From owner-cvs-src-old@FreeBSD.ORG Tue Feb 9 18:11:16 2010 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD9C91065692 for ; Tue, 9 Feb 2010 18:11:16 +0000 (UTC) (envelope-from imp@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id BC00E8FC14 for ; Tue, 9 Feb 2010 18:11:16 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o19IBGMu052453 for ; Tue, 9 Feb 2010 18:11:16 GMT (envelope-from imp@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o19IBGts052452 for cvs-src-old@freebsd.org; Tue, 9 Feb 2010 18:11:16 GMT (envelope-from imp@repoman.freebsd.org) Message-Id: <201002091811.o19IBGts052452@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to imp@repoman.freebsd.org using -f From: Warner Losh Date: Tue, 9 Feb 2010 18:10:56 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/usr.sbin/rpcbind rpcbind.c rpcbind.h util.c X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2010 18:11:16 -0000 imp 2010-02-09 18:10:56 UTC FreeBSD src repository Modified files: usr.sbin/rpcbind rpcbind.c rpcbind.h util.c Log: SVN rev 203710 on 2010-02-09 18:10:56Z by imp When you have multiple addresses on the same network on different interfaces (such as when you are part of a carp pool), and you run rpcbind -h to restrict which interfaces have rpc services, rpcbind can none-the-less return addresses that aren't in the -h list. This patch enforces the rule that when you specify -h on the command line, then services returned from rpcbind must be to one of the addresses listed in -h, or be a loopback address (since localhost is implicit when running -h). The root cause of this is the assumption in addrmerge that there can be only one interface that matches a given network IP address. This turns out not to be the case. To retain historical behavior, I didn't try to fix the routine to prefer the address that the request came into, since I didn't know the side effects that might cause in the normal case. My quick analysis suggests that it wouldn't be a problem, but since this code is tricky I opted for the more conservative patch of only restricting the reply when -h is in effect. Hence, this change will have no effect when you are running rpcbind without -h. Reviewed by: alfred@ Sponsored by: iX Systems MFC after: 2 weeks Revision Changes Path 1.21 +74 -2 src/usr.sbin/rpcbind/rpcbind.c 1.4 +9 -0 src/usr.sbin/rpcbind/rpcbind.h 1.7 +10 -10 src/usr.sbin/rpcbind/util.c