| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Aug 2008 11:50:32 -0500 From: Mike Christie <michaelc@...wisc.edu> To: James Bottomley <James.Bottomley@...senPartnership.com> CC: Jeff Garzik <jgarzik@...ox.com>, Alan Cox <alan@...rguk.ukuu.org.uk>, Roland Dreier <rdreier@...co.com>, Steve Wise <swise@...ngridcomputing.com>, davem@...emloft.net, Divy Le Ray <divy@...lsio.com>, Karen Xie <kxie@...lsio.com>, netdev@...r.kernel.org, open-iscsi@...glegroups.com, daisyc@...ibm.com, wenxiong@...ibm.com, bhua@...ibm.com, Dimitrios Michailidis <dm@...lsio.com>, Casey Leedom <leedom@...lsio.com>, linux-scsi <linux-scsi@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC][PATCH 1/1] cxgb3i: cxgb3 iSCSI initiator James Bottomley wrote: > On Sun, 2008-08-10 at 08:49 -0400, Jeff Garzik wrote: >> Alan Cox wrote: >>>> - It doesn't work in theory, because the suggestion (I guess) is that >>>> the iSCSI HBA has its own MAC and IP and behaves like a separate >>> The iSCSI HBA is its own system - that is the root of the problem. >> Indeed. >> >> Just like with TOE, from the net stack's point of view, an iSCSI HBA is >> essentially a wholly asynchronous remote system [with a really fast >> communication bus like PCI Express]. >> >> As such, the task becomes updating the net stack such that >> formerly-private resources are now shared with an independent, external >> system... with all the complexity, additional failure modes, and >> additional security complications that come along with that. > > What's wrong with making it configurable identically to current software > iSCSI? i.e. plumb the thing into the current iscsi transport class so > that we use the standard daemon for creating and binding sessions? > Then, only once the session is bound do you let your iSCSI TOE stack > take over. > > That way the connection appears to the network as completely normal, > because it has an open socket associated with it; and, since the > transport class has done the connection login, it even looks like a > normal iSCSI connection to the usual tools. iSCSI would manage > connection and authentication, so your TOE stack can be simply around > the block acceleration piece (i.e. you'd need to get the iscsi daemon to > do relogin and things). This is what Chelsio and broadcom do today more or less. Chelsio did the socket trick you are proposing. Broadcom went with a different hack. But in the end both hook into the iscsi transport class (the current iscsi transport class works for this today), userspace daemon and tools, so that the iscsi daemon handles iscsi login, iscsi authentication and all other iscsi operations, like it does for software iscsi. > > I would assume net will require some indicator that the opened > connection has been subsumed, so it knows not to try to manage it, but > other than that I don't see it will need any alteration. The usual > tools, like netfilter could even use this information to know the limits > of their management. > > If this model works, we can use it for TOE acceleration of individual > applications (rather than the entire TCP stack) on an as needed basis. > > This is like the port stealing proposal, but since the iSCSI daemon is > responsible for maintaining the session, the port isn't completely > stolen, just switched to accelerator mode when doing the iSCSI offload. > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists