Date: Tue, 9 Feb 2010 18:10:56 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/usr.sbin/rpcbind rpcbind.c rpcbind.h util.c Message-ID: <201002091811.o19IBGts052452@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
imp 2010-02-09 18:10:56 UTC
FreeBSD src repository
Modified files:
usr.sbin/rpcbind rpcbind.c rpcbind.h util.c
Log:
SVN rev 203710 on 2010-02-09 18:10:56Z by imp
When you have multiple addresses on the same network on different
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
Revision Changes Path
1.21 +74 -2 src/usr.sbin/rpcbind/rpcbind.c
1.4 +9 -0 src/usr.sbin/rpcbind/rpcbind.h
1.7 +10 -10 src/usr.sbin/rpcbind/util.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002091811.o19IBGts052452>