File s390-tools-sles15sp2-03-zdev-Report-FC-Endpoint-Security-of-zfcp-devices.patch of Package s390-tools.17667

Subject: [PATCH] [FEAT SAN1810] zdev: Report FC Endpoint Security of zfcp devices
From: Fedor Loshakov <loshakov@linux.ibm.com>

Summary:     zdev: report FC Endpoint Security of zfcp devices
Description: Report FC Endpoint Security of zfcp devices, which
             includes:
             1. Add support to report Fibre Channel (FC)
             Endpoint Security related information for zfcp-host
             and zfcp-lun devices.
             2. Format and print HBA FC Endpoint Security trace
             records
Upstream-ID: 67496afe577d9bcf74d1100ac5216e05343930c8
Problem-ID:  SAN1810

Upstream-Description:

             zdev: Report FC Endpoint Security of zfcp devices

             Add support to report Fibre Channel (FC) Endpoint Security
             related information for zfcp-host and zfcp-lun devices.

             Allow to query (lszdev) and provide help for (chzdev) the FC Endpoint
             Security capability of a FCP device (zfcp-host). Provide this
             information by defining the FCP device attribute fc_security in zdev
             zfcp-host.

             Allow to query (lszdev) and provide help for (chzdev) the FC Endpoint
             Security in use on a connection between a FCP device and a FC remote
             port. Provide this information by introducing a virtual zdev zfcp-lun
             attribute fc_security. It returns the fc_security attribute value of
             the zfcp port object representing the FC remote port used to access the
             LUN.
             This approach allows users of lszdev to easily query the FC Endpoint
             Security in use on the connections to one or more FCP LUNs. It also
             does not require the effort to introduce a zfcp-port device type in
             zdev.

             The fc_security attribute help for both zfcp-host and zfcp-lun can be
             queried for example as follows:

                 chzdev zfcp --help-attribute

             The fc_security attribute values and path of all active zfcp devices
             can be queried for example as follows:

                 lszdev zfcp -a -c TYPE,ID,ATTR:fc_security,ATTRPATH:fc_security

             Signed-off-by: Jens Remus <jremus@linux.ibm.com>
             Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
             Reviewed-by: Steffen Maier <maier@linux.ibm.com>
             Reviewed-by: Fedor Loshakov <loshakov@linux.ibm.com>
             Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
             Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>


Signed-off-by: Fedor Loshakov <loshakov@linux.ibm.com>
---
 zdev/src/zfcp_host.c |   22 ++++++++++++++++++++++
 zdev/src/zfcp_lun.c  |   26 ++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

--- a/zdev/src/zfcp_host.c
+++ b/zdev/src/zfcp_host.c
@@ -70,6 +70,27 @@ static struct attrib zfcp_host_attr_port
 	.accept = ACCEPT_ARRAY(ACCEPT_NUM(1)),
 };
 
+static struct attrib zfcp_host_attr_fc_security = {
+	.name = "fc_security",
+	.title = "Show FC Endpoint Security capability of FCP device",
+	.desc =
+	"This read-only attribute shows the Fibre Channel Endpoint Security\n"
+	"capabilities of the FCP device.\n"
+	"\n"
+	"Possible values are either one of the following:\n"
+	"  unknown       : The Fibre Channel Endpoint Security capabilities\n"
+	"                  of the FCP device are not known\n"
+	"  unsupported   : The FCP device does not support Fibre Channel\n"
+	"                  Endpoint Security\n"
+	"  none          : The FCP device does not report any Fibre Channel\n"
+	"                  Endpoint Security capabilities\n"
+	"\n"
+	"Or one or more comma-separated values:\n"
+	"  Authentication: The FCP device supports authentication\n"
+	"  Encryption    : The FCP device supports encryption\n",
+	.readonly = 1,
+};
+
 /*
  * zfcp host methods.
  */
@@ -248,6 +269,7 @@ struct subtype zfcp_host_subtype = {
 		&zfcp_host_attr_failed,
 		&zfcp_host_attr_port_remove,
 		&zfcp_host_attr_port_rescan,
+		&zfcp_host_attr_fc_security,
 		&internal_attr_early,
 	),
 	.unknown_dev_attribs	= 1,
--- a/zdev/src/zfcp_lun.c
+++ b/zdev/src/zfcp_lun.c
@@ -33,6 +33,7 @@
 #include "zfcp_lun.h"
 
 #define DEVNAME			"zFCP LUN"
+#define FC_SECURITY_VATTR	"fc_security"
 
 /*
  * zfcp lun namespace.
@@ -415,6 +416,24 @@ static struct attrib zfcp_lun_attr_scsi_
 	.accept = ACCEPT_ARRAY(ACCEPT_NUM(1)),
 };
 
+static struct attrib zfcp_lun_attr_fc_security = {
+	.name = FC_SECURITY_VATTR,
+	.title = "Show FC Endpoint Security state of connection",
+	.desc =
+	"This read-only attribute shows the current state of Fibre Channel\n"
+	"Endpoint Security of the connection between the FCP device and the\n"
+	"FC remote port used to access the LUN:\n"
+	"  unknown       : The Fibre Channel Endpoint Security state of the\n"
+	"                  connection is not known\n"
+	"  unsupported   : The FCP device does not support Fibre Channel\n"
+	"                  Endpoint Security\n"
+	"  none          : The connection has no Fibre Channel Endpoint\n"
+	"                  Security\n"
+	"  Authentication: The connection has been authenticated\n"
+	"  Encryption    : The connection is encrypted\n",
+	.readonly = 1,
+};
+
 /*
  * zfcp lun device methods.
  */
@@ -770,6 +789,12 @@ static char *zfcp_lun_st_get_active_attr
 		free(hctl);
 
 		name += strlen(SCSI_ATTR_PREFIX);
+	} else if (strcmp(name, FC_SECURITY_VATTR) == 0) {
+		devpath = path_get_zfcp_port_dev(dev->devid);
+		if (!util_path_exists(devpath)) {
+			free(devpath);
+			return NULL;
+		}
 	} else {
 		devpath = path_get_zfcp_lun_dev(dev->devid);
 	}
@@ -1101,6 +1126,7 @@ struct subtype zfcp_lun_subtype = {
 		&zfcp_lun_attr_scsi_timeout,
 		&zfcp_lun_attr_scsi_state,
 		&zfcp_lun_attr_scsi_delete,
+		&zfcp_lun_attr_fc_security,
 		&internal_attr_early,
 	),
 	.prefixes = STRING_ARRAY(SCSI_ATTR_PREFIX),