svn commit: r216430 - stable/8/sys/fs/nfsserver

Tue, 14 Dec 2010 05:46:07 -0800 

Author: rmacklem
Date: Tue Dec 14 13:45:57 2010
New Revision: 216430
URL: http://svn.freebsd.org/changeset/base/216430

Log:
  MFC: r216330
  Disable attempts to establish a callback connection from the
  experimental NFSv4 server to a NFSv4 client when delegations are not
  being issued, even if the client advertises a callback path.
  This avoids a problem where a Linux client advertises a
  callback path that doesn't work, due to a firewall, and then
  times out an Open attempt before the FreeBSD server gives up
  its callback connection attempt. (Suggested by
  drb at karlov.mff.cuni.cz.) The server should probably have
  a 1sec timeout on callback connection attempts when there are
  no delegations issued to the client, but that patch will require
  changes to the krpc and this serves as a work around until then.
  
  Tested by:    drb at karlov.mff.cuni.cz
  Approved by:  re (kib)

Modified:
  stable/8/sys/fs/nfsserver/nfs_nfsdstate.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/fs/nfsserver/nfs_nfsdstate.c
==============================================================================
--- stable/8/sys/fs/nfsserver/nfs_nfsdstate.c   Tue Dec 14 10:06:28 2010        
(r216429)
+++ stable/8/sys/fs/nfsserver/nfs_nfsdstate.c   Tue Dec 14 13:45:57 2010        
(r216430)
@@ -147,12 +147,20 @@ nfsrv_setclient(struct nfsrv_descript *n
        if (nfsrv_openpluslock > NFSRV_V4STATELIMIT)
                return (NFSERR_RESOURCE);
 
-       if ((nd->nd_flag & ND_GSS) && nfsrv_nogsscallback)
+       if (nfsrv_issuedelegs == 0 ||
+           ((nd->nd_flag & ND_GSS) != 0 && nfsrv_nogsscallback != 0))
                /*
-                * Don't do callbacks for AUTH_GSS.
-                * (Since these aren't yet debugged, they might cause the
-                *  server to crap out, if they get past the Init call to
-                *  the client.)
+                * Don't do callbacks when delegations are disabled or
+                * for AUTH_GSS unless enabled via nfsrv_nogsscallback.
+                * If establishing a callback connection is attempted
+                * when a firewall is blocking the callback path, the
+                * server may wait too long for the connect attempt to
+                * succeed during the Open. Some clients, such as Linux,
+                * may timeout and give up on the Open before the server
+                * replies. Also, since AUTH_GSS callbacks are not
+                * yet interoperability tested, they might cause the
+                * server to crap out, if they get past the Init call to
+                * the client.
                 */
                new_clp->lc_program = 0;
 
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to