Date: Tue, 13 Apr 2010 00:48:54 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/usr.sbin/rpcbind rpcbind.c rpcbind.h util.c Message-ID: <201004130049.o3D0nImd039572@repoman.freebsd.org>
index | next in thread | raw e-mail
imp 2010-04-13 00:48:54 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
usr.sbin/rpcbind rpcbind.c rpcbind.h util.c
Log:
SVN rev 206535 on 2010-04-13 00:48:54Z by imp
MFC r203710:
When you have multiple addresses on the same network on different
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
Revision Changes Path
1.20.2.2 +74 -2 src/usr.sbin/rpcbind/rpcbind.c
1.3.2.2 +9 -0 src/usr.sbin/rpcbind/rpcbind.h
1.6.2.2 +10 -10 src/usr.sbin/rpcbind/util.c
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004130049.o3D0nImd039572>