Currently, open-iscsi ignores iface.ipaddress whether or not
iface.net_ifacename is configured. This can be problematic if/when a
network interface is configured with multiple IP addresses and a target
only allows connections from one of them. This patch adds support for
iface.ipaddress, calling bind() and/or setsockopt(SO_BINDTODEVICE)
depending on which iface parameters are changed from their default values.
In other words, the following combinations are now permitted (1 & 2 are
current behavior, 3 & 4 are new behavior):
1. Neither of iface.net_ifacename and iface.ipaddress are configured.
The code lets the operating system choose an appropriate local IP address
and interface based on the portal address.
2. Only iface.net_ifacename is configured. The code calls
setsockopt(SO_BINDTODEVICE) and then lets the operating system choose an
appropriate local IP address.
3. Only iface.ipaddress is configured. The code calls bind() and lets
the operating system choose an appropriate interface.
4. Both of iface.net_ifacename and iface.ipaddress are configured. The
code calls both bind() and setsockopt(SO_BINDTODEVICE). The
administrator must ensure that the combination of iface.net_ifacename
and iface.ipaddress is an appropriate configuration.
Thanks for your consideration.
Regards,
Tom.III
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/open-iscsi.
For more options, visit https://groups.google.com/d/optout.
diff -cr a/usr/io.c b/usr/io.c
*** a/usr/io.c Wed Mar 25 19:21:37 2015
--- b/usr/io.c Wed Mar 25 19:21:42 2015
***************
*** 159,179 ****
#endif
- #if 0
-
- This is not supported for now, because it is not exactly what we want.
- It also turns out that targets will send packets to other interfaces
- causing all types of weird things to happen.
-
-
static int bind_src_by_address(int sockfd, char *address)
{
int rc = 0;
- char port[NI_MAXSERV];
struct sockaddr_storage saddr;
memset(&saddr, 0, sizeof(struct sockaddr_storage));
! if (resolve_address(address, port, &saddr)) {
log_error("Could not bind %s to conn.", address);
return -1;
}
--- 159,171 ----
#endif
static int bind_src_by_address(int sockfd, char *address)
{
int rc = 0;
struct sockaddr_storage saddr;
memset(&saddr, 0, sizeof(struct sockaddr_storage));
! if (resolve_address(address, NULL, &saddr)) {
log_error("Could not bind %s to conn.", address);
return -1;
}
***************
*** 196,202 ****
log_debug(4, "Bound %s to socket fd %d", address, sockfd);
return rc;
}
- #endif
static int bind_conn_to_iface(iscsi_conn_t *conn, struct iface_rec *iface)
{
--- 188,193 ----
***************
*** 215,231 ****
}
} else if (iface_is_bound_by_netdev(iface)) {
strcpy(session->netdev, iface->netdev);
! } else if (iface_is_bound_by_ipaddr(iface)) {
! /*
! * we never supported this but now with offload having to
! * set the ip address in the iface, useris may forget to
! * set the offload's transport type and we end up here by
! * accident.
! */
! log_error("Cannot bind %s to net/scsi interface. This is not "
! "supported with software iSCSI (iscsi_tcp).",
! iface->ipaddress);
! return -1;
}
if (strlen(session->netdev)) {
--- 206,217 ----
}
} else if (iface_is_bound_by_netdev(iface)) {
strcpy(session->netdev, iface->netdev);
! }
!
! if (iface_is_bound_by_ipaddr(iface)) {
! if (bind_src_by_address(conn->socket_fd, iface->ipaddress)) {
! return -1;
! }
}
if (strlen(session->netdev)) {
