Re: [networking-discuss] [iser-dev] Code review request for COMSTAR iSCSI target

Tue, 23 Sep 2008 13:56:30 -0700 

Jim Moore writes:
> I have to confess this code was modeled after the current target daemon 
> without
> further consideration. We do realize that the interfaces given out may 
> not be
> reachable by the initiator. The idea is that the initiator is given 1 
> good address
> and can use that to acquire more addresses for  multipathing or iSCSI 
> protocol
> level trunking. In a well designed network, the targets are confined to 
> adminsitrator
> assigned interfaces and those are the only ones given out. But if the 
> administrator
> doesn't specify, then the "kitchen sink" code kicks in and hands out 
> everything
> (except loopback).

I'm still pretty skeptical of this design, but if this "must" be done
(rather than doing the obvious thing: handing out exactly *one*
address from getsockname when the administrator doesn't specify a
list), then I think you're on the hook to filter out any bogons that
might appear.

Assuming you have an IPv4 address in network byte order, code like
this should test the address reasonably:

boolean_t
address_is_ok(in_addr_t addr)
{
        in_addr_t hostaddr = ntohl(addr);

        if (IN_MULTICAST(hostaddr) || hostaddr == INADDR_NONE)
                return (B_FALSE);
        if ((hostaddr >> IN_CLASSA_NSHIFT) == 0 ||
            (hostaddr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
                return (B_FALSE);
        return (B_TRUE);
}

For IPv6, it's quite a bit harder to check, because there are several
flavors of "bad" addresses.  You'll probably want to exclude addresses
that match with any of these:

        IN6_IS_ADDR_UNSPECIFIED
        IN6_IS_ADDR_LOOPBACK
        IN6_IS_ADDR_MULTICAST
        IN6_IS_ADDR_V4MAPPED
        IN6_IS_ADDR_V4COMPAT

You may also need to check for (and exclude) this, unless you happen
to know that the peer is on the *same* link:

        IN6_IS_ADDR_LINKLOCAL

The tests above won't avoid problems with routing unreachability, but
at least they're not testing for just "lo0".

-- 
James Carlson, Solaris Networking              <[EMAIL PROTECTED]>
Sun Microsystems / 35 Network Drive        71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
_______________________________________________
networking-discuss mailing list
[email protected]

Reply via email to