Re: [PATCH] rpcbind: don't ignore bind and init_transport errors

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ben Greear <greearb@candelatech.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: "Jan Rękorajski" <baggins@sith.mimuw.edu.pl>,
	"Steve Dickson" <SteveD@redhat.com>,
	linux-nfs <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] rpcbind: don't ignore bind and init_transport errors
Date: Mon, 20 Sep 2010 09:33:50 -0700	[thread overview]
Message-ID: <4C978CEE.7090503@candelatech.com> (raw)
In-Reply-To: <02C38759-5236-454B-8F7B-02F9419B1532@oracle.com>

On 09/20/2010 09:21 AM, Chuck Lever wrote:
>
> On Sep 20, 2010, at 11:31 AM, Jan Rękorajski wrote:
>
>> On Mon, 20 Sep 2010, Chuck Lever wrote:
>>
>>>
>>> On Sep 17, 2010, at 6:22 PM, Jan Rękorajski wrote:
>>>
>> [snip]
>>>>
>>>> What about TCP then?  My patch was a by-product of trying to make '-h<IP>'
>>>> also work for tcp sockets, so if we skip unbindable addresses for UDP,
>>>> then will it be ok to do the same for TCP?
>>>
>>> Interesting.  Now that I've actually looked at the documentation>>
>>> blush<<  rpcbind(8) explicitly says that "-h" is only for UDP.  I seem
>>> to recall that the legacy portmapper had a problem on multi-homed
>>> hosts where a request was received on one interface, and the reply was
>>> sent out another.
>>>
>>> This is certainly a problem for datagram transports, but shouldn't be
>>> an issue for connection-oriented transports: the reply is always sent
>>> on the same connection as the request was received.
>>>
>>> Can you say a little more about why do you need "-h" to work for
>>> connection-oriented sockets?
>>
>> I have a multihomed nfs server, and I don't want the portmapper to even
>> listen on an outside interface.
>
> Understood, but that is accomplished with firewalling, these days.  Usually, NFS servers are not run on the edge of private networks unless they are serving files to public hosts.
>
> None of NFS's RPC daemons allow you to set a bind address, with one exception.  rpc.statd allows one to specify a "bind address" in the form of a host name for reasons specific to the NSM protocol.

Simply not listening to an IP may be more convenient (and perform better)
than setting up firewalls.

Binding also allows one to specify which interface to use if you have
two interfaces on the same subnet.

I posted a patch a week or two ago that allowed the kernel components
to bind to specific IPs.  I'm glad to see I'm not the only one interested
in this, and hopefully we can start making all parts of NFS able to bind
to specific IPs when requested.

Thanks,
Ben

-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

next prev parent reply	other threads:[~2010-09-20 16:34 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-17 18:12 [PATCH] rpcbind: don't ignore bind and init_transport errors Jan Rękorajski
2010-09-17 18:26 ` Chuck Lever
2010-09-17 19:04   ` Jan Rękorajski
2010-09-17 19:27     ` Chuck Lever
2010-09-17 22:22       ` Jan Rękorajski
2010-09-20 14:29         ` Chuck Lever
2010-09-20 15:31           ` Jan Rękorajski
2010-09-20 16:21             ` Chuck Lever
2010-09-20 16:33               ` Ben Greear [this message]
2010-09-20 16:48               ` Jan Rękorajski
2010-09-20 18:53                 ` Chuck Lever
2010-09-20 19:03                   ` Ben Greear
2010-09-20 19:24                     ` Chuck Lever
2010-09-21  9:08                   ` Jan Rękorajski
2010-09-21 11:55                   ` Steve Dickson
2010-09-21 15:23                     ` Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C978CEE.7090503@candelatech.com \
    --to=greearb@candelatech.com \
    --cc=SteveD@redhat.com \
    --cc=baggins@sith.mimuw.edu.pl \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.