Harald Schmalzbauer
2014-Oct-20 08:35 UTC
ctld(8), multiple 'portal-group' on same socket (individual 'discovery-auth-group' restrictions)
Hello,
I'm trying to move from istgt(1) to ctld(8), but it seems my setup isn't
possible with ctld.
Besides missing support for virtual-DVDs ('UnitType DVD' in istgt) and
real ODD-devices ('UnitType pass' in istgt), I guess it's impossible
to
define multiple "portal-group"s, listening on the same socket, but
with
different "discovery-auth-group".
The idea is, to present initiators only targets at discovery, which they
are allowed to connect to.
Am I missing something which could provide such selective discovery with
ctld(8)?
Thanks,
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20141020/892a3a1d/attachment.sig>
Edward Tomasz NapieraĆa
2014-Oct-21 10:43 UTC
ctld(8), multiple 'portal-group' on same socket (individual 'discovery-auth-group' restrictions)
On 1020T1035, Harald Schmalzbauer wrote:> Hello, > > I'm trying to move from istgt(1) to ctld(8), but it seems my setup isn't > possible with ctld. > Besides missing support for virtual-DVDs ('UnitType DVD' in istgt) and > real ODD-devices ('UnitType pass' in istgt),Yup, we don't implement virtual DVDs and passthrough. Especially the latter would be a nice feature to have.> I guess it's impossible to > define multiple "portal-group"s, listening on the same socket, but with > different "discovery-auth-group". > The idea is, to present initiators only targets at discovery, which they > are allowed to connect to. > Am I missing something which could provide such selective discovery with > ctld(8)?I thought about it, but I don't like the way istgt does it. By allowing multiple portal groups to bind to a single address (portal), we would introduce ambiguity as for which portal-group and associated discovery-auth-group is being used. On the other hand, a simplistic approach of only showing targets with auth-group being the same as discovery-auth-group for the portal probably wouldn't be very useful in real-world cases.