On Sun, Apr 20, 2008 at 8:02 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > I didn't get the idea. So the idea is to use multiple sockets, > > one bound to LOOPBACK and one to external interface? > > I suppose so. One socket would be for communication for the local > kernel nfsd, one for communication with statd peers. Ok, but that's really quite intrusive - my goal with that patch was to minimize the amount of changes. Sure, we can rework larger part of it if you think is better that way. > > Complicated and unclean in my opinion: one address > > should suffice. > > The advantage is that it would require no changes to the kernel or > kernel interfaces, and would also solve the problem for people that > don't want to upgrade their kernels. Right, but that's hardly an issue with Linux. You need to do that twice per week anyway ;) > The "rpc over lo" interface to the kernel's lockd is simple enough, and > I'd rather not replace it with "rpc over either lo or the interface > specified via sysctl" unless there's a really clear advantage. > > (Also, would your patch mean lockd could accept requests that could have > spoofed source addresses?) Yes, but loopback can also be spoofed. And it does already improve things by making it bind specific interface/address instead of ANY (ports open all around). -- // Janne -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
