On Tue, Aug 19, 2008 at 05:14:54PM -0400, Chuck Lever wrote:
> Working on "resvport" mount option. Question occurred to me:
>
> If I specify "noresvport" on a mount, can the client also use a non-
> privileged port for the initial MNT request, and can it use it for the
> NLM connection as well?
>
> Question applies not just to Linux servers, but servers in general.
> Brief searching on teh internets does not reveal a quick answer. I
> think rpc.mountd will allow a non-privileged port for "insecure"
> exports.
>From nfs-utils/utils/mountd/auth.c:auth_authenticate_internal():
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
(ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
*error = illegal_port;
return NULL;
}
So assuming that function does what it name suggests, I think you're
right.
> I think the answer is "yes, non-privileged ports can be used for MNT and
> NLM if the server explicitly allows it" but I thought I would open this
> up to the list.
That's what I would have guessed.
And if the goal is to keep the number of reserved ports from being a
limit, it would be disappointing to eliminate only the ports used for
nfs itself.
--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
