SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI : target session login behavior



    
    Seems like there may be a small security hole in the direction suggested
    below.  Before performing the implicit logout, shouldn't you authenticate
    the initiator first?  If not, it would be possible for anyone to cause a
    session to get dropped simply by knowing their WWUI and ISID.
    
    Paul
    
    +--------------------------+----------------------------+
    + Paul Congdon             + Email: paul_congdon@hp.com +
    + Hewlett Packard Company  + Mail Stop:  5662           +
    + HP ProCurve Networking   + Phone:  (916) 785-5753     +
    + 8000 Foothills Blvd      + Fax:    (916) 785-5949     +
    + Roseville, CA   95747    + Mobile: (916) 765-4056     +
    +--------------------------+----------------------------+
    
    > -----Original Message-----
    > From: Stephen Bailey [mailto:steph@cs.uchicago.edu]
    > Sent: Thursday, April 26, 2001 6:18 AM
    > To: ips@ece.cmu.edu
    > Subject: Re: iSCSI : target session login behaviour 
    > 
    > 
    > Santosh,
    > 
    > > How should a target respond when it receives a session 
    > login  [on a new
    > > TCP connection] with the same (ISID, Initiator Name) as a session
    > > already active at the target.
    > 
    > Originally, I thought rejecting the login was the correct behavior,
    > and that's what I specified in the error handling pseudocode.  I
    > construed this as a consistency (logic) error in the target.  However,
    > on further thought, I've changed my mind.  I believe the correct
    > behavior is to perform an implicit logout (of all outstanding
    > connections in the session).  The target and initiator may have
    > different ideas about whether the connections are still live, and like
    > in FCP, performing an implicit logout solves this problem.  It also
    > provides a mechanisms for rapid, proactive recovery of session
    > resources when possible, which is the right thing.
    > 
    > > iSCSI session login semantics should explicitly state that the above
    > > scenario will result in case (1) above.
    > 
    > I agree.  This and all other possible cases.  
    > 
    > > As a side note, the iSCSI draft Status Class/Codes could do 
    > with a misc
    > > error category along the lines of the FC "No additional Explantion"
    > > reason explantion. This would help deal with error 
    > conditions that don't
    > > come under the listed category.
    > 
    > Personally, I think we should add categories for reasons we obviously
    > see now, AND have a no additional reason.
    > 
    > One peculiarity with what you're talking about above is that it should
    > be a login response status code which expresses this rejection.  The
    > login response set does not seem to have an `invalid parameter'
    > response for cases when the request is somehow inconsistent.
    > 
    > Steph
    > 
    


Home

Last updated: Tue Sep 04 01:04:50 2001
6315 messages in chronological order