Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp1219356lqo; Thu, 9 May 2024 07:56:43 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW/4BW8NyP0vybi3EP9qcG4WjYGaBkIP4xM9mLUlh04DbEPBQPTLrsiVo1PCS9j+uoyXoecnCbjN1NwBrlEwFxKpaAOKyGIk7cSm5B5sA== X-Google-Smtp-Source: AGHT+IEJ8Cy4tI7U9fpPrFXuZA+A/KvWCF4R6WDSEJRjNm0r8khP4wZCAfUb7IBQG+fXsFDORat5 X-Received: by 2002:a05:6830:4101:b0:6ee:3b91:5e3b with SMTP id 46e09a7af769-6f0b7eb0cabmr8061916a34.27.1715266603437; Thu, 09 May 2024 07:56:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715266603; cv=pass; d=google.com; s=arc-20160816; b=fHrzhxi+XXtPoAa/S+O9cka7Qqxa2OnrNq0vCtzy7JR+6ioybnwPO9bDQ0RSECesWt rUO+7fUKTyPQbIdWOa6O0Af6ha/DfLAPDWcl5pbE2M3/bDUcRTTY3Nwkoz01WgCUWNn/ GqP4aPsxL+/1icsujia+l/NHYLtTQyQBy6Ji2iKBYUjGrhrq82qlGmaSjr+DNX63hPt/ 9tHIb5CNIYb2tbv/1VDBqemeIZao8PbsgaICX9gBrtFlA1Wtkpxf+pEg8oCJ7fEPiRyS Ly7+EjRwU1OokU7u2ZJwKTfZXkul40hYXgXJuZwnTFV31eh/P+OOptoaC2AaKVPnyoKY CoXA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=QzJ0Cm3OUl9P8i6t1c6wwHK+AH1YO3y2nyZ99a0NTSU=; fh=vWGpLXwc+HIF+Gjl4+u0lhQgCp4bijMuqbWzjyJNPgY=; b=hrojlc/JBAPDE0eRqVcgCs6k7JQddnfOnkZDzFo7ncOmt1v4FGkJs962kQsRZVIMF5 SLYP3Xqh81jL5xI3Gc7FypRg2eWpeB34t5L2Ms4dWnofGoO4ABY+L7QvkEtdNb8ePhIC nS5FoOYQyU578cxRNOpb/jRwG/rWA3SN8uqPFR8LuoTMVNxcDVNCTkY3PZGNDnagQnVQ W9i3DII5abmXc2UqAzM8IUQHSD6DNEOZnYQeaFP9L0OI/Y0nC/YCVxOcT7GefKiVc55O 9OOgrj5t9XoNa+aYi4pQf7iIGqrTvtTEfnoKNT8sFTnEHsmPQEyLySaXMrQrrp9eejOC Odhw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="aeo3//GI"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-nfs+bounces-3223-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-nfs+bounces-3223-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id af79cd13be357-792bf34049dsi139470385a.528.2024.05.09.07.56.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 May 2024 07:56:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs+bounces-3223-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="aeo3//GI"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-nfs+bounces-3223-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-nfs+bounces-3223-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 169A91C2048B for ; Thu, 9 May 2024 14:56:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9A0ED3A8CB; Thu, 9 May 2024 14:56:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="aeo3//GI" X-Original-To: linux-nfs@vger.kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4AA91A2C3A for ; Thu, 9 May 2024 14:56:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715266600; cv=none; b=qz7DVMBiMbbdaVB/ZTrmB+kdXymteCEujyaY8qBEwqNod/hX6Jzn6kJWXnIshCtN0Oq/A0eybHBUS3Fxe6llaPzufC+tyIbWNI3eS0e5p3MwhokDB1Tcl+oNGqBAwZxDumxtTuM+xcjpwnVmG+0iYuXuKzsalx2ALNPpwor1Dkk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715266600; c=relaxed/simple; bh=OxkEaiMbL04LDCaNNAhNBhg/6eEUU3AHPlsXmHN1lVU=; h=Message-ID:Date:MIME-Version:Subject:To:References:From: In-Reply-To:Content-Type; b=DHn3+ou+IMLAE9x6FkJedmwOjNd1U1wMibIug32hFfCwOwKFA320Y6POwZDcVYRCNj8dnfhKQnoqEdAnXSoUhabUmLe3Ii/Vh+QCIoRnovNSi3GvMAfNOSIpRl9g7S/dPlqrb8ixboaFqxSbGbWLMzgj3rrrugDyc23GkeXrkrA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=aeo3//GI; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715266597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QzJ0Cm3OUl9P8i6t1c6wwHK+AH1YO3y2nyZ99a0NTSU=; b=aeo3//GIU9S6FL0C8MmwGZGKYiBFMXP0dBX26VMq5C3Xk1p+ZSzivWc2Eu15YY7TKR9ec3 D2Rzx1CDQjfNHASTUQPlp4T+gYu4nkFV1f4aBU8Ncv4/+giGPsQKlGXnOP7Bi92dKepQj8 MraVMmFTJCZ6SqUL9awBkW47s+SA550= Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-146-PrAefuI5O-2tsIxKZ3cESQ-1; Thu, 09 May 2024 10:56:21 -0400 X-MC-Unique: PrAefuI5O-2tsIxKZ3cESQ-1 Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-2b4331da4a8so334073a91.1 for ; Thu, 09 May 2024 07:56:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715266580; x=1715871380; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QzJ0Cm3OUl9P8i6t1c6wwHK+AH1YO3y2nyZ99a0NTSU=; b=sN2mIQt1KNOkKZ+M7O8DfmSlm+72h5zzv/ixJywtGyIUGS10fK/mNH3F+et1blM+VY OeiKaS1WizEpiZLJ67itAW+yMhg54xa3RPE50i0P4/lM+wLPnd3zkXRhbjpFLb0raVDO QNVb5q/bYFqDP1G+YY1bOjsKYxbN1l4bV5tooYvud4A63sBRM9N7U9L5LJY5QTpMeUcY FINAJq/lJj+FTm0wroeHkYlfImEGebA9XqMX3HcXPkLCJkUgZsDNeW/xX+RBl+8iCfa8 VsxKfsMC9COxGFsFZhK66vEeX+jpvPv29cwm6v/aB9Wu7R6FqnSUOeEo5Yml6sNtxXdJ IGew== X-Forwarded-Encrypted: i=1; AJvYcCXccc0ycLeZWnwmmFyGXcPWRgUMVINZYqubq+qcNdppeN8OaT38hSehJokdW0RN1XrDyTtNUC94dkufn4h0byl4FK3qK6L2NsP4 X-Gm-Message-State: AOJu0YylTpjwD7jLOFIZeFqYzxjFHqzT0F6evXl0kl9abw4sgn7RSAyC q5WYr/Vc7KAHr0VFvn66pRjJ9o4O+vV8d96sqf7q22qsFn4c21bz9TLPjDI1FyGz614KdCl1WON iqqI9UOQlGkIqL7MOgNRUe10gFxmEBPNcVDTWrZrsKtTrcE0WidyVbY2bQsy4ZxUOaQ== X-Received: by 2002:a17:902:ecc7:b0:1de:ddc6:27a6 with SMTP id d9443c01a7336-1eeb01a3cffmr64810405ad.2.1715266580271; Thu, 09 May 2024 07:56:20 -0700 (PDT) X-Received: by 2002:a17:902:ecc7:b0:1de:ddc6:27a6 with SMTP id d9443c01a7336-1eeb01a3cffmr64810175ad.2.1715266579800; Thu, 09 May 2024 07:56:19 -0700 (PDT) Received: from [10.19.60.48] (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bad9e66sm15243725ad.110.2024.05.09.07.56.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 09 May 2024 07:56:18 -0700 (PDT) Message-ID: Date: Thu, 9 May 2024 10:56:16 -0400 Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] mount: If a reserved ports is used, do so for the pings as well To: Trond Myklebust , "linux-nfs@vger.kernel.org" , "alex@caoua.org" References: <42faba18-0042-407e-9957-497806cfeed1@redhat.com> <838909fda3f022bdf1ae3775ae0c0395e6102f85.camel@hammerspace.com> <32779e7d-1f5d-449d-890f-6d26f0d6cf4a@redhat.com> Content-Language: en-US From: Steve Dickson In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 4/21/24 6:14 PM, Trond Myklebust wrote: > On Sun, 2024-04-21 at 17:38 -0400, Steve Dickson wrote: >> >> >> On 4/21/24 12:06 PM, Trond Myklebust wrote: >>> On Sun, 2024-04-21 at 07:09 -0400, Steve Dickson wrote: >>>> >>>> >>>> On 4/12/24 6:26 AM, Alexandre Ratchov wrote: >>>>> Hi, >>>>> >>>>> mount.nfs always uses a high port to probe the server's ports >>>>> (regardless of >>>>> the "-o resvport" option).  Certain NFS servers (ex.  OpenBSD - >>>>> current) will >>>>> drop the connection, the probe will fail, and mount.nfs will >>>>> exit >>>>> before any >>>>> attempt to mount the file-system.  If mount.nfs doesn't ping >>>>> the >>>>> server from >>>>> a high port, mounting the file system will just work. >>>>> >>>>> Note that the same will happen if the server is behind a >>>>> firewall >>>>> that >>>>> blocks connections to the NFS service that originates from a >>>>> high >>>>> port. >>>> Committed... (tag: nfs-utils-2-7-1-rc7) >>>> >>>> I just hope we don't run out of privilege ports during >>>> a mount storm (aka when a server reboots). >>> >>> Agreed, and that is why this change was entirely the wrong thing to >>> do. >> Well the patch was sitting around for a while without any objection >> so I figured I would go with it since it would make mounts >> work on other OSs >> >>> >>> The point of the ping is to allow for fast failover in the case >>> where >>> the portmap/rpcbind server returns incorrect or stale information. >>> >>> If there are servers out there that deliberately break the >>> convention >>> for NULL ping, as described in RFC5531, then we might allow >>> optional >>> use of the privileged port for those servers, but please don't >>> force >>> this on everyone else. >> The patch is on the top of stack... easy revert-able... Is that what >> you are suggesting? > > That is my suggestion for now, yes. > > I don't have any objection to a patch that adds opt-in functionality > either to turn off the NULL ping, or to force that ping to use a > privileged port. However we should not change the default behaviour to > cause the existing paucity of privileged ports to be even more of a > problem. > Reverted. steved.