From: "J. Bruce Fields" <bfields@redhat.com>
To: NeilBrown <neilb@suse.de>
Cc: linux-nfs@vger.kernel.org, Jeff Layton <jlayton@redhat.com>,
"J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 3/3] mountd: prepend '?' to make use_ipaddr clients self-describing
Date: Sat, 28 Apr 2012 07:28:12 -0400 [thread overview]
Message-ID: <1335612492-22574-3-git-send-email-bfields@redhat.com> (raw)
In-Reply-To: <20120428112639.GA22396@fieldses.org>
From: "J. Bruce Fields" <bfields@redhat.com>
Mountd is responsible for filling three interrelated kernel caches:
- auth_unix_ip maps an incoming ip addresses to a "domain".
- nfsd_fh maps (domain, filehandle-fragment) pairs to paths.
- nfsd_export maps (domain, path) pairs to export options.
Note that each export is assocated with a "client" string--the part
before the parentheses in an /etc/export line--which may be a domain
name, a netgroup, etc.
The "domain" string in the above three caches may be either:
- in the !use_ipaddr case, a comma-separated list of client
strings.
- in the use_ipaddr case, an ip address.
In the former case, mountd does the hard work of matching an ip address
to the clients when doing the auth_unix_ip mapping. In the latter case,
it delays that until the nfsd_fh or nfsd_export upcall.
We're currently depending on being able to flush the kernel caches
completely when switching between the use_ipaddr and !use_ipaddr cases.
However, the kernel's cache-flushing doesn't really provide reliable
guarantees on return; it's still possible we could see nfsd_fh or
nfsd_export upcalls with the old domain-type after flushing.
So, instead, make the two domain types self-describing by prepending a
"?" in the use_ipaddr case.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/mountd/auth.c | 16 ++++++++++++----
utils/mountd/cache.c | 2 +-
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 7aa00c4..f5bdfa7 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -112,15 +112,23 @@ auth_reload()
return counter;
}
+static char *get_client_ipaddr_name(const struct sockaddr *caller)
+{
+ char buf[INET6_ADDRSTRLEN + 1];
+
+ buf[0] = '?';
+ host_ntop(caller, buf + 1, sizeof(buf) - 1);
+ return strdup(buf);
+}
+
static char *
get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
enum auth_error *error)
{
- char buf[INET6_ADDRSTRLEN];
char *n;
if (use_ipaddr)
- return strdup(host_ntop(caller, buf, sizeof(buf)));
+ return get_client_ipaddr_name(caller);
n = client_compose(ai);
*error = unknown_host;
if (!n)
@@ -133,12 +141,12 @@ get_client_hostname(const struct sockaddr *caller, struct addrinfo *ai,
bool ipaddr_client_matches(char *dom, nfs_export *exp, struct addrinfo *ai)
{
- return use_ipaddr && client_check(exp->m_client, ai);
+ return (dom[0] == '?') && client_check(exp->m_client, ai);
}
bool namelist_client_matches(char *dom, nfs_export *exp, struct addrinfo *ai)
{
- return !use_ipaddr && client_member(dom, exp->m_client->m_hostname);
+ return (dom[0] != '?') && client_member(dom, exp->m_client->m_hostname);
}
bool client_matches(char *dom, nfs_export *exp, struct addrinfo *ai)
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 02d5313..0e270ba 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -551,7 +551,7 @@ static void nfsd_fh(FILE *f)
auth_reload();
- if (use_ipaddr) {
+ if (dom[0] == '?') {
ai = lookup_client_addr(dom);
if (!ai)
goto out;
--
1.7.7.6
next prev parent reply other threads:[~2012-04-28 11:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-20 22:46 [PATCH 0/3] Fix use_ipaddr race J. Bruce Fields
2012-04-20 22:46 ` [PATCH 1/3] mountd: unconditionally resolve ip address J. Bruce Fields
2012-04-20 22:46 ` [PATCH 2/3] mountd: helper function for export upcall's client matching J. Bruce Fields
2012-04-20 22:46 ` [PATCH 3/3] mountd: ignore use_ipaddr and just try both client types J. Bruce Fields
2012-04-23 1:04 ` [PATCH 0/3] Fix use_ipaddr race NeilBrown
2012-04-28 11:26 ` J. Bruce Fields
2012-04-28 11:28 ` [PATCH 1/3] mountd: parse ip address earlier J. Bruce Fields
2012-04-28 11:28 ` [PATCH 2/3] mountd: add trivial helpers for client-matching J. Bruce Fields
2012-04-28 11:28 ` J. Bruce Fields [this message]
2012-04-28 11:47 ` [PATCH 0/3] Fix use_ipaddr race NeilBrown
2012-04-28 15:59 ` J. Bruce Fields
2012-05-02 1:41 ` J. Bruce Fields
2012-05-02 1:43 ` [PATCH 1/3] mountd: parse ip address earlier J. Bruce Fields
2012-05-02 1:43 ` [PATCH 2/3] mountd: add trivial helpers for client-matching J. Bruce Fields
2012-05-02 1:43 ` [PATCH 3/3] mountd: prepend '$' to make use_ipaddr clients self-describing J. Bruce Fields
2012-05-02 2:07 ` NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1335612492-22574-3-git-send-email-bfields@redhat.com \
--to=bfields@redhat.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).