Re: iSCSI: response to second login (with same ISID)

[Santosh Rao <santoshr@cup.hp.com>]

"Martin, Nick" wrote:
> 
> All,
> 
> I would hope for option 1.  There is no protection to prevent a user mode
> program in a host from opening a TCP connection to the target and attempting
> an iSCSI login using any SID it likes.  It could easily affect the operation
> of another copy of this same application or of a kernel driver, neither of
> which should have to suffer disruption.


If I read Steph Bailey's comments on this right (from the ERT work), the
target would have to authenticate the 2nd login on the same ISID [as it
does with any other login] and only take action when authentication is
successful. Such a malicious user program would not pass login
authentication and therefore, would be unable to trigger such a
disruption.

> I would further suggest, that it would be appropriate for the target to
> "test" the original session to see if it is still working.  If the original
> session turns out to be non-operational although not explicitly logged out,
> then it could be cleaned up.  When cleanup is successfully completed, there
> is no conflict and the new request becomes a fresh login.
> 
> I suggest that it is not required, but maybe not unresonable for the target
> to delay the new login request while it tests and then potentially cleans up
> after the previous user of this session id. 

This approach can lead to long latencies in servicing logins, affecting
initiator boot-up time.

Regards,
Santosh
begin:vcard 
n:Rao;Santosh 
tel;work:408-447-3751
x-mozilla-html:FALSE
org:Hewlett Packard, Cupertino.;SISL
adr:;;19420, Homestead Road, M\S 43LN,	;Cupertino.;CA.;95014.;USA.
version:2.1
email;internet:santoshr@cup.hp.com
title:Software Design Engineer
x-mozilla-cpt:;21088
fn:Santosh Rao
end:vcard