iSCSI: Login error checking

To: "IPS Reflector (E-mail)" <ips@ece.cmu.edu>
Subject: iSCSI: Login error checking
From: Michael Schoberg <michael_schoberg@cnt.com>
Date: Thu, 18 Oct 2001 15:36:10 -0500
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

I'm trying to figure out all the options/failure possibilities for LOGIN.
Has anyone worked out the details on how to the current feature set
correctly?  There's a lot to look out for...

If anyone sees anything that's incorrect or missing, please let me know.



LOGIN RECEIVED

Does the draft allow for Header Digest Errors (HDE) on login requests?  If
so, the draft allows these to be ignored.  Potentially, an invalid or
improperly formatted login request could end up being registered as a HDE
and ignored.

Generic command errors
	Login arrives but doesn't have the I-BIT set. 
		Target ignores I-BIT error or follows synchronization rules.
		-or-
		Target responds with 0200, T-BIT, and drops connection.

	Login series arrives.  N'th login contains alternate CmdSN value
from (N=0).
		Target responds with 0200, T-BIT, and drops connection

	Login for a new connection to a session. CmdSN does not match
expected CmdSN value.
		How much tolerance is allowed for this?  Worst case, what is
done?

	Login restart received (TSID != 0, X-BIT)  ExpStatSN is not
recognized for the existing connection. 
		Target responds with 0200, T-BIT, and drops connection.

	Login restart received (TSID != 0, X-BIT)  N'th login has X-BIT set.
		Target responds with 0200, T-BIT, and drops connection.

	Login received (TSID = 0, X-BIT) 
		Target responds with 0200, T-BIT, and drops connection.

Version range not within supported range.
	Target responds with 0205, T-BIT, and drops connection.

(ISID, TSID, CID) errors
	Login arrives with (TSID = 0).  Post authentication yields an
existing SSID. 
	X-BIT = false
		Target obeys TSID rule (2.5.3) and destroys previous SSID
	X-BIT = true
		Target attempts to recover the connection/session.

	Login arrives with (TSID != 0) (CID != 0).  SSID isn't found. 
		Target responds with 0200, 0208, T-BIT, and drops
connection.

	Login arrives with (TSID != 0) (CID = 0) SSID exists.  
	X-BIT = false
		Target Responds with 0200, T-BIT, and drops connection
		-or-
		Target cleanup & closes previous session
post-authentication.
	X-BIT = true 
		Target begins session recovery, closes previous session TCP
socket.

	Login arrives with (TSID != 0) (CID != 0).  SSID & CID exist. 
	X-BIT = false
		Target Responds with 0200, T-BIT, and drops connection
	X-BIT = true
		Target begins connection recovery.

	Login arrives (TSID = 0) (CID != 0)
		Target Responds with 0200, T-BIT, and drops connection

	Login arrives (TSID != 0) (CID != 0).  Too many connections for
SSID.
		Target responds with 0206, T-BIT, and drops connection.

	Login negotiation stream, (ISID/TSID/CID) are seen changing from the
fixed/negotiated values.
		Target responds with 0200, T-BIT, and drops connection.

Invalid CSG / NSG
	Login arrives with an unexpected CSG value.
		Target responds with 0200, T-BIT, and drops connection.

	Login contains NSG that's invalid (or undesired)
		Target responds with valid/desired NSG value.

Parameter passed in improper state
	Login has parameter that is invalid for the current negotiation
state.  (e.g.  Sending a InitiatorName after InitiatorName was negotiated.
Sending InitiatorName/TargetName when (CID != 0), Sending TargetName after
TargetName already negotiated  Sending a LoginOperationalNegotation
parameter when CSG=0,  etc.)  
		Target Responds with 0200, T-Bit, Drops connection.
		-or-
		Target Responds normally, but with Parameter=reject

Parameter Unknown
	Login has parameter that is unknown to target.
		Target Responds with Parameter=NotUnderstood

Parameter value is invalid
	Login has parameter value that is not acceptable.
		Target responds with Parameter=<default value>

Missing parameter
	Target receives login (T-BIT) Not all parameters (without defaults)
negotiated for current login state. 
		Target responds with 0207, T-BIT, and drops connection.

SessionType Unavailable
	Target receives a SessionType that is unrecognized or unavailable.
		Target responds with 0209, T-BIT, and drops connection.

Authentication
	Initiator does not offer an acceptable authentication method in
SecurityNegotiation stage.
		Target responds with 0201, T-BIT, and drops connection

	TargetName requested is not available on this interface.
		Target responds with [0101, 0102, 0203, 0204], T-BIT, and
drops connection.

	InitiatorName not recognized
		Target responds with 0202, T-BIT and drops connection.

	Initiator sends an invalid or incomplete response to an
authentication exchange.
		Target responds with 0201, T-BIT, and drops connection.

Target Error Encountered
	Misc. target error encountered.
		Target responds with 0300, T-BIT, and drops connection.

	iSCSI service disabled.
		Target responds with 0301, T-BIT, and drops connection.

	iSCSI service has run out of resources
		Target responds with 0302, T-BIT, and drops connection.

Prev by Date: RE: Question on security document
Next by Date: RE: Question on security document
Prev by thread: RE: Question on security document
Next by thread: IPS-ALL: RE: Question on security document
Index(es):
- Date
- Thread

Home

Last updated: Fri Oct 19 12:17:38 2001
7297 messages in chronological order