Re: use of non-privileged ports for MNT and NLM

Linux NFS development
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>,
	Steve Dickson <SteveD@redhat.com>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: use of non-privileged ports for MNT and NLM
Date: Tue, 19 Aug 2008 17:22:02 -0400	[thread overview]
Message-ID: <20080819212202.GD8331@fieldses.org> (raw)
In-Reply-To: <0CD0CE08-CB11-419A-9AAC-DEB1AC2B26B3@oracle.com>

On Tue, Aug 19, 2008 at 05:14:54PM -0400, Chuck Lever wrote:
> Working on "resvport" mount option.  Question occurred to me:
>
> If I specify "noresvport" on a mount, can the client also use a non- 
> privileged port for the initial MNT request, and can it use it for the  
> NLM connection as well?
>
> Question applies not just to Linux servers, but servers in general.   
> Brief searching on teh internets does not reveal a quick answer.  I  
> think rpc.mountd will allow a non-privileged port for "insecure"  
> exports.

>From nfs-utils/utils/mountd/auth.c:auth_authenticate_internal():

	if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
                    (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
                     ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
                *error = illegal_port;
                return NULL;
        }

So assuming that function does what it name suggests, I think you're
right.

> I think the answer is "yes, non-privileged ports can be used for MNT and 
> NLM if the server explicitly allows it" but I thought I would open this 
> up to the list.

That's what I would have guessed.

And if the goal is to keep the number of reserved ports from being a
limit, it would be disappointing to eliminate only the ports used for
nfs itself.

--b.

next prev parent reply	other threads:[~2008-08-19 21:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-19 21:14 use of non-privileged ports for MNT and NLM Chuck Lever
2008-08-19 21:22 ` J. Bruce Fields [this message]
2008-08-19 23:44 ` Trond Myklebust

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080819212202.GD8331@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=SteveD@redhat.com \
    --cc=Trond.Myklebust@netapp.com \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox