Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1711897pxf;
        Fri, 19 Mar 2021 13:50:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxndFldvS1CpEkUq9/Dlpb5WRnBJ/jKjeiWFMxqGS5z3vXhkTKQcB9nRgwSX3ew8/L03IdY
X-Received: by 2002:a17:906:9152:: with SMTP id y18mr6565921ejw.19.1616187022688;
        Fri, 19 Mar 2021 13:50:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616187022; cv=none;
        d=google.com; s=arc-20160816;
        b=OBKGEb/zg25ubAuM8Vm3QtjNdDcECaPqG0at25oyKuSRrX1nL42PlfBFIyEJK0GMuf
         mAtNqvp17Oro4ROym4kBWHHjVT/+qBRKp1uatxLlWNKsDRqF+/+n42/YEfn1ZyAQGQZR
         7vd1ihcUcaaYGdOdH9W8U6UdN41TDMNR+9Az0vCsQs6YGmxgg2/NGXaQA2abr6xE8+SW
         xb2S4wAp6SNKu42zyD4WugGgerBY/hGPCuEVZrWRPEIP6Q9Igf1w5bSlEnjGCcxGmuVY
         T/53hWHj0Mx4WsQFzpZEpb9OhqHAzRFLAYESqk5+W8HM7kHuCbPWquKMq4tx03t760Xk
         4Xjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:references:in-reply-to
         :subject:cc:date:to:from;
        bh=365HEiVeWvija585bdqpOxwG/c4+teCQWVLrq9wHjBQ=;
        b=W4WvEUBM0+lbtUrhdzdt+Nb7DnVV2ZUuX49RhAwM8hOfGeuoFglCinZFwCnJwvPMD5
         G8lfWpyg0HVF817rGem/+//ltb0AfJFvHF7R6bMylZwLOrpcCboC1GJh3WsG/KX8kZUN
         3UD0/3Sq+QTG4bf+YJ8mbWXekhJLvBaw7RvVICLpcU5z3K3KPTG10j2PNH+Xr/CAHigQ
         bAHbmHl5jsNRK6srSDacnDbIseL8LRVZrnRaouYC6YcVhO7DY2WkS/N0rC0sgVQxp1gx
         I8JZlbIIhyXEV4OgHPUlDGO5uwDBofw6NNTlUoqNT4NplLVeZc7WW6D9EZOOscew2kDG
         5+Yw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q23si5007481edr.167.2021.03.19.13.49.57;
        Fri, 19 Mar 2021 13:50:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229974AbhCSUsv (ORCPT <rfc822;aboulfad69@gmail.com> + 99 others);
        Fri, 19 Mar 2021 16:48:51 -0400
Received: from mx2.suse.de ([195.135.220.15]:53160 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229912AbhCSUsu (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
        Fri, 19 Mar 2021 16:48:50 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id DDC0BAD8A;
        Fri, 19 Mar 2021 20:48:48 +0000 (UTC)
From:   NeilBrown <neilb@suse.de>
To:     "J. Bruce Fields" <bfields@fieldses.org>
Date:   Sat, 20 Mar 2021 07:48:44 +1100
Cc:     Steve Dickson <SteveD@RedHat.com>,
        Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/5 v2] nfs-utils: provide audit-logging of NFSv4 access
In-Reply-To: <20210319132820.GA31533@fieldses.org>
References: <161456493684.22801.323431390819102360.stgit@noble>
 <20210301185037.GB14881@fieldses.org>
 <874khui7hr.fsf@notabene.neil.brown.name>
 <20210302032733.GC16303@fieldses.org>
 <87y2ejerwn.fsf@notabene.neil.brown.name>
 <20210319132820.GA31533@fieldses.org>
Message-ID: <87lfaieuoj.fsf@notabene.neil.brown.name>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
        micalg=pgp-sha256; protocol="application/pgp-signature"
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 19 2021, J. Bruce Fields wrote:

> On Fri, Mar 19, 2021 at 02:36:24PM +1100, NeilBrown wrote:
>> On Mon, Mar 01 2021, J. Bruce Fields wrote:
>>=20
>> > On Tue, Mar 02, 2021 at 02:01:36PM +1100, NeilBrown wrote:
>> >> On Mon, Mar 01 2021, J. Bruce Fields wrote:
>> >>=20
>> >> > I've gotten requests for similar functionality, and intended to
>> >> > implement it using directory notifications on /proc/fs/nfsd/clients.
>> >>=20
>> >> I've been exploring this a bit.
>> >> When I mount a filesystem, 2 clients get created.
>> >> With NFSv4.0, the second client is immediately deleted, and the first
>> >> client is deleted one grace period after the filesystem is unmounted.
>> >> With NFSv4.1 and 4.2, the first client is immediately deleted, and the
>> >> second client is deleted immediately after the unmount.
>> >
>> > Yeah, internally it's creating an "unconfirmed client" on SETCLIENTID
>> > (or EXCHANGE_ID) and then a new "confirmed client" on
>> > SETCLIENTID_CONFIRM (or CREATE_SESSION).
>> >
>> > I'm not sure why the ordering's a little different between the 4.0/4.1+
>> > cases.
>>=20
>> The multiple clients are not really nfsd's "fault".  The Linux NFS
>> client sends multiple EXCHANGE_ID or SET_CLIENT_ID requests, so NFSD
>> really does need to create multiple clients.
>>=20
>> For NFSv4.0, when nfsd gets a repeat SET_CLIENT_ID, it keeps the old one
>> and discards the new.
>> For NFSv4.1, the spec requires that it keep the new one and discard the
>> old.
>> This explains the different ordering.
>
> Hm, is this the client's trunking-detection logic?

Yes.

>
> In which case, it's not just unconfirmed clients.

For NFSv4.1, only the EXCHANGE_ID is duplicate.  There is only one
CREATE_SESSION, and that is where the client is confirmed.  So only one
confirmed client.

For NFSv4.0 bother SETCLIENTID and SETCLIENDID_CONFIRM are duplicate.
So maybe both clients get confirmed.  I should check that.

>
>> So the clean up the logging, mountd needs to be able to see the
>> confirmation status.
>
> That sounds fine.
>
> (The other possibility might be to just not expose clients till they're
> confirmed.  I don't know if unconfirmed clients are really that
> interesting.  But I guess I'd rather err on the side of exposing more
> information here.)

That was my feeling to: expose all the info, and filter out the
uninteresting bits a point of use.

Thanks,
NeilBrown

>
>> Following this reply will be a patch to nfsd to provide this status, and
>> a patch to mountd/exportd to use this status.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJCBAEBCAAsFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAmBVDiwOHG5laWxiQHN1
c2UuZGUACgkQOeye3VZigblNTBAApFclraFDenLozCrvOfMA5KK4rhNt2PHWUpjR
uzcudGlckKUceBL5bewDCnLNhaUUg6nHavQxc9hIepHYc6SHF7VHwbmJI3o3PDxC
LbThfOm1B7ntEURyYv98pt+C/AZxEUGcWa8rKQa3dK0iGZxbkXRL8nUrf9ZfUCsm
dE7XuU5a2l/n1dlLtyvodCGfItprlBKA5XAdfCrHP0EK5qryi6TOj/hVBOasGR3e
YEDS8giiHGPKSQydmINlATrlUOQrSc1Yk6mgJfOXUTLhnVPULHDagsjOyzMyrydt
h6Si0kMe5+UwVmnRnkW4v9FEqtpG3+NYAL82UNnX5MghStZHwCHC75Nj0OJcwyId
clFjtsSNE/53J5iCdX5s9mF+hxvxiRCrk74UXYQiBG7auigvwl+Flo12FMtBLYGJ
3HCW0SoAjcD51o2gwVX8S47ZGB5i27x6co7cUWZzLT3O2DBclWvPN4Am9PLKvueQ
wd2j85xJ8kdAGvib+nXi4FdJfPwZH600YPAzt6p2yYMHbT4ypq+iRTxjQgMqP6VE
udXn6hb3l8G5LnF6/ET/uXdolBq5X6rBxGmtpPS9yx8TyKVp4pMw55yfSWSFiDRX
71RZDlsqGY0too6nUlB9HvNNtqPcaMF/iWtyjNj+snWflW8dopIgegcjK86/Co+s
72+BVls=
=Kt/c
-----END PGP SIGNATURE-----
--=-=-=--