆
                └─────────┬────────┘                                  ┆
                ┌─────────┴────────┐                                  ┆
                │ thread_model     │                                  ┆
                └─────────┬────────┘  configuration phase ends       ─┘
                ┌─────────┴────────┐
                │ get_ready        │
                └─────────┬────────┘
                          │           nbdkit forks into the background
                ┌─────────┴────────┐
                │ after_fork       │
                └─────────┬────────┘
                          │           nbdkit starts serving clients
                          │
               ┌──────────┴─────────────┬─ ─ ─ ─ ─ ─ ─ ─ ─
        ┌──────┴─────┐ client #1        │
        │ preconnect │                  │
        └──────┬─────┘                  │
        ┌──────┴─────┐                  │
        │list_exports│                  │
        └──────┬─────┘                  │
        ┌──────┴─────┐                  │
        │ open       │                  │
        └──────┬─────┘                  │
        ┌──────┴─────┐  NBD option      │
        │ can_write  │  negotiation     │
        └──────┬─────┘                  │
        ┌──────┴─────┐           ┌──────┴─────┐ client #2
        │ get_size   │           │ preconnect │
        └──────┬─────┘           └──────┬─────┘
        ┌──────┴─────┐ data
        │ pread      │ serving
        └──────┬─────┘↺                ...
        ┌──────┴─────┐
        │ pwrite     │
        └──────┬─────┘↺          ┌──────┴─────┐
        ┌──────┴─────┐           │ close      │
        │ close      │           └────────────┘
        └────────────┘

                          │           before nbdkit exits
                          │
                ┌─────────┴────────┐
                │ cleanup          │
                └─────────┬────────┘
                ┌─────────┴────────┐
                │ unload           │
                └──────────────────┘

       Notes

       "nbdkit --dump-plugin"
           The order of calls when the user queries the plugin is slightly different: ".config"
           is called once for each parameter.  ".config_complete" is not called.  ".thread_model"
           is called after ".config".

       ".get_ready"
           This is the last chance to do any global preparation that is needed to serve
           connections.  In particular, error messages here will be visible to the user, but they
           might not be in ".after_fork" (see below).

           Plugins should not create background threads here.  Use ".after_fork" instead.

       ".after_fork"
           ".after_fork" is called after the server has forked into the background and changed
           UID and directory.  If a plugin needs to create background threads (or uses an
           external library that creates threads) it should do so here, because background
           threads are invalidated by fork.

           Because the server may have forked into the background, error messages and failures
           from ".after_fork" cannot be seen by the user unless they look through syslog.  An
           error in ".after_fork" can appear to the user as if nbdkit “just died”.  So in almost
           all cases it is better to use ".get_ready" instead of this callback, or to do as much
           preparation work as possible in ".get_ready" and only start background threads here.

           The server doesn't always fork (eg. if the -f flag is used), but even so this callback
           will be called.  If you want to find out if the server forked between ".get_ready" and
           ".after_fork" use getpid(2).

       ".preconnect" and ".open"
           ".preconnect" is called when a TCP connection has been made to the server.  This
           happens early, before NBD or TLS negotiation.

           ".open" is called when a new client has connected and finished the NBD handshake.  TLS
           negotiation (if used) has been completed successfully.

       ".can_write", ".get_size" and other option negotiation callbacks
           These are called during option negotiation with the client, but before any data is
           served.  These callbacks may return different values across different ".open" calls,
           but within a single connection, they are called at most once and cached by nbdkit for
           that connection.

       ".pread", ".pwrite" and other data serving callbacks
           After option negotiation has finished, these may be called to serve data.  Depending
           on the thread model chosen, they might be called in parallel from multiple threads.
           The data serving callbacks include a flags argument; the results of the negotiation
           callbacks influence whether particular flags will ever be passed to a data callback.

       ".cleanup" and ".unload"
           The difference between these two methods is that ".cleanup" is called before any
           filter has been removed from memory with dlclose(3).  When ".unload" is called, nbdkit
           is in the middle of calling dlclose(3).  Most plugins do not need to worry about this
           difference.

   Flags
       The following flags are defined by nbdkit, and used in various data serving callbacks as
       follows:

       "NBDKIT_FLAG_MAY_TRIM"
           This flag is used by the ".zero" callback; there is no way to disable this flag,
           although a plugin that does not support trims as a way to write zeroes may ignore the
           flag without violating expected semantics.

       "NBDKIT_FLAG_FUA"
           This flag represents Forced Unit Access semantics.  It is used by the ".pwrite",
           ".zero", and ".trim" callbacks to indicate that the plugin must not return a result
           until the action has landed in persistent storage.  This flag will not be sent to the
           plugin unless ".can_fua" is provided and returns "NBDKIT_FUA_NATIVE".

       The following defines are valid as successful return values for ".can_fua":

       "NBDKIT_FUA_NONE"
           Forced Unit Access is not supported; the client must manually request a flush after
           writes have completed.  The "NBDKIT_FLAG_FUA" flag will not be passed to the plugin's
           write callbacks.

       "NBDKIT_FUA_EMULATE"
           The client may request Forced Unit Access, but it is implemented by emulation, where
           nbdkit calls ".flush" after a write operation; this is semantically correct, but may
           hurt performance as it tends to flush more data than just what the client requested.
           The "NBDKIT_FLAG_FUA" flag will not be passed to the plugin's write callbacks.

       "NBDKIT_FUA_NATIVE"
           The client may request Forced Unit Access, which results in the "NBDKIT_FLAG_FUA" flag
           being passed to the plugin's write callbacks (".pwrite", ".trim", and ".zero").  When
           the flag is set, these callbacks must not return success until the client's request
           has landed in persistent storage.

       The following defines are valid as successful return values for ".can_cache":

       "NBDKIT_CACHE_NONE"
           The server does not advertise caching support, and rejects any client-requested
           caching. Any ".cache" callback is ignored.

       "NBDKIT_CACHE_EMULATE"
           The nbdkit server advertises cache support to the client, where the client may request
           that the server cache a region of the export to potentially speed up future read
           and/or write operations on that region. The nbdkit server implements the caching by
           calling ".pread" and ignoring the results. This option exists to ease the
           implementation of a common form of caching; any ".cache" callback is ignored.

       "NBDKIT_CACHE_NATIVE"
           The nbdkit server advertises cache support to the client, where the client may request
           that the server cache a region of the export to potentially speed up future read
           and/or write operations on that region. The nbdkit server calls the ".cache" callback
           to perform the caching; if that callback is missing, the client's cache request
           succeeds without doing anything.

   Threads
       Each nbdkit plugin must declare its maximum thread safety model by defining the
       "THREAD_MODEL" macro.  (This macro is used by "NBDKIT_REGISTER_PLUGIN").  Additionally, a
       plugin may implement the ".thread_model" callback, called right after ".config_complete"
       to make a runtime decision on which thread model to use.  The nbdkit server chooses the
       most restrictive model between the plugin's "THREAD_MODEL", the ".thread_model" if
       present, any restrictions requested by filters, and any limitations imposed by the
       operating system.

       In "nbdkit --dump-plugin PLUGIN" output, the "max_thread_model" line matches the
       "THREAD_MODEL" macro, and the "thread_model" line matches what the system finally settled
       on after applying all restrictions.

       The possible settings for "THREAD_MODEL" are defined below.

       "#define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_CONNECTIONS"
           Only a single handle can be open at any time, and all requests happen from one thread.

           Note this means only one client can connect to the server at any time.  If a second
           client tries to connect it will block waiting for the first client to close the
           connection.

       "#define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_ALL_REQUESTS"
           This is a safe default for most plugins.

           Multiple handles can be open at the same time, but requests are serialized so that for
           the plugin as a whole only one open/read/write/close (etc) request will be in progress
           at any time.

           This is a useful setting if the library you are using is not thread-safe.  However
           performance may not be good.

       "#define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_REQUESTS"
           Multiple handles can be open and multiple data requests can happen in parallel.
           However only one request will happen per handle at a time (but requests on different
           handles might happen concurrently).

       "#define THREAD_MODEL NBDKIT_THREAD_MODEL_PARALLEL"
           Multiple handles can be open and multiple data requests can happen in parallel (even
           on the same handle).  The server may reorder replies, answering a later request before
           an earlier one.

           All the libraries you use must be thread-safe and reentrant, and any code that creates
           a file descriptor should atomically set "FD_CLOEXEC" if you do not want it
           accidentally leaked to another thread's child process.  You may also need to provide
           mutexes for fields in your connection handle.

       If none of the above thread models are suitable, use "NBDKIT_THREAD_MODEL_PARALLEL" and
       implement your own locking using "pthread_mutex_t" etc.

   Error handling
       If there is an error in the plugin, the plugin should call "nbdkit_error" to report an
       error message; additionally, if the callback is involved in serving data, the plugin
       should call "nbdkit_set_error" to influence the error code that will be sent to the
       client.  These two functions can be called in either order.  Then, the callback should
       return the appropriate error indication, eg. "NULL" or -1.

       If the call to "nbdkit_set_error" is omitted while serving data, then the global variable
       "errno" may be used.  For plugins which have ".errno_is_preserved != 0" the core code will
       use "errno".  In plugins written in non-C languages, we usually cannot trust that "errno"
       will not be overwritten when returning from that language to C.  In that case, either the
       plugin must call "nbdkit_set_error" or hard-coded "EIO" is used.

       "nbdkit_error" has the following prototype and works like printf(3):

        void nbdkit_error (const char *fs, ...);
        void nbdkit_verror (const char *fs, va_list args);

       For convenience, "nbdkit_error" preserves the value of "errno", and also supports the
       glibc extension of a single %m in a format string expanding to strerror(errno), even on
       platforms that don't support that natively.

       "nbdkit_set_error" can be called at any time, but only has an impact during callbacks for
       serving data, and only when the callback returns an indication of failure.  It has the
       following prototype:

        void nbdkit_set_error (int err);

CALLBACKS

   ".name"
        const char *name;

       This field (a string) is required, and must contain only ASCII alphanumeric characters or
       non-leading dashes, and be unique amongst all plugins.

   ".version"
        const char *version;

       Plugins may optionally set a version string which is displayed in help and debugging
       output.  (See also "VERSION" below)

   ".longname"
        const char *longname;

       An optional free text name of the plugin.  This field is used in error messages.

   ".description"
        const char *description;

       An optional multi-line description of the plugin.

   ".load"
        void load (void);

       This is called once just after the plugin is loaded into memory.  You can use this to
       perform any global initialization needed by the plugin.

   ".unload"
        void unload (void);

       This may be called once just before the plugin is unloaded from memory.  Note that it's
       not guaranteed that ".unload" will always be called (eg. the server might be killed or
       segfault), so you should try to make the plugin as robust as possible by not requiring
       cleanup.  See also "SHUTDOWN" below.

   ".dump_plugin"
        void dump_plugin (void);

       This optional callback is called when the "nbdkit plugin --dump-plugin" command is used.
       It should print any additional informative "key=value" fields to stdout as needed.
       Prefixing the keys with the name of the plugin will avoid conflicts.

   ".config"
        int config (const char *key, const char *value);

       On the nbdkit command line, after the plugin filename, come an optional list of
       "key=value" arguments.  These are passed to the plugin through this callback when the
       plugin is first loaded and before any connections are accepted.

       This callback may be called zero or more times.

       Both "key" and "value" parameters will be non-NULL.  The strings are owned by nbdkit but
       will remain valid for the lifetime of the plugin, so the plugin does not need to copy
       them.

       The key will be a non-empty string beginning with an ASCII alphabetic character ("A-Z"
       "a-z").  The rest of the key must contain only ASCII alphanumeric plus period, underscore
       or dash characters ("A-Z" "a-z" "0-9" "." "_" "-").  The value may be an arbitrary string,
       including an empty string.

       The names of "key"s accepted by plugins is up to the plugin, but you should probably look
       at other plugins and follow the same conventions.

       If the value is a relative path, then note that the server changes directory when it
       starts up.  See "FILENAMES AND PATHS" above.

       If "nbdkit_stdio_safe" returns 1, the value of the configuration parameter may be used to
       trigger reading additional data through stdin (such as a password or inline script).

       If the ".config" callback is not provided by the plugin, and the user tries to specify any
       "key=value" arguments, then nbdkit will exit with an error.

       If there is an error, ".config" should call "nbdkit_error" with an error message and
       return -1.

   ".magic_config_key"
        const char *magic_config_key;

       This optional string can be used to set a "magic" key used when parsing plugin parameters.
       It affects how "bare parameters" (those which do not contain an "=" character) are parsed
       on the command line.

       If "magic_config_key != NULL" then any bare parameters are passed to the ".config" method
       as: "config (magic_config_key, argv[i]);".

       If "magic_config_key" is not set then we behave as in nbdkit < 1.7: If the first parameter
       on the command line is bare then it is passed to the ".config" method as:
       "config ("script", value);".  Any other bare parameters give errors.

   ".config_complete"
        int config_complete (void);

       This optional callback is called after all the configuration has been passed to the
       plugin.  It is a good place to do checks, for example that the user has passed the
       required parameters to the plugin.

       If there is an error, ".config_complete" should call "nbdkit_error" with an error message
       and return -1.

   ".config_help"
        const char *config_help;

       This optional multi-line help message should summarize any "key=value" parameters that it
       takes.  It does not need to repeat what already appears in ".description".

       If the plugin doesn't take any config parameters you should probably omit this.

   ".thread_model"
        int thread_model (void)

       This optional callback is called after all the configuration has been passed to the
       plugin.  It can be used to force a stricter thread model based on configuration, compared
       to "THREAD_MODEL".  See "Threads" above for details.  Attempts to request a looser (more
       parallel) model are silently ignored.

       If there is an error, ".thread_model" should call "nbdkit_error" with an error message and
       return -1.

   ".get_ready"
        int get_ready (void);

       This optional callback is called before the server starts serving.  It is called before
       the server forks or changes directory.  It is ordinarily the last chance to do any global
       preparation that is needed to serve connections.

       If there is an error, ".get_ready" should call "nbdkit_error" with an error message and
       return -1.

   ".after_fork"
        int after_fork (void);

       This optional callback is called before the server starts serving.  It is called after the
       server forks and changes directory.  If a plugin needs to create background threads (or
       uses an external library that creates threads) it should do so here, because background
       threads are killed by fork.  However you should try to do as little as possible here
       because error reporting is difficult.  See "Callback lifecycle" above.

       If there is an error, ".after_fork" should call "nbdkit_error" with an error message and
       return -1.

   ".cleanup"
        void cleanup (void);

       This optional callback is called after the server has closed all connections and is
       preparing to unload.  It is only reached in the same cases that the ".after_fork" callback
       was used, making it a good place to clean up any background threads.  However, it is not
       guaranteed that this callback will be reached, so you should try to make the plugin as
       robust as possible by not requiring cleanup.  See also "SHUTDOWN" below.

   ".preconnect"
        int preconnect (int readonly);

       This optional callback is called when a TCP connection has been made to the server.  This
       happens early, before NBD or TLS negotiation.  If TLS authentication is required to access
       the server, then it has not been negotiated at this point.

       For security reasons (to avoid denial of service attacks) this callback should be written
       to be as fast and take as few resources as possible.  If you use this callback, only use
       it to do basic access control, such as checking "nbdkit_peer_name", "nbdkit_peer_pid",
       "nbdkit_peer_uid", "nbdkit_peer_gid" against a list of permitted source addresses (see
       "PEER NAME" and nbdkit-ip-filter(1)).  It may be better to do access control outside the
       server, for example using TCP wrappers or a firewall.

       The "readonly" flag informs the plugin that the server was started with the -r flag on the
       command line.

       Returning 0 will allow the connection to continue.  If there is an error or you want to
       deny the connection, call "nbdkit_error" with an error message and return -1.

   ".list_exports"
        int list_exports (int readonly, int is_tls,
                          struct nbdkit_exports *exports);

       This optional callback is called if the client tries to list the exports served by the
       plugin (using "NBD_OPT_LIST").  If the plugin does not supply this callback then the
       result of ".default_export" is advertised as the lone export.  The NBD protocol defines ""
       as the default export, so this is suitable for plugins which ignore the export name and
       always serve the same content.  See also "EXPORT NAME" below.

       The "readonly" flag informs the plugin that the server was started with the -r flag on the
       command line, which is the same value passed to ".preconnect" and ".open".  However, the
       NBD protocol does not yet have a way to let the client advertise an intent to be read-only
       even when the server allows writes, so this parameter may not be as useful as it appears.

       The "is_tls" flag informs the plugin whether this listing was requested after the client
       has completed TLS negotiation.  When running the server in a mode that permits but does
       not require TLS, be careful that any exports listed when "is_tls" is "false" do not leak
       unintended information.

       The "exports" parameter is an opaque object for collecting the list of exports.  Call
       "nbdkit_add_export" as needed to add specific exports to the list.

        int nbdkit_add_export (struct nbdkit_export *exports,
                               const char *name, const char *description);

       The "name" must be a non-NULL, UTF-8 string between 0 and 4096 bytes in length.  Export
       names must be unique.  "description" is an optional description of the export which some
       clients can display but which is otherwise unused (if you don't want a description, you
       can pass this parameter as "NULL").  The string(s) are copied into the exports list so you
       may free them immediately after calling this function.  "nbdkit_add_export" returns 0 on
       success or -1 on failure; on failure "nbdkit_error" has already been called, with "errno"
       set to a suitable value.

       There are also situations where a plugin may wish to duplicate the nbdkit default behavior
       of supplying an export list containing only the result of ".default_export" when
       ".list_exports" is missing; this is most common in a language binding where it is not
       known at compile time whether the language script will be providing an implementation for
       ".list_exports", and is done by calling "nbdkit_use_default_export".

        int nbdkit_use_default_export (struct nbdkit_export *exports);

       "nbdkit_use_default_export" returns 0 on success or -1 on failure; on failure
       "nbdkit_error" has already been called, with "errno" set to a suitable value.

       The plugin may also leave the export list empty, by not calling either helper.  Once the
       plugin is happy with the list contents, returning 0 will send the list of exports back to
       the client.  If there is an error, ".list_exports" should call "nbdkit_error" with an
       error message and return -1.

   ".default_export"
        const char *default_export (int readonly, int is_tls);

       This optional callback is called if the client tries to connect to the default export "",
       where the plugin provides a UTF-8 string between 0 and 4096 bytes.  If the plugin does not
       supply this callback, the connection continues with the empty name; if the plugin returns
       a valid string, nbdkit behaves as if the client had passed that string instead of an empty
       name, and returns that name to clients that support it (see the "NBD_INFO_NAME" response
       to "NBD_OPT_GO").  Similarly, if the plugin does not supply a ".list_exports" callback,
       the result of this callback determines what export name to advertise to a client
       requesting an export list.

       The "readonly" flag informs the plugin that the server was started with the -r flag on the
       command line, which is the same value passed to ".preconnect" and ".open".  However, the
       NBD protocol does not yet have a way to let the client advertise an intent to be read-only
       even when the server allows writes, so this parameter may not be as useful as it appears.

       The "is_tls" flag informs the plugin whether the canonical name for the default export is
       being requested after the client has completed TLS negotiation.  When running the server
       in a mode that permits but does not require TLS, be careful that a default export name
       does not leak unintended information.

       If the plugin returns "NULL" or an invalid string (such as longer than 4096 bytes), the
       client is not permitted to connect to the default export.  However, this is not an error
       in the protocol, so it is not necessary to call "nbdkit_error".

   ".open"
        void *open (int readonly);

       This is called when a new client connects to the nbdkit server.  The callback should
       allocate a handle and return it.  This handle is passed back to other callbacks and could
       be freed in the ".close" callback.

       Note that the handle is completely opaque to nbdkit, but it must not be NULL.  If you
       don't need to use a handle, return "NBDKIT_HANDLE_NOT_NEEDED" which is a static non-NULL
       pointer.

       The "readonly" flag informs the plugin that the server was started with the -r flag on the
       command line which forces connections to be read-only.  Note that the plugin may
       additionally force the connection to be readonly (even if this flag is false) by returning
       false from the ".can_write" callback.  So if your plugin can only serve read-only, you can
       ignore this parameter.

       If the plugin wants to differentiate the content it serves based on client input, then
       this is the spot to use nbdkit_export_name() to determine which export the client
       requested.  See also "EXPORT NAME" below.

       This callback is called after the NBD handshake has completed; if the server requires TLS
       authentication, then that has occurred as well.  But if the server is set up to have
       optional TLS authentication, you may check "nbdkit_is_tls" to learn whether the client has
       completed TLS authentication.  When running the server in a mode that permits but does not
       require TLS, be careful that you do not allow unauthenticated clients to cause a denial of
       service against authentication.

       If there is an error, ".open" should call "nbdkit_error" with an error message and return
       "NULL".

   ".close"
        void close (void *handle);

       This is called when the client closes the connection.  It should clean up any per-
       connection resources.

       Note there is no way in the NBD protocol to communicate close errors back to the client,
       for example if your plugin calls close(2) and you are checking for errors (as you should
       do).  Therefore the best you can do is to log the error on the server.  Well-behaved NBD
       clients should try to flush the connection before it is closed and check for errors, but
       obviously this is outside the scope of nbdkit.

   ".get_size"
        int64_t get_size (void *handle);

       This is called during the option negotiation phase of the protocol to get the size (in
       bytes) of the block device being exported.

       The returned size must be ≥ 0.  If there is an error, ".get_size" should call
       "nbdkit_error" with an error message and return -1.

   ".export_description"
        const char *export_description (void *handle);

       This is called during the option negotiation phase only if the client specifically
       requested an export description (see the "NBD_INFO_DESCRIPTION" response to "NBD_OPT_GO").
       Any description provided must be human-readable UTF-8, no longer than 4096 bytes.
       Ideally, this description should match any description set during ".list_exports", but
       that is not enforced.

       If the plugin returns "NULL" or an invalid string (such as longer than 4096 bytes), or if
       this callback is omitted, no description is offered to the client.  As this is not an
       error in the protocol, it is not necessary to call "nbdkit_error".  If the callback will
       not be returning a compile-time constant string, you may find "nbdkit_strdup_intern"
       helpful for returning a value that avoids a memory leak.

   ".block_size"
        int block_size (void *handle, uint32_t *minimum,
                        uint32_t *preferred, uint32_t *maximum);

       This is called during the option negotiation phase of the protocol to get the minimum,
       preferred and maximum block size (all in bytes) of the block device.  The client should
       obey these constraints by not making requests which are smaller than the minimum size or
       larger than the maximum size, and usually making requests of a multiple of the preferred
       size.  Furthermore requests should be aligned to at least the minimum block size, and
       usually the preferred block size.

       "Preferred" block size in the NBD specification can be misinterpreted.  It means the I/O
       size which does not have a penalty for read-modify-write.

       Even if the plugin implements this callback, this does not mean that all client requests
       will obey the constraints.  A client could still ignore the constraints.  nbdkit passes
       all requests through to the plugin, because what the plugin does depends on the plugin's
       policy.  It might decide to serve the requests correctly anyway, or reject them with an
       error.  Plugins can avoid this complexity by using nbdkit-blocksize-policy-filter(1) which
       allows both setting/adjusting the constraints, and selecting an error policy.

       The minimum block size must be ≥ 1.  The maximum block size must be ≤ 0xffff_ffff.
       minimum ≤ preferred ≤ maximum.

       As a special case, the plugin may return minimum == preferred == maximum == 0, meaning no
       information.

       If this callback is not used, then the NBD protocol assumes by default minimum = 1,
       preferred = 4096.  (Maximum block size depends on various factors, see the NBD protocol
       specification, section "Block size constraints").

   ".can_write"
        int can_write (void *handle);

       This is called during the option negotiation phase to find out if the handle supports
       writes.

       If there is an error, ".can_write" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then we return true iff a ".pwrite" callback
       has been defined.

   ".can_flush"
        int can_flush (void *handle);

       This is called during the option negotiation phase to find out if the handle supports the
       flush-to-disk operation.

       If there is an error, ".can_flush" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then we return true iff a ".flush" callback
       has been defined.

   ".is_rotational"
        int is_rotational (void *handle);

       This is called during the option negotiation phase to find out if the backing disk is a
       rotational medium (like a traditional hard disk) or not (like an SSD).  If true, this may
       cause the client to reorder requests to make them more efficient for a slow rotating disk.

       If there is an error, ".is_rotational" should call "nbdkit_error" with an error message
       and return -1.

       This callback is not required.  If omitted, then we return false.

   ".can_trim"
        int can_trim (void *handle);

       This is called during the option negotiation phase to find out if the plugin supports the
       trim/discard operation for punching holes in the backing storage.

       If there is an error, ".can_trim" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then we return true iff a ".trim" callback has
       been defined.

   ".can_zero"
        int can_zero (void *handle);

       This is called during the option negotiation phase to find out if the plugin wants the
       ".zero" callback to be utilized.  Support for writing zeroes is still advertised to the
       client (unless the nbdkit-nozero-filter(1) is also used), so returning false merely serves
       as a way to avoid complicating the ".zero" callback to have to fail with "ENOTSUP" or
       "EOPNOTSUPP" on the connections where it will never be more efficient than using ".pwrite"
       up front.

       If there is an error, ".can_zero" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then for a normal zero request, nbdkit always
       tries ".zero" first if it is present, and gracefully falls back to ".pwrite" if ".zero"
       was absent or failed with "ENOTSUP" or "EOPNOTSUPP".

   ".can_fast_zero"
        int can_fast_zero (void *handle);

       This is called during the option negotiation phase to find out if the plugin wants to
       advertise support for fast zero requests.  If this support is not advertised, a client
       cannot attempt fast zero requests, and has no way to tell if writing zeroes offers any
       speedups compared to using ".pwrite" (other than compressed network traffic).  If support
       is advertised, then ".zero" will have "NBDKIT_FLAG_FAST_ZERO" set when the client has
       requested a fast zero, in which case the plugin must fail with "ENOTSUP" or "EOPNOTSUPP"
       up front if the request would not offer any benefits over ".pwrite".  Advertising support
       for fast zero requests does not require that writing zeroes be fast, only that the result
       (whether success or failure) is fast, so this should be advertised when feasible.

       If there is an error, ".can_fast_zero" should call "nbdkit_error" with an error message
       and return -1.

       This callback is not required.  If omitted, then nbdkit returns true if ".zero" is absent
       or ".can_zero" returns false (in those cases, nbdkit fails all fast zero requests, as its
       fallback to ".pwrite" is not inherently faster), otherwise false (since it cannot be
       determined in advance if the plugin's ".zero" will properly honor the semantics of
       "NBDKIT_FLAG_FAST_ZERO").

   ".can_extents"
        int can_extents (void *handle);

       This is called during the option negotiation phase to find out if the plugin supports
       detecting allocated (non-sparse) regions of the disk with the ".extents" callback.

       If there is an error, ".can_extents" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then we return true iff a ".extents" callback
       has been defined.

   ".can_fua"
        int can_fua (void *handle);

       This is called during the option negotiation phase to find out if the plugin supports the
       Forced Unit Access (FUA) flag on write, zero, and trim requests.  If this returns
       "NBDKIT_FUA_NONE", FUA support is not advertised to the client; if this returns
       "NBDKIT_FUA_EMULATE", the ".flush" callback must work (even if ".can_flush" returns
       false), and FUA support is emulated by calling ".flush" after any write operation; if this
       returns "NBDKIT_FUA_NATIVE", then the ".pwrite", ".zero", and ".trim" callbacks (if
       implemented) must handle the flag "NBDKIT_FLAG_FUA", by not returning until that action
       has landed in persistent storage.

       If there is an error, ".can_fua" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required unless a plugin wants to specifically handle FUA requests.
       If omitted, nbdkit checks whether ".flush" exists, and behaves as if this function returns
       "NBDKIT_FUA_NONE" or "NBDKIT_FUA_EMULATE" as appropriate.

   ".can_multi_conn"
        int can_multi_conn (void *handle);

       This is called during the option negotiation phase to find out if the plugin is prepared
       to handle multiple connections from a single client.  If the plugin sets this to true then
       a client may try to open multiple connections to the nbdkit server and spread requests
       across all connections to maximize parallelism.  If the plugin sets it to false (which is
       the default) then well-behaved clients should only open a single connection, although we
       cannot control what clients do in practice.

       Specifically it means that either the plugin does not cache requests at all.  Or if it
       does cache them then the effects of a ".flush" request or setting "NBDKIT_FLAG_FUA" on a
       request must be visible across all connections to the plugin before the plugin replies to
       that request.

       Properly working clients should send the same export name for each of these connections.

       If you use Linux nbd-client(8) option -C num with num > 1 then Linux checks this flag and
       will refuse to connect if ".can_multi_conn" is false.

       If there is an error, ".can_multi_conn" should call "nbdkit_error" with an error message
       and return -1.

       This callback is not required.  If omitted, then we return false.

   ".can_cache"
        int can_cache (void *handle);

       This is called during the option negotiation phase to find out if the plugin supports a
       cache or prefetch operation.

       This can return:

       "NBDKIT_CACHE_NONE"
           Cache support is not advertised to the client.

       "NBDKIT_CACHE_EMULATE"
           Caching is emulated by the server calling ".pread" and discarding the result.

       "NBDKIT_CACHE_NATIVE"
           Cache support is advertised to the client.  The ".cache" callback will be called if it
           exists, otherwise all cache requests instantly succeed.

       If there is an error, ".can_cache" should call "nbdkit_error" with an error message and
       return -1.

       This callback is not required.  If omitted, then we return "NBDKIT_CACHE_NONE" if the
       ".cache" callback is missing, or "NBDKIT_CACHE_NATIVE" if it is defined.

   ".pread"
        int pread (void *handle, void *buf, uint32_t count, uint64_t offset,
                   uint32_t flags);

       During the data serving phase, nbdkit calls this callback to read data from the backing
       store.  "count" bytes starting at "offset" in the backing store should be read and copied
       into "buf".  nbdkit takes care of all bounds- and sanity-checking, so the plugin does not
       need to worry about that.

       The parameter "flags" exists in case of future NBD protocol extensions; at this time, it
       will be 0 on input.

       The callback must read the whole "count" bytes if it can.  The NBD protocol doesn't allow
       partial reads (instead, these would be errors).  If the whole "count" bytes was read, the
       callback should return 0 to indicate there was no error.

       If there is an error (including a short read which couldn't be recovered from), ".pread"
       should call "nbdkit_error" with an error message, and "nbdkit_set_error" to record an
       appropriate error (unless "errno" is sufficient), then return -1.

   ".pwrite"
        int pwrite (void *handle, const void *buf, uint32_t count, uint64_t offset,
                    uint32_t flags);

       During the data serving phase, nbdkit calls this callback to write data to the backing
       store.  "count" bytes starting at "offset" in the backing store should be written using
       the data in "buf".  nbdkit takes care of all bounds- and sanity-checking, so the plugin
       does not need to worry about that.

       This function will not be called if ".can_write" returned false.  The parameter "flags"
       may include "NBDKIT_FLAG_FUA" on input based on the result of ".can_fua".

       The callback must write the whole "count" bytes if it can.  The NBD protocol doesn't allow
       partial writes (instead, these would be errors).  If the whole "count" bytes was written
       successfully, the callback should return 0 to indicate there was no error.

       If there is an error (including a short write which couldn't be recovered from), ".pwrite"
       should call "nbdkit_error" with an error message, and "nbdkit_set_error" to record an
       appropriate error (unless "errno" is sufficient), then return -1.

   ".flush"
        int flush (void *handle, uint32_t flags);

       During the data serving phase, this callback is used to fdatasync(2) the backing store,
       ie. to ensure it has been completely written to a permanent medium.  If that is not
       possible then you can omit this callback.

       This function will not be called directly by the client if ".can_flush" returned false;
       however, it may still be called by nbdkit if ".can_fua" returned "NBDKIT_FUA_EMULATE".
       The parameter "flags" exists in case of future NBD protocol extensions; at this time, it
       will be 0 on input.

       If there is an error, ".flush" should call "nbdkit_error" with an error message, and
       "nbdkit_set_error" to record an appropriate error (unless "errno" is sufficient), then
       return -1.

   ".trim"
        int trim (void *handle, uint32_t count, uint64_t offset, uint32_t flags);

       During the data serving phase, this callback is used to "punch holes" in the backing
       store.  If that is not possible then you can omit this callback.

       This function will not be called if ".can_trim" returned false.  The parameter "flags" may
       include "NBDKIT_FLAG_FUA" on input based on the result of ".can_fua".

       If there is an error, ".trim" should call "nbdkit_error" with an error message, and
       "nbdkit_set_error" to record an appropriate error (unless "errno" is sufficient), then
       return -1.

   ".zero"
        int zero (void *handle, uint32_t count, uint64_t offset, uint32_t flags);

       During the data serving phase, this callback is used to write "count" bytes of zeroes at
       "offset" in the backing store.

       This function will not be called if ".can_zero" returned false.  On input, the parameter
       "flags" may include "NBDKIT_FLAG_MAY_TRIM" unconditionally, "NBDKIT_FLAG_FUA" based on the
       result of ".can_fua", and "NBDKIT_FLAG_FAST_ZERO" based on the result of ".can_fast_zero".

       If "NBDKIT_FLAG_MAY_TRIM" is requested, the operation can punch a hole instead of writing
       actual zero bytes, but only if subsequent reads from the hole read as zeroes.

       If "NBDKIT_FLAG_FAST_ZERO" is requested, the plugin must decide up front if the
       implementation is likely to be faster than a corresponding ".pwrite"; if not, then it must
       immediately fail with "ENOTSUP" or "EOPNOTSUPP" (whether by "nbdkit_set_error" or "errno")
       and preferably without modifying the exported image.  It is acceptable to always fail a
       fast zero request (as a fast failure is better than attempting the write only to find out
       after the fact that it was not fast after all).  Note that on Linux, support for
       ioctl(BLKZEROOUT) is insufficient for determining whether a zero request to a block device
       will be fast (because the kernel will perform a slow fallback when needed).

       The callback must write the whole "count" bytes if it can.  The NBD protocol doesn't allow
       partial writes (instead, these would be errors).  If the whole "count" bytes was written
       successfully, the callback should return 0 to indicate there was no error.

       If there is an error, ".zero" should call "nbdkit_error" with an error message, and
       "nbdkit_set_error" to record an appropriate error (unless "errno" is sufficient), then
       return -1.

       If this callback is omitted, or if it fails with "ENOTSUP" or "EOPNOTSUPP" (whether by
       "nbdkit_set_error" or "errno"), then ".pwrite" will be used as an automatic fallback
       except when the client requested a fast zero.

   ".extents"
        int extents (void *handle, uint32_t count, uint64_t offset,
                     uint32_t flags, struct nbdkit_extents *extents);

       During the data serving phase, this callback is used to detect allocated, sparse and
       zeroed regions of the disk.

       This function will not be called if ".can_extents" returned false.  nbdkit's default
       behaviour in this case is to treat the whole virtual disk as if it was allocated.  Also,
       this function will not be called by a client that does not request structured replies (the
       --no-sr option of nbdkit can be used to test behavior when ".extents" is unavailable to
       the client).

       The callback should detect and return the list of extents overlapping the range
       "[offset...offset+count-1]".  The "extents" parameter points to an opaque object which the
       callback should fill in by calling "nbdkit_add_extent".  See "Extents list" below.

       If there is an error, ".extents" should call "nbdkit_error" with an error message, and
       "nbdkit_set_error" to record an appropriate error (unless "errno" is sufficient), then
       return -1.

       Extents list

       The plugin "extents" callback is passed an opaque pointer "struct nbdkit_extents
       *extents".  This structure represents a list of filesystem extents describing which areas
       of the disk are allocated, which are sparse (“holes”), and, if supported, which are
       zeroes.

       The "extents" callback should scan the disk starting at "offset" and call
       "nbdkit_add_extent" for each extent found.

       Extents overlapping the range "[offset...offset+count-1]" should be returned if possible.
       However nbdkit ignores extents < offset so the plugin may, if it is easier to implement,
       return all extent information for the whole disk.  The plugin may return extents beyond
       the end of the range.  It may also return extent information for less than the whole
       range, but it must return at least one extent overlapping "offset".

       The extents must be added in ascending order, and must be contiguous.

       The "flags" parameter of the ".extents" callback may contain the flag
       "NBDKIT_FLAG_REQ_ONE".  This means that the client is only requesting information about
       the extent overlapping "offset".  The plugin may ignore this flag, or as an optimization
       it may return just a single extent for "offset".

        int nbdkit_add_extent (struct nbdkit_extents *extents,
                               uint64_t offset, uint64_t length, uint32_t type);

       Add an extent covering "[offset...offset+length-1]" of one of the following four types:

       "type = 0"
           A normal, allocated data extent.

       "type = NBDKIT_EXTENT_HOLE|NBDKIT_EXTENT_ZERO"
           An unallocated extent, a.k.a. a “hole”, which reads back as zeroes.  This is the
           normal type of hole applicable to most disks.

       "type = NBDKIT_EXTENT_ZERO"
           An allocated extent which is known to contain only zeroes.

       "type = NBDKIT_EXTENT_HOLE"
           An unallocated extent (hole) which does not read back as zeroes.  Note this should
           only be used in specialized circumstances such as when writing a plugin for (or to
           emulate) certain SCSI drives which do not guarantee that trimmed blocks read back as
           zeroes.

       "nbdkit_add_extent" returns 0 on success or -1 on failure.  On failure "nbdkit_error"
       and/or "nbdkit_set_error" has already been called.  "errno" will be set to a suitable
       value.

   ".cache"
        int cache (void *handle, uint32_t count, uint64_t offset, uint32_t flags);

       During the data serving phase, this callback is used to give the plugin a hint that the
       client intends to make further accesses to the given region of the export.

       The nature of caching/prefetching is not specified further by the NBD specification.  For
       example, a server may place limits on how much may be cached at once, and there is no way
       to control if writes to a cached area have write-through or write-back semantics.  In
       fact, the cache command can always fail and still be compliant, and success might not
       guarantee a performance gain.

       If this callback is omitted, then the results of ".can_cache" determine whether nbdkit
       will reject cache requests, treat them as instant success, or emulate caching by calling
       ".pread" over the same region and ignoring the results.

       This function will not be called if ".can_cache" did not return "NBDKIT_CACHE_NATIVE".

       The "flags" parameter exists in case of future NBD protocol extensions; at this time, it
       will be 0 on input.  A plugin must fail this function if "flags" includes an unrecognized
       flag, as that may indicate a requirement that the plugin must comply with to provide a
       specific caching semantic.

       If there is an error, ".cache" should call "nbdkit_error" with an error message, and
       "nbdkit_set_error" to record an appropriate error (unless "errno" is sufficient), then
       return -1.

   ".errno_is_preserved"
       This field defaults to 0; if non-zero, nbdkit can reliably use the value of "errno" when a
       callback reports failure, rather than the plugin having to call "nbdkit_set_error".

SHUTDOWN

       When nbdkit receives certain signals it will shut down (see "SIGNALS" in nbdkit(1)).  The
       server will wait for any currently running plugin callbacks to finish, call ".close" on
       those connections, then call the ".cleanup" and ".unload" callbacks before unloading the
       plugin.

       Note that it's not guaranteed this can always happen (eg. the server might be killed by
       "SIGKILL" or segfault).

   Requesting asynchronous shutdown
       Plugins and filters can call exit(3) in the configuration phase (before and including
       ".get_ready", but not in connected callbacks).

       Once nbdkit has started serving connections, plugins and filters should not call exit(3).
       However they may instruct nbdkit to shut down by calling "nbdkit_shutdown", or to
       disconnect a single client by calling "nbdkit_disconnect":

        void nbdkit_shutdown (void);

       This function requests an asynchronous shutdown and returns (note that it does not exit
       the process immediately).  It ensures that the plugin and all filters are unloaded cleanly
       which may take some time.  Further callbacks from nbdkit into the plugin or filter may
       occur after you have called this.

        void nbdkit_disconnect (int force);

       This function requests that the current connection be disconnected (note that it does not
       affect other connections, and the client may try to reconnect).  It is only useful from
       connected callbacks (that is, after ".open" and before ".close").  If "force" is true,
       nbdkit will disconnect the client immediately, and the client will not receive any
       response to the current command or any other commands in flight in parallel threads;
       otherwise, nbdkit will not accept any new commands from the client (failing all commands
       other than "NBD_CMD_DISC" with "ESHUTDOWN"), but will allow existing commands to complete
       gracefully.  Either way, the next callback for the current connection should be ".close".

PARSING COMMAND LINE PARAMETERS

   Parsing numbers
       There are several functions for parsing numbers.  These all deal correctly with overflow,
       out of range and parse errors, and you should use them instead of unsafe functions like
       sscanf(3), atoi(3) and similar.

        int nbdkit_parse_int (const char *what, const char *str, int *r);
        int nbdkit_parse_unsigned (const char *what,
                                   const char *str, unsigned *r);
        int nbdkit_parse_int8_t (const char *what,
                                 const char *str, int8_t *r);
        int nbdkit_parse_uint8_t (const char *what,
                                  const char *str, uint8_t *r);
        int nbdkit_parse_int16_t (const char *what,
                                  const char *str, int16_t *r);
        int nbdkit_parse_uint16_t (const char *what,
                                   const char *str, uint16_t *r);
        int nbdkit_parse_int32_t (const char *what,
                                  const char *str, int32_t *r);
        int nbdkit_parse_uint32_t (const char *what,
                                   const char *str, uint32_t *r);
        int nbdkit_parse_int64_t (const char *what,
                                  const char *str, int64_t *r);
        int nbdkit_parse_uint64_t (const char *what,
                                   const char *str, uint64_t *r);

       Parse string "str" into an integer of various types.  These functions parse a decimal,
       hexadecimal ("0x...") or octal ("0...") number.

       On success the functions return 0 and set *r to the parsed value (unless "*r == NULL" in
       which case the result is discarded).  On error, "nbdkit_error" is called and the functions
       return -1.  On error *r is always unchanged.

       The "what" parameter is printed in error messages to provide context.  It should usually
       be a short descriptive string of what you are trying to parse, eg:

        if (nbdkit_parse_int ("random seed", value, &seed) == -1)
          return -1;

       might print an error:

        random seed: could not parse number: "lalala"

   Parsing sizes
       Use the "nbdkit_parse_size" utility function to parse human-readable size strings such as
       "100M" into the size in bytes.

        int64_t nbdkit_parse_size (const char *str);

       "str" can be a string in a number of common formats.  The function returns the size in
       bytes.  If there was an error, it returns -1.

   Parsing booleans
       Use the "nbdkit_parse_bool" utility function to parse human-readable strings such as "on"
       into a boolean value.

        int nbdkit_parse_bool (const char *str);

       "str" can be a string containing a case-insensitive form of various common toggle values.
       The function returns 0 or 1 if the parse was successful.  If there was an error, it
       returns -1.

   Parsing probabilities
       Use the "nbdkit_parse_probability" utility function to parse probabilities.  Common
       formats understood include: "0.1", "1e-1", "10%", "1:10" or "1/10", which all mean a
       probability of 1 in 10.

        int nbdkit_parse_probability (const char *what, const char *str,
                                      double *ret);

       The "what" parameter is printed in error messages to provide context.  The "str" parameter
       is the probability string.

       On success the function returns 0 and sets *ret.  The probability is always a finite
       number ≥ 0.0, but note the result may be larger than 1.0 (for example if "str == "200%""
       then the function will set "*ret = 2.0").  If you want to clamp the upper bound the caller
       must do that.

       On error, nbdkit_error is called and -1 is returned.

   Reading passwords
       The "nbdkit_read_password" utility function can be used to read passwords from config
       parameters:

        int nbdkit_read_password (const char *value, char **password);

       For example:

        char *password = NULL;

        static int
        myplugin_config (const char *key, const char *value)
        {
          ..
          if (strcmp (key, "password") == 0) {
            free (password);
            if (nbdkit_read_password (value, &password) == -1)
              return -1;
          }
          ..
        }

       The "password" result string is allocated by malloc, and so you may need to free it.

       This function recognizes several password formats.  A password may be used directly on the
       command line, eg:

        nbdkit myplugin password=mostsecret

       But more securely this function can also read a password interactively:

        nbdkit myplugin password=-

       or from a file:

        nbdkit myplugin password=+/tmp/secret

       or from a file descriptor inherited by nbdkit:

        nbdkit myplugin password=-99

       Notes on reading passwords

       If the password begins with a "-" or "+" character then it must be passed in a file.

       "password=-" can only be used when stdin is a terminal.

       "password=-FD" cannot be used with stdin, stdout or stderr (ie. -0, -1 or -2).  The reason
       is that after reading the password the file descriptor is closed, which causes bad stuff
       to happen.

   Safely interacting with stdin and stdout
        int nbdkit_stdio_safe (void);

       The "nbdkit_stdio_safe" utility function returns 1 if it is safe to interact with stdin
       and stdout during the configuration phase, and 0 otherwise.  This is because when the
       nbdkit -s option is used the plugin must not directly interact with stdin, because that
       would interfere with the client.

       The result of this function only matters in callbacks up to ".config_complete".  Once
       nbdkit reaches ".get_ready", the plugin should assume that nbdkit may have closed the
       original stdin and stdout in order to become a daemon.

       nbdkit-sh-plugin(3) uses this function to determine whether it is safe to support
       "script=-" to read a script from stdin.  Also constructs like "password=-" (see "Reading
       passwords" above) are disabled when reading from stdio is not safe.

FILENAMES AND PATHS

       The server usually (not always) changes directory to "/" before it starts serving
       connections.  This means that any relative paths passed during configuration will not work
       when the server is running (example: "nbdkit plugin.so disk.img").

       To avoid problems, prepend relative paths with the current directory before storing them
       in the handle.  Or open files and store the file descriptor.

   "nbdkit_absolute_path"
        char *nbdkit_absolute_path (const char *filename);

       The utility function "nbdkit_absolute_path" converts any path to an absolute path: if it
       is relative, then all this function does is prepend the current working directory to the
       path, with no extra checks.

       Note that this function works only when used in the ".config", ".config_complete" and
       ".get_ready" callbacks.

       If conversion was not possible, this calls "nbdkit_error" and returns "NULL".  Note that
       this function does not check that the file exists.

       The returned string must be freed by the caller.

   "nbdkit_realpath"
        char *nbdkit_realpath (const char *filename);

       The utility function "nbdkit_realpath" converts any path to an absolute path, resolving
       symlinks.  Under the hood it uses the "realpath" function, and thus it fails if the path
       does not exist, or it is not possible to access to any of the components of the path.

       Note that this function works only when used in the ".config", ".config_complete" and
       ".get_ready" callbacks.

       If the path resolution was not possible, this calls "nbdkit_error" and returns "NULL".

       The returned string must be freed by the caller.

   umask
       All plugins will see a umask(2) of 0022.

SLEEPING

       A plugin that needs to sleep may call sleep(2), nanosleep(2) and similar.  However that
       can cause nbdkit to delay excessively when shutting down (since it must wait for any
       plugin or filter which is sleeping).  To avoid this there is a special wrapper around
       nanosleep which plugins and filters should use instead.

   "nbdkit_nanosleep"
        int nbdkit_nanosleep (unsigned sec, unsigned nsec);

       The utility function "nbdkit_nanosleep" suspends the current thread, and returns 0 if it
       slept at least as many seconds and nanoseconds as requested, or -1 after calling
       "nbdkit_error" if there is no point in continuing the current command.  Attempts to sleep
       more than "INT_MAX" seconds are treated as an error.

EXPORT NAME

       If the client negotiated an NBD export name with nbdkit then plugins may read this from
       any connected callbacks.  Nbdkit's normal behaviour is to accept any export name passed by
       the client, log it in debug output, but otherwise ignore it.  By using
       "nbdkit_export_name" plugins may choose to filter by export name or serve different
       content.

   "nbdkit_export_name"
        const char *nbdkit_export_name (void);

       Return the optional NBD export name if one was negotiated with the current client (this
       uses thread-local magic so no parameter is required).  The returned string is valid at
       least through the ".close" of the current connection, but if you need to store it in the
       plugin for use by more than one client you must copy it.

       The export name is a free-form text string, it is not necessarily a path or filename and
       it does not need to begin with a '/' character.  The NBD protocol describes the empty
       string ("") as a representing a "default export" or to be used in cases where the export
       name does not make sense.  The export name is untrusted client data, be cautious when
       parsing it.

       On error, "nbdkit_error" is called and the call returns "NULL".

STRING LIFETIME

       Some callbacks are specified to return "const char *", even when a plugin may not have a
       suitable compile-time constant to return.  Returning dynamically-allocated memory for such
       a callback would induce a memory leak or otherwise complicate the plugin to perform
       additional bookkeeping.  For these cases, nbdkit provides several convenience functions
       for creating a copy of a string for better lifetime management.

   "nbdkit_strdup_intern"
   "nbdkit_strndup_intern"
        const char *nbdkit_strdup_intern (const char *str);
        const char *nbdkit_strndup_intern (const char *str, size_t n);

       Returns a copy of "str", possibly limited to a maximum of "n" bytes, so that the caller
       may reclaim str and use the copy in its place.  If the copy is created outside the scope
       of a connection (such as during ".load" or ".config"), the lifetime of the copy will last
       at least through ".unload".  If the copy is created after a client has triggered a
       connection (such as during ".preconnect" or ".open"), the lifetime will last at least
       through ".close", but the copy is not safe to share with other connections.

       On error, "nbdkit_error" is called and the call returns "NULL".

   "nbdkit_printf_intern"
   "nbdkit_vprintf_intern"
        const char *nbdkit_printf_intern (const char *fmt, ...);
        const char *nbdkit_vprintf_intern (const char *fmt, va_list ap);

       Return a string created from a format template, with a lifetime longer than the current
       connection.  Shorthand for passing "fmt" to asprintf(3) on a temporary string, then
       passing that result to "nbdkit_strdup_intern".

       On error, "nbdkit_error" is called and the call returns "NULL".

AUTHENTICATION

       A server may use "nbdkit_is_tls" to limit which export names work until after a client has
       completed TLS authentication.  See nbdkit-tls(1).  It is also possible to use
       nbdkit-tls-fallback-filter(1) to automatically ensure that the plugin is only used with
       authentication.

   "nbdkit_is_tls"
        int nbdkit_is_tls (void);

       Return true if the client has completed TLS authentication, or false if the connection is
       still plaintext.

       On error (such as calling this function outside of the context of ".open"), "nbdkit_error"
       is called and the call returns -1.

PEER NAME

       It is possible to get the source address of the client when you are running in any
       connected callback.

   "nbdkit_peer_name"
        int nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen);

       Return the peer (client) address, if available.  The "addr" and "addrlen" parameters
       behave like getpeername(2).  In particular you must initialize "addrlen" with the size of
       the buffer pointed to by "addr", and if "addr" is not large enough then the address will
       be truncated.

       In some cases this is not available or the address returned will be meaningless (eg. if
       there is a proxy between the client and nbdkit).  This call uses thread-local magic so no
       parameter is required to specify the current connection.

       On success this returns 0.  On error, "nbdkit_error" is called and this call returns -1.

   "nbdkit_peer_pid"
       (nbdkit ≥ 1.24, Linux only)

        int64_t nbdkit_peer_pid (void);

       Return the peer process ID.  This is only available when the client connected over a Unix
       domain socket.

       On success this returns the peer process ID.  On error, "nbdkit_error" is called and this
       call returns -1.

   "nbdkit_peer_uid"
       (nbdkit ≥ 1.24)

        int64_t nbdkit_peer_uid (void);

       Return the peer user ID.  This is only available when the client connected over a Unix
       domain socket.

       On success this returns the user ID.  On error, "nbdkit_error" is called and this call
       returns -1.

   "nbdkit_peer_gid"
       (nbdkit ≥ 1.24)

        int64_t nbdkit_peer_gid (void);

       Return the peer group ID.  This is only available when the client connected over a Unix
       domain socket.

       On success this returns the user ID.  On error, "nbdkit_error" is called and this call
       returns -1.

   "nbdkit_peer_security_context"
       (nbdkit ≥ 1.36, not Windows)

        char *nbdkit_peer_security_context (void);

       Return the peer security context (usually the SELinux label, IPSEC label or NetLabel, see
       the description of "SO_PEERSEC" in unix(7) and ip(7).

       On success this returns the security context as a string.  The caller must free the
       string.  On error (which can include missing label or unsupported protocol),
       "nbdkit_error" is called and this call returns "NULL".

VERSION

   Compile-time version of nbdkit
       The macros "NBDKIT_VERSION_MAJOR", "NBDKIT_VERSION_MINOR" and "NBDKIT_VERSION_MICRO"
       expand to integers containing the version of the nbdkit headers that you are compiling
       against.

       "NBDKIT_VERSION_MAJOR" is always 1.  "NBDKIT_VERSION_MINOR" is even for stable releases of
       nbdkit and odd for development releases.

       The macro "NBDKIT_VERSION_STRING" expands to the same version as a string.

   Run-time version of nbdkit
       When the plugin is loaded into nbdkit, it may not be the same version that it was compiled
       against.  nbdkit guarantees backwards compatibility of the API and ABI, so provided that
       nbdkit is the same version or newer, the plugin will still work.  There is no way to get
       the version of nbdkit from the plugin.

   Version of the plugin
       The plugin itself can use any versioning scheme you want, and put any string into the
       ".version" field of the plugin struct (or leave the field NULL).

   API version
       See "WRITING AN NBDKIT PLUGIN" above.

DEBUGGING

       Run the server with -f and -v options so it doesn't fork and you can see debugging
       information:

        nbdkit -fv ./myplugin.so [key=value [key=value [...]]]

       To print debugging information from within the plugin, call "nbdkit_debug", which has the
       following prototype and works like printf(3):

        void nbdkit_debug (const char *fs, ...);
        void nbdkit_vdebug (const char *fs, va_list args);

       For convenience, "nbdkit_debug" preserves the value of "errno", and also supports the
       glibc extension of a single %m in a format string expanding to strerror(errno), even on
       platforms that don't support that natively. Note that "nbdkit_debug" only prints things
       when the server is in verbose mode (-v option).

   Debug Flags
       The -v option switches general debugging on or off, and this debugging should be used for
       messages which are useful for all users of your plugin.

       In cases where you want to enable specific extra debugging to track down bugs in plugins
       or filters — mainly for use by the plugin/filter developers themselves — you can define
       Debug Flags.  These are global ints called "myplugin_debug_*":

        int myplugin_debug_foo;
        int myplugin_debug_bar;
        ...
        if (myplugin_debug_foo) {
          nbdkit_debug ("lots of extra debugging about foo: ...");
        }

       Debug Flags can be controlled on the command line using the -D (or --debug) option:

        nbdkit -f -v -D myplugin.foo=1 -D myplugin.bar=2 myplugin [...]

       Note "myplugin" is the name passed to ".name" in the "struct nbdkit_plugin".

       You should only use this feature for debug settings.  For general settings use ordinary
       plugin parameters.  Debug Flags can only be C ints.  They are not supported by non-C
       language plugins.

       For convenience '.' characters are replaced with '_' characters in the variable name, so
       both of these parameters:

        -D myplugin.foo_bar=1
        -D myplugin.foo.bar=1

       correspond to the plugin variable "myplugin_debug_foo_bar".

COMPILING THE PLUGIN

       Plugins should be compiled as shared libraries.  There are various ways to achieve this,
       but most Linux compilers support a -shared option to create the shared library directly,
       for example:

        gcc -fPIC -shared myplugin.c -o myplugin.so

       Note that the shared library will have undefined symbols for functions that you call like
       "nbdkit_parse_int" or "nbdkit_error".  These will be resolved by the server binary when
       nbdkit dlopens the plugin.

   PKG-CONFIG/PKGCONF
       nbdkit provides a pkg-config/pkgconf file called "nbdkit.pc" which should be installed on
       the correct path when the nbdkit plugin development environment is installed.  You can use
       this in autoconf configure.ac scripts to test for the development environment:

        PKG_CHECK_MODULES([NBDKIT], [nbdkit >= 1.2.3])

       The above will fail unless nbdkit ≥ 1.2.3 and the header file is installed, and will set
       "NBDKIT_CFLAGS" and "NBDKIT_LIBS" appropriately for compiling plugins.

       You can also run pkg-config/pkgconf directly, for example:

        if ! pkg-config nbdkit --exists; then
          echo "you must install the nbdkit plugin development environment"
          exit 1
        fi

       You can also substitute the plugindir variable by doing:

        PKG_CHECK_VAR([NBDKIT_PLUGINDIR], [nbdkit], [plugindir])

       which defines "$(NBDKIT_PLUGINDIR)" in automake-generated Makefiles.

       If nbdkit development headers are installed in a non-standard location then you may need
       to compile plugins using:

        gcc -fPIC -shared myplugin.c -o myplugin.so \
          `pkg-config nbdkit --cflags --libs`

INSTALLING THE PLUGIN

       The plugin is a "*.so" file and possibly a manual page.  You can of course install the
       plugin "*.so" file wherever you want, and users will be able to use it by running:

        nbdkit /path/to/plugin.so [args]

       However if the shared library has a name of the form "nbdkit-name-plugin.so" and if the
       library is installed in the $plugindir directory, then users can be run it by only typing:

        nbdkit name [args]

       The location of the $plugindir directory is set when nbdkit is compiled and can be found
       by doing:

        nbdkit --dump-config

       If using the pkg-config/pkgconf system then you can also find the plugin directory at
       compile time by doing:

        pkg-config nbdkit --variable=plugindir

WRITING PLUGINS IN C++

       Plugins in C++ work almost exactly like those in C, but the way you define the
       "nbdkit_plugin" struct is slightly different:

        namespace {
          nbdkit_plugin create_plugin() {
            nbdkit_plugin plugin = nbdkit_plugin ();
            plugin.name     = "myplugin";
            plugin.open     = myplugin_open;
            plugin.get_size = myplugin_get_size;
            plugin.pread    = myplugin_pread;
            plugin.pwrite   = myplugin_pwrite;
            return plugin;
          }
        }
        static struct nbdkit_plugin plugin = create_plugin ();
        NBDKIT_REGISTER_PLUGIN(plugin)

WRITING PLUGINS IN OTHER PROGRAMMING LANGUAGES

       You can also write nbdkit plugins in Go, Lua, OCaml, Perl, Python, Ruby, Rust, shell
       script or Tcl.  Other programming languages may be offered in future.

       For more information see: nbdkit-cc-plugin(3), nbdkit-golang-plugin(3),
       nbdkit-lua-plugin(3), nbdkit-ocaml-plugin(3), nbdkit-perl-plugin(3),
       nbdkit-python-plugin(3), nbdkit-ruby-plugin(3), nbdkit-rust-plugin(3),
       nbdkit-sh-plugin(3), nbdkit-tcl-plugin(3) .

       Plugins written in scripting languages may also be installed in $plugindir.  These must be
       called "nbdkit-name-plugin" without any extension.  They must be executable, and they must
       use the shebang header (see "Shebang scripts" in nbdkit(1)).  For example a plugin written
       in Perl called "foo.pl" might be installed like this:

        $ head -1 foo.pl
        #!/usr/sbin/nbdkit perl

        $ sudo install -m 0755 foo.pl $plugindir/nbdkit-foo-plugin

       and then users will be able to run it like this:

        $ nbdkit foo [args ...]

SEE ALSO

       nbdkit(1), nbdkit-nozero-filter(1), nbdkit-tls-fallback-filter(1), nbdkit-filter(3).

       Standard plugins provided by nbdkit:

       nbdkit-blkio-plugin(1), nbdkit-cdi-plugin(1), nbdkit-curl-plugin(1),
       nbdkit-data-plugin(1), nbdkit-eval-plugin(1), nbdkit-example1-plugin(1),
       nbdkit-example2-plugin(1), nbdkit-example3-plugin(1), nbdkit-example4-plugin(1),
       nbdkit-file-plugin(1), nbdkit-floppy-plugin(1), nbdkit-full-plugin(1),
       nbdkit-guestfs-plugin(1), nbdkit-info-plugin(1), nbdkit-iso-plugin(1),
       nbdkit-libvirt-plugin(1), nbdkit-linuxdisk-plugin(1), nbdkit-memory-plugin(1),
       nbdkit-nbd-plugin(1), nbdkit-null-plugin(1), nbdkit-ondemand-plugin(1),
       nbdkit-ones-plugin(1), nbdkit-partitioning-plugin(1), nbdkit-pattern-plugin(1),
       nbdkit-random-plugin(1), nbdkit-S3-plugin(1), nbdkit-sparse-random-plugin(1),
       nbdkit-split-plugin(1), nbdkit-ssh-plugin(1), nbdkit-tmpdisk-plugin(1),
       nbdkit-torrent-plugin(1), nbdkit-vddk-plugin(1), nbdkit-zero-plugin(1) ;
       nbdkit-cc-plugin(3), nbdkit-golang-plugin(3), nbdkit-lua-plugin(3),
       nbdkit-ocaml-plugin(3), nbdkit-perl-plugin(3), nbdkit-python-plugin(3),
       nbdkit-ruby-plugin(3), nbdkit-rust-plugin(3), nbdkit-sh-plugin(3), nbdkit-tcl-plugin(3) .

AUTHORS

       Eric Blake

       Richard W.M. Jones

       Pino Toscano

COPYRIGHT

       Copyright Red Hat

LICENSE

       Redistribution and use in source and binary forms, with or without modification, are
       permitted provided that the following conditions are met:

       •   Redistributions of source code must retain the above copyright notice, this list of
           conditions and the following disclaimer.

       •   Redistributions in binary form must reproduce the above copyright notice, this list of
           conditions and the following disclaimer in the documentation and/or other materials
           provided with the distribution.

       •   Neither the name of Red Hat nor the names of its contributors may be used to endorse
           or promote products derived from this software without specific prior written
           permission.

       THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
       WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
       FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
       BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
       OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
       LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
       OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.