On Tue, Jun 09, 2015 at 11:37:38AM -0400, Chuck Lever wrote: > > On Jun 8, 2015, at 9:57 PM, Sean Elble <elbles@xxxxxxxxxx> wrote: > > > > >> On Jun 8, 2015, at 5:12 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > >> > >> On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote: > >>> On 08.06.2015 10:27, Chuck Lever wrote: > >>>>> I don’t understand the need to “turn off” an address family. > >>>>> That’s what > >>>>> /etc/netconfig is supposed to be for. What’s not happening here that > >>>>> should be? > >>>> > >>>> What I mean is: I’d rather not add more command line options if there > >>>> is a way for rpc.nfsd to automatically and quietly do what is needed. > >>>> But I don’t understand the use case here. Sean, can you explain it > >>>> for > >>>> bears of little brain? > >>> > >>> Sure, and please correct me if any of my understanding is incorrect > >>> (as it may well be). In my environment, I wanted to have NFS only > >>> listen on one interface of a multihomed host. In using the "--host" > >>> parameter to do so, I saw the error message regarding IPv6 thrown. > >>> While disabling IPv6 globally in /etc/netconfig is an option (one I > >>> understand to be "global", in that it'd affect *all* applications on > >>> the host), it'd be nice to disable IPv6 for a single service/daemon > >>> instead. > >> > >> But doesn't something like > >> > >> rpc.nfsd --host 10.0.0.1 --no-ipv6 > >> > >> seem a bit redundant? > > > > In that case, perhaps it does. But what if you were to use a hostname that resolved to both IPv4 and IPv6 addresses? > > I think the common expectation is that NFSD should present an IPv6 > listener in that case. > > If you give rpc.nfsd a hostname and it has no mapped IPv6 address, or > you give rpc.nfsd an IPv4 address, then no IPv6 listener should be > started. > > >> I mean, you've already told it to listen to that one (ipv4) address. > >> That'd argue for just disabling the warning in this case, I think. > > I agree with that (either disabling it, or getting rid of the false > negative). > > >> But my understanding of IPv6 is still poor. > > > > Yours and mine both. But until it gets better, I’m very comfortable in just turning it off in places where 1) I know it’s not needed and 2) Places where exploits could linger with most of our emphasis on IPv4 still. > > In the specific usage scenario you opened the thread with, you used > a hostname with no IPv6 mapping, and you got exactly what you wanted: > only an IPv4 listener. > > Seems like the rpc.nfsd command line interface is already rich enough > to provide what you want? Yeah. If somebody does need the --no-ipv4/6 stuff then we can add that in addition, but first let's just kill the warning, it sounds to me like that warning's just wrong. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
