Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2942698pxb; Sun, 28 Feb 2021 19:24:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJxqCaBTv/mx/ju0cYUFoVE7sDh0FQF60KVH3RGr2eFhbt/7fPRoQhMrOjn9b5Xol1TDWsUF X-Received: by 2002:a05:6402:203:: with SMTP id t3mr14429362edv.306.1614569092911; Sun, 28 Feb 2021 19:24:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614569092; cv=none; d=google.com; s=arc-20160816; b=ezKEFnK6aOt/G5XozOLl8NKhOkOTPhkKGOwbTzazXHGptqBTBbwlPbnkKNLpNYM7hE RXBsg5oU6vTDUmwuSd+AFOxLVAPgkxrrDknTWojrYOzjJOEid47ab5DwyII8XNYACAo9 9s2GC0xsxG6eMKTykFMhPK3iVmJrgXvhvu5fXMOnJGE7BTbrABoK1gZ24qBr0Xrg/g9o DvxVuC4qqZAbkiSvovBo2zVZruY41nOhaAnVFfrm+EGQj/wa+L6nEXH8Xt4D4m4Dhd9h sWDRI6OAkq8WZnBRyAwh28FHTzEH6mu2KX9dDqrlvmfDW2hMkmlZsVOPZcYzwG6p3OtB kF6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:cc:subject:date:to :from; bh=zoUUTPliiZGHHhaamjcWcoEAIDcUTW51kyQo1df2yA0=; b=zaPAzlw7eV3AmU4QbvxbK3+200YtzFfWVXg2Juzk5J2QAHsR4mI4UUPzPQhDZkczfQ iHH5+0MiKm7IcU8ZOBjge5FmcT8Ze8HkMf/2a6yXfZ4HNi5RqOuaGZishNOeAKK41qG6 Ngo/rtemtaisbZdIvwP8WJf3wlK5NTjPucnaUWqIVp1H4MpOIGfgoM4VscuGCyS42Svk Devaa+1QXQYtZsvA0wlMbTbsZRVvpAbJLli9A5B6zPpKJh6znkmjZ3+0y2NjjpCE/g0k mzvMgd9aw9mzK6GTCEVQ5iSgxpUjE4GPsiUJjOT6Va+hxGtAm53KAccR/46of4Mne671 Wz0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f21si1504407edy.337.2021.02.28.19.24.30; Sun, 28 Feb 2021 19:24:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231808AbhCACSi (ORCPT + 99 others); Sun, 28 Feb 2021 21:18:38 -0500 Received: from mx2.suse.de ([195.135.220.15]:58506 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231802AbhCACSh (ORCPT ); Sun, 28 Feb 2021 21:18:37 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 45C0AAF7F; Mon, 1 Mar 2021 02:17:56 +0000 (UTC) From: NeilBrown To: Steve Dickson Date: Mon, 01 Mar 2021 13:17:15 +1100 Subject: [PATCH 4/5] mountd: add --cache-use-ipaddr option to force use_ipaddr Cc: Linux NFS Mailing list Message-ID: <161456503509.22801.5697064120235155947.stgit@noble> In-Reply-To: <161456493684.22801.323431390819102360.stgit@noble> References: <161456493684.22801.323431390819102360.stgit@noble> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: NeilBrown When logging authentication requests, it can be easier to read the logs if clients are always identified by IP address, not intermediate names like netgroups or subnets. To allow this, add --cache-use-ipaddr or -i which tell mountd to always enable use_ipaddr. Signed-off-by: NeilBrown --- support/export/auth.c | 4 ++++ utils/mountd/mountd.c | 10 ++++++++-- utils/mountd/mountd.man | 18 ++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/support/export/auth.c b/support/export/auth.c index 0bfa77d18469..cea376300d01 100644 --- a/support/export/auth.c +++ b/support/export/auth.c @@ -66,6 +66,10 @@ check_useipaddr(void) int old_use_ipaddr = use_ipaddr; unsigned int len = 0; + if (use_ipaddr > 1) + /* fixed - don't check */ + return; + /* add length of m_hostname + 1 for the comma */ for (clp = clientlist[MCL_NETGROUP]; clp; clp = clp->m_next) len += (strlen(clp->m_hostname) + 1); diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 9fecf2f04c3b..b9260aeb86a3 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -75,9 +75,10 @@ static struct option longopts[] = { "manage-gids", 0, 0, 'g' }, { "no-udp", 0, 0, 'u' }, { "log-auth", 0, 0, 'l'}, + { "cache-use-ipaddr", 0, 0, 'i'}, { NULL, 0, 0, 0 } }; -static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gl"; +static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gli"; #define NFSVERSBIT(vers) (0x1 << (vers - 1)) #define NFSVERSBIT_ALL (NFSVERSBIT(2) | NFSVERSBIT(3) | NFSVERSBIT(4)) @@ -681,6 +682,8 @@ read_mountd_conf(char **argv) num_threads = conf_get_num("mountd", "threads", num_threads); reverse_resolve = conf_get_bool("mountd", "reverse-lookup", reverse_resolve); ha_callout_prog = conf_get_str("mountd", "ha-callout"); + if (conf_get_bool("mountd", "cache-use-ipaddr", 0)) + use_ipaddr = 2; s = conf_get_str("mountd", "state-directory-path"); if (s && !state_setup_basedir(argv[0], s)) @@ -803,6 +806,9 @@ main(int argc, char **argv) case 'l': xlog_sconfig("auth", 1); break; + case 'i': + use_ipaddr = 2; + break; case 0: break; case '?': @@ -918,7 +924,7 @@ usage(const char *prog, int n) { fprintf(stderr, "Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n" -" [-l|--log-auth]\n" +" [-l|--log-auth] [-i|--cache-use-ipaddr]\n" " [-o num|--descriptors num]\n" " [-p|--port port] [-V version|--nfs-version version]\n" " [-N version|--no-nfs-version version] [-n|--no-tcp]\n" diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man index df4e5356cb05..44d237e56110 100644 --- a/utils/mountd/mountd.man +++ b/utils/mountd/mountd.man @@ -118,6 +118,23 @@ section. will always log authentication responses to MOUNT requests when NFSv3 is used, but to get similar logs for NFSv4, this option is required. .TP +.BR \-i " or " \-\-cache\-use\-ipaddr +Normally each client IP address is matched against each host identifier +(name, wildcard, netgroup etc) found in +.B /etc/exports +and a combined identity is formed from all matching identifiers. +Often many clients will map to the same combined identity so performing +this mapping reduces the number of distinct access details that the +kernel needs to store. +Specifying the +.B \-i +option suppresses this mapping so that access to each filesystem is +requested and cached separately for each client IP address. Doing this +can increase the burden of updating the cache slightly, but can make the +log messages produced by the +.B -l +option easier to read. +.TP .B \-F " or " \-\-foreground Run in foreground (do not daemonize) .TP @@ -248,6 +265,7 @@ Values recognized in the .B [mountd] section include .BR manage-gids , +.BR cache\-use\-ipaddr , .BR descriptors , .BR port , .BR threads ,