On Aug 23, 2013, at 10:01 AM, Simo Sorce <simo@xxxxxxxxxx> wrote: > On Tue, 2013-08-13 at 17:47 -0400, andros@xxxxxxxxxx wrote: >> From: Andy Adamson <andros@xxxxxxxxxx> >> >> Differences from Version 4 >> - added NFSv4 Remove unused LIPKEY and SPKM enums >> - shared GSS context caches when possible via shared rpc_clnt structs > > If you share the gss context don't you risk mixing up sequence numbers > and sending out of sequence packets ? No, for a couple of reasons 1) RPCSEC_GSS requires that the GSS-API level sequencing is turned off - e.g. the sequence_req_flag is set to false. rfc2203: When GSS_Init_sec_context() is called, the parameters replay_det_req_flag and sequence_req_flag must be turned off. The reasons for this are: So the RPCSEC_GSS layer does the sequencing, not the GSS layer. 2) I'm not really sharing GSS contexts - just trying to avoid creating multiple GSS contexts per <principal, target> tuple. Really what I should be doing is creating a single GSS RPC auth cache for each supported RPC_AUTH_GSS pseudoflavor in the rpc_xprt struct, and have all rpc_clnt's that use the rpc_xprt use the GSS RPC auth. -->Andy > Is that posible ? Is that going to be a problem with any > implementation ? > > I do not see GSS_C_SEQUENCE_FLAG used in nfs-utils, nor do I see any > check for sequence in the unwrap call in the kernel so probably not a > problem (at least for linux-to-linux), but just thought about asking to > make sure anyway. > > Simo. > >> - DS conections use the shared rpc_clnts >> >> Andy Adamson (3): >> NFSv4 Remove unused LIPKEY and SPKM enums >> NFS Share RPC_AUTH_GSS rpc clients >> NFSv4.1 Use the shared nfs_client rpc_clnts for pNFS data server >> connections >> >> fs/nfs/client.c | 80 ++++++++++++++++++++++++++++++++++++++--- >> fs/nfs/internal.h | 4 +++ >> fs/nfs/nfs4filelayout.c | 69 +++++++++++++++++++++++++++++------ >> fs/nfs/nfs4filelayout.h | 3 ++ >> fs/nfs/nfs4filelayoutdev.c | 4 ++- >> fs/nfs/nfs4namespace.c | 5 +-- >> fs/nfs/nfs4proc.c | 9 +++-- >> fs/nfs/nfs4state.c | 4 +-- >> fs/nfs/super.c | 34 ------------------ >> include/linux/nfs_fs_sb.h | 1 + >> include/linux/sunrpc/msg_prot.h | 9 ++--- >> 11 files changed, 158 insertions(+), 64 deletions(-) >> > > > -- > Simo Sorce * Red Hat, Inc * New York > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
