Hi All, by way of a SR, which I had opened due to the closed source involved, Wolfgang Ley of Sun Germany has opened an RFE for this issue:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6851616 I had an interesting discussion with Wolfgang on whether or not introducing a tunable specifically for this issue would be a clean solution. I'll very briefly summarize: * CON: The main arguments against such a tunable probably are that - once NFS has negotiated on a specific transport protocol (tcp/udp), from a software engineering standpoint it is straight forward to re-use that transport protocol also for RPCBIND requests and that - this issue is related to the fact that a particular firewall vendor's RCP inspection can't inspect RPC proxy requests on tcp/111, so RPC GETPORT must be limited to UDP for security reasons when this product is being used. * PRO: The main arguments for such a tunable probably are that - all other GETPORT calls for NFS use UDP, so from a firewall / network administrator's perspective it would only be straight forward if all GETPORT calls for NFS used UDP and that - the more compatible Solaris is with high end mainline security products, the happier Solaris users and customers will be. I am trying to be objective, but please bear with me if this summary is somehow biased. Personally, I still think that introducing a tunable would be justified. I would want to work on the RFE, but because of the closed source involved, I can't, so I would be very happy if someone from inside Sun would want to look after this issue. Alternatively, if the respective source could be opened, that would make me (and probably others) even happier. Thank you, Nils
