Robert, thank you for your explanation. I was expecting something like this.
All, Maybe someone can help me with the issue I am working on - and which is the reason why I was looking for the lockd source: For some reason, some part of the lock manager code (should be something called from lm_frlock, see http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/fs/nfs/nfs3_vnops.c#5456) makes a portmapper call via TCP, snoop output: client -> server TCP D=111 S=824 Ack=3432375581 Seq=1362221294 Len=0 Win=49640 client -> server PORTMAP C GETPORT prog=100021 (NLM) vers=4 proto=TCP server -> client TCP D=824 S=111 Ack=1362221426 Seq=3432375581 Len=0 Win=49640 server -> client PORTMAP R GETPORT port=4045 client -> server TCP D=111 S=824 Ack=3432375613 Seq=1362221426 Len=0 Win=49640 client -> server NLM C LOCK4 OH=3C00 FH=C228 PID=13737 Region=0:0 server -> client NLM R LOCK4 OH=3C00 granted The issue here is that a firewall between the client and the server (Checkpoint FW-1) can inspect portmapper calls and dynamically open the respective ports ("RPC inspection"). I does not, however, prevent RCP proxy calls through 111/tcp, so 111/tcp should usually remain closed because opening it will effectively disable RPC inspection. What I would like to see is the NLM code making portmapper calls via UDP. Is there any way to configure this? If not, would anyone with access to the lockmanager code be willing to fix this issue (make the transport protocol configurable)? All help is greatly appreciated, Thank you, Nils
