All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] nfs: set vs_hidden on nfs4_callback_version4
@ 2011-09-21 19:55 Jeff Layton
  2011-09-21 20:05 ` Chuck Lever
  0 siblings, 1 reply; 4+ messages in thread
From: Jeff Layton @ 2011-09-21 19:55 UTC (permalink / raw)
  To: trond.myklebust; +Cc: linux-nfs, skinsbursky

This service should not be registered with or unregistered from rpcbind.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 fs/nfs/callback_xdr.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index c6c86a7..7c8b800 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -996,4 +996,5 @@ struct svc_version nfs4_callback_version4 = {
 	.vs_proc = nfs4_callback_procedures1,
 	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
 	.vs_dispatch = NULL,
+	.vs_hidden = 1,
 };
-- 
1.7.6.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] nfs: set vs_hidden on nfs4_callback_version4
  2011-09-21 19:55 [PATCH] nfs: set vs_hidden on nfs4_callback_version4 Jeff Layton
@ 2011-09-21 20:05 ` Chuck Lever
  2011-09-21 20:24   ` Myklebust, Trond
  0 siblings, 1 reply; 4+ messages in thread
From: Chuck Lever @ 2011-09-21 20:05 UTC (permalink / raw)
  To: Jeff Layton; +Cc: trond.myklebust, linux-nfs, skinsbursky


On Sep 21, 2011, at 3:55 PM, Jeff Layton wrote:

> This service should not be registered with or unregistered from rpcbind.

I've been watching the larger conversation.  One thing that registering does, even if you don't want to advertise your service, is tell you if there is already another service on that port.  Do we want to worry about possible port collisions for listeners like the callback service?

Do we want to ensure that any other service on that port is unregistered?  We would already discover a listener on our port when trying to create the socket, but an old registration may persist even after that old service has gone away.

This is something to think about when revisiting the semantics of .vs_hidden.

> Signed-off-by: Jeff Layton <jlayton@redhat.com>
> ---
> fs/nfs/callback_xdr.c |    1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
> index c6c86a7..7c8b800 100644
> --- a/fs/nfs/callback_xdr.c
> +++ b/fs/nfs/callback_xdr.c
> @@ -996,4 +996,5 @@ struct svc_version nfs4_callback_version4 = {
> 	.vs_proc = nfs4_callback_procedures1,
> 	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
> 	.vs_dispatch = NULL,
> +	.vs_hidden = 1,
> };
> -- 
> 1.7.6.2
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com





^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: [PATCH] nfs: set vs_hidden on nfs4_callback_version4
  2011-09-21 20:05 ` Chuck Lever
@ 2011-09-21 20:24   ` Myklebust, Trond
  2011-09-22 11:06     ` Jeff Layton
  0 siblings, 1 reply; 4+ messages in thread
From: Myklebust, Trond @ 2011-09-21 20:24 UTC (permalink / raw)
  To: Chuck Lever, Jeff Layton; +Cc: linux-nfs, skinsbursky

> -----Original Message-----
> From: Chuck Lever [mailto:chuck.lever@oracle.com]
> Sent: Wednesday, September 21, 2011 4:06 PM
> To: Jeff Layton
> Cc: Myklebust, Trond; linux-nfs@vger.kernel.org;
skinsbursky@parallels.com
> Subject: Re: [PATCH] nfs: set vs_hidden on nfs4_callback_version4
> 
> 
> On Sep 21, 2011, at 3:55 PM, Jeff Layton wrote:
> 
> > This service should not be registered with or unregistered from
rpcbind.
> 
> I've been watching the larger conversation.  One thing that
registering does,
> even if you don't want to advertise your service, is tell you if there
is already
> another service on that port.  Do we want to worry about possible port
> collisions for listeners like the callback service?

We already have a module parameter for fixing the callback service so
that we can avoid port collisions with known services. That said,
normally we do not want to rely on the portmapper for detecting the
existence of a service: that will in any case only detect RPC services
and, as you point out below, is subject to stale entries.

> Do we want to ensure that any other service on that port is
unregistered?
> We would already discover a listener on our port when trying to create
the
> socket, but an old registration may persist even after that old
service has
> gone away.

If anyone tries to use the service which is advertised by the stale
portmapper entry, then they will get a PROG_UNAVAIL error.

Cheers
  Trond

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] nfs: set vs_hidden on nfs4_callback_version4
  2011-09-21 20:24   ` Myklebust, Trond
@ 2011-09-22 11:06     ` Jeff Layton
  0 siblings, 0 replies; 4+ messages in thread
From: Jeff Layton @ 2011-09-22 11:06 UTC (permalink / raw)
  To: Myklebust, Trond; +Cc: Chuck Lever, linux-nfs, skinsbursky

On Wed, 21 Sep 2011 13:24:48 -0700
"Myklebust, Trond" <Trond.Myklebust@netapp.com> wrote:

> > -----Original Message-----
> > From: Chuck Lever [mailto:chuck.lever@oracle.com]
> > Sent: Wednesday, September 21, 2011 4:06 PM
> > To: Jeff Layton
> > Cc: Myklebust, Trond; linux-nfs@vger.kernel.org;
> skinsbursky@parallels.com
> > Subject: Re: [PATCH] nfs: set vs_hidden on nfs4_callback_version4
> > 
> > 
> > On Sep 21, 2011, at 3:55 PM, Jeff Layton wrote:
> > 
> > > This service should not be registered with or unregistered from
> rpcbind.
> > 
> > I've been watching the larger conversation.  One thing that
> registering does,
> > even if you don't want to advertise your service, is tell you if there
> is already
> > another service on that port.  Do we want to worry about possible port
> > collisions for listeners like the callback service?
> 
> We already have a module parameter for fixing the callback service so
> that we can avoid port collisions with known services. That said,
> normally we do not want to rely on the portmapper for detecting the
> existence of a service: that will in any case only detect RPC services
> and, as you point out below, is subject to stale entries.
> 

Doing so also seems like a potential DoS vector. Just register every
reserved port you can get your hands on and enjoy the show...

> > Do we want to ensure that any other service on that port is
> unregistered?
> > We would already discover a listener on our port when trying to create
> the
> > socket, but an old registration may persist even after that old
> service has
> > gone away.
> 
> If anyone tries to use the service which is advertised by the stale
> portmapper entry, then they will get a PROG_UNAVAIL error.
> 

We should also point out that other non-RPC based services in the
kernel do not deal with the portmapper at all. I don't see any harm
from unregistering these ports from the portmapper on service creation,
but I'm not sure it really provides much benefit.

In any case though, I didn't think the rpcbind protocol really gave you
the ability to unregister based on the just the port -- you have to do
it by program number. In order to do this, we'd need to poll for the
entire list of registered services and unregister any that have
matching ports. That sounds ugly to implement :-/

-- 
Jeff Layton <jlayton@redhat.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-09-22 11:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-21 19:55 [PATCH] nfs: set vs_hidden on nfs4_callback_version4 Jeff Layton
2011-09-21 20:05 ` Chuck Lever
2011-09-21 20:24   ` Myklebust, Trond
2011-09-22 11:06     ` Jeff Layton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.