Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp958908pxb;
        Wed, 3 Mar 2021 22:32:49 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx5uAKsjn1E4cjvSZ4wfijFpgbWUlOOgtm9pmJocPT6nyPLukN7bUZIn2OtuWsDLxOh0DZ5
X-Received: by 2002:a17:906:ada:: with SMTP id z26mr2598424ejf.438.1614839568813;
        Wed, 03 Mar 2021 22:32:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614839568; cv=none;
        d=google.com; s=arc-20160816;
        b=aERp6CrjSdjRIVYrFa95vmzRcQwHMH5LA20r1dFSifjWfFX8JLgmhI5x6yrtb039q7
         4/cfU6SihM5BXseN6sz3eD466z6v5fNUltuz9KYU+zJNDo/M5jNVD1gN/o4eNYu9qOlf
         S1ivq56Oc6uq+ZqN/KcotcDuTFnwCrVwAHw58D9n7LMD/wUAYxVCyY1LlmhBexsL0ZQi
         X8OiDf4OcdLynsK+oYzEMbTh/dyujwPLIm6BilR/dA/Kd80cE5gGhuhRJpP78dR2o0RA
         4ECDfLwEPVq4sEY7CkN+NSbYjjDNRHw3oXaMZYie8T2fVpoRYfipKJhqtJ5vf1vJnSji
         J08Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:references:in-reply-to
         :subject:cc:date:to:from;
        bh=H7jOpP751sGFRrtYKVbY9rlQplvWg0dDclBzw3moz3k=;
        b=urbEPJrfewE2n3krCwFP3BPhNjjanrpYkfMIea/T1zRBqNTMDPRbGZkc2qE5cUUGZj
         TYBkNiv+Yon8ATwfaNWTsKAHmhLJQ1sp+8vyazNvzAN1NtuDbPQGCNfFykDd8RqtkVlp
         TrWLMWUAX/JISSAmH5ehz6GXti8URJroAEeqX2yIRBhn320neTR1ASnoz1g+QC5yR7jV
         C4DBF3Nj80rQrL8z16FnbpTQHulsA5IxXWlbEDK+s5K+PEQkqOL6xFPB6VAD0NOrhlrD
         wVym1+zAd76rCEG2h947SIA0CRWqEU4W8N4I6neNZ5rRdCpHodsQbWPIOS2shf7o/CXV
         QH1w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y25si16876945edm.396.2021.03.03.22.32.10;
        Wed, 03 Mar 2021 22:32:48 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244632AbhCBSPj (ORCPT <rfc822;geliangtang@gmail.com>
        + 99 others); Tue, 2 Mar 2021 13:15:39 -0500
Received: from mx2.suse.de ([195.135.220.15]:49194 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1444718AbhCBCoT (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
        Mon, 1 Mar 2021 21:44:19 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id B079CABF4;
        Tue,  2 Mar 2021 02:26:23 +0000 (UTC)
From:   NeilBrown <neilb@suse.de>
To:     Yongcheng Yang <yoyang@redhat.com>
Date:   Tue, 02 Mar 2021 13:26:18 +1100
Cc:     Steve Dickson <SteveD@redhat.com>,
        Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/5 v2] nfs-utils: provide audit-logging of NFSv4 access
In-Reply-To: <20210301034312.GA12690@yoyang-pc.usersys.redhat.com>
References: <161456493684.22801.323431390819102360.stgit@noble>
 <20210301034312.GA12690@yoyang-pc.usersys.redhat.com>
Message-ID: <877dmqi94l.fsf@notabene.neil.brown.name>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
        micalg=pgp-sha256; protocol="application/pgp-signature"
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 01 2021, Yongcheng Yang wrote:

> Hi NeilBrown,
>
> Shall we further add these 2 options (cache-use-ipaddr & ttl) with
> their default values to the file /etc/nfs.conf under section [mountd]?
> By which the users can find it easier to configure them.
>
> Also someone may check the mountd "Recognized values" from
> nfs.conf(5), the file systemd/nfs.conf.man may also needs to be
> updated mentioning "cache-use-ipaddr" and "ttl" IMHO.=20

Excellent suggestion, thanks.

I've made those changes and will resend the series.

Thanks,
NeilBrown

>
> Thanks,
> Yongcheng
>
>
> On Mon, Mar 01, 2021 at 01:17:15PM +1100, NeilBrown wrote:
>> V1 of this series didn't update the usage() message for mountd,
>> and omited the required ':' after the 'T' sort-option.  This=20
>> series fixes those two omissions.
>>=20
>> Original series comment:
>>=20
>> When NFSv3 is used mountd provides logs of successful and failed mount
>> attempts which can be used for auditing.
>> When NFSv4 is used there are no such logs as NFSv4 does not have a
>> distinct "mount" request.
>>=20
>> However mountd still knows about which filesysytems are being accessed
>> from which clients, and can actually provide more reliable logs than it
>> currently does, though they must be more verbose - with periodic "is
>> being accessed" message replacing a single "was mounted" message.
>>=20
>> This series adds support for that logging, and adds some related
>> improvements to make the logs as useful as possible.
>>=20
>> NeilBrown
>>=20
>> ---
>>=20
>> NeilBrown (5):
>>       mountd: reject unknown client IP when !use_ipaddr.
>>       mountd: Don't proactively add export info when fh info is requeste=
d.
>>       mountd: add logging for authentication results for accesses.
>>       mountd: add --cache-use-ipaddr option to force use_ipaddr
>>       mountd: make default ttl settable by option
>>=20
>>=20
>>  support/export/auth.c      |  4 +++
>>  support/export/cache.c     | 32 +++++++++++------
>>  support/export/v4root.c    |  3 +-
>>  support/include/exportfs.h |  3 +-
>>  support/nfs/exports.c      |  4 ++-
>>  utils/mountd/mountd.c      | 30 +++++++++++++++-
>>  utils/mountd/mountd.man    | 70 ++++++++++++++++++++++++++++++++++++++
>>  7 files changed, 131 insertions(+), 15 deletions(-)
>>=20
>> --
>> Signature
>>=20

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJCBAEBCAAsFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAmA9oksOHG5laWxiQHN1
c2UuZGUACgkQOeye3VZigbljsQ/+P8sYq4w/PVHoJHPSSWBSRrJRiXc14bG7ivlN
EbBRywI1PrhrGUvu5vrTR1EV8PV4HPXYz8ZbSKUZ6oweDy/7n7MaMZTtpvrZIR3V
bz7g8ctjZh6VOb6OxpoDjQgw3fx3ow+X3nQkQCYdYCWnOATlozPvd988XaXtBq7V
mWD3CCb9xQ32YiyhUDTxi0Awdnfo6iM0r8iuy1QfTV7YcluiVCtrZPZdXL7Gl9fk
XnSI29wPQ95TxZMSnVumWF0VPuhufaJaw0dK99LYKVr1zUlORgCWBdLJi1PEDVkG
B+DuqRVR/yPKQsyhEMacOTqmANKooSG/SVL8oRBDpOMqbPSZ/EEA/qLWA+hEpNyy
aAUnnAav6/6X6Ldxo25th+sz0EtiiKJfsn0GZahPuPPpGJh6zpCzHMUJY3N+P/ST
xCC581YOZGSxbb8qiJyqGR8Q8mXlgJnyu5NCFhVOmCiOv45cyAlltizxbZzSD1IX
+rChgis0j8r+VALxvwc06XZYwuk2hezqijj3QQKGJ4vp/m6rkYQhxd6fmyCWGQ8Q
iESGFOjmhgyYwJ0vVacCke4VlxJ86KRvlNNhn5OCk0YWECQ9tsmx5oI2r9cQpKlY
w0npk753dJdLZm1brxjq8wuvsLn8orF5nFVrSCt4kxCFnlXeJ0EhXttnTw96Cbj+
Ff3WHVY=
=H6IU
-----END PGP SIGNATURE-----
--=-=-=--