All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: trond.myklebust@primarydata.com, schumaker.anna@gmail.com,
	linux-nfs@vger.kernel.org, chuck.lever@oracle.com,
	tom@talpey.com, jgunthorpe@obsidianresearch.com
Subject: Re: [PATCH v2 0/4] nfs/nfsd/sunrpc: enforce NFSv4 transport requirements
Date: Mon, 27 Feb 2017 06:59:23 -0500	[thread overview]
Message-ID: <1488196763.2876.1.camel@redhat.com> (raw)
In-Reply-To: <20170224214442.GI26378@fieldses.org>

On Fri, 2017-02-24 at 16:44 -0500, J. Bruce Fields wrote:
> On Fri, Feb 24, 2017 at 04:34:24PM -0500, Jeff Layton wrote:
> > On Fri, 2017-02-24 at 16:25 -0500, J. Bruce Fields wrote:
> > > The one other minor thing we could do is skip adding the UDP listener
> > > entirely in the v4-only case.  I think that's a job for rpc.nfsd?
> > > 
> > > --b.
> > > 
> > 
> > Yeah I think we'd need to fix that in rpc.nfsd.
> > 
> > Maybe it's time to just start doing having it do TCP-only by default
> > anyway? Make it so you have to explicitly enable UDP listeners if you
> > want them? Does anyone seriously run NFS over UDP these days for
> > anything other than interop testing? :)
> 
> I thought I remembered somebody floating this on linux-nfs a couple
> years ago and finding there were still a couple vocal users.  Or maybe
> that was NFSv2.  I can't find the thread now.
> 
> I'm pretty conservative about anything that might break people's ancient
> but working setups on upgrade, but maybe it's time.
> 
> Just switching the default to off in nfs-utils first would be the way to
> go, I think, then if that goes well we could think about phasing out
> kernel support.
> 
> --b.
> 

Ok, I posted a patch a couple of days ago as an RFC. It's pretty
straightforward and works. I don't see any need to turn off kernel
support just yet. If we do have users who need it, turning it back on is
pretty trivial with nfs.conf.

What I'd really like is to eventually have distros move to a default
nfsd configuration that is v4-only. Have the kernel only listen for v4
calls on TCP, turn off lockd and statd, and make mountd not open any IP
sockets.

What we'd need to make that happen, I think is a [global] stanza in
nfs.conf with a single 'nfsd_v3' boolean that defaults to off. If
someone needs to serve v3, they could turn that on and everything would
be reenabled. That would take a bit of plumbing through various daemons
though.

-- 
Jeff Layton <jlayton@redhat.com>

  reply	other threads:[~2017-02-27 13:05 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-23 17:03 [PATCH 0/4] nfs/nfsd/sunrpc: enforce requirement for congestion control protocols in NFSv4 Jeff Layton
2017-02-23 17:03 ` [PATCH 1/4] sunrpc: flag transports as using IETF approved congestion control protocols Jeff Layton
2017-02-23 19:42   ` Tom Talpey
     [not found]     ` <2152dfdf-f847-2511-1600-6499b6ea9708-CLs1Zie5N5HQT0dZR+AlfA@public.gmane.org>
2017-02-23 20:00       ` Jeff Layton
2017-02-23 20:00         ` Jeff Layton
     [not found]         ` <1487880034.3448.8.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-23 20:06           ` Tom Talpey
2017-02-23 20:06             ` Tom Talpey
     [not found]             ` <65056db6-f30a-c44d-b01c-b549887c4895-CLs1Zie5N5HQT0dZR+AlfA@public.gmane.org>
2017-02-23 20:11               ` J. Bruce Fields
2017-02-23 20:11                 ` J. Bruce Fields
     [not found]                 ` <20170223201109.GC11882-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2017-02-23 20:26                   ` Jason Gunthorpe
2017-02-23 20:26                     ` Jason Gunthorpe
     [not found]                     ` <20170223202609.GC26301-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-02-23 20:33                       ` Tom Talpey
2017-02-23 20:33                         ` Tom Talpey
     [not found]                         ` <18ef37c3-95db-9a2c-dbcb-f579672065d6-CLs1Zie5N5HQT0dZR+AlfA@public.gmane.org>
2017-02-23 20:55                           ` Jason Gunthorpe
2017-02-23 20:55                             ` Jason Gunthorpe
     [not found]                             ` <20170223205502.GA29673-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-02-24 15:08                               ` Tom Talpey
2017-02-24 15:08                                 ` Tom Talpey
     [not found]                                 ` <4eb1da3d-2690-7647-2d85-cc574bc1d564-CLs1Zie5N5HQT0dZR+AlfA@public.gmane.org>
2017-02-24 17:17                                   ` Jeff Layton
2017-02-24 17:17                                     ` Jeff Layton
     [not found]                                     ` <1487956644.3314.4.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-24 18:03                                       ` Jason Gunthorpe
2017-02-24 18:03                                         ` Jason Gunthorpe
2017-02-23 20:32                   ` Jeff Layton
2017-02-23 20:32                     ` Jeff Layton
2017-02-23 20:17               ` Chuck Lever
2017-02-23 20:17                 ` Chuck Lever
2017-02-23 20:15     ` Chuck Lever
2017-02-23 17:03 ` [PATCH 2/4] sunrpc: turn bitfield flags in svc_version into bools Jeff Layton
2017-02-23 17:03 ` [PATCH 3/4] nfs/nfsd/sunrpc: enforce congestion control protocol requirement for NFSv4 Jeff Layton
2017-02-23 17:03 ` [PATCH 4/4] sunrpc: don't register UDP port with rpcbind when version needs congestion control Jeff Layton
2017-02-23 17:17 ` [PATCH 0/4] nfs/nfsd/sunrpc: enforce requirement for congestion control protocols in NFSv4 Jeff Layton
2017-02-24 18:25 ` [PATCH v2 0/4] nfs/nfsd/sunrpc: enforce NFSv4 transport requirements Jeff Layton
2017-02-24 18:25   ` [PATCH v2 1/4] sunrpc: turn bitfield flags in svc_version into bools Jeff Layton
2017-02-24 18:25   ` [PATCH v2 2/4] sunrpc: flag transports as having both reliable and ordered delivery, and congestion control Jeff Layton
2017-02-24 18:25   ` [PATCH v2 3/4] nfs/nfsd/sunrpc: enforce transport requirements for NFSv4 Jeff Layton
2017-02-24 18:25   ` [PATCH v2 4/4] sunrpc: don't register UDP port with rpcbind when version needs congestion control Jeff Layton
2017-02-24 18:38   ` [PATCH v2 0/4] nfs/nfsd/sunrpc: enforce NFSv4 transport requirements Chuck Lever
2017-02-24 18:53     ` Jeff Layton
2017-02-24 21:23       ` J. Bruce Fields
2017-02-24 18:53   ` Tom Talpey
2017-02-24 21:22     ` J. Bruce Fields
2017-02-24 21:25   ` J. Bruce Fields
2017-02-24 21:34     ` Jeff Layton
2017-02-24 21:44       ` J. Bruce Fields
2017-02-27 11:59         ` Jeff Layton [this message]
2017-02-27 12:08           ` Tom Talpey
2017-02-27 12:55             ` Jeff Layton
2017-02-27 14:20               ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1488196763.2876.1.camel@redhat.com \
    --to=jlayton@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=jgunthorpe@obsidianresearch.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=schumaker.anna@gmail.com \
    --cc=tom@talpey.com \
    --cc=trond.myklebust@primarydata.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.