From: Hannes Reinecke Date: Thu, 23 Mar 2023 15:14:53 +0000 (+0100) Subject: nvme-(discover,connect,connect-all): enable options '--keyring' and '--tls_key' X-Git-Tag: v2.4~5 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3d214aca1ebff60e1cca876c7db62e1f2429646f;p=users%2Fsagi%2Fnvme-cli.git nvme-(discover,connect,connect-all): enable options '--keyring' and '--tls_key' Enable the options '--keyring' and '--tls_key' to select the key for TLS encrypted connections. Signed-off-by: Hannes Reinecke --- diff --git a/Documentation/nvme-connect-all.txt b/Documentation/nvme-connect-all.txt index d963fdb2..44bb4f94 100644 --- a/Documentation/nvme-connect-all.txt +++ b/Documentation/nvme-connect-all.txt @@ -23,13 +23,16 @@ SYNOPSIS [--keep-alive-tmo= | -k ] [--reconnect-delay=<#> | -c <#>] [--ctrl-loss-tmo=<#> | -l <#>] - [--hdr-digest | -g] - [--data-digest | -G] [--nr-io-queues=<#> | -i <#>] [--nr-write-queues=<#> | -W <#>] [--nr-poll-queues=<#> | -P <#>] [--queue-size=<#> | -Q <#>] + [--keyring=<#> ] + [--tls_key=<#> ] + [--hdr-digest | -g] + [--data-digest | -G] [--persistent | -p] + [--tls ] [--quiet | -S] [--dump-config | -O] @@ -145,14 +148,6 @@ OPTIONS --ctrl-loss-tmo=<#>:: Overrides the default controller loss timeout period (in seconds). --g:: ---hdr-digest:: - Generates/verifies header digest (TCP). - --G:: ---data-digest:: - Generates/verifies data digest (TCP). - -i <#>:: --nr-io-queues=<#>:: Overrides the default number of I/O queues create by the driver. @@ -173,11 +168,28 @@ OPTIONS by the driver. This option will be ignored for discovery, but will be passed on to the subsequent connect call. +--keyring=<#>:: + Keyring for TLS key lookup. + +--tls_key=<#>:: + TLS key for the connection (TCP). + +-g:: +--hdr-digest:: + Generates/verifies header digest (TCP). + +-G:: +--data-digest:: + Generates/verifies data digest (TCP). + -p:: --persistent:: Don't remove the discovery controller after retrieving the discovery log page. +--tls:: + Enable TLS encryption (TCP). + -S:: --quiet:: Suppress error messages. diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt index ea43cb80..0e8856c7 100644 --- a/Documentation/nvme-connect.txt +++ b/Documentation/nvme-connect.txt @@ -28,6 +28,8 @@ SYNOPSIS [--reconnect-delay=<#> | -c <#>] [--ctrl-loss-tmo=<#> | -l <#>] [--tos=<#> | -T <#>] + [--keyring=<#> ] + [--tls_key=<#> ] [--duplicate-connect | -D] [--disable-sqflow | -d] [--hdr-digest | -g] @@ -156,6 +158,12 @@ OPTIONS --tos=<#>:: Type of service for the connection (TCP) +--keyring=<#>:: + Keyring for TLS key lookup. + +--tls_key=<#>:: + TLS key for the connection (TCP). + -D:: --duplicate-connect:: Allows duplicated connections between same transport host and subsystem diff --git a/Documentation/nvme-discover.txt b/Documentation/nvme-discover.txt index e1e74f01..d4df75c2 100644 --- a/Documentation/nvme-discover.txt +++ b/Documentation/nvme-discover.txt @@ -23,14 +23,17 @@ SYNOPSIS [--keep-alive-tmo= | -k ] [--reconnect-delay=<#> | -c <#>] [--ctrl-loss-tmo=<#> | -l <#>] - [--hdr-digest | -g] - [--data-digest | -G] [--nr-io-queues=<#> | -i <#>] [--nr-write-queues=<#> | -W <#>] [--nr-poll-queues=<#> | -P <#>] [--queue-size=<#> | -Q <#>] + [--keyring=<#> ] + [--tls_key=<#> ] + [--hdr-digest | -g] + [--data-digest | -G] [--persistent | -p] [--quiet | -S] + [--tls ] [--dump-config | -O] [--output-format= | -o ] [--force] @@ -165,14 +168,6 @@ OPTIONS --ctrl-loss-tmo=<#>:: Overrides the default controller loss timeout period (in seconds). --g:: ---hdr-digest:: - Generates/verifies header digest (TCP). - --G:: ---data-digest:: - Generates/verifies data digest (TCP). - -i <#>:: --nr-io-queues=<#>:: Overrides the default number of I/O queues create by the driver. @@ -194,11 +189,28 @@ OPTIONS This option will be ignored for the discovery, and it is only implemented for completeness. +--keyring=<#>:: + Keyring for TLS key lookup. + +--tls_key=<#>:: + TLS key for the connection (TCP). + +-g:: +--hdr-digest:: + Generates/verifies header digest (TCP). + +-G:: +--data-digest:: + Generates/verifies data digest (TCP). + -p:: --persistent:: Don't remove the discovery controller after retrieving the discovery log page. +--tls:: + Enable TLS encryption (TCP). + -S:: --quiet:: Suppress already connected errors. diff --git a/fabrics.c b/fabrics.c index a1f4c75e..087a56ce 100644 --- a/fabrics.c +++ b/fabrics.c @@ -75,6 +75,8 @@ static const char *nvmf_keep_alive_tmo = "keep alive timeout period in seconds"; static const char *nvmf_reconnect_delay = "reconnect timeout period in seconds"; static const char *nvmf_ctrl_loss_tmo = "controller loss timeout period in seconds"; static const char *nvmf_tos = "type of service"; +static const char *nvmf_keyring = "Keyring for TLS key lookup"; +static const char *nvmf_tls_key = "TLS key to use"; static const char *nvmf_dup_connect = "allow duplicate connections between same transport host and subsystem port"; static const char *nvmf_disable_sqflow = "disable controller sq flow control (default false)"; static const char *nvmf_hdr_digest = "enable transport protocol header digest (TCP transport)"; @@ -100,6 +102,8 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or OPT_INT("reconnect-delay", 'c', &c.reconnect_delay, nvmf_reconnect_delay),\ OPT_INT("ctrl-loss-tmo", 'l', &c.ctrl_loss_tmo, nvmf_ctrl_loss_tmo), \ OPT_INT("tos", 'T', &c.tos, nvmf_tos), \ + OPT_INT("keyring", 0, &c.keyring, nvmf_keyring), \ + OPT_INT("tls_key", 0, &c.tls_key, nvmf_tls_key), \ OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect, nvmf_dup_connect), \ OPT_FLAG("disable-sqflow", 'd', &c.disable_sqflow, nvmf_disable_sqflow), \ OPT_FLAG("hdr-digest", 'g', &c.hdr_digest, nvmf_hdr_digest), \