Hi I am a mac user, when I try to use xtendsan iSCSI initiator to connect native iSCSI target, I found that the login response pdu do not have TargetPortalGroupTag key-pair. xtendsan told me TargetPortalGroupTag is missing and disconnected. I try to do a workaround to it and it works. Add some codes in usr.sbin/ctld/login.c:login_negotiate() login_negotiate(struct connection *conn, struct pdu *request) { struct pdu *response; struct iscsi_bhs_login_response *bhslr2; struct keys *request_keys, *response_keys; int i; bool skipped_security; char *portal_group_tag; int rv; if (request == NULL) { log_debugx("beginning parameter negotiation; " "waiting for Login PDU"); request = login_receive(conn, false); skipped_security = false; } else skipped_security = true; request_keys = keys_new(); keys_load(request_keys, request); response = login_new_response(request); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_flags |= BHSLR_FLAGS_TRANSIT; bhslr2->bhslr_tsih = htons(0xbadd); login_set_csg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); login_set_nsg(response, BHSLR_STAGE_FULL_FEATURE_PHASE); response_keys = keys_new(); if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { if (conn->conn_target->t_alias != NULL) keys_add(response_keys, "TargetAlias", conn->conn_target->t_alias); rv = asprintf(&portal_group_tag, "%d", conn->conn_portal->p_portal_group->pg_tag); if (rv <= 0) log_err(1, "asprintf"); keys_add(response_keys, "TargetPortalGroupTag", portal_group_tag); free(portal_group_tag); } for (i = 0; i < KEYS_MAX; i++) { if (request_keys->keys_names[i] == NULL) break; login_negotiate_key(request, request_keys->keys_names[i], request_keys->keys_values[i], skipped_security, response_keys); } I don’t read whole iSCSI RFC, is this right to add missing TargetPortalGroupTag? Maybe you have better solution to fix this, please help me and thanks.
Could you run ctld with debug, preferably like this: pkill ctld while :; do ctld -d; done Then try to connect, and paste the output? There is something really weird going on during negotiation; the change in your patch shouldn't be needed.
[chenpc@pcbsd /usr/src/usr.sbin/ctld]$ sudo ctld -d ctld: obtaining previously configured CTL luns from the kernel ctld: CTL port 0 wasn't managed by ctld; ignoring ctld: CTL port 1 wasn't managed by ctld; ignoring ctld: CTL port 2 wasn't managed by ctld; ignoring ctld: CTL port 3 wasn't managed by ctld; ignoring ctld: CTL port 4 is not active (0); ignoring ctld: CTL port 5 is not active (0); ignoring ctld: CTL port 6 is not active (0); ignoring ctld: found CTL lun 0, backing lun 0, target iqn.2012-06.com.qnap:macdata ctld: found CTL lun 1, backing lun 0, target iqn.2012-06.com.qnap:osx ctld: found CTL lun 2, backing lun 0, target iqn.2012-06.com.qnap:windows7 ctld: obtaining configuration from /etc/ctl.conf ctld: /etc/ctl.conf is world-readable ctld: auth-group "default" not defined; going with defaults ctld: portal-group "default" not defined; going with defaults ctld: opening pidfile /var/run/ctld.pid ctld: resizing lun 0, target iqn.2012-06.com.qnap:macdata, CTL lun 0 ctld: resizing lun 0, target iqn.2012-06.com.qnap:osx, CTL lun 1 ctld: resizing lun 0, target iqn.2012-06.com.qnap:windows7, CTL lun 2 ctld: not listening on portal-group "default", not assigned to any target ctld: listening on 0.0.0.0, portal-group "pg0" ctld: incoming connection; not forking due to -d flag ctld: accepted connection from 192.168.1.114; portal group "pg0" ctld: 192.168.1.114: setting session timeout to 60 seconds ctld: 192.168.1.114: Capsicum capability mode enabled ctld: 192.168.1.114: beginning Login Phase; waiting for Login PDU ctld: 192.168.1.114: key received: "SessionType=Normal" ctld: 192.168.1.114: key received: "InitiatorName=iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4" ctld: 192.168.1.114: key received: "TargetName=iqn.2012-06.com.qnap:osx" ctld: 192.168.1.114: key received: "InitiatorAlias=Chens-Mac-Pro.local" ctld: 192.168.1.114: key received: "MaxConnections=1" ctld: 192.168.1.114: key received: "InitialR2T=No" ctld: 192.168.1.114: key received: "ImmediateData=Yes" ctld: 192.168.1.114: key received: "MaxBurstLength=1048576" ctld: 192.168.1.114: key received: "FirstBurstLength=1048576" ctld: 192.168.1.114: key received: "DefaultTime2Wait=2" ctld: 192.168.1.114: key received: "DefaultTime2Retain=20" ctld: 192.168.1.114: key received: "MaxOutstandingR2T=1" ctld: 192.168.1.114: key received: "DataPDUInOrder=Yes" ctld: 192.168.1.114: key received: "DataSequenceInOrder=Yes" ctld: 192.168.1.114: key received: "ErrorRecoveryLevel=0" ctld: 192.168.1.114: key received: "MaxRecvDataSegmentLength=1048576" ctld: 192.168.1.114: key received: "HeaderDigest=None" ctld: 192.168.1.114: key received: "DataDigest=None" ctld: 192.168.1.114: key received: "OFMarker=No" ctld: 192.168.1.114: key received: "IFMarker=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): initiator requests to connect to target "iqn.2012-06.com.qnap:osx"; auth-group "no-authentication" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): auth-group does not define initiator name restrictions ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): auth-group does not define initiator portal restrictions ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): initiator skipped the authentication, and we don't need it; proceeding with negotiation ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "SessionType=Normal" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "InitiatorName=iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "TargetName=iqn.2012-06.com.qnap:osx" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "InitiatorAlias=Chens-Mac-Pro.local" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "MaxConnections=1" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "InitialR2T=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "ImmediateData=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "MaxBurstLength=1048576" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "FirstBurstLength=1048576" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "DefaultTime2Wait=2" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "DefaultTime2Retain=20" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "MaxOutstandingR2T=1" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "DataPDUInOrder=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "DataSequenceInOrder=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "ErrorRecoveryLevel=0" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "MaxRecvDataSegmentLength=1048576" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "HeaderDigest=None" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "DataDigest=None" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "OFMarker=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key received: "IFMarker=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "MaxConnections=1" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "InitialR2T=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "ImmediateData=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "MaxBurstLength=1048576" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): capping FirstBurstLength from 1048576 to 131072 ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "FirstBurstLength=131072" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "DefaultTime2Wait=2" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "DefaultTime2Retain=0" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "MaxOutstandingR2T=1" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "DataPDUInOrder=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "DataSequenceInOrder=Yes" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "ErrorRecoveryLevel=0" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): capping MaxDataSegmentLength from 1048576 to 131072 ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "MaxRecvDataSegmentLength=131072" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): initiator prefers not to do header digest; we'll comply ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "HeaderDigest=None" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): initiator prefers not to do data digest; we'll comply ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "DataDigest=None" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "OFMarker=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): key to send: "IFMarker=No" ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): operational parameter negotiation done; transitioning to Full Feature Phase ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): connection handed off to the kernel ctld: 192.168.1.114 (iqn.1995-12.com.attotech:xtendsan:ser.g8809lqk5j4): nothing more to do; exiting
Created attachment 147129 [details] Proposed fix.
Ah, now I see it. You actually tracked it down correctly, except that your change made ctld send those twice in some cases. Could you verify if the attached patch fixes the problem? Thanks!
(In reply to Edward Tomasz Napierala from comment #4) > Ah, now I see it. You actually tracked it down correctly, except that your > change made ctld send those twice in some cases. Could you verify if the > attached patch fixes the problem? Thanks! This patch works on my atto initiator! Thanks you!
A commit references this bug: Author: trasz Date: Tue Sep 9 16:45:37 UTC 2014 New revision: 271319 URL: http://svnweb.freebsd.org/changeset/base/271319 Log: Fix ctld(8) to not forget to send TargetPortalGroupTag and TargetAlias when the initiator skips security negotiation. This fixes interoperability with Xtend SAN initiator. PR: 193021 MFC after: 1 week Sponsored by: The FreeBSD Foundation Changes: head/usr.sbin/ctld/login.c
A commit references this bug: Author: trasz Date: Wed Sep 17 07:06:03 UTC 2014 New revision: 271701 URL: http://svnweb.freebsd.org/changeset/base/271701 Log: MFC r271319: Fix ctld(8) to not forget to send TargetPortalGroupTag and TargetAlias when the initiator skips security negotiation. This fixes interoperability with Xtend SAN initiator. PR: 193021 Approved by: re (marius) Sponsored by: The FreeBSD Foundation Changes: _U stable/10/ stable/10/usr.sbin/ctld/login.c