From: Trond Myklebust <trondmy@hammerspace.com>
To: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"steved@redhat.com" <steved@redhat.com>,
"alex@caoua.org" <alex@caoua.org>
Subject: Re: [PATCH] mount: If a reserved ports is used, do so for the pings as well
Date: Sun, 21 Apr 2024 22:14:58 +0000 [thread overview]
Message-ID: <ae1d55fc8e6951832548323228fc2b9a0eb5dfe4.camel@hammerspace.com> (raw)
In-Reply-To: <32779e7d-1f5d-449d-890f-6d26f0d6cf4a@redhat.com>
On Sun, 2024-04-21 at 17:38 -0400, Steve Dickson wrote:
>
>
> On 4/21/24 12:06 PM, Trond Myklebust wrote:
> > On Sun, 2024-04-21 at 07:09 -0400, Steve Dickson wrote:
> > >
> > >
> > > On 4/12/24 6:26 AM, Alexandre Ratchov wrote:
> > > > Hi,
> > > >
> > > > mount.nfs always uses a high port to probe the server's ports
> > > > (regardless of
> > > > the "-o resvport" option). Certain NFS servers (ex. OpenBSD -
> > > > current) will
> > > > drop the connection, the probe will fail, and mount.nfs will
> > > > exit
> > > > before any
> > > > attempt to mount the file-system. If mount.nfs doesn't ping
> > > > the
> > > > server from
> > > > a high port, mounting the file system will just work.
> > > >
> > > > Note that the same will happen if the server is behind a
> > > > firewall
> > > > that
> > > > blocks connections to the NFS service that originates from a
> > > > high
> > > > port.
> > > Committed... (tag: nfs-utils-2-7-1-rc7)
> > >
> > > I just hope we don't run out of privilege ports during
> > > a mount storm (aka when a server reboots).
> >
> > Agreed, and that is why this change was entirely the wrong thing to
> > do.
> Well the patch was sitting around for a while without any objection
> so I figured I would go with it since it would make mounts
> work on other OSs
>
> >
> > The point of the ping is to allow for fast failover in the case
> > where
> > the portmap/rpcbind server returns incorrect or stale information.
> >
> > If there are servers out there that deliberately break the
> > convention
> > for NULL ping, as described in RFC5531, then we might allow
> > optional
> > use of the privileged port for those servers, but please don't
> > force
> > this on everyone else.
> The patch is on the top of stack... easy revert-able... Is that what
> you are suggesting?
That is my suggestion for now, yes.
I don't have any objection to a patch that adds opt-in functionality
either to turn off the NULL ping, or to force that ping to use a
privileged port. However we should not change the default behaviour to
cause the existing paucity of privileged ports to be even more of a
problem.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2024-04-21 22:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 10:26 [PATCH] mount: If a reserved ports is used, do so for the pings as well Alexandre Ratchov
2024-04-21 11:09 ` Steve Dickson
2024-04-21 16:06 ` Trond Myklebust
2024-04-21 21:38 ` Steve Dickson
2024-04-21 22:14 ` Trond Myklebust [this message]
2024-05-09 14:56 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae1d55fc8e6951832548323228fc2b9a0eb5dfe4.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=alex@caoua.org \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox