Re: ISCSI: CmdSN in non-leading login

To: Bill Studenmund <wrstuden@wasabisystems.com>
Subject: Re: ISCSI: CmdSN in non-leading login
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Tue, 14 May 2002 07:33:26 +0300
Cc: ips@ece.cmu.edu, John Hufferd <hufferd@us.ibm.com>, "Mark S. Edwards" <marke@muttsnuts.com>, owner-ips@ece.cmu.edu
Content-Type: multipart/alternative; boundary="=_alternative 0018DA13C2256BB9_="
Sender: owner-ips@ece.cmu.edu

I guess you missed the point beyond the "immediate command" notion. Please re-read the Overview section. Julo

Bill Studenmund <wrstuden@wasabisystems.com>

05/13/2002 08:57 PM
Please respond to Bill Studenmund

To: Julian Satran/Haifa/IBM@IBMIL
cc: John Hufferd/San Jose/IBM@IBMUS, <ips@ece.cmu.edu>, "Mark S. Edwards" <marke@muttsnuts.com>, <owner-ips@ece.cmu.edu>
Subject: Re: ISCSI: CmdSN in non-leading login

On Sun, 12 May 2002, Julian Satran wrote:

> John,
>
> My only point was that there is enough information in the section to
> describe correct behavior.

> And immediate commands do not create any blockage regardless of their
> CmdSN.

Don't they though? Say I have a queue depth of 2, and I start a secondary
login with a CmdSN of 1000. I can then send other immediate commands at
1000, and a non-immediate command at 1000. I can then also send a
non-immeidate command at 1001. But can I send a command at 1002 before the
login has finished? If we increase the queue depth, there will still be
some other command number that would overflow it.

Say the login takes a while. Won't the login pin the queue at 1002 until
it's done? Now let the login take a while, it requires talking to say a
low kerberos server or doing a DH computation. If we really pay attention
to CmdSN, then the slow login process can effectively take the device
off-line while it completes, since we can't enqueue new commands.

Worse yet, say the secondary connection is NOT from our initiator, but
from an imposter. All the rogue has to do is get the TSIH right & guess a
CmdSN, and stall at trying to add another connection. Say do leading
negotiation, but just never send any security negotiations. The queue will
eventually become pinned until the target times out. Nice little DOS
attack; all you have to do is get the TSIH right & guess a CmdSN. You
don't have to do any security negotiation. :-)

I'd like to suggest that we just ignore CmdSN on non-leading sessions,
beyond the fact that a well-behaved initiator should pick a CmdSN in its
current command window. We certainly shouldn't pay attention to it before
security negotiations have completed. :-) Oh also no commands should be
sent over the new connection with a CmdSN lower than the one used in the
new connection.

Take care,

Bill

Follow-Ups:
- iSCSI: Feeling a little peckish?
  - From: Ken Sandars <ksandars@eurologic.com>

Prev by Date: RE: A change in draft 12
Next by Date: RE: iFCP: Responses to David Black iFCP Technical review comment s
Prev by thread: RE: ISCSI: CmdSN in non-leading login
Next by thread: iSCSI: Feeling a little peckish?
Index(es):
- Date
- Thread

Home

Last updated: Tue May 14 13:18:40 2002
10115 messages in chronological order