1NBD-CLIENT(8) NBD-CLIENT(8)
2
6 nbd-client - connect to a server running nbd-server(1), to use its
7 exported block device
8
10 nbd-client host [ port ] nbd-device [ -connections num ] [ -sdp ] [
11 -swap ] [ -persist ] [ -nofork ] [ -nonetlink ] [ -systemd-mark ] [
12 -block-size block size ] [ -timeout seconds ] [ -name name ] [ -cert‐
13 file certfile ] [ -keyfile keyfile ] [ -cacertfile cacertfile ] [
14 -tlshostname hostname ]
15 nbd-client -unix path nbd-device [ -connections num ] [ -sdp ] [ -swap
18 ] [ -persist ] [ -nofork ] [ -nonetlink ] [ -systemd-mark ] [ -block-
19 size block size ] [ -timeout seconds ] [ -name name ]
20 nbd-client nbd-device
23 nbd-client -d nbd-device
26 nbd-client -c nbd-device
29 nbd-client -l host [ port ]
32 nbd-client [ -netlink ] -l host
35
38 With nbd-client, you can connect to a server running nbd-server, thus
39 using raw diskspace from that server as a blockdevice on the local
40 client.
41 To do this, support from the Linux Kernel is necessary, in the form of
43 the Network Block Device (NBD). When you have that, either in the ker‐
44 nel, or as a module, you can connect to an NBD server and use its
45 exported file through a block special file with major mode 43.
46 Optionally, long options can also be specified with two leading dashes.
48
50 The following options are supported:
51 -block-size block size
53 -b Use a blocksize of "block size". Default is 1024; allowed values
55 are either 512, 1024, 2048 or 4096
56 -connections num
58 -C Use num connections to the server, to allow speeding up request
60 handling, at the cost of higher resource usage on the server.
61 Use of this option requires kernel support available first with
62 Linux 4.9.
63 host The hostname or IP address of the machine running nbd-server.
65 Since 2.9.15, the NBD utilities support IPv6.
66 -timeout seconds
68 -t Set the connection timeout to "seconds". For this to work, you
70 need a kernel with support for the NBD_SET_TIMEOUT ioctl; this
71 was introduced into Linus' tree on 2007-10-11, and will be part
72 of kernel 2.6.24.
73 port The TCP port on which nbd-server is running at the server.
75 The port number defaults to 10809, the IANA-assigned port number
77 for the NBD protocol.
78 Previous versions of the nbd tools supported an older version of
80 the negotiation protocol known as "oldstyle". This protocol
81 version is no longer supported as of version 3.11 of the nbd
82 support tools.
83 nbd-device
85 The block special file (/dev entry) which this nbd-client should
86 connect to, specified as a full path.
87 When the mode is used wherein no hostname or export name is
89 specified, nbd-client will look up the necessary configuration
90 in the nbdtab file. For more information, see nbdtab(5).
91 -check
93 -c Check whether the specified nbd device is connected.
95 If the device is connected, nbd-client will exit with an exit
97 state of 0 and print the PID of the nbd-client instance that
98 connected it to stdout.
99 If the device is not connected or does not exist (for example
101 because the nbd module was not loaded), nbd-client will exit
102 with an exit state of 1 and not print anything on stdout.
103 If an error occurred, nbd-client will exit with an exit state of
105 2, and not print anything on stdout either.
106 -disconnect
108 -d Disconnect the specified nbd device from the server
110 -list
112 -l Ask the server for a list of available exports. If the server is
114 exporting over IPv6 as well as over IPv4, this will list all
115 exports twice; otherwise, it should list them all only once.
116 Note that this option only works with nbd-server processes run‐
118 ning version 3.1 or above, and must be enabled in server config‐
119 uration (with the "allowlist" option) before it can be used.
120 -nonetlink
122 -L Starting with version 3.17, nbd-client will default to using the
124 netlink interface to configure an NBD device. This option allows
125 to use the older ioctl() interface to configure the device.
126 This option is only available if nbd-client was compiled against
128 libnl-genl. If that is not the case, nbd-client will only be
129 able to use the ioctl interface (and the option will not be
130 available).
131 Note that a future version of nbd-client will require the use of
133 netlink, but it has not yet been decided when that will be the
134 case.
135 -persist
137 -p When this option is specified, nbd-client will immediately try
139 to reconnect an nbd device if the connection ever drops unex‐
140 pectedly due to a lost server or something similar.
141 -sdp
143 -S Connect to the server using the Socket Direct Protocol (SDP),
145 rather than IP. See nbd-server(5) for details.
146 -swap
148 -s Specifies that this NBD device will be used as swapspace. This
150 option attempts to prevent deadlocks by performing mlockall()
151 and adjusting the oom-killer score at an appropriate time. It
152 does not however guarantee that such deadlocks can be avoided.
153 -systemd-mark
155 -m The systemd init system requires that processes which should not
157 be killed at shutdown time be marked appropriately by replacing
158 the first letter of their argv[0] with an '@' sign.
159 This option will cause nbd-client to do so.
161 Note that this only works if nbd-client is run from an initrd;
163 i.e., systemd will ignore such a mark if run from a systemd unit
164 file or from the command line.
165 -nofork
167 -n Specifies that the NBD client should not detach and daemonize
169 itself. This is mostly useful for debugging.
170 Note that nbd-client will still fork once to trigger an update
172 to the device node's partition table. It is not possible to dis‐
173 able this.
174 -no-optgo
176 -g Disable the use of the NBD_OPT_GO protocol message, and force
178 the use of NBD_OPT_EXPORT_NAME instead.
179 The NBD protocol has two phases: the negotiation phase, and the
181 transmission phase. To move from negotation to transmission,
182 older clients sent the NBD_OPT_EXPORT_NAME message, for which
183 the server could not produce an error message in case the export
184 name did not exist (or the client had insufficient permissions
185 to access it). Due to those limitations, a replacement message
186 NBD_OPT_GO was created instead, which allows the server to reply
187 with an error in case of any problems.
188 The protocol allows for a server to discard a message which it
190 does not understand; however, unfortunately some implementations
191 (including older versions of nbd-server) did not handle that
192 situation correctly and would get out of sync with the client
193 when it sent a message which the server did not understand.
194 When sending NBD_OPT_GO, nbd-client will try to do the right
196 thing and fall back to NBD_OPT_EXPORT_NAME. However, when the
197 server has the above-described bug, then this does not work. In
198 such a situation, the client will issue a diagnostic suggesting
199 the use of this option.
200 Note that there is a corresponding option for nbdtab, too.
202 -name
204 -N Specifies the name of the export that we want to use. If not
206 specified, nbd-client will ask for a "default" export, if one
207 exists on the server.
208 -unix
210 -u Connect to the server over a unix domain socket at path, rather
212 than to a server over a TCP socket. The server must be listening
213 on the given socket.
214 -certfile file
216 -F Use the specified file as the client certificate for TLS authen‐
218 tication to the server.
219 -keyfile file
221 -K Use the specified file as the private key for the client cerifi‐
223 cate.
224 -cacertfile file
226 -A Use the specified file as the CA certificate for TLS authentica‐
228 tion to the server.
229 -tlshostname hostname
231 -H Use the specified hostname for the TLS context. If not speci‐
233 fied, the hostname used to connect to the server will be used.
234 TLS SUPPORT
236 Enabling any of the TLS-related options causes the client to use the
237 NBD_OPT_STARTTLS command to upgrade the connection to TLS. Since nego‐
238 tiating TLS support from userspace for a kernel socket would be very
239 involved (if passing keys to kernel space were even possible, which it
240 isn't), the way this is implemented is that the nbd-client process cre‐
241 ates a socketpair, one side of which it hands to the kernel, and the
242 other side of which is handed to an encrypting/decrypting proxy. This
243 has the effect that all communication will be encrypted before being
244 sent over the wire; however, doing so is not safe in combination with
245 swapping over an NBD device:
246 In order to free memory by swapping, the kernel needs to be sure that
248 the write to the nbd device has finalized. For this, it needs to be
249 able to receive an NBD_CMD_WRITE reply which informs it that the write
250 has completed successfully and that the memory may be released. Receiv‐
251 ing data over the network, however, requires that the kernel allocate
252 memory first, which is impossible if we're low on memory (a likely sit‐
253 uation when trying to swap). This is likely to cause a deadlock when
254 we're low on memory and there are high amounts of network traffic.
255 To remedy this situation, the kernel sets the PF_MEMALLOC option on the
257 nbd socket; when low on memory, it will throw away all packets except
258 for those destined to a socket with that option set, relying on the
259 normal TCP retransmit system to ensure that data is not lost. This
260 avoids the deadlock described above.
261 However, the PF_MEMALLOC option is set on the socket that is connected
263 to the nbd device, not the encrypted socket connected to the encrypt‐
264 ing/decrypting proxy. As such, when using TLS, the PF_MEMALLOC option
265 is not set on the socket that actually receives data from the network,
266 which means that the deadlock reappears.
267 For this reason, if the -swap option is used when TLS is in use, nbd-
269 client will issue an appropriate warning.
270
272 Some examples of nbd-client usage:
273 · To connect to a server running on port 2000 at host
275 "server.domain.com", using the client's block special file
276 "/dev/nbd0":
277 nbd-client server.domain.com 2000 /dev/nbd0
279 · To connect to a server running on port 2001 at host
281 "swapserver.domain.com", using the client's block special file
282 "/dev/nbd1", for swap purposes:
283 nbd-client swapserver.domain.com 2001 /dev/nbd1 -swap
285 · To disconnect the above connection again (after making sure the block
287 special file is not in use anymore):
288 nbd-client -d /dev/nbd1
290
292 nbd-server (1).
293
295 The NBD kernel module and the NBD tools have been written by Pavel
296 Macheck (pavel@ucw.cz).
297 The kernel module is now maintained by Paul Clements
299 (Paul.Clements@steeleye.com), while the userland tools are maintained
300 by Wouter Verhelst (wouter@debian.org)
301 This manual page was written by Wouter Verhelst (<wouter@debian.org>)
303 for the Debian GNU/Linux system (but may be used by others). Permis‐
304 sion is granted to copy, distribute and/or modify this document under
305 the terms of the GNU General Public License, version 2, as published by
306 the Free Software Foundation.
307 $ NBD-CLIENT(8)