On Jun 8, 2015, at 9:57 PM, Sean Elble <elbles@xxxxxxxxxx> wrote: > >> On Jun 8, 2015, at 5:12 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: >> >> On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote: >>> On 08.06.2015 10:27, Chuck Lever wrote: >>>>> I don’t understand the need to “turn off” an address family. >>>>> That’s what >>>>> /etc/netconfig is supposed to be for. What’s not happening here that >>>>> should be? >>>> >>>> What I mean is: I’d rather not add more command line options if there >>>> is a way for rpc.nfsd to automatically and quietly do what is needed. >>>> But I don’t understand the use case here. Sean, can you explain it >>>> for >>>> bears of little brain? >>> >>> Sure, and please correct me if any of my understanding is incorrect >>> (as it may well be). In my environment, I wanted to have NFS only >>> listen on one interface of a multihomed host. In using the "--host" >>> parameter to do so, I saw the error message regarding IPv6 thrown. >>> While disabling IPv6 globally in /etc/netconfig is an option (one I >>> understand to be "global", in that it'd affect *all* applications on >>> the host), it'd be nice to disable IPv6 for a single service/daemon >>> instead. >> >> But doesn't something like >> >> rpc.nfsd --host 10.0.0.1 --no-ipv6 >> >> seem a bit redundant? > > In that case, perhaps it does. But what if you were to use a hostname that resolved to both IPv4 and IPv6 addresses? I think the common expectation is that NFSD should present an IPv6 listener in that case. If you give rpc.nfsd a hostname and it has no mapped IPv6 address, or you give rpc.nfsd an IPv4 address, then no IPv6 listener should be started. >> I mean, you've already told it to listen to that one (ipv4) address. >> That'd argue for just disabling the warning in this case, I think. I agree with that (either disabling it, or getting rid of the false negative). >> But my understanding of IPv6 is still poor. > > Yours and mine both. But until it gets better, I’m very comfortable in just turning it off in places where 1) I know it’s not needed and 2) Places where exploits could linger with most of our emphasis on IPv4 still. In the specific usage scenario you opened the thread with, you used a hostname with no IPv6 mapping, and you got exactly what you wanted: only an IPv4 listener. Seems like the rpc.nfsd command line interface is already rich enough to provide what you want? -- Chuck Lever chucklever@xxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
