From: Steve Dickson <steved@redhat.com>
To: Trond Myklebust <trondmy@hammerspace.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"alex@caoua.org" <alex@caoua.org>
Subject: Re: [PATCH] mount: If a reserved ports is used, do so for the pings as well
Date: Thu, 9 May 2024 10:56:16 -0400 [thread overview]
Message-ID: <f4e2cf9a-04e4-47a8-88f5-70544b516d3e@redhat.com> (raw)
In-Reply-To: <ae1d55fc8e6951832548323228fc2b9a0eb5dfe4.camel@hammerspace.com>
On 4/21/24 6:14 PM, Trond Myklebust wrote:
> On Sun, 2024-04-21 at 17:38 -0400, Steve Dickson wrote:
>>
>>
>> On 4/21/24 12:06 PM, Trond Myklebust wrote:
>>> On Sun, 2024-04-21 at 07:09 -0400, Steve Dickson wrote:
>>>>
>>>>
>>>> On 4/12/24 6:26 AM, Alexandre Ratchov wrote:
>>>>> Hi,
>>>>>
>>>>> mount.nfs always uses a high port to probe the server's ports
>>>>> (regardless of
>>>>> the "-o resvport" option). Certain NFS servers (ex. OpenBSD -
>>>>> current) will
>>>>> drop the connection, the probe will fail, and mount.nfs will
>>>>> exit
>>>>> before any
>>>>> attempt to mount the file-system. If mount.nfs doesn't ping
>>>>> the
>>>>> server from
>>>>> a high port, mounting the file system will just work.
>>>>>
>>>>> Note that the same will happen if the server is behind a
>>>>> firewall
>>>>> that
>>>>> blocks connections to the NFS service that originates from a
>>>>> high
>>>>> port.
>>>> Committed... (tag: nfs-utils-2-7-1-rc7)
>>>>
>>>> I just hope we don't run out of privilege ports during
>>>> a mount storm (aka when a server reboots).
>>>
>>> Agreed, and that is why this change was entirely the wrong thing to
>>> do.
>> Well the patch was sitting around for a while without any objection
>> so I figured I would go with it since it would make mounts
>> work on other OSs
>>
>>>
>>> The point of the ping is to allow for fast failover in the case
>>> where
>>> the portmap/rpcbind server returns incorrect or stale information.
>>>
>>> If there are servers out there that deliberately break the
>>> convention
>>> for NULL ping, as described in RFC5531, then we might allow
>>> optional
>>> use of the privileged port for those servers, but please don't
>>> force
>>> this on everyone else.
>> The patch is on the top of stack... easy revert-able... Is that what
>> you are suggesting?
>
> That is my suggestion for now, yes.
>
> I don't have any objection to a patch that adds opt-in functionality
> either to turn off the NULL ping, or to force that ping to use a
> privileged port. However we should not change the default behaviour to
> cause the existing paucity of privileged ports to be even more of a
> problem.
>
Reverted.
steved.
prev parent reply other threads:[~2024-05-09 14:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 10:26 [PATCH] mount: If a reserved ports is used, do so for the pings as well Alexandre Ratchov
2024-04-21 11:09 ` Steve Dickson
2024-04-21 16:06 ` Trond Myklebust
2024-04-21 21:38 ` Steve Dickson
2024-04-21 22:14 ` Trond Myklebust
2024-05-09 14:56 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4e2cf9a-04e4-47a8-88f5-70544b516d3e@redhat.com \
--to=steved@redhat.com \
--cc=alex@caoua.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).