On Sun, Apr 20, 2008 at 08:49:52PM -0400, Janne Karhunen wrote: > On Sun, Apr 20, 2008 at 8:02 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > > > I didn't get the idea. So the idea is to use multiple sockets, > > > one bound to LOOPBACK and one to external interface? > > > > I suppose so. One socket would be for communication for the local > > kernel nfsd, one for communication with statd peers. > > Ok, but that's really quite intrusive - my goal with that > patch was to minimize the amount of changes. Sure, > we can rework larger part of it if you think is better > that way. Yes. Hopefully it's not too bad.... > > > Complicated and unclean in my opinion: one address > > > should suffice. > > > > The advantage is that it would require no changes to the kernel or > > kernel interfaces, and would also solve the problem for people that > > don't want to upgrade their kernels. > > Right, but that's hardly an issue with Linux. You need > to do that twice per week anyway ;) > > > > The "rpc over lo" interface to the kernel's lockd is simple enough, and > > I'd rather not replace it with "rpc over either lo or the interface > > specified via sysctl" unless there's a really clear advantage. > > > > (Also, would your patch mean lockd could accept requests that could have > > spoofed source addresses?) > > Yes, but loopback can also be spoofed. Is that true? I thought the kernel discarded packets from interfaces other than lo claiming to be from 127.*.*.*. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
