nvme-(discover,connect,connect-all): enable options '--keyring' and '--tls_key'

Enable the options '--keyring' and '--tls_key' to select the key
for TLS encrypted connections.

Signed-off-by: Hannes Reinecke <hare@suse.de>

diff --git a/Documentation/nvme-connect-all.txt b/Documentation/nvme-connect-all.txt
index d963fdb273a053b9549bf6eea6bfd699a680d839..44bb4f9411ee952ae8246599b3cad5c6c89f1029 100644 (file)
--- a/Documentation/nvme-connect-all.txt
+++ b/Documentation/nvme-connect-all.txt
@@ -23,13 +23,16 @@ SYNOPSIS
                [--keep-alive-tmo=<sec>   | -k <sec>]
                [--reconnect-delay=<#>    | -c <#>]
                [--ctrl-loss-tmo=<#>      | -l <#>]
-               [--hdr-digest             | -g]
-               [--data-digest            | -G]
                [--nr-io-queues=<#>       | -i <#>]
                [--nr-write-queues=<#>    | -W <#>]
                [--nr-poll-queues=<#>     | -P <#>]
                [--queue-size=<#>         | -Q <#>]
+               [--keyring=<#>                    ]
+               [--tls_key=<#>                    ]
+               [--hdr-digest             | -g]
+               [--data-digest            | -G]
                [--persistent             | -p]
+               [--tls                        ]
                [--quiet                  | -S]
                [--dump-config            | -O]
 
@@ -145,14 +148,6 @@ OPTIONS
 --ctrl-loss-tmo=<#>::
        Overrides the default controller loss timeout period (in seconds).
 
--g::
---hdr-digest::
-       Generates/verifies header digest (TCP).
-
--G::
---data-digest::
-       Generates/verifies data digest (TCP).
-
 -i <#>::
 --nr-io-queues=<#>::
        Overrides the default number of I/O queues create by the driver.
@@ -173,11 +168,28 @@ OPTIONS
        by the driver. This option will be ignored for discovery, but will be
        passed on to the subsequent connect call.
 
+--keyring=<#>::
+       Keyring for TLS key lookup.
+
+--tls_key=<#>::
+       TLS key for the connection (TCP).
+
+-g::
+--hdr-digest::
+       Generates/verifies header digest (TCP).
+
+-G::
+--data-digest::
+       Generates/verifies data digest (TCP).
+
 -p::
 --persistent::
        Don't remove the discovery controller after retrieving the discovery
        log page.
 
+--tls::
+       Enable TLS encryption (TCP).
+
 -S::
 --quiet::
        Suppress error messages.

diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt
index ea43cb80dec7a66fe813a03007a02a798b77f092..0e8856c706ded7abe63f9b41398f6945bc1b8d45 100644 (file)
--- a/Documentation/nvme-connect.txt
+++ b/Documentation/nvme-connect.txt
@@ -28,6 +28,8 @@ SYNOPSIS
                [--reconnect-delay=<#>    | -c <#>]
                [--ctrl-loss-tmo=<#>      | -l <#>]
                [--tos=<#>                | -T <#>]
+               [--keyring=<#>                    ]
+               [--tls_key=<#>                    ]
                [--duplicate-connect      | -D]
                [--disable-sqflow         | -d]
                [--hdr-digest             | -g]
@@ -156,6 +158,12 @@ OPTIONS
 --tos=<#>::
        Type of service for the connection (TCP)
 
+--keyring=<#>::
+       Keyring for TLS key lookup.
+
+--tls_key=<#>::
+       TLS key for the connection (TCP).
+
 -D::
 --duplicate-connect::
        Allows duplicated connections between same transport host and subsystem

diff --git a/Documentation/nvme-discover.txt b/Documentation/nvme-discover.txt
index e1e74f01026c724876d6a4f1ba68051bc3883401..d4df75c27af2608b7adc77bf9656328d0564a302 100644 (file)
--- a/Documentation/nvme-discover.txt
+++ b/Documentation/nvme-discover.txt
@@ -23,14 +23,17 @@ SYNOPSIS
                [--keep-alive-tmo=<sec>   | -k <sec>]
                [--reconnect-delay=<#>    | -c <#>]
                [--ctrl-loss-tmo=<#>      | -l <#>]
-               [--hdr-digest             | -g]
-               [--data-digest            | -G]
                [--nr-io-queues=<#>       | -i <#>]
                [--nr-write-queues=<#>    | -W <#>]
                [--nr-poll-queues=<#>     | -P <#>]
                [--queue-size=<#>         | -Q <#>]
+               [--keyring=<#>                    ]
+               [--tls_key=<#>                    ]
+               [--hdr-digest             | -g]
+               [--data-digest            | -G]
                [--persistent             | -p]
                [--quiet                  | -S]
+               [--tls                        ]
                [--dump-config            | -O]
                [--output-format=<fmt>    | -o <fmt>]
                [--force]
@@ -165,14 +168,6 @@ OPTIONS
 --ctrl-loss-tmo=<#>::
        Overrides the default controller loss timeout period (in seconds).
 
--g::
---hdr-digest::
-       Generates/verifies header digest (TCP).
-
--G::
---data-digest::
-       Generates/verifies data digest (TCP).
-
 -i <#>::
 --nr-io-queues=<#>::
        Overrides the default number of I/O queues create by the driver.
@@ -194,11 +189,28 @@ OPTIONS
        This option will be ignored for the discovery, and it is only
        implemented for completeness.
 
+--keyring=<#>::
+       Keyring for TLS key lookup.
+
+--tls_key=<#>::
+       TLS key for the connection (TCP).
+
+-g::
+--hdr-digest::
+       Generates/verifies header digest (TCP).
+
+-G::
+--data-digest::
+       Generates/verifies data digest (TCP).
+
 -p::
 --persistent::
        Don't remove the discovery controller after retrieving the discovery
        log page.
 
+--tls::
+       Enable TLS encryption (TCP).
+
 -S::
 --quiet::
        Suppress already connected errors.

diff --git a/fabrics.c b/fabrics.c
index a1f4c75ec44dc841c07b32fa32b7f1305e5fc7d7..087a56ce4e1eed3fa9df76f97ded8a934d6485a1 100644 (file)
--- a/fabrics.c
+++ b/fabrics.c
@@ -75,6 +75,8 @@ static const char *nvmf_keep_alive_tmo        = "keep alive timeout period in seconds";
 static const char *nvmf_reconnect_delay        = "reconnect timeout period in seconds";
 static const char *nvmf_ctrl_loss_tmo  = "controller loss timeout period in seconds";
 static const char *nvmf_tos            = "type of service";
+static const char *nvmf_keyring                = "Keyring for TLS key lookup";
+static const char *nvmf_tls_key                = "TLS key to use";
 static const char *nvmf_dup_connect    = "allow duplicate connections between same transport host and subsystem port";
 static const char *nvmf_disable_sqflow = "disable controller sq flow control (default false)";
 static const char *nvmf_hdr_digest     = "enable transport protocol header digest (TCP transport)";
@@ -100,6 +102,8 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or
        OPT_INT("reconnect-delay",    'c', &c.reconnect_delay,    nvmf_reconnect_delay),\
        OPT_INT("ctrl-loss-tmo",      'l', &c.ctrl_loss_tmo,      nvmf_ctrl_loss_tmo),  \
        OPT_INT("tos",                'T', &c.tos,                nvmf_tos),            \
+       OPT_INT("keyring",              0, &c.keyring,            nvmf_keyring),        \
+       OPT_INT("tls_key",              0, &c.tls_key,            nvmf_tls_key),        \
        OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect,  nvmf_dup_connect),    \
        OPT_FLAG("disable-sqflow",    'd', &c.disable_sqflow,     nvmf_disable_sqflow), \
        OPT_FLAG("hdr-digest",        'g', &c.hdr_digest,         nvmf_hdr_digest),     \