From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: trond.myklebust@netapp.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 7/8] SUNRPC: Set V6ONLY socket option for RPC listener sockets
Date: Fri, 18 Jul 2008 21:05:50 -0400 [thread overview]
Message-ID: <20080719010550.GA18907@fieldses.org> (raw)
In-Reply-To: <20080630224616.24887.13171.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
On Mon, Jun 30, 2008 at 06:46:17PM -0400, Chuck Lever wrote:
> My plan is to use an AF_INET listener on systems that support only IPv4,
> and an AF_INET6 listener on systems that can support IPv6. Incoming
> IPv4 packets will be posted to an AF_INET6 listener with a mapped IPv4
> address.
>
> Max Matveev <makc@sgi.com> says:
> Creating a single listener can be dangerous - if net.ipv6.bindv6only
> is enabled then it's possible to create another listener in v4
> namespace on the same port and steal the traffic from the "unifed"
> listener. You need to disable V6ONLY explicitly via a sockopt to stop
> that.
Is the V6ONLY option documented anywhere? A quick grep through the
kernel sources and a couple man pages didn't turn up anything.
--b.
>
> Set appropriate socket option on RPC server listener sockets to prevent
> this.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>
> net/sunrpc/svcsock.c | 12 ++++++++++++
> 1 files changed, 12 insertions(+), 0 deletions(-)
>
>
> diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
> index 3e65719..43c21f7 100644
> --- a/net/sunrpc/svcsock.c
> +++ b/net/sunrpc/svcsock.c
> @@ -1114,6 +1114,7 @@ static struct svc_sock *svc_setup_socket(struct svc_serv *serv,
> struct svc_sock *svsk;
> struct sock *inet;
> int pmap_register = !(flags & SVC_SOCK_ANONYMOUS);
> + int zero = 0;
>
> dprintk("svc: svc_setup_socket %p\n", sock);
> if (!(svsk = kzalloc(sizeof(*svsk), GFP_KERNEL))) {
> @@ -1146,6 +1147,17 @@ static struct svc_sock *svc_setup_socket(struct svc_serv *serv,
> else
> svc_tcp_init(svsk, serv);
>
> + /*
> + * We start one listener per sv_serv. We want AF_INET
> + * requests to be automatically shunted to our AF_INET6
> + * listener using a mapped IPv4 address. Make sure
> + * no-one starts an equivalent IPv4 listener, which
> + * would steal our incoming connections.
> + */
> + if (serv->sv_family == AF_INET6)
> + kernel_setsockopt(sock, SOL_IPV6, IPV6_V6ONLY,
> + (char *)&zero, sizeof(zero));
> +
> dprintk("svc: svc_setup_socket created %p (inet %p)\n",
> svsk, svsk->sk_sk);
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2008-07-19 1:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-30 22:45 [PATCH 0/8] rpcbind v4 support in net/sunrpc/svc* Chuck Lever
[not found] ` <20080630224147.24887.18730.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-06-30 22:45 ` [PATCH 1/8] SUNRPC: Add address family field to svc_serv data structure Chuck Lever
[not found] ` <20080630224529.24887.47412.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-03 21:14 ` J. Bruce Fields
2008-07-04 13:45 ` Chuck Lever
2008-06-30 22:45 ` [PATCH 2/8] SUNRPC: Use proper INADDR_ANY when setting up RPC services on IPv6 Chuck Lever
2008-06-30 22:45 ` [PATCH 3/8] SUNRPC: Split portmap unregister API into separate function Chuck Lever
[not found] ` <20080630224545.24887.61618.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-18 23:21 ` J. Bruce Fields
2008-07-21 3:17 ` Chuck Lever
[not found] ` <76bd70e30807202017hec9d1der1bbbf5c5dcedac45-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-23 16:58 ` J. Bruce Fields
2008-06-30 22:45 ` [PATCH 4/8] SUNRPC: Clean up svc_register Chuck Lever
[not found] ` <20080630224553.24887.73617.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-18 23:29 ` J. Bruce Fields
2008-07-21 19:24 ` Chuck Lever
2008-06-30 22:46 ` [PATCH 5/8] SUNRPC: Use new rpcb_v4_register() interface in svc_register() Chuck Lever
[not found] ` <20080630224601.24887.59241.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-18 23:40 ` J. Bruce Fields
2008-07-21 19:26 ` Chuck Lever
2008-06-30 22:46 ` [PATCH 6/8] SUNRPC: Add kernel build option to disable server-side use of rpcbind v3/v4 Chuck Lever
[not found] ` <20080630224609.24887.20585.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-18 23:42 ` J. Bruce Fields
2008-07-21 19:30 ` Chuck Lever
[not found] ` <76bd70e30807211230y4b7c2b21qa89d8cca05e08dab-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-30 16:18 ` J. Bruce Fields
2008-06-30 22:46 ` [PATCH 7/8] SUNRPC: Set V6ONLY socket option for RPC listener sockets Chuck Lever
[not found] ` <20080630224616.24887.13171.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-07-19 1:05 ` J. Bruce Fields [this message]
2008-07-21 19:32 ` Chuck Lever
2008-06-30 22:46 ` [PATCH 8/8] NFS: Enable NFSv4 callback server to listen on AF_INET6 sockets Chuck Lever
2008-07-19 1:07 ` [PATCH 0/8] rpcbind v4 support in net/sunrpc/svc* J. Bruce Fields
2008-07-20 21:17 ` J. Bruce Fields
2008-07-21 19:07 ` Chuck Lever
[not found] ` <76bd70e30807211207q4fc509e0h4a1a560fe8097de7-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-23 21:53 ` J. Bruce Fields
2008-07-23 22:47 ` Chuck Lever
[not found] ` <76bd70e30807231547j19e9fd8dv7a14c2795226dcd6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-23 23:05 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080719010550.GA18907@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.