Date: Thu, 22 Dec 2022 09:45:29 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: "Bjoern A. Zeeb" <bz@freebsd.org> Cc: Konstantin Belousov <kib@freebsd.org>, James Gritton <jamie@freebsd.org>, freebsd-current@freebsd.org Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CAM5tNy4Yqga00JXeWmcpt8PSU9uCX3nxpY=bj5QEKD2O-CEyuA@mail.gmail.com> In-Reply-To: <p4p1r59o-1519-o723-24s6-2rqo1p4qr0r2@serrofq.bet> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <1955021.aDjkhKmpDe@ravel> <CAM5tNy5a9GYjJcjXLQvsjF77Gsu6yej5XR=mMTAuVKWxoNfR1A@mail.gmail.com> <8351812.Gc231LQI4k@ravel> <CAM5tNy63yE%2BL0rjfdYSs_WVwh3_gi8fmRVNiTu9BEKzNj_iYgA@mail.gmail.com> <CAM5tNy73kfEToEEbT9Mz0VAZhNLxoFwEo1FMvoyR1Sg5Xaiv8g@mail.gmail.com> <p4p1r59o-1519-o723-24s6-2rqo1p4qr0r2@serrofq.bet>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb <bz@freebsd.org> wrote: > On Mon, 19 Dec 2022, Rick Macklem wrote: > [good stuff snipped] > > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss > for > > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in > a > > similar manner, I think? > > Could be, yes. > > I have now created a patch for the NFS-over-TLS part of the krpc. It uses the same technique, except the macros are called KRPC_VNETxxx instead of NFSD_VNETxxx. The patches are in phabricator as: D37519 - Most of the changes. D37777 - The krpc changes for NFS-over-TLS D37741 - The vfs_mount.c changes in D37519 Although I listed a few possible reviewers, anyone is welcome to test and/or review them. The patches are also here (in a form that "patch" might prefer): https://people.freebsd.org/~rmacklem/vnet.patch https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch rick > > > So, what do others think of this alternate plan? > > > > rick > > ps: Every use of the vnet'd variables is currently wrapped in a macro > called > > NFSD_VNET(), so the change is pretty easy to do by just re-writing > this > > macro. > > > > -- > Bjoern A. Zeeb r15:7 > [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb <<a href="mailto:bz@freebsd.org">bz@freebsd.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 19 Dec 2022, Rick Macklem wrote:<br><span class="gmail_default" style="font-family:monospace">[good stuff snipped]</span><br> > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss for<br> > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in a<br> > similar manner, I think?<br> <br> Could be, yes.<br> <br></blockquote><div><span class="gmail_default" style="font-family:monospace">I have now created a patch for the NFS-over-TLS part of the krpc.</span></div><div><span class="gmail_default" style="font-family:monospace">It uses the same technique, except the macros are called KRPC_VNETxxx</span></div><div><span class="gmail_default" style="font-family:monospace">instead of NFSD_VNETxxx.</span></div><div><span class="gmail_default" style="font-family:monospace"><br></span></div><div><span class="gmail_default" style="font-family:monospace">The patches are in phabricator as:</span></div><div><span class="gmail_default" style="font-family:monospace">D37519 - Most of the changes.</span></div><div><span class="gmail_default" style="font-family:monospace">D37777 - The krpc changes for NFS-over-TLS</span></div><div><span class="gmail_default" style="font-family:monospace">D37741 - The vfs_mount.c changes in D37519</span></div><div><span class="gmail_default" style="font-family:monospace">Although I listed a few possible reviewers, anyone is welcome to test</span></div><div><span class="gmail_default" style="font-family:monospace">and/or review them.</span></div><div><span class="gmail_default" style="font-family:monospace"><br></span></div><div><span class="gmail_default" style="font-family:monospace">The patches are also here (in a form that "patch" might prefer):</span></div><div><span class="gmail_default" style="font-family:monospace"><a href="https://people.freebsd.org/~rmacklem/vnet.patch">https://people.freebsd.org/~rmacklem/vnet.patch</a></span></div><div><span class="gmail_default" style="font-family:monospace"><a href="https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch">https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch</a></span></div><div><span class="gmail_default" style="font-family:monospace"><br></span></div><div><span class="gmail_default" style="font-family:monospace">rick</span></div><div><span class="gmail_default" style="font-family:monospace"></span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br> > So, what do others think of this alternate plan?<br> ><br> > rick<br> > ps: Every use of the vnet'd variables is currently wrapped in a macro called<br> > NFSD_VNET(), so the change is pretty easy to do by just re-writing this<br> > macro.<br> ><br> <br> -- <br> Bjoern A. Zeeb r15:7<br> </blockquote></div></div>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy4Yqga00JXeWmcpt8PSU9uCX3nxpY=bj5QEKD2O-CEyuA>