Re: [PATCH] rpcbind: don't ignore bind and init_transport errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/20/2010 09:21 AM, Chuck Lever wrote:


On Sep 20, 2010, at 11:31 AM, Jan RÄkorajski wrote:


On Mon, 20 Sep 2010, Chuck Lever wrote:



On Sep 17, 2010, at 6:22 PM, Jan RÄkorajski wrote:


[snip]


What about TCP then?  My patch was a by-product of trying to make '-h<IP>'
also work for tcp sockets, so if we skip unbindable addresses for UDP,
then will it be ok to do the same for TCP?


Interesting.  Now that I've actually looked at the documentation>>
blush<<  rpcbind(8) explicitly says that "-h" is only for UDP.  I seem
to recall that the legacy portmapper had a problem on multi-homed
hosts where a request was received on one interface, and the reply was
sent out another.

This is certainly a problem for datagram transports, but shouldn't be
an issue for connection-oriented transports: the reply is always sent
on the same connection as the request was received.

Can you say a little more about why do you need "-h" to work for
connection-oriented sockets?


I have a multihomed nfs server, and I don't want the portmapper to even
listen on an outside interface.


Understood, but that is accomplished with firewalling, these days.  Usually, NFS servers are not run on the edge of private networks unless they are serving files to public hosts.

None of NFS's RPC daemons allow you to set a bind address, with one exception.  rpc.statd allows one to specify a "bind address" in the form of a host name for reasons specific to the NSM protocol.


Simply not listening to an IP may be more convenient (and perform better)
than setting up firewalls.

Binding also allows one to specify which interface to use if you have
two interfaces on the same subnet.

I posted a patch a week or two ago that allowed the kernel components
to bind to specific IPs.  I'm glad to see I'm not the only one interested
in this, and hopefully we can start making all parts of NFS able to bind
to specific IPs when requested.

Thanks,
Ben

--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux