TLS over TCP connection failure
Chaitanya Kulkarni
chaitanyak at nvidia.com
Sun Feb 11 15:45:18 PST 2024
On 2/11/24 07:05, Nir Rigai wrote:
> Hi all,
>
> We failed to enable TLS over TCP with the latest 6.8-rc3 from upstream.
> We have followed the guidelines outlined in https://lwn.net/Articles/941139/.
> The NVMe connection failed post-authentication
>
> The steps and the outputs from the process:
> # Target creation
> modprobe nvmet-tcp
> mkdir /sys/kernel/config/nvmet/ports/10
> echo -n "127.0.0.1" > /sys/kernel/config/nvmet/ports/10/addr_traddr
> echo -n ipv4 > /sys/kernel/config/nvmet/ports/10/addr_adrfam
> echo -n tcp > /sys/kernel/config/nvmet/ports/10/addr_trtype
> echo -n 4420 > /sys/kernel/config/nvmet/ports/10/addr_trsvcid
> echo tls1.3 > /sys/kernel/config/nvmet/ports/10/addr_tsas
> mkdir /sys/kernel/config/nvmet/subsystems/nqn.test
> echo 1 > /sys/kernel/config/nvmet/subsystems/nqn.test/attr_allow_any_host
> mkdir /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1
> echo "/dev/nvme1n1" > /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1/device_path
> echo 1 > /sys/kernel/config/nvmet/subsystems/nqn.test/namespaces/1/enable
> ln -s /sys/kernel/config/nvmet/subsystems/nqn.test /sys/kernel/config/nvmet/ports/10/subsystems/
> # Create keys and start the tlshd service:
> modprobe nvme-tcp
> nvme gen-tls-key --subsysnqn=nqn.test -i
> nvme gen-tls-key --subsysnqn=nqn.2014-08.org.nvmexpress.discovery -i
> #tlshd -c /etc/tlshd.conf
> systemctl start tlshd.service
> nvme connect -t tcp -a 127.0.0.1 -s 4420 -n nqn.test --tls
>
can you please submit the blktests for this if it is not there in nvme
category ?
it will help this to get regularly tested and establish stability ...
please CC Shinichiro (CC'd here) and me on that
https://github.com/osandov/blktests
-ck
More information about the Linux-nvme
mailing list