Hey! A couple comments... On 2/24/21 9:42 PM, NeilBrown wrote: > When NFSv3 is used mountd provides logs of successful and failed mount > attempts which can be used for auditing. > When NFSv4 is used there are no such logs as NFSv4 does not have a > distinct "mount" request. > > However mountd still knows about which filesysytems are being accessed > from which clients, and can actually provide more reliable logs than it > currently does, though they must be more verbose - with periodic "is > being accessed" message replacing a single "was mounted" message. > > This series adds support for that logging, and adds some related > improvements to make the logs as useful as possible. > > NeilBrown > > --- > > NeilBrown (5): > mountd: reject unknown client IP when !use_ipaddr. > mountd: Don't proactively add export info when fh info is requested. > mountd: add logging for authentication results for accesses. I wonder if we should mention setting "debug=auth" enables this logging in the mountd manpage > mountd: add --cache-use-ipaddr option to force use_ipaddr > mountd: make default ttl settable by option These two probably need to be put into the nfs.conf file and the nfs.conf man page since the conf_get_num() and conf_get_bool() calls were added. Finally, I'll add this to my plate, but I'm thinking the new log-auth and ttl flags probably should be introduce into nfsv4.exported. I didn't port over the use-ipaddr flag to exportd, since I though it was only used in the v3 mount path but may that was an oversight on my part. Thoughts? steved. > > > support/export/auth.c | 4 +++ > support/export/cache.c | 32 +++++++++++------ > support/export/v4root.c | 3 +- > support/include/exportfs.h | 3 +- > support/nfs/exports.c | 4 ++- > utils/mountd/mountd.c | 29 +++++++++++++++- > utils/mountd/mountd.man | 70 ++++++++++++++++++++++++++++++++++++++ > 7 files changed, 130 insertions(+), 15 deletions(-) > > -- > Signature >
