lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 Oct 2008 21:49:20 +0400
From:	Vladislav Bolkhovitin <vst@...b.net>
To:	"Nicholas A. Bellinger" <nab@...ux-iscsi.org>
CC:	linux-iscsi-target-dev@...glegroups.com,
	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>,
	Mike Christie <michaelc@...wisc.edu>,
	linux-scsi <linux-scsi@...r.kernel.org>,
	iet-dev <iscsitarget-devel@...ts.sourceforge.net>,
	Greg KH <greg@...ah.com>,
	Jerome Martin <tramjoe.merin@...il.com>,
	LKML <linux-kernel@...r.kernel.org>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	SCST-Devel <scst-devel@...ts.sourceforge.net>,
	Joel Becker <joel.becker@...cle.com>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [ANNOUNCE]: ConfigFS enabled Generic Target Mode and	iSCSI	Target
 Stack on v2.6.27-rc7

Nicholas A. Bellinger wrote:
  > Ok, here is the commit:
> 
> http://git.kernel.org/?p=linux/kernel/git/nab/lio-core-2.6.git;a=commit;h=d1dc1c1da8375c1b9099166d7d93f7f45477f892
> 
> In the example I am using two iSCSI Initiators (one Debian and one
> OpenSuse) that both have TPG LUN 0 and 1 mapped to their Initiator LUN 0
> and 1 under $FABRIC/$IQN/tpgt_1.
> 
> Here is what it looks like from the CLI:
> 
> export TARGET=/sys/kernel/config/target/core/
> export FABRIC=/sys/kernel/config/target/iscsi/
> 
> <Setup target_core_mod storage objects..>
> 
> DEF_IQN="iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0"
> 
> # The first mkdir(2) to $FABRIC will load iscsi_target_mod
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/np/172.16.201.137:3260"
> # Create TPG LUN 0 and symlink $STORAGE_OBJECT from target_core_mod
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_0"
> ln -s $TARGET/iblock_0/lvm_test0 "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_0/lio_west_port"
> # Create TPG LUN 1 and symlink $STORAGE_OBJECT from target_core_mod
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_1"
> ln -s $TARGET/pscsi_0/sdd "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_1/lio_east_port"
> 
> INITIATOR_DEBIAN="iqn.1993-08.org.debian:01:2dadf92d0ef"
> 
> # Create Node and two LUN ACL Symlinks for Debian Initiator
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_DEBIAN/lun_0"
> ln -s "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_0" "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_DEBIAN/lun_0/."
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_DEBIAN/lun_1"
> ln -s "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_1" "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_DEBIAN/lun_1/."
> 
> INITIATOR_SUSE="iqn.1996-04.de.suse:01:1661f9ee7b5"
> 
> # Create Node and two LUN ACL Symlinks for Suse Initiator
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_SUSE/lun_0"
> ln -s "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_0" "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_SUSE/lun_0/."
> mkdir -p "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_SUSE/lun_1"
> ln -s "$FABRIC/$DEF_IQN/tpgt_1/lun/lun_1" "$FABRIC/$DEF_IQN/tpgt_1/acls/$INITIATOR_SUSE/lun_1/."
> 
> # Enable the $FABRIC endpoint so it can accept new iSCSI sessions.
> echo 1 > $FABRIC/$DEF_IQN/tpgt_1/enable
> 
> 
> And running....
> 
> 
> target:/sys/kernel/config# tree $FABRIC
> /sys/kernel/config/target/iscsi/
> |-- iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0
> |   `-- tpgt_1
> |       |-- acls
> |       |   |-- iqn.1993-08.org.debian:01:2dadf92d0ef
> |       |   |   |-- control
> |       |   |   |-- info
> |       |   |   |-- lun_0
> |       |   |   |   `-- lun_0 -> ../../../../../../../target/iscsi/iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0/tpgt_1/lun/lun_0
> |       |   |   `-- lun_1
> |       |   |       `-- lun_1 -> ../../../../../../../target/iscsi/iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0/tpgt_1/lun/lun_1
> |       |   `-- iqn.1996-04.de.suse:01:1661f9ee7b5
> |       |       |-- control
> |       |       |-- info
> |       |       |-- lun_0
> |       |       |   `-- lun_0 -> ../../../../../../../target/iscsi/iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0/tpgt_1/lun/lun_0
> |       |       `-- lun_1
> |       |           `-- lun_1 -> ../../../../../../../target/iscsi/iqn.2003-01.org.linux-iscsi.target.i686:sn.e475ed6fcdd0/tpgt_1/lun/lun_1
> |       |-- control
> |       |-- enable
> |       |-- lun
> |       |   |-- lun_0
> |       |   |   |-- control
> |       |   |   |-- info
> |       |   |   `-- lio_west_port -> ../../../../../../target/core/iblock_0/lvm_test0
> |       |   `-- lun_1
> |       |       |-- control
> |       |       |-- info
> |       |       `-- lio_east_port -> ../../../../../../target/core/pscsi_0/sdd
> |       `-- np
> |           `-- 172.16.201.137:3260
> |               `-- portal_info
> `-- lio_version
> 
> 20 directories, 12 files
> 
> Note that iSCSI Initiator LUN ACL Symlinks are done on a per TPGT
> context and are only allowed for TPG LUNs under the same
> $FABRIC/$IQN/$TPGT path.

I don't like that limitation. It looks completely artificial for me. And 
this approach doesn't address what to do if there is a connection from 
initiator, for which there is no corresponding ACL entry.

I again strongly suggest you to get familiar with SCST access control 
approach before making the next move. It's proved to be good and we 
should take all the best from it.

> --------------------------------------------------------------------------------
> 
> Dump information for all running iSCSI Sessons on all iSCSI Target
> endpoints..:
> 
> target:/sys/kernel/config# cat $FABRIC/iqn*/tpgt*/acls/*/info
> 
> InitiatorName: iqn.1993-08.org.debian:01:2dadf92d0ef
> InitiatorAlias: ubuntu
> LIO Session ID: 2   ISID: 0x00 02 3d 05 00 00  TSIH: 2  SessionType: Normal
> Cmds in Session Pool: 1  Session State: TARG_SESS_STATE_LOGGED_IN
> ---------------------[iSCSI Session Values]-----------------------
>   CmdSN/WR  :  CmdSN/WC  :  ExpCmdSN  :  MaxCmdSN  :     ITT    :     TTT
>  0x00000010   0x00000010   0x00000042   0x00000051   0x090a0040   0x000000e7
> ----------------------[iSCSI Connections]-------------------------
> CID: 0  Connection State: TARG_CONN_STATE_LOGGED_IN
>    Address 172.16.201.129 TCP  StatSN: 0x0000006c
> InitiatorName: iqn.1996-04.de.suse:01:1661f9ee7b5
> InitiatorAlias: opensuse
> LIO Session ID: 13   ISID: 0x00 02 3d 01 00 00  TSIH: 13  SessionType: Normal
> Cmds in Session Pool: 1  Session State: TARG_SESS_STATE_LOGGED_IN
> ---------------------[iSCSI Session Values]-----------------------
>   CmdSN/WR  :  CmdSN/WC  :  ExpCmdSN  :  MaxCmdSN  :     ITT    :     TTT
>  0x00000010   0x00000010   0x00000022   0x00000031   0x040a0000   0x00000003
> ----------------------[iSCSI Connections]-------------------------
> CID: 0  Connection State: TARG_CONN_STATE_LOGGED_IN
>    Address 172.16.201.136 TCP  StatSN: 0x00000003
> 
> 
> Anyways, you get the idea.  The primary functionality is up for getting
> ACLs iSCSI Initiator Nodes and LUNs symlinked to TPG LUNs symlinked to
> $STORAGE_OBJECTs from target_core_mod.   I will be continuing to convert
> stuff from the IOCTL, mostly things that need to be made into configfs
> attributes.  I am going to focus on the getting the remaining stuff
> under configfs up for iscsi_target_mod, and start looking at the much
> larger todo item of seeing how we can merge target_core_mod and scst
> core..  Please have a look and let me know what you think (espically the
> target_core_mod parts), and I will pull the latest SCST code and start
> looking at the FABRIC <-> TARGET you mentioned..
> 
> --nab
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ