Re: [PATCH 0/3] mountd: disabling turning off TCP listeners (v2)

[Steve Dickson <SteveD@redhat.com>]

On 25/10/13 08:29, Jeff Layton wrote:
> On Fri, 25 Oct 2013 08:23:29 -0400
> Steve Dickson <SteveD@redhat.com> wrote:
> 
>>
>>
>> On 25/10/13 07:43, Jeff Layton wrote:
>>> On Thu, 24 Oct 2013 15:45:03 -0400
>>> Steve Dickson <SteveD@redhat.com> wrote:
>>>
>>>>
>>>>
>>>> On 24/10/13 14:45, Jeff Layton wrote:
>>>>> On Thu, 24 Oct 2013 14:17:10 -0400
>>>>> Steve Dickson <steved@redhat.com> wrote:
>>>>>
>>>>>> [ Here is the second try for these patches incorporating the code review..]
>>>>>>
>>>>>> Recently it was pointed out to me that the [-n | --no-tcp] flags 
>>>>>> were broken in mountd. Sure enough they are and they broke 
>>>>>> when nfs-utils moved to using libtirpc, which was years ago.
>>>>>>
>>>>>> Obviously nobody is using these flags since has not been 
>>>>>> notice until now, but it seemed to me it no longer makes 
>>>>>> any sense to have flags. We really want people to use TCP 
>>>>>> so why should there be a way to turn it off? It should be
>>>>>> the opposite... They should be able to turn off UDP listeners
>>>>>> not TCP... 
>>>>>>
>>>>>>
>>>>>> Steve Dickson (3):
>>>>>>   mountd: Use protocol bit fields to turn protocols off.
>>>>>>   mountd: Deprecate the ability to disable TCP listeners.
>>>>>>   mountd: Add the ability to disable UDP listeners.
>>>>>>
>>>>>>  support/include/rpcmisc.h |  2 +-
>>>>>>  support/nfs/rpcmisc.c     | 19 ++++++++++++++-----
>>>>>>  support/nfs/svc_create.c  |  5 +++++
>>>>>>  utils/mountd/mountd.c     | 17 ++++++++++++-----
>>>>>>  utils/mountd/mountd.man   |  6 +++---
>>>>>>  5 files changed, 35 insertions(+), 14 deletions(-)
>>>>>>
>>>>>
>>>>> Sorry I'm coming in late on this...
>>>> np... I was expecting more push back! ;-) 
>>>>
>>>>>
>>>>> I don't think we want to remove the ability to disable TCP listeners.
>>>>>
>>>>> Why, you ask? We've been on a multi-year effort to move people to
>>>>> NFSv4, and with that, there's no reason to have mountd listen on the
>>>>> network at all.
>>>> True...
>>>>
>>>>>
>>>>> So personally, I think it would make sense to:
>>>>>
>>>>> a) allow people to disable listening on UDP in addition to TCP
>>>> I see no reason whatsoever to turn off TCP listeners especially
>>>> since that is the protocol of choice... something we have 
>>>> be spouting about for years...  
>>>>  
>>>
>>> There are reasons to be able to turn off TCP listeners:
>>>
>>> If you're running a NFSv4-only server, there's no reason to allow it to
>>> listen on TCP _or_ UDP sockets. I think that sort of environment is
>>> going to become more prevalent in the future, not less.
>> I ideally it would be best not to have mountd at all on NFSv4-only server.
>> Basically, have the kernel get its exports like it gets it ID mappings.
>> Until that day comes, which I hope fill be soon, the TCP listener 
>> only effects v3 mounts and we definitely want people to use TCP
>> with v3. 
>>  
> 
> We want people to use TCP for NFS protocol with v3. In general however,
> we do *not* want them using TCP for the MNT protocol. We've had many
> problems in the past with clients hitting reserved port exhaustion due
> to using TCP for short-lived sockets to carry MNT traffic. This is the
> reason that the client defaults to UDP for MNT traffic.
True... but with v4 now being the default, the admin would really have
to change things for this to happen... 

I guess I really don't care if they can or can not turn off UDP,
I just think it makes sense  for people to be able to disable
the best transport for v3 mounts... 

steved.

> 
>>  
>>>
>>>>>
>>>>> ...or...
>>>>>
>>>>> b) add an option that prevents it from listening on any sockets for a
>>>>>    v4-only configuration
>>>> In this case it would optimal to not even start mountd, unfortunately
>>>> due to exports reasons, it not possible... but it should be!! :-) 
>>>>   
>>>
>>> Right, mountd has 2 jobs:
>>>
>>> 1) respond to MNT protocol requests from clients
>>>
>>> ...and...
>>>
>>> 2) feed exports info to the kernel
>>>
>>> For v4, you obviously don't need the first role, so being able to
>>> disable network listeners is a good thing in such a configuration.
>> Again, I would rather build an v4 only environment where mountd
>> does not even run... 
>>
> 
> I'd be fine with that. But until that materializes we're stuck with
> running mountd in some form on the server.
> 
>>  
>>>
>>>>>
>>>>> In addition, we generally do want people to use UDP for the MNT
>>>>> protocol because it's less apt to cause issues with reserved port
>>>>> exhaustion. Given that it'll continue to listen on a UDP socket by
>>>>> default, that last point is less of an issue, but that might be a good
>>>>> reason to rethink this whole plan.
>>>>>
>>>> I did think of this.... UDP is on by default... Is up the admin... 
>>>>
>>>
>>> That's good. I have no objection to adding an option to disable UDP
>>> listeners if the admin chooses. I just think it would be best to fix
>>> the ability to disable TCP listeners as well instead of removing it.
>>>
> 
>