diff options
| author | rmacklem <rmacklem@FreeBSD.org> | 2010-12-09 19:02:23 +0000 |
|---|---|---|
| committer | rmacklem <rmacklem@FreeBSD.org> | 2010-12-09 19:02:23 +0000 |
| commit | 0c8713f91e759286a8d540d02e44e0310785b2e9 (patch) | |
| tree | 730e351c90af740e66374ca3db58f0c9bd332fe2 /sys/fs | |
| parent | ac0ae73cc591fb887a0639603b9a2675a9c2f5ea (diff) | |
| download | FreeBSD-src-0c8713f91e759286a8d540d02e44e0310785b2e9.zip FreeBSD-src-0c8713f91e759286a8d540d02e44e0310785b2e9.tar.gz | |
Disable attempts to establish a callback connection from the
experimental NFSv4 server to a NFSv4 client when delegations are not
being issued, even if the client advertises a callback path.
This avoids a problem where a Linux client advertises a
callback path that doesn't work, due to a firewall, and then
times out an Open attempt before the FreeBSD server gives up
its callback connection attempt. (Suggested by
drb at karlov.mff.cuni.cz to fix the Linux client problem that
he reported on the fs-stable mailing list.)
The server should probably have
a 1sec timeout on callback connection attempts when there are
no delegations issued to the client, but that patch will require
changes to the krpc and this serves as a work around until then.
Tested by: drb at karlov.mff.cuni.cz
MFC after: 5 days
Diffstat (limited to 'sys/fs')
| -rw-r--r-- | sys/fs/nfsserver/nfs_nfsdstate.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 908c028..9f657d6 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -147,12 +147,20 @@ nfsrv_setclient(struct nfsrv_descript *nd, struct nfsclient **new_clpp, if (nfsrv_openpluslock > NFSRV_V4STATELIMIT) return (NFSERR_RESOURCE); - if ((nd->nd_flag & ND_GSS) && nfsrv_nogsscallback) + if (nfsrv_issuedelegs == 0 || + ((nd->nd_flag & ND_GSS) != 0 && nfsrv_nogsscallback != 0)) /* - * Don't do callbacks for AUTH_GSS. - * (Since these aren't yet debugged, they might cause the - * server to crap out, if they get past the Init call to - * the client.) + * Don't do callbacks when delegations are disabled or + * for AUTH_GSS unless enabled via nfsrv_nogsscallback. + * If establishing a callback connection is attempted + * when a firewall is blocking the callback path, the + * server may wait too long for the connect attempt to + * succeed during the Open. Some clients, such as Linux, + * may timeout and give up on the Open before the server + * replies. Also, since AUTH_GSS callbacks are not + * yet interoperability tested, they might cause the + * server to crap out, if they get past the Init call to + * the client. */ new_clp->lc_program = 0; |
