From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Nikolaus Rath <Nikolaus@rath.org>,
linux-nfs@vger.kernel.org, nfsv4@ietf.org
Subject: Re: NFS4 over VPN hangs when connecting > 2 clients
Date: Mon, 19 Mar 2012 12:28:51 -0400 [thread overview]
Message-ID: <20120319162851.GA22336@fieldses.org> (raw)
In-Reply-To: <20120312212708.GC8991@fieldses.org>
On Mon, Mar 12, 2012 at 05:27:08PM -0400, J. Bruce Fields wrote:
> On Mon, Mar 12, 2012 at 05:14:16PM -0400, Chuck Lever wrote:
> > IMO, the server should do a comparison of the nfs_client_id4 strings,
> > and nothing else.
>
> We're supposed to return CLID_INUSE when we see a setclientid from a
> "different" client using the same string, to keep clients from doing
> mischief with other clients' state (either maliciously or, as in this
> case, accidentally).
>
> "Different" here is defined as "not having the same principal". I know
> what that means in the krb5 case, but I'm less certain in the auth_sys
> case.
Cc'ing the ietf list. Is it reasonable for a server to expect
setclientid's to come from the same client IP address at least in the
auth_sys case, or could that break multi-homed clients?
At least in the auth_sys case IP addresses are one of the only things we
have left to go on when the client's identifier-generation is messed up
(not that difficult).
--b.
next prev parent reply other threads:[~2012-03-19 16:28 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-11 1:34 NFS4 over VPN hangs when connecting > 2 clients Nikolaus Rath
2012-03-12 16:20 ` Nikolaus Rath
2012-03-12 19:31 ` J. Bruce Fields
2012-03-12 19:45 ` Nikolaus Rath
2012-03-12 20:15 ` J. Bruce Fields
2012-03-12 20:30 ` Nikolaus Rath
2012-03-12 20:42 ` J. Bruce Fields
2012-03-12 20:49 ` Chuck Lever
2012-03-12 21:04 ` J. Bruce Fields
2012-03-12 21:14 ` Chuck Lever
2012-03-12 21:27 ` J. Bruce Fields
2012-03-19 16:28 ` J. Bruce Fields [this message]
2012-03-19 16:44 ` [nfsv4] " Rick Macklem
2012-03-19 17:06 ` Rick Macklem
2012-03-19 17:36 ` J. Bruce Fields
2012-03-19 17:47 ` Chuck Lever
2012-03-19 18:24 ` Myklebust, Trond
2012-03-19 18:27 ` J. Bruce Fields
2012-03-19 18:29 ` Chuck Lever
2012-03-19 18:39 ` J. Bruce Fields
2012-03-19 18:42 ` Chuck Lever
2012-03-19 18:54 ` J. Bruce Fields
2012-03-19 19:00 ` Chuck Lever
2012-03-19 19:08 ` J. Bruce Fields
2012-03-19 18:43 ` Nikolaus Rath
2012-03-19 22:25 ` Rick Macklem
2012-03-20 13:29 ` Nikolaus Rath
2012-03-20 13:55 ` Myklebust, Trond
2012-03-20 14:36 ` Nikolaus Rath
2012-03-20 16:49 ` Myklebust, Trond
2012-03-20 14:01 ` Chuck Lever
2012-03-20 14:38 ` Nikolaus Rath
2012-03-20 15:53 ` Chuck Lever
2012-03-19 18:51 ` Nikolaus Rath
2012-03-19 18:56 ` J. Bruce Fields
2012-03-19 22:31 ` Rick Macklem
2012-03-19 18:26 ` Myklebust, Trond
2012-03-12 21:24 ` Nikolaus Rath
2012-03-12 21:27 ` Chuck Lever
2012-03-12 21:38 ` Nikolaus Rath
2012-03-12 21:46 ` Chuck Lever
2012-03-12 21:54 ` Chuck Lever
2012-03-12 21:54 ` Nikolaus Rath
2012-03-12 21:57 ` Myklebust, Trond
2012-03-13 13:23 ` Nikolaus Rath
2012-03-13 14:50 ` Myklebust, Trond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120319162851.GA22336@fieldses.org \
--to=bfields@fieldses.org \
--cc=Nikolaus@rath.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=nfsv4@ietf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.