Date: Fri, 6 Jan 2006 10:37:24 +0000 From: Ceri Davies <ceri@FreeBSD.org> To: Dmitry Morozovsky <marck@rinet.ru> Cc: Vivek Khera <vivek@khera.org>, stable@freebsd.org Subject: Re: rpcbind lingering on IP no longer specified on command line Message-ID: <20060106103648.GJ31522@submonkey.net> In-Reply-To: <20060104222846.K98554@woozle.rinet.ru> References: <A97CE7DE-1841-41D0-B702-E82761FCDD3B@khera.org> <20060104222846.K98554@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--KMIs29sPfC/9Gbii
Content-Type: multipart/mixed; boundary="xFHWmGwbilGjB8dh"
Content-Disposition: inline
--xFHWmGwbilGjB8dh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jan 04, 2006 at 10:46:06PM +0300, Dmitry Morozovsky wrote:
> On Wed, 4 Jan 2006, Vivek Khera wrote:
>=20
> VK> I had rpcbind running with on two interfaces like this:
> VK>=20
> VK> rpcbind -h 192.168.100.200 -h 10.0.0.9
> VK>=20
> VK> Now, I changed rpcbind_flags in /etc/rc.conf to just have the first a=
ddress,
> VK> and I restarted rpcbind. the process list from ps shows it is runnin=
g like
> VK> this:
> VK>=20
> VK> rpcbind -h 192.168.100.200
> VK>=20
> VK> Yet nmap on the other address shows rpcbind is still listening on udp=
there.
> VK> How do I stop that?
>=20
> As I sometimes looked into this, rpcbind (formely portmap) listens on all=
=20
> described addresses via udp *and* an tcp:*.111 - I tried to dig why is th=
is but=20
> did not succeed much.
Please test this patch. It's probably a very naive fix, but seems to
work OK.
Ceri
--=20
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former. -- Einstein (attrib.)
--xFHWmGwbilGjB8dh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="rpcbind.diff"
Content-Transfer-Encoding: quoted-printable
Index: rpcbind.8
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.8,v
retrieving revision 1.7
diff -u -r1.7 rpcbind.8
--- rpcbind.8 18 Jan 2005 20:02:43 -0000 1.7
+++ rpcbind.8 6 Jan 2006 10:35:02 -0000
@@ -83,7 +83,7 @@
With this option, the name-to-address translation consistency
checks are shown in detail.
.It Fl h Ar bindip
-Specify specific IP addresses to bind to for UDP requests.
+Specify specific IP addresses to bind to.
This option
may be specified multiple times and is typically necessary when running
on a multi-homed host.
@@ -95,14 +95,14 @@
.Dv INADDR_ANY ,
which could lead to problems on a multi-homed host due to
.Nm
-returning a UDP packet from a different IP address than it was
+returning a packet from a different IP address than it was
sent to.
Note that when specifying IP addresses with
.Fl h ,
.Nm
will automatically add
.Li 127.0.0.1
-and if IPv6 is enabled,
+and, if IPv6 is enabled,
.Li ::1
to the list.
.It Fl i
Index: rpcbind.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v
retrieving revision 1.14
diff -u -r1.14 rpcbind.c
--- rpcbind.c 7 Nov 2004 04:32:51 -0000 1.14
+++ rpcbind.c 6 Jan 2006 10:28:10 -0000
@@ -209,11 +209,11 @@
struct passwd *p;
=20
if((p =3D getpwnam(RUN_AS)) =3D=3D NULL) {
- syslog(LOG_ERR, "cannot get uid of daemon: %m");
+ syslog(LOG_ERR, "cannot get uid of %s: %m", RUN_AS);
exit(1);
}
if (setuid(p->pw_uid) =3D=3D -1) {
- syslog(LOG_ERR, "setuid to daemon failed: %m");
+ syslog(LOG_ERR, "setuid to %s failed: %m", RUN_AS);
exit(1);
}
}
@@ -272,7 +272,8 @@
* XXX - using RPC library internal functions. For NC_TPI_CLTS
* we call this later, for each socket we like to bind.
*/
- if (nconf->nc_semantics !=3D NC_TPI_CLTS) {
+ if (nconf->nc_semantics !=3D NC_TPI_CLTS &&
+ nconf->nc_semantics !=3D NC_TPI_COTS_ORD) {
if ((fd =3D __rpc_nconf2fd(nconf)) < 0) {
int non_fatal =3D 0;
=20
@@ -308,7 +309,8 @@
hints.ai_socktype =3D si.si_socktype;
hints.ai_protocol =3D si.si_proto;
}
- if (nconf->nc_semantics =3D=3D NC_TPI_CLTS) {
+ if (nconf->nc_semantics =3D=3D NC_TPI_CLTS ||
+ nconf->nc_semantics =3D=3D NC_TPI_COTS_ORD) {
/*
* If no hosts were specified, just bind to INADDR_ANY. Otherwise
* make sure 127.0.0.1 is added to the list.
@@ -348,7 +350,7 @@
hints.ai_flags &=3D AI_NUMERICHOST;
} else {
/*
- * Skip if we have an AF_INET6 adress.
+ * Skip if we have an AF_INET6 address.
*/
if (inet_pton(AF_INET6,
hosts[nhostsbak], host_addr) =3D=3D 1)
@@ -361,7 +363,7 @@
hints.ai_flags &=3D AI_NUMERICHOST;
} else {
/*
- * Skip if we have an AF_INET adress.
+ * Skip if we have an AF_INET address.
*/
if (inet_pton(AF_INET, hosts[nhostsbak],
host_addr) =3D=3D 1)
--xFHWmGwbilGjB8dh--
--KMIs29sPfC/9Gbii
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDvkhkocfcwTS3JF8RAj/PAJ4l5xgLINb2Qdghce/JCDhHUPJFVwCdEoFH
qkZ/ImmHGjcL0cdcQueMgkM=
=1tD7
-----END PGP SIGNATURE-----
--KMIs29sPfC/9Gbii--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060106103648.GJ31522>