[PATCH 2/2] nfsd: reject NFSv4 requests over UDP (try #2)

Jeff Layton <jlayton@xxxxxxxxxx> · Fri, 25 Jun 2010 14:20:55 -0400

RFC3530 states:

   Where an NFS version 4 implementation supports operation over the IP
   network protocol, the supported transports between NFS and IP MUST be
   among the IETF-approved congestion control transport protocols, which
   include TCP and SCTP

This patch adds a wrapper for nfsd_dispatch that checks to see whether
the call came in via UDP, and then rejects it with a PROG_MISMATCH RPC
error. This replaces the earlier one I proposed -- it should mean no
extra overhead for NFSv2/3.

It also has the NFS server skip rpcbind registration for NFSv4 over UDP.

Reported-by: Sachin Prabhu <sprabhu@xxxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
 fs/nfsd/nfs4proc.c |    3 ++-
 fs/nfsd/nfsd.h     |    1 +
 fs/nfsd/nfssvc.c   |   13 +++++++++++++
 3 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 59ec449..afbd03c 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1363,8 +1363,9 @@ struct svc_version	nfsd_version4 = {
 		.vs_vers	= 4,
 		.vs_nproc	= 2,
 		.vs_proc	= nfsd_procedures4,
-		.vs_dispatch	= nfsd_dispatch,
+		.vs_dispatch	= nfsd4_dispatch,
 		.vs_xdrsize	= NFS4_SVC_XDRSIZE,
+		.vs_hidden_udp	= true,
 };
 
 /*
diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h
index 7237776..f36e07c 100644
--- a/fs/nfsd/nfsd.h
+++ b/fs/nfsd/nfsd.h
@@ -41,6 +41,7 @@ extern const struct seq_operations nfs_exports_op;
  */
 int		nfsd_svc(unsigned short port, int nrservs);
 int		nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp);
+int		nfsd4_dispatch(struct svc_rqst *rqstp, __be32 *statp);
 
 int		nfsd_nrthreads(void);
 int		nfsd_nrpools(void);
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 6b59d32..0a04472 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -595,6 +595,19 @@ nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp)
 	return 1;
 }
 
+int
+nfsd4_dispatch(struct svc_rqst *rqstp, __be32 *statp)
+{
+	/* Reject any NFSv4 request over UDP. Don't bother caching it. */
+	if (rqstp->rq_prot == IPPROTO_UDP) {
+		dprintk("%s: rejecting vers 4 request over UDP\n", __func__);
+		*statp = rpc_prog_mismatch;
+		return 1;
+	}
+
+	return nfsd_dispatch(rqstp, statp);
+}
+
 int nfsd_pool_stats_open(struct inode *inode, struct file *file)
 {
 	int ret;
-- 
1.5.5.6

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





