Date: Mon, 24 Sep 2012 08:38:19 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: =?utf-8?Q?Attila_Bog=C3=A1r?= <attila.bogar@linguamatics.com> Cc: freebsd-fs@FreeBSD.org Subject: Re: NFS: rpcsec_gss with Linux clients Message-ID: <1411662865.1073866.1348490299472.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <5060440B.2020009@linguamatics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Attila Bogar wrote: > Hi Rick, >=20 > On 02/09/12 00:57, Rick Macklem wrote: >=20 >=20 > This certainly sounds bogus. I can see an argument for 2 TCP > connections for trunking, but since a security context should only be > destroyed when the client is done with it, doing a DESTROY doesn't > make sense? (There is something in the RPC header called a "handle". > It identifies the security context, and it would be nice to check the > wireshark trace to see if it the same as the one being used on the > other connection?) The Linux guys say this is a bug in Linux: > http://www.spinics.net/lists/linux-nfs/msg32466.html >=20 > I'm going to open a bug with Red Hat and test the upstream linux > kernel + nfs-utils against this bug. >=20 > As per their message it's also interesting why the rpcsec destroy mic > evaluates to GSS_S_DEFECTIVE_TOKEN. > This is the 2nd root of the original problem. >=20 > That would indicate the encrypted checksum isn't correct. It > might be using an algorithm only supported by the newer RPCSEC_GSS_V3? > If I check the trace with wireshark 1.4.6 it reports rpc malformed > packet. > However if I check the trace with the newest 1.8.2 it's OK (could be a > bug in wireshark, though). > Anyway it says rpc version 2 and gss version 1. >=20 >=20 >=20 > I've attached a small patch with disables setting client->cl_state to > CLIENT_STALE for this case, which you could try, to see if it helps? > Yep, it works perfectly. Confirmed. Please go ahead to commit and > merge to stable. >=20 Ok, thanks for testing it. I am waiting for a review from dfr@, but will get it committed soon. Have a good week, rick > Attila > -- > Attila Bog=C3=A1r > Systems Administrator > Linguamatics - Cambridge, UK http://www.linguamatics.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1411662865.1073866.1348490299472.JavaMail.root>