[PATCH nvme-cli 3/3] nvme-connect: Add 'dhchap-secret' and 'dhchap-ctrl-secret' arguments
Hannes Reinecke
hare at suse.de
Fri Nov 12 05:11:11 PST 2021
Add 'dhchap-secret' and 'dhchap-ctrl-secret' arguments for nvme-connect
to enable NVMe In-Band authentication.
Signed-off-by: Hannes Reinecke <hare at suse.de>
---
Documentation/nvme-connect.txt | 17 +++++++++++++++++
fabrics.c | 17 ++++++++++++++---
2 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt
index 45b517a..4d24e2f 100644
--- a/Documentation/nvme-connect.txt
+++ b/Documentation/nvme-connect.txt
@@ -17,6 +17,8 @@ SYNOPSIS
[--host-iface=<iface> | -f <iface>]
[--hostnqn=<hostnqn> | -q <hostnqn>]
[--hostid=<hostid> | -I <hostid>]
+ [--dhchap-secret=<secret> | -S <secret>]
+ [--dhchap-ctrl-secret=<secret> | -C <secret>]
[--nr-io-queues=<#> | -i <#>]
[--nr-write-queues=<#> | -W <#>]
[--nr-poll-queues=<#> | -P <#>]
@@ -92,6 +94,21 @@ OPTIONS
UUID(Universally Unique Identifier) to be discovered which should be
formatted.
+-S <secret>::
+--dhchap-secret=<secret>::
+ NVMe In-band authentication secret; needs to be in ASCII format as
+ specified in NVMe 2.0 section 8.13.5.8 'Secret representation'.
+ If this option is not specified, the default is read from
+ /etc/nvme/hostkey. If that does not exist no in-band authentication
+ is attempted.
+
+-C <secret>::
+--dhchap-ctrl-secret=<secret>::
+ NVMe In-band authentication controller secret for bi-directional
+ authentication; needs to be in ASCII format as
+ specified in NVMe 2.0 section 8.13.5.8 'Secret representation'.
+ If not present bi-directional authentication is not attempted.
+
-i <#>::
--nr-io-queues=<#>::
Overrides the default number of I/O queues create by the driver.
diff --git a/fabrics.c b/fabrics.c
index 012bcb8..8ed618e 100644
--- a/fabrics.c
+++ b/fabrics.c
@@ -60,6 +60,8 @@ static const char *nvmf_htraddr = "host traddr (e.g. FC WWN's)";
static const char *nvmf_hiface = "host interface (for tcp transport)";
static const char *nvmf_hostnqn = "user-defined hostnqn";
static const char *nvmf_hostid = "user-defined hostid (if default not used)";
+static const char *nvmf_hostkey = "user-defined dhchap key (if default not used)";
+static const char *nvmf_ctrlkey = "user-defined dhchap controller key (for bi-directional authentication)";
static const char *nvmf_nr_io_queues = "number of io queues to use (default is core count)";
static const char *nvmf_nr_write_queues = "number of write queues to use (default 0)";
static const char *nvmf_nr_poll_queues = "number of poll queues to use (default 0)";
@@ -82,6 +84,8 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or
OPT_STRING("host-iface", 'f', "STR", &host_iface, nvmf_hiface), \
OPT_STRING("hostnqn", 'q', "STR", &hostnqn, nvmf_hostnqn), \
OPT_STRING("hostid", 'I', "STR", &hostid, nvmf_hostid), \
+ OPT_STRING("dhchap-secret", 'S', "STR", &hostkey, nvmf_hostkey), \
+ OPT_STRING("dhchap-ctrl-secret", 'C', "STR", &ctrlkey, nvmf_ctrlkey), \
OPT_INT("nr-io-queues", 'i', &c.nr_io_queues, nvmf_nr_io_queues), \
OPT_INT("nr-write-queues", 'W', &c.nr_write_queues, nvmf_nr_write_queues),\
OPT_INT("nr-poll-queues", 'P', &c.nr_poll_queues, nvmf_nr_poll_queues), \
@@ -93,7 +97,7 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or
OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect, nvmf_dup_connect), \
OPT_FLAG("disable-sqflow", 'd', &c.disable_sqflow, nvmf_disable_sqflow), \
OPT_FLAG("hdr-digest", 'g', &c.hdr_digest, nvmf_hdr_digest), \
- OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest) \
+ OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest) \
static void space_strip_len(int max, char *str)
@@ -296,7 +300,7 @@ static int discover_from_conf_file(nvme_host_t h, const char *desc,
{
char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
char *host_traddr = NULL, *host_iface = NULL;
- char *hostnqn = NULL, *hostid = NULL;
+ char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL, *ctrlkey = NULL;
char *ptr, **argv, *p, line[4096];
int argc, ret = 0;
unsigned int verbose = 0;
@@ -383,7 +387,7 @@ out:
int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
{
char *nqn = NVME_DISC_SUBSYS_NAME;
- char *hostnqn = NULL, *hostid = NULL;
+ char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL, *ctrlkey = NULL;
char *host_traddr = NULL, *host_iface = NULL;
char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
char *hnqn = NULL, *hid = NULL;
@@ -459,6 +463,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
else if (!strncmp(device, "/dev/", 5))
device += 5;
}
+ if (hostkey)
+ nvme_host_set_dhchap_key(h, hostkey);
if (!device && !transport && !traddr) {
ret = discover_from_conf_file(h, desc, connect, &cfg);
@@ -546,6 +552,7 @@ int nvmf_connect(const char *desc, int argc, char **argv)
char *transport = NULL, *traddr = NULL;
char *host_traddr = NULL, *host_iface = NULL;
char *trsvcid = NULL, *hostnqn = NULL, *hostid = NULL;
+ char *hostkey = NULL, *ctrlkey = NULL;
char *config_file = PATH_NVMF_CONFIG;
unsigned int verbose = 0;
nvme_root_t r;
@@ -618,12 +625,16 @@ int nvmf_connect(const char *desc, int argc, char **argv)
errno = ENOMEM;
goto out_free;
}
+ if (hostkey)
+ nvme_host_set_dhchap_key(h, hostkey);
c = nvme_create_ctrl(subsysnqn, transport, traddr,
host_traddr, host_iface, trsvcid);
if (!c) {
errno = ENOMEM;
goto out_free;
}
+ if (ctrlkey)
+ nvme_ctrl_set_dhchap_key(c, ctrlkey);
errno = 0;
ret = nvmf_add_ctrl(h, c, &cfg, cfg.disable_sqflow);
--
2.31.1
More information about the Linux-nvme
mailing list