Re: [PATCH nvme-cli] nvme-connect: Add 'dhchap-secret' and 'dhchap-bidi' arguments
From: Sagi Grimberg <sagi@grimberg.me>
Date: 2021-09-26 14:41:46
On 9/13/21 12:42 PM, Hannes Reinecke wrote:
quoted hunk ↗ jump to hunk
Add 'dhchap-secret' and 'dhchap-bidi' arguments for nvme-connect to enable NVMe In-Band authentication. This is the nvme-cli patch to support NVMe In-band authentication as posted on the linux-nvme mailinglist. Signed-off-by: Hannes Reinecke <hare@suse.de> --- Documentation/nvme-connect.txt | 14 ++++++++++++++ fabrics.c | 29 ++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 7 deletions(-)diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt index 4d7bb52..8cfc34e 100644 --- a/Documentation/nvme-connect.txt +++ b/Documentation/nvme-connect.txt@@ -17,6 +17,7 @@ SYNOPSIS [--host-iface=<iface> | -f <iface>] [--hostnqn=<hostnqn> | -q <hostnqn>] [--hostid=<hostid> | -I <hostid>] + [--dhchap-secret=<secret> | -S <secret>] [--nr-io-queues=<#> | -i <#>] [--nr-write-queues=<#> | -W <#>] [--nr-poll-queues=<#> | -P <#>]@@ -28,6 +29,7 @@ SYNOPSIS [--disable-sqflow | -d] [--hdr-digest | -g] [--data-digest | -G] + [--dhchap-bidi | -B] DESCRIPTION -----------@@ -92,6 +94,14 @@ OPTIONS UUID(Universally Unique Identifier) to be discovered which should be formatted. +-S <secret>:: +--dhchap-secret=<secret>:: + NVMe In-band authentication secret; needs to be in ASCII format as + specified in NVMe 2.0 section 8.13.5.8 'Secret representation'. + If this option is not specified, the default is read from + /etc/nvme/hostkey. If that does not exist no in-band authentication + is attempted. + -i <#>:: --nr-io-queues=<#>:: Overrides the default number of I/O queues create by the driver.@@ -140,6 +150,10 @@ OPTIONS --data-digest:: Generates/verifies data digest (TCP). +-B:: +--dhchap-bidi:: + Enable bidirectional authentication (TCP). + EXAMPLES -------- * Connect to a subsystem named nqn.2014-08.com.example:nvme:nvm-subsystem-sn-d78432diff --git a/fabrics.c b/fabrics.c index b132546..d1386c3 100644 --- a/fabrics.c +++ b/fabrics.c@@ -60,6 +60,7 @@ static const char *nvmf_htraddr = "host traddr (e.g. FC WWN's)"; static const char *nvmf_hiface = "host interface (for tcp transport)"; static const char *nvmf_hostnqn = "user-defined hostnqn"; static const char *nvmf_hostid = "user-defined hostid (if default not used)"; +static const char *nvmf_hostkey = "user-defined hostkey (if default not used)"; static const char *nvmf_nr_io_queues = "number of io queues to use (default is core count)"; static const char *nvmf_nr_write_queues = "number of write queues to use (default 0)"; static const char *nvmf_nr_poll_queues = "number of poll queues to use (default 0)";@@ -72,6 +73,7 @@ static const char *nvmf_dup_connect = "allow duplicate connections between same static const char *nvmf_disable_sqflow = "disable controller sq flow control (default false)"; static const char *nvmf_hdr_digest = "enable transport protocol header digest (TCP transport)"; static const char *nvmf_data_digest = "enable transport protocol data digest (TCP transport)"; +static const char *nvmf_dhchap_bidi = "enable bidirectional authentication (TCP transport)"; static const char *nvmf_config_file = "Use specified JSON configuration file or 'none' to disable"; #define NVMF_OPTS(c) \@@ -82,6 +84,7 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or OPT_STRING("host-iface", 'f', "STR", &host_iface, nvmf_hiface), \ OPT_STRING("hostnqn", 'q', "STR", &hostnqn, nvmf_hostnqn), \ OPT_STRING("hostid", 'I', "STR", &hostid, nvmf_hostid), \ + OPT_STRING("dhchap-secret", 'S', "STR", &hostkey, nvmf_hostkey), \ OPT_INT("nr-io-queues", 'i', &c.nr_io_queues, nvmf_nr_io_queues), \ OPT_INT("nr-write-queues", 'W', &c.nr_write_queues, nvmf_nr_write_queues),\ OPT_INT("nr-poll-queues", 'P', &c.nr_poll_queues, nvmf_nr_poll_queues), \@@ -93,8 +96,8 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect, nvmf_dup_connect), \ OPT_FLAG("disable-sqflow", 'd', &c.disable_sqflow, nvmf_disable_sqflow), \ OPT_FLAG("hdr-digest", 'g', &c.hdr_digest, nvmf_hdr_digest), \ - OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest) \ - + OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest), \ + OPT_FLAG("dhchap-bidi", 'B', &c.dhchap_bidi, nvmf_dhchap_bidi) static void space_strip_len(int max, char *str) {@@ -296,7 +299,7 @@ static int discover_from_conf_file(nvme_host_t h, const char *desc, { char *transport = NULL, *traddr = NULL, *trsvcid = NULL; char *host_traddr = NULL, *host_iface = NULL; - char *hostnqn = NULL, *hostid = NULL; + char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL; char *ptr, **argv, *p, line[4096]; int argc, ret = 0; FILE *f;@@ -369,10 +372,10 @@ out: int nvmf_discover(const char *desc, int argc, char **argv, bool connect) { char *nqn = NVME_DISC_SUBSYS_NAME; - char *hostnqn = NULL, *hostid = NULL; + char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL; char *host_traddr = NULL, *host_iface = NULL; char *transport = NULL, *traddr = NULL, *trsvcid = NULL; - char *hnqn = NULL, *hid = NULL; + char *hnqn = NULL, *hid = NULL, *hkey = NULL; char *config_file = PATH_NVMF_CONFIG; enum nvme_print_flags flags; nvme_root_t r;@@ -434,6 +437,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect) hostnqn = hnqn = nvmf_hostnqn_from_file(); if (!hostid) hostid = hid = nvmf_hostid_from_file(); + if (!hostkey) + hostkey = hkey = nvmf_hostkey_from_file(); h = nvme_lookup_host(r, hostnqn, hostid); if (!h) { ret = ENOMEM;@@ -445,6 +450,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect) else if (!strncmp(device, "/dev/", 5)) device += 5; } + if (hostkey) + nvme_host_set_hostkey(h, hostkey);
Hannes, where is the implementation of this? _______________________________________________ Linux-nvme mailing list Linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme