TLS over TCP connection failure

Nir Rigai nir.rigai at volumez.com
Mon Feb 12 03:05:52 PST 2024 

Thanks for the quick response.
The issue is related to an unsuccessful NVMe connection to the target. In this case there isn't a block device available to test with the blktests framework.

Nir Rigai

> On 12 Feb 2024, at 1:45, Chaitanya Kulkarni <chaitanyak at nvidia.com> wrote:
> 
> On 2/11/24 07:05, Nir Rigai wrote:
>> Hi all,
>> 
>> We failed to enable TLS over TCP with the latest 6.8-rc3 from upstream.
>> We have followed the guidelines outlined in https://lwn.net/Articles/941139/.
>> The NVMe connection failed post-authentication
>> 
>> The steps and the outputs from the process:
>> # Targetreation
>> modprobe nvmet-tcp
>> mkdir /sys/kernel/config/nvmet/ports/10
>> echo -n "127.0.0.1" > /sys/kernel/config/nvmet/cports/10/addr_traddr
>> echo -n ipv4 > /sys/kernel/config/nvmet/ports/10/addr_adrfam
>> echo -n tcp > /sys/kernel/config/nvmet/ports/10/addr_trtype
>> echo -n 4420 > /sys/kernel/config/nvmet/ports/10/addr_trsvcid
>> echo tls1.3 > /sys/kernel/config/nvmet/ports/10/addr_tsas
>> mkdir /sys/kernel/config/nvmet/subsystems/nqn.test
>> echo 1 > /sys/kernel/config/nvmet/subsystems/nqn.test/attr_allow_any_host
>> mkdir /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1
>> echo "/dev/nvme1n1" > /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1/device_path
>> echo 1 > /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1/enable
>> ln -s /sys/kernel/config/nvmet/subsystems/nqn.test /sys/kernel/config/nvmet/ports/10/subsystems/
>>   # Create keys and start the tlshd service:
>> modprobe nvme-tcp
>> nvme gen-tls-key --subsysnqn=nqn.test -i
>> nvme gen-tls-key --subsysnqn=nqn.2014-08.org.nvmexpress.discovery -i
>> #tlshd -c /etc/tlshd.conf
>> systemctl start tlshd.service
>> nvme connect -t tcp -a 127.0.0.1 -s 4420 -n nqn.test --tls
>> 
> 
> can you please submit the blktests for this if it is not there in nvme 
> category ?
> it will help this to get regularly tested and establish stability ...
> 
> please CC Shinichiro (CC'd here) and me on that
> 
> https://github.com/osandov/blktests
> 
> -ck

More information about the Linux-nvme mailing list