| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Some init systems actually expect daemons to return 0 on success.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is essentially the same as the previous version, but has
been respun to fix up some merge conflicts with some of Chuck's
recent changes.
When we first added tirpc support, we took a "big hammer" approach, and
had it add libtirpc to $LIBS. That had the effect of making it so that
that library was linked into every binary. That's unnecessary, and
wasteful with memory.
Don't let AC_CHECK_LIB add -ltirpc to $LIBS. Instead, have the autoconf
tests set $(LIBTIRPC) in the makefiles, and have the programs that
need it explicitly include that library. In the event that we're not
using libtirpc, then set $LIBTIRPC to a blank string.
This necessitates a change to the bindresvport_sa check too. Since that
library is no longer included in $LIBS, we need to convert that check
to use AC_CHECK_LIB instead of AC_CHECK_FUNCS.
This patch also fixes a subtle bug. If the library was usable, but the
includes were not, the test would set $enable_tirpc to "no", but
HAVE_LIBTIRPC would still be true. That configuration would likely
fail to build.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sm-notify fails to remove monitor records from sm.bak when it has
finally notified a host. This is because of a recent change to send
two SM_NOTIFY requests for each monitored peer: one with the local
host's FQDN, and one with an unqualified version of same. This was
commit baa41b2c: "sm-notify: Send fully-qualified and unqualified
mon_names" (March 19, 2010).
Because of the March 2010 commit, sm-notify modifies the "my_name"
string during notification, but then uses this modified string to try
to find the monitor record to remove. Of course the search for the
record fails. So a persistent monitor record is left in sm.bak.
Aside from leaving trash around, this causes the same hosts to be
notified after every reboot, even if they successfully responded to
the previous SM_NOTIFY and they had no contact with us during the last
boot.
I also noticed that the trick of truncating the argument of SM_NOTIFY
doesn't work at all if a substitute "my_name" was specified via the "-v"
command line option. This patch attempts to address that as well.
sm-notify should preserve the original my_name string so that
nsm_delete_host() can find the correct monitor record to delete. Also
add some degree of protection to the mon_name and my_name strings in
each nsm_host record to prevent a future change from breaking this
dependency.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic in notify_host() watches the host->retries counter to see if
progress is not being made. If progress stalls, notify_host() tries
another IP address. This means sm-notify will generate a fresh
rpcbind query.
After an RPC succeeds, be sure to reset host->retries so sm-notify
doesn't start walking down the host's addrinfo list when we _are_
making progress. In the common case, if the host responds, we avoid
extra rpcbind queries and send all requests for the host to the same
IP address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
An RPC retransmit timeout should start out the same for each new RPC
request. Don't increase the retransmit timeout after receiving the
reply to the rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: refactor the logic in recv_rpcbind_reply() that re-schedules
an nsm_host into a separate helper function
Adjust debugging messages so it's always apparent when an nsm_host is
rescheduled.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like the existing algorithm for verifying the passed-in bind
address is as broken as statd_matchhostname() used to be: for IP
addresses, AI_CANONNAME is useless. We need to have getnameinfo(3) or
equivalent in there.
Clean up: extract the logic that verifies the command line bind
address into its own function, and make it handle canonical name
lookup correctly.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The job of statd_matchhostname() is to work hard at matching two
hostnames or presentation IP addresses that may refer to the same
host.
statd_matchhostname() turns the hostname of the local system into a
list of addresses containing only the loopback address. The actual
DNS registered address of the system does not appear in that list.
Presentation IP addresses, on the other hand, are soundly ignored by
the AI_CANONNAME option of getaddrinfo(3). The ai_canonname string
that is returned is just the same presentation IP address. And the
resulting list of addresses contains just that IP address.
So if the DNS registered IP address of the local host is passed in as
one argument, and the local hostname is passed as the other argument,
statd_matchhostname() whiffs and believes there is no match. To fix
this, the logic needs to be smarter about deriving a hostname from an
IP address.
This appears to cause no end of trouble: monitor records pile up in
/var/lib/nfs/sm and sm.bak, notifications are missed, and so on. This
has likely been around since commit cbd3a131 "statd: Introduce statd
version of matchhostname()" (Jan 14, 2010).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
statd's "-F" flag disables syslog output, and specifies sm-notify's
"-d" option when it runs it. sm-notify's "-d" option should therefore
also disable syslog output.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix a debugging message to report correctly the count of hosts loaded
when statd starts up.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
License texts contain multiple address for FSF, some wrong.
So update them and replace COPYING file with
http://www.gnu.org/licenses/gpl-2.0.txt
which has a few changes to preamble and commentary.
Also remove extra COPYING file from utils/statd/
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
sh -p is not guaranteed to be provided by POSIX shells. dash for
instance does not provide this, so use bash explicitly.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix syntax for line starting with 'visible' according to a patch from
Simon Paillard <spaillard@debian.org> in Debian bug #624261.
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past, rpc.statd posted SM_NOTIFY requests using the same socket
it used for sending downcalls to the kernel. To receive replies from
remote hosts, the socket was bound to INADDR_ANY.
With commit f113db52 "Remove notify functionality from statd in
favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer
used for sending requests to remote hosts. However, the downcall
socket is still bound to INADDR_ANY.
Thus a remote host can inject data on this socket since it is an
unconnected UDP socket listening for RPC replies. Thanks to f113db52,
the port number of this socket is no longer controlled by a command
line option, making it difficult to firewall.
We have demonstrated that data injection on this socket can result in
a DoS by causing rpc.statd to consume CPU and log bandwidth, but so
far we have not found a breach.
To prevent unwanted data injection, bind this socket to the loopback
address.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
At RHEL, if user set port for mountd at /etc/services as
"mount 12345/tcp", mountd should be bind to 12345, but the
latest nfs-utils, mountd get a rand port, not 12345.
This patch make sure mountd be bind to the port which was set
at /etc/service.
Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The synopsis of rpc.statd in its man page lists "-w" as a valid
option. There is currently no support in the source code for a "-w"
option.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=199
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gabor Papp reports nfs-utils-1.2.3 doesn't build on his system that
uses glibc-2.2.5:
make[3]: Entering directory
`/home/gzp/src/nfs-utils-1.2.3/utils/statd'
gcc -DHAVE_CONFIG_H -I. -I../../support/include -D_GNU_SOURCE -Wall
-Wextra -Wstrict-prototypes -pipe -g -O2 -MT sm-notify.o -MD
-MP -MF .deps/sm-notify.Tpo -c -o sm-notify.o sm-notify.c
sm-notify.c: In function 'smn_bind_address':
sm-notify.c:247: error: 'AI_NUMERICSERV' undeclared (first use in this
function)
sm-notify.c:247: error: (Each undeclared identifier is reported only
once
sm-notify.c:247: error: for each function it appears in.)
make[3]: *** [sm-notify.o] Error 1
According to the getaddrinfo(3) man page, AI_NUMERICSERV is available
only since glibc 2.3.4. getaddrinfo(3) seems to convert strings
containing a number to the right port value without the use of
AI_NUMERICSERV, so I think we can survive on older glibc's without it.
It will allow admins to specify service names as well as port numbers
on those versions.
There are uses of AI_NUMERICSERV in gssd and in nfs_svc_create(). The
one in nfs_svc_create() is behind HAVE_LIBTIRPC, and the other is a
issue only for those who want to deploy Kerberos -- likely in both
cases, a more modern glibc will be present. I'm going to leave those
two.
Fix for:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=195
Reported-by: "Gabor Z. Papp" <gzp@papp.hu>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was reported that, if only "lo" is up,
mount.nfs 127.0.0.1:/export /mount
fails with "Name or service not known".
"man 3 getaddrinfo" says this:
If hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4
addresses are returned in the list pointed to by res only if the
local system has at least one IPv4 address configured, and IPv6
addresses are only returned if the local system has at least
one IPv6 address configured.
The man page oversimplifies here. A review of glibc shows that
getaddrinfo(3) explicitly ignores loopback addresses when deciding
whether an IPv4 or IPv6 address is configured.
This behavior around loopback is a problem not just for mount.nfs,
but also for RPC daemons that have to start up before a system's
networking is fully configured and started. Given the history of
other problems with AI_ADDRCONFIG and the unpredictable behavior it
introduces, let's just remove it everywhere in nfs-utils.
This fix addresses:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=191
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 8ce130c4 switched in the new statd_canonical_name() function
that constructs a "unique" name statd can use to uniquely identify a
monitor record.
The legacy statd would monitor a client that sent an IP address with
no reverse map as its caller_name. To remain bug-for-bug compatible,
allow this case in the new statd.
This shouldn't be a problem: statd_canonical_name() needs to create
a unique name for the monitored host so it can keep track of monitor
requests from the same remote. The IP address itself should work as
well as the host's canonical name, in case there is no reverse
mapping.
We still enforce the requirement that a mon_name that is a DNS name
must have a forward map to an IP address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During any file locking interaction between an NFS client and server,
the client tells the server what hostname it will use as the mon_name
argument of the SM_NOTIFY request sent by the client when it reboots.
This is the "caller_name" argument of an NLMPROC_LOCK request.
The server, however, never tells the client what mon_name argument
it will use when sending an SM_NOTIFY request. In order to recognize
the server, clients usually guess what mon_name the server might
send, by using the server hostname provided by the user on the mount
command line.
Frequently, the user provides an unqualified server name on the mount
command. The server might then call the client back with a fully
qualified domain name, which might not match in some cases.
Solaris, and perhaps other implementations, attempt to mitigate this
problem by sending two SM_NOTIFY requests to each peer: one with an
unqualified mon_name argument, and one with a fully qualified mon_name.
Implement such a scheme for sm-notify.
Since my_name is almost always the fully-qualified hostname associated
with the local system, just wiping the left-most '.' in the my_name
argument and sending another SM_NOTIFY is nearly always sufficient.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mon_name argument of an SM_NOTIFY request is a string that
identifies the rebooting host.
sm-notify should send the my_name provided by the local lockd at the
time the remote was monitored, rather than cocking up a mon_name
argument based on the present return value of gethostname(3). If the
local system's hostname happened to change after the last reboot, then
the string returned by gethostname(3) will not be recognized by the
remote. Thus the remote will never initiate lock recovery for the
original named host, possibly leaving stale locks.
The existing behavior of using the -v command line option as the
mon_name argument is preserved, but we now prevent sending an IP
presentation address, as some non-Linux implementations don't
recognize addresses as valid mon_names.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
SM_SIMU_CRASH isn't used, so this warning is never seen today.
However, if we ever wanted to use SM_SIMU_CRASH, this warning
is unnecessarily alarming, and serves no real purpose.
At some point in the near future I'd like us to consider using
SM_SIMU_CRASH, so let's get rid of this message now.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Assuming the tcp_wrappers library can actually support IPv6 addresses,
here's a crack at IPv6 support in nfs-utils' TCP wrapper shim.
Some reorganization is done to limit the number of times that @sap
is converted to a presentation address string.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate these compiler warnings:
tcpwrapper.c: In function logit
tcpwrapper.c:225: warning: unused parameter procnum
tcpwrapper.c:225: warning: unused parameter prognum
Actually, @procnum is not used anywhere in our tcpwrapper.c, so
let's just get rid of it.
Since there is only one logit() call site in tcpwrapper.c, the macro
wrapper just adds needless clutter. Let's get rid of that too.
Finally, both mountd and statd now use xlog(), which adds an
appropriate program name prefix to every message. Replace the
open-coded syslog(2) call with an xlog() call in order to
consistently identify the RPC service reporting the intrusion.
Since logit() no longer references "deny_severity" and no nfs-utils
caller sets either allow_severity or deny_severity, we remove them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expand and clarify the explanation of NSM operation on Linux, and
provide the same text in both man pages.
Update descriptions of the command line options to match the operation
of the current implementation.
Introduce sections discussing security and operational issues, and
IPv6 operation.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If TI-RPC is available, use it to create statd's svc listener. If
not, use the old function, rpc_init(), to create statd's listener.
IPv6 can be supported if TI-RPC is available. In this case,
/etc/netconfig is searched to determine which transports to advertise.
Add the new listener creation API in libnfs.a since other components
of nfs-utils (such as rpc.mountd) will eventually want to share it.
A little re-arrangement of when the statd listener is created is done
to make unregistration of the statd service more reliable. As it is
now, the statd service is never unregistered when it exits. After it
is gone, other programs usually hang when trying to access statd or
see if it's running, since the registration is still there but statd
itself does not respond.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm about to switch the order of listener creation and dropping root
privileges. rpc.statd will drop privileges first, then create its
listeners. The reason for the new ordering is explained in a
subsequent patch.
However, for non-TI-RPC builds, rpc_init() needs to use a privileged
port to do pmap registrations. For both TI-RPC and non-TI-RPC builds,
CAP_NET_BIND is required in case the admin requests a privileged
listener port on the statd command line.
So that these requirements are met, nsm_drop_privileges() will now
retain CAP_NET_BIND while dropping root.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: The contents of NL_ADDR are fixed: they are always the IPv4
loopback address. Some time ago, the use of NL_ADDR() was stubbed out
of the NLM downcall forward path, replaced with a constant IPv4
loopback address.
Stub it out of the reply path as well, and then remove NL_ADDR
entirely.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
| |
SM_STAT is usually not used by most contemporary NSM implementations,
but for consistency, it gets the same treatment as sm_mon_1_svc(),
since both should use the same logic to determine whether a mon_name
is able to be monitored.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
Replace deprecated gethostbyname(3) and gethostbyaddr(3) calls in
monitor.c, and address a couple of memory leaks.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
| |
Provide a shared function to generate canonical names that statd
uses to index its on-disk monitor list. This function can resolve
DNS hostnames, and IPv4 and IPv6 presentation addresses.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support IPv6, statd must support multi-homed remote peers. For our
purposes, "multi-homed peer" means that more than one unique IP
address maps to the one canonical host name for that peer.
An SM_MON request from the local lockd has a "mon_name" argument that
statd reverse maps to a canonical hostname (ie the A record for that
host). statd assumes the canonical hostname is unique enough that
it stores the callback data for this mon_name in a file named after
that canonical hostname.
Because lockd can't distinguish between two unique IP addresses that
may be from the same physical host, the kernel can hand statd a
mon_name that maps to the same canonical hostname as some previous
mon_name. So that the kernel can keep this instance of the mon_name
unique, it creates a fresh priv cookie for each new address.
Note that a mon_name can be a presentation address string, or the
caller_name string sent in each NLMPROC_LOCK request. There's
nothing that requires the caller_name to be a fully-qualified
hostname, thus it's uniqueness is not guaranteed. The current
design of statd assumes that canonical hostnames will be unique
enough.
When a mon_name for a fresh SM_MON request maps to the same canonical
hostname as an existing monitored peer, but the priv cookie is new,
statd will try to write the information for the fresh request into an
existing monitor record file, wiping out the contents of the file.
This is because the mon_name/cookie combination won't match any record
statd already has.
Currently, statd doesn't check if a record file already exists before
writing into it. statd's logic assumes that the svc routine has
already checked that no matching record exists in the in-core monitor
list. And, it doesn't use O_EXCL when opening the record file. Not
only is the old data in that file wiped out, but statd's in-core
monitor list will no longer match what's in the on-disk monitor list.
Note that IPv6 isn't needed to exercise multi-homed peer support.
Any IPv4 peer that has multiple addresses that map to its canonical
hostname will trigger this behavior. However, this scenario will
become quite common when all hosts on a network automatically get both
an IPv4 address and an IPv6 address.
I can think of a few ways to address this:
1. Replace the current on-disk format with a database that has a
uniqueness constraint on the monitor records
2. Create a new file naming scheme; eg. one that uses a truly
unique name such as a hash generated from the mon_name, my_name, and
priv cookie
3. Support multiple lines in each monitor record file
Since statd's on-disk format constitutes a formal API, options 1 and 2
are right out. This patch implements option 3. There are two parts:
adding a new line to an existing file; and deleting a line from a file
with more than one line. Interestingly, the existing code already
supports reading more than one line from these files, so we don't need
to add extra code here to do that.
One file may contain a line for every unique mon_name / priv cookie
where the mon_name reverse maps to the same canonical hostname. We
use the atomic write facility added by a previous patch to ensure the
on-disk monitor record list is updated atomically.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
| |
Currently sm-notify does not use the mon_name and my_name strings
passed to smn_get_host(). Very soon we're going to need the mon_name
and my_name strings, so add code to store those strings in struct
nsm_host, and free them when each host is forgotten.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
Ensure that SM_SIMU_CRASH does not allow non-AF_INET callers to
bypass the localhost check.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the time being, statd is not going to support receiving SM_MON
calls from the local lockd via IPv6.
However, the upcalls (SM_MON, etc.) from the local lockd arrive on the
same socket that receives calls from remote peers. Thus
caller_is_localhost() at least has to be smart enough to notice that
the caller is not AF_INET, and to display non-AF_INET addresses
appropriately.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
| |
We have all the pieces in place, so update sm_notify_1_svc() to handle
SM_NOTIFY requests sent from IPv6 remotes.
This also eliminates a memory leak: the strdup'd memory containing the
callers' presentation address was never freed.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an API to convert a socket address to a presentation address
string. This is used for displaying error messages and the like.
We prefer getnameinfo(3) over inet_?to?(3) as it supports IPv6 scope
IDs. Since statd has to continue to build correctly on systems whose
glibc does not have getnameinfo(3), an inet_?to?(3) version is also
provided.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the near future, statd will support IPv6 but exportfs will not.
Thus statd will need a version of matchhostname() that can deal
properly with IPv6 remotes. To reduce the risk of breaking exportfs,
introduce a separate version of matchhostname() for statd to use while
exportfs continues to use the existing AF_INET-only implementation.
Note that statd will never send matchhostname() a hostname string
containing export wildcards, so is_hostame() is not needed in the
statd version of matchhostname(). This saves some computational
expense when comparing hostnames.
A separate statd-specific implementation of matchhostname() allows
some flexibility in the long term, as well. We might want to enrich
the matching heuristics of our SM_NOTIFY, for example, or replace
them entirely with a heuristic that is not dependent upon DNS.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce generic helpers for managing socket addresses. These are
general enough that they are useful for pretty much any component of
nfs-utils.
We also include the definition of nfs_sockaddr here, so it can be
shared. See:
https://bugzilla.redhat.com/show_bug.cgi?id=448743
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
When IPV6_SUPPORTED is enabled and the local system has IPv6 support,
request AF_INET6 and AF_INET addresses from the DNS resolver.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the "bind to a user-specified port" arm of
smn_create_socket() so it can deal with IPv6 bind addresses.
A single getaddrinfo(3) call can convert a user-specified bind address
or hostname to a socket address, optionally plant a provided port
number, or whip up an appropriate wildcard address for use as the main
socket's bind address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
| |
This patch updates the "bind to an arbitrary privileged port" arm of
smn_create_socket() so it can deal with IPv6 bind addresses.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Socket creation is unfortunately complicated by the need to handle the
case where sm-notify is built with IPv6 support, but the local system
has disabled it entirely at run-time (ie, socket(3) returns
EAFNOSUPPORT when we try to create an AF_INET6 socket).
The run-time address family setting is made available in the global
variable nsm_family. This setting can control the family of the
socket's bind address and what kind of addresses we want returned by
smn_lookup(). Support for that is added in subsequent patches.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The top half of the notify() function creates the main socket that
sm-notify uses to do its job. To make adding IPv6 support simpler,
refactor that piece into a separate function.
The logic is modified slightly so that exit(3) is invoked only in
main(). This is not required, but it makes the code slightly easier
to understand and maintain.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the open code to construct NLM downcalls and PMAP_GETPORT RPC
requests with calls to our new library routines.
This clean up removes redundant code in rmtcall.c, and enables the
possibility of making NLM downcalls via IPv6 transports. We won't
support that for a long while, however.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the open code to construct SM_NOTIFY and PMAP_GETPORT RPC
requests with calls to our new library routines that support
IPv6 and RPCB_GETADDR as well.
This change allows sm-notify to send RPCB_GETADDR, but it won't do
that until the main sm-notify socket supports PF_INET6 and the DNS
resolution logic is updated to return IPv6 addresses.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
|
|
|
|
|
|
| |
Replace open-coded accesses to on-disk NSM information in rpc.statd
with calls to the new API.
Behavior should be much the same as it was before.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace open-coded accesses to on-disk NSM data with calls to the new
libnsm.a API.
One major change is that sync(2) is no longer called when the NSM
state number is updated at boot time. Otherwise sm-notify should
behave much the same as it did before.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up: Move the .x file and the generated C source for NSM to
libnsm.a, echoing the architecture of mountd and exportfs. This makes
the NSM protocol definitions, data types, and XDR routines available
to be shared across nfs-utils.
This simplifies the addition of other NSM-related code (for example
for testing or providing clustering support), and also provides
public data type definitions that can be used to make sense of the
contents of statd's on-disk database.
Because sim_sm_inter.x still resides in utils/statd, I've left some
rpcgen build magic in utils/statd/Makefile.am.
This is an internal organization change only. This patch should not
affect code behavior in any way.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use shared sockaddr port management functions instead of duplicating
this functionality in sm-notify. This is now easy because sm-notify
is linked with libnfs.a, where nfs_{get,set}_port() reside.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|