For review:
The purpose of this series is to get the Linux NFS server's
duplicate reply cache working again when the server is mounted via
krb5p. Thus I would like to send these three commits via an
nfsd-5.7-rc pull request in a couple of weeks, depending on review
comments.
The second patch is strictly a client-side fix, but it is necessary
because the third patch causes problems on the client unless the
first and second patches are applied first. Being a client-side
change, the second patch needs an Acked-by from Trond or Anna so I
can send a PR via the NFSD tree.
I've tested this series by running "make -j12 test" in a freshly-
built git source tree on an NFS mount. The test was run on a
sequence of mounts using every combination of:
- TCP and RDMA
- NFSv3, NFSv4.0, NFSv4.1, and NFSv4.1
- krb5p with a kerberos_v1 and kerberos_v2 encryption type
For RDMA in particular, frequent GSS sequence number window overruns
make the transport connection unstable -- typically over 3,000
disconnects for a test run that takes about 30 minutes. A
successful test run on an NFSv3 or NFSv4.0 mount point is therefore
enough to demonstrate that the server's DRC is working properly.
NFSv4.1+ is also tested to show that krb5p continues to work
correctly for NFS minor versions that do not happen to use the
server's DRC.
---
Chuck Lever (3):
SUNRPC: Add "@len" parameter to gss_unwrap()
SUNRPC: Fix GSS privacy computation of auth->au_ralign
SUNRPC: Revert 241b1f419f0e ("SUNRPC: Remove xdr_buf_trim()")
include/linux/sunrpc/gss_api.h | 1 +
include/linux/sunrpc/xdr.h | 1 +
net/sunrpc/auth_gss/auth_gss.c | 8 +++-----
net/sunrpc/auth_gss/gss_krb5_wrap.c | 26 +++++++++++++++--------
net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
net/sunrpc/xdr.c | 41 +++++++++++++++++++++++++++++++++++++
6 files changed, 65 insertions(+), 14 deletions(-)
--
Chuck Lever
