[ipxe-devel] iSCSI protocol transition

Ferenc Wagner wferi at niif.hu
Mon Oct 27 14:26:01 UTC 2014 

Michael Brown <mcb30 at ipxe.org> writes:

> On 27/10/14 09:22, Ferenc Wagner wrote:
>
>> Mutual CHAP iSCSI login to our Fujitsu-Siemens Eternus DX80 device went
>> into an infinite loop until I made the following change:
>>
>> --- a/src/net/tcp/iscsi.c
>> +++ b/src/net/tcp/iscsi.c
>> @@ -767,8 +767,9 @@ static void iscsi_start_login ( struct iscsi_session *iscsi ) {
>>          iscsi_start_tx ( iscsi );
>>          request->opcode = ( ISCSI_OPCODE_LOGIN_REQUEST |
>>                              ISCSI_FLAG_IMMEDIATE );
>> -       request->flags = ( ( iscsi->status & ISCSI_STATUS_PHASE_MASK ) |
>> -                          ISCSI_LOGIN_FLAG_TRANSITION );
>> +       request->flags = iscsi->status & ISCSI_STATUS_PHASE_MASK;
>> +       if (iscsi->status & (ISCSI_STATUS_STRINGS_CHAP_RESPONSE | ISCSI_STATUS_STRINGS_OPERATIONAL))
>> +               request->flags |= ISCSI_LOGIN_FLAG_TRANSITION;
>>          /* version_max and version_min left as zero */
>>          len = iscsi_build_login_request_strings ( iscsi, NULL, 0 );
>>          ISCSI_SET_LENGTHS ( request->lengths, 0, len );
>
> That change breaks the use of unauthenticated connections: in that
> situation no CHAP response will never be sent and so the initiator
> will never request a transition.
>
> What is the nature of the problem you are seeing with the DX80 target?

The second iSCSI Login Response (in reply to the Login Request sending
CHAP_A=5) has status Authentication failed (0x0201):

iPXE 1.0.0+ (af17a) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: iSCSI HTTP DNS TFTP AoE SRP bzImage ELF MBOOT PXE PXEXT Menu
Configuring (net0 52:54:00:12:34:56)...... ok
iSCSI 0xcf704 initiator foo
iSCSI 0xcf704 target bar
iSCSI 0xcf704 entering security negotiation
iSCSI 0xcf704 ignoring TargetPortalGroupTag=12
iSCSI 0xcf704 handling AuthMethod=CHAP
iSCSI 0xcf704 initiating CHAP authentication
iSCSI 0xcf704 entering security negotiation
iSCSI login failure: class 02 detail 01
iSCSI 0xcf704 could not process received data: Operation not permitted (http://ipxe.org/410d613c)
iSCSI 0xcf704 closed: Operation not permitted (http://ipxe.org/410d613c)
-- 
Regards,
Feri.

More information about the ipxe-devel mailing list