Commit eee268fe authored by Shuhei Matsumoto's avatar Shuhei Matsumoto Committed by Jim Harris
Browse files

iscsi: Replace "ALL" by "ANY" for access control 



In the accessibility control of iSCSI target, "ALL" is used to allow
ANY IP address-port pair or iSCSI name of initiators. However iSCSI
targets cannot know ALL initiators beforehand.

Hence "ANY" will be better than "ALL" and will avoid misunderstanding.

Comments and iscsi_tgt test code are also changed and UT code is added.

Change-Id: Id004d819df6e9ee89f6c1db2e4b4c149be062733
Signed-off-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/385168


Tested-by: default avatarSPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarDaniel Verkamp <daniel.verkamp@intel.com>
parent 42e0a653

etc/spdk/iscsi.conf.in

+1 −1
Original line number Diff line number Diff line
@@ -76,7 +76,7 @@ 
#  Netmask 192.168.1.20   <== single IP address

#  Netmask 192.168.1.0/24 <== IP range 192.168.1.*

[InitiatorGroup1]

  InitiatorName ALL

  InitiatorName ANY

  Netmask 192.168.2.0/24



# NVMe configuration options

lib/iscsi/init_grp.c

+18 −0
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ static int 
spdk_iscsi_init_grp_add_initiator(struct spdk_iscsi_init_grp *ig, char *name)

{

	struct spdk_iscsi_initiator_name *iname;

	char *p;



	if (ig->ninitiators >= MAX_INITIATOR) {

		SPDK_ERRLOG("> MAX_INITIATOR(=%d) is not allowed\n", MAX_INITIATOR);
@@ -106,6 +107,14 @@ spdk_iscsi_init_grp_add_initiator(struct spdk_iscsi_init_grp *ig, char *name) 
		return -ENOMEM;

	}



	/* Replace "ALL" by "ANY" if set */

	p = strstr(iname->name, "ALL");

	if (p != NULL) {

		SPDK_WARNLOG("Please use \"%s\" instead of \"%s\"\n", "ANY", "ALL");

		SPDK_WARNLOG("Converting \"%s\" to \"%s\" automatically\n", "ALL", "ANY");

		strncpy(p, "ANY", 3);

	}



	TAILQ_INSERT_TAIL(&ig->initiator_head, iname, tailq);

	ig->ninitiators++;
@@ -181,6 +190,7 @@ static int 
spdk_iscsi_init_grp_add_netmask(struct spdk_iscsi_init_grp *ig, char *mask)

{

	struct spdk_iscsi_initiator_netmask *imask;

	char *p;



	if (ig->nnetmasks >= MAX_NETMASK) {

		SPDK_ERRLOG("> MAX_NETMASK(=%d) is not allowed\n", MAX_NETMASK);
@@ -203,6 +213,14 @@ spdk_iscsi_init_grp_add_netmask(struct spdk_iscsi_init_grp *ig, char *mask) 
		return -ENOMEM;

	}



	/* Replace "ALL" by "ANY" if set */

	p = strstr(imask->mask, "ALL");

	if (p != NULL) {

		SPDK_WARNLOG("Please use \"%s\" instead of \"%s\"\n", "ANY", "ALL");

		SPDK_WARNLOG("Converting \"%s\" to \"%s\" automatically\n", "ALL", "ANY");

		strncpy(p, "ANY", 3);

	}



	TAILQ_INSERT_TAIL(&ig->netmask_head, imask, tailq);

	ig->nnetmasks++;

lib/iscsi/tgt_node.c

+4 −4
Original line number Diff line number Diff line
@@ -198,12 +198,12 @@ spdk_iscsi_tgt_node_access(struct spdk_iscsi_conn *conn, 
		TAILQ_FOREACH(iname, &igp->initiator_head, tailq) {

			/* denied if iqn is matched */

			if ((iname->name[0] == '!')

			    && (strcasecmp(&iname->name[1], "ALL") == 0

			    && (strcasecmp(&iname->name[1], "ANY") == 0

				|| strcasecmp(&iname->name[1], iqn) == 0)) {

				goto denied;

			}

			/* allowed if iqn is matched */

			if (strcasecmp(iname->name, "ALL") == 0

			if (strcasecmp(iname->name, "ANY") == 0

			    || strcasecmp(iname->name, iqn) == 0) {

				/* iqn is allowed, then check netmask */

				TAILQ_FOREACH(imask, &igp->netmask_head, tailq) {
@@ -240,11 +240,11 @@ spdk_iscsi_tgt_node_visible(struct spdk_iscsi_tgt_node *target, const char *iqn) 
		igp = target->map[i].ig;

		TAILQ_FOREACH(iname, &igp->initiator_head, tailq) {

			if ((iname->name[0] == '!')

			    && (strcasecmp(&iname->name[1], "ALL") == 0

			    && (strcasecmp(&iname->name[1], "ANY") == 0

				|| strcasecmp(&iname->name[1], iqn) == 0)) {

				return false;

			}

			if (strcasecmp(iname->name, "ALL") == 0

			if (strcasecmp(iname->name, "ANY") == 0

			    || strcasecmp(iname->name, iqn) == 0) {

				return true;

			}

scripts/rpc.py

+1 −1
Original line number Diff line number Diff line
@@ -447,7 +447,7 @@ def add_initiator_group(args): 
p = subparsers.add_parser('add_initiator_group', help='Add an initiator group')

p.add_argument('tag', help='Initiator group tag (unique, integer > 0)', type=int)

p.add_argument('initiator_list', help="""Whitespace-separated list of initiator hostnames or IP addresses,

enclosed in quotes.  Example: 'ALL' or '127.0.0.1 192.168.200.100'""")

enclosed in quotes.  Example: 'ANY' or '127.0.0.1 192.168.200.100'""")

p.add_argument('netmask_list', help="""Whitespace-separated list of initiator netmasks enclosed in quotes.

Example: '255.255.0.0 255.248.0.0' etc""")

p.set_defaults(func=add_initiator_group)

test/iscsi_tgt/calsoft/calsoft.sh

+1 −1
Original line number Diff line number Diff line
@@ -14,7 +14,7 @@ timing_enter calsoft 
# iSCSI target configuration

PORT=3260

INITIATOR_TAG=2

INITIATOR_NAME=ALL

INITIATOR_NAME=ANY

NETMASK=$INITIATOR_IP/32

MALLOC_BDEV_SIZE=64

MALLOC_BLOCK_SIZE=512