libceph: introduce connection modes and ms_mode option

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

msgr2 supports two connection modes: crc (plain) and secure (on-wire
encryption). Connection mode is picked by server based on input from
client.

Introduce ms_mode option:

ms_mode=legacy - msgr1 (default)
ms_mode=crc - crc mode, if denied fail
ms_mode=secure - secure mode, if denied fail
ms_mode=prefer-crc - crc mode, if denied agree to secure mode
ms_mode=prefer-secure - secure mode, if denied agree to crc mode

ms_mode affects all connections, we don't separate connections to mons
like it's done in userspace with ms_client_mode vs ms_mon_client_mode.

For now the default is legacy, to be flipped to prefer-crc after some
time.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

Ilya Dryomov 5 years ago 00498b99 313771e8

+100 -8

7 changed files

expand all

include

linux

ceph

auth.h

ceph_fs.h

libceph.h

net

ceph

auth.c

ceph_common.c

ceph_strings.c

mon_client.c

+6 -2

include/linux/ceph/auth.h

··· 98 98 const struct ceph_crypto_key *key; /* our secret key */ 99 99 unsigned want_keys; /* which services we want */ 100 100 101 + int preferred_mode; /* CEPH_CON_MODE_* */ 102 + int fallback_mode; /* ditto */ 103 + 101 104 struct mutex mutex; 102 105 }; 103 106 104 - extern struct ceph_auth_client *ceph_auth_init(const char *name, 105 - const struct ceph_crypto_key *key); 107 + struct ceph_auth_client *ceph_auth_init(const char *name, 108 + const struct ceph_crypto_key *key, 109 + const int *con_modes); 106 110 extern void ceph_auth_destroy(struct ceph_auth_client *ac); 107 111 108 112 extern void ceph_auth_reset(struct ceph_auth_client *ac);

include/linux/ceph/ceph_fs.h

··· 93 93 #define CEPH_AUTH_NONE 0x1 94 94 #define CEPH_AUTH_CEPHX 0x2 95 95 96 + /* msgr2 protocol modes */ 97 + #define CEPH_CON_MODE_UNKNOWN 0x0 98 + #define CEPH_CON_MODE_CRC 0x1 99 + #define CEPH_CON_MODE_SECURE 0x2 100 + 96 101 #define CEPH_AUTH_UID_DEFAULT ((__u64) -1) 97 102 98 103 const char *ceph_auth_proto_name(int proto); 104 + const char *ceph_con_mode_name(int mode); 99 105 100 106 /********************************************* 101 107 * message layer

include/linux/ceph/libceph.h

··· 53 53 unsigned long osd_keepalive_timeout; /* jiffies */ 54 54 unsigned long osd_request_timeout; /* jiffies */ 55 55 u32 read_from_replica; /* CEPH_OSD_FLAG_BALANCE/LOCALIZE_READS */ 56 + int con_modes[2]; /* CEPH_CON_MODE_* */ 56 57 57 58 /* 58 59 * any type that can't be simply compared or doesn't need

+8 -4

net/ceph/auth.c

··· 39 39 /* 40 40 * setup, teardown. 41 41 */ 42 - struct ceph_auth_client *ceph_auth_init(const char *name, const struct ceph_crypto_key *key) 42 + struct ceph_auth_client *ceph_auth_init(const char *name, 43 + const struct ceph_crypto_key *key, 44 + const int *con_modes) 43 45 { 44 46 struct ceph_auth_client *ac; 45 47 int ret; 46 - 47 - dout("auth_init name '%s'\n", name); 48 48 49 49 ret = -ENOMEM; 50 50 ac = kzalloc(sizeof(*ac), GFP_NOFS); ··· 57 57 ac->name = name; 58 58 else 59 59 ac->name = CEPH_AUTH_NAME_DEFAULT; 60 - dout("auth_init name %s\n", ac->name); 61 60 ac->key = key; 61 + ac->preferred_mode = con_modes[0]; 62 + ac->fallback_mode = con_modes[1]; 63 + 64 + dout("%s name '%s' preferred_mode %d fallback_mode %d\n", __func__, 65 + ac->name, ac->preferred_mode, ac->fallback_mode); 62 66 return ac; 63 67 64 68 out:

+63

net/ceph/ceph_common.c

··· 265 265 Opt_ip, 266 266 Opt_crush_location, 267 267 Opt_read_from_replica, 268 + Opt_ms_mode, 268 269 /* string args above */ 269 270 Opt_share, 270 271 Opt_crc, ··· 288 287 {} 289 288 }; 290 289 290 + enum ceph_ms_mode { 291 + Opt_ms_mode_legacy, 292 + Opt_ms_mode_crc, 293 + Opt_ms_mode_secure, 294 + Opt_ms_mode_prefer_crc, 295 + Opt_ms_mode_prefer_secure 296 + }; 297 + 298 + static const struct constant_table ceph_param_ms_mode[] = { 299 + {"legacy", Opt_ms_mode_legacy}, 300 + {"crc", Opt_ms_mode_crc}, 301 + {"secure", Opt_ms_mode_secure}, 302 + {"prefer-crc", Opt_ms_mode_prefer_crc}, 303 + {"prefer-secure", Opt_ms_mode_prefer_secure}, 304 + {} 305 + }; 306 + 291 307 static const struct fs_parameter_spec ceph_parameters[] = { 292 308 fsparam_flag ("abort_on_full", Opt_abort_on_full), 293 309 fsparam_flag_no ("cephx_require_signatures", Opt_cephx_require_signatures), ··· 323 305 fs_param_deprecated, NULL), 324 306 fsparam_enum ("read_from_replica", Opt_read_from_replica, 325 307 ceph_param_read_from_replica), 308 + fsparam_enum ("ms_mode", Opt_ms_mode, 309 + ceph_param_ms_mode), 326 310 fsparam_string ("secret", Opt_secret), 327 311 fsparam_flag_no ("share", Opt_share), 328 312 fsparam_flag_no ("tcp_nodelay", Opt_tcp_nodelay), ··· 353 333 opt->osd_idle_ttl = CEPH_OSD_IDLE_TTL_DEFAULT; 354 334 opt->osd_request_timeout = CEPH_OSD_REQUEST_TIMEOUT_DEFAULT; 355 335 opt->read_from_replica = CEPH_READ_FROM_REPLICA_DEFAULT; 336 + opt->con_modes[0] = CEPH_CON_MODE_UNKNOWN; 337 + opt->con_modes[1] = CEPH_CON_MODE_UNKNOWN; 356 338 return opt; 357 339 } 358 340 EXPORT_SYMBOL(ceph_alloc_options); ··· 525 503 BUG(); 526 504 } 527 505 break; 506 + case Opt_ms_mode: 507 + switch (result.uint_32) { 508 + case Opt_ms_mode_legacy: 509 + opt->con_modes[0] = CEPH_CON_MODE_UNKNOWN; 510 + opt->con_modes[1] = CEPH_CON_MODE_UNKNOWN; 511 + break; 512 + case Opt_ms_mode_crc: 513 + opt->con_modes[0] = CEPH_CON_MODE_CRC; 514 + opt->con_modes[1] = CEPH_CON_MODE_UNKNOWN; 515 + break; 516 + case Opt_ms_mode_secure: 517 + opt->con_modes[0] = CEPH_CON_MODE_SECURE; 518 + opt->con_modes[1] = CEPH_CON_MODE_UNKNOWN; 519 + break; 520 + case Opt_ms_mode_prefer_crc: 521 + opt->con_modes[0] = CEPH_CON_MODE_CRC; 522 + opt->con_modes[1] = CEPH_CON_MODE_SECURE; 523 + break; 524 + case Opt_ms_mode_prefer_secure: 525 + opt->con_modes[0] = CEPH_CON_MODE_SECURE; 526 + opt->con_modes[1] = CEPH_CON_MODE_CRC; 527 + break; 528 + default: 529 + BUG(); 530 + } 531 + break; 528 532 529 533 case Opt_osdtimeout: 530 534 warn_plog(&log, "Ignoring osdtimeout"); ··· 663 615 seq_puts(m, "read_from_replica=balance,"); 664 616 } else if (opt->read_from_replica == CEPH_OSD_FLAG_LOCALIZE_READS) { 665 617 seq_puts(m, "read_from_replica=localize,"); 618 + } 619 + if (opt->con_modes[0] != CEPH_CON_MODE_UNKNOWN) { 620 + if (opt->con_modes[0] == CEPH_CON_MODE_CRC && 621 + opt->con_modes[1] == CEPH_CON_MODE_UNKNOWN) { 622 + seq_puts(m, "ms_mode=crc,"); 623 + } else if (opt->con_modes[0] == CEPH_CON_MODE_SECURE && 624 + opt->con_modes[1] == CEPH_CON_MODE_UNKNOWN) { 625 + seq_puts(m, "ms_mode=secure,"); 626 + } else if (opt->con_modes[0] == CEPH_CON_MODE_CRC && 627 + opt->con_modes[1] == CEPH_CON_MODE_SECURE) { 628 + seq_puts(m, "ms_mode=prefer-crc,"); 629 + } else if (opt->con_modes[0] == CEPH_CON_MODE_SECURE && 630 + opt->con_modes[1] == CEPH_CON_MODE_CRC) { 631 + seq_puts(m, "ms_mode=prefer-secure,"); 632 + } 666 633 } 667 634 668 635 if (opt->flags & CEPH_OPT_FSID)

+14

net/ceph/ceph_strings.c

··· 32 32 } 33 33 } 34 34 35 + const char *ceph_con_mode_name(int mode) 36 + { 37 + switch (mode) { 38 + case CEPH_CON_MODE_UNKNOWN: 39 + return "unknown"; 40 + case CEPH_CON_MODE_CRC: 41 + return "crc"; 42 + case CEPH_CON_MODE_SECURE: 43 + return "secure"; 44 + default: 45 + return "???"; 46 + } 47 + } 48 + 35 49 const char *ceph_osd_op_name(int op) 36 50 { 37 51 switch (op) {

+2 -2

net/ceph/mon_client.c

··· 1156 1156 1157 1157 /* connection */ 1158 1158 /* authentication */ 1159 - monc->auth = ceph_auth_init(cl->options->name, 1160 - cl->options->key); 1159 + monc->auth = ceph_auth_init(cl->options->name, cl->options->key, 1160 + cl->options->con_modes); 1161 1161 if (IS_ERR(monc->auth)) { 1162 1162 err = PTR_ERR(monc->auth); 1163 1163 goto out_monmap;