Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 May 2012 16:07:31 +0300
From:      Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: NFSv4 Questions
Message-ID:  <20120510130731.GA72837@pm513-1.comsys.ntu-kpi.kiev.ua>
In-Reply-To: <1357768784.50127.1336434018113.JavaMail.root@erie.cs.uoguelph.ca>
References:  <20120507174813.GA5927@pm513-1.comsys.ntu-kpi.kiev.ua> <1357768784.50127.1336434018113.JavaMail.root@erie.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 07, 2012 at 07:40:18PM -0400, Rick Macklem wrote:
> Andrey Simonenko wrote:
> > On Sun, Apr 29, 2012 at 04:36:03PM -0400, Rick Macklem wrote:
> > >
> > > Also, be sure to check "man nfsv4" and maybe reference it (it is
> > > currently
> > > in the See Also list, but that might not be strong enough).
> > 
> > There is another question not explained in documentation (I could not
> > find the answer at least). Currently NFSv3 client uses reserved port
> > for NFS mounts and uses non reserved port if "noresvport" is
> > specified.
> > NFSv4 client always uses non reserved port, ignoring the "resvport"
> > option in the mount_nfs command.
> > 
> > Such behaviour of NFS client was introduced in 1.18 version of
> > fs/nfsclient/nfs_clvfsops.c [1], where the "resvport" flag is cleared
> > for NFSv4 mounts.
> > 
> > Why does "reserved port logic" differ in NFSv3 and NFSv4 clients?
> > 
> It is my understanding that NFSv4 servers are not supposed to require
> a "reserved" port#. However, at a quick glance, I can't find that stated
> in RFC 3530. (It may be implied by the fact that NFSv4 uses a "user" based
> security model and not a "host" based one.)
> 
> As such, the client should never need to "waste" a reserved port# on a NFSv4
> connection.

Since AUTH_SYS can be used in NFSv4 as well and according to RFC 3530
AUTH_SYS in NFSv4 has the same logic as in NFSv2/3, then

1. Does "user" based security model mean RPCSEC_GSS?

2. Does "host" based security model mean AUTH_SYS?

I did not find any mention about port numbers in RFC 1813 and 3530,
looks like that ports numbers range used by NFS clients and checked by
NFS server is the implementation decision.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120510130731.GA72837>