From owner-freebsd-current@FreeBSD.ORG Thu Jan 29 15:20:13 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BB2A1065679 for ; Thu, 29 Jan 2009 15:20:13 +0000 (UTC) (envelope-from jh@saunalahti.fi) Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) by mx1.freebsd.org (Postfix) with ESMTP id D8E5B8FC17 for ; Thu, 29 Jan 2009 15:20:12 +0000 (UTC) (envelope-from jh@saunalahti.fi) Received: from saunalahti-vams (vs3-10.mail.saunalahti.fi [62.142.5.94]) by emh04-2.mail.saunalahti.fi (Postfix) with SMTP id DE53813BB33; Thu, 29 Jan 2009 17:20:11 +0200 (EET) Received: from emh03.mail.saunalahti.fi ([62.142.5.109]) by vs3-10.mail.saunalahti.fi ([62.142.5.94]) with SMTP (gateway) id A066ADDFBAB; Thu, 29 Jan 2009 17:20:11 +0200 Received: from a91-153-125-115.elisa-laajakaista.fi (a91-153-125-115.elisa-laajakaista.fi [91.153.125.115]) by emh03.mail.saunalahti.fi (Postfix) with SMTP id 99BC9158A66; Thu, 29 Jan 2009 17:20:07 +0200 (EET) Date: Thu, 29 Jan 2009 17:20:07 +0200 From: Jaakko Heinonen To: Sean Bruno Message-ID: <20090129152006.GA3790@a91-153-125-115.elisa-laajakaista.fi> References: <1233098540.2494.6.camel@localhost.localdomain> <49809B45.1000703@boland.org> <1233166048.3592.1.camel@localhost.localdomain> <20090129081654.GB854@a91-153-125-115.elisa-laajakaista.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090129081654.GB854@a91-153-125-115.elisa-laajakaista.fi> User-Agent: Mutt/1.5.18 (2008-05-17) X-Antivirus: VAMS Cc: Michiel Boland , current@freebsd.org Subject: Re: NFS mounts dissapearing X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2009 15:20:14 -0000 On 2009-01-29, Jaakko Heinonen wrote: > > > It appears to me that TCP connections to remote nfsd use a > > > privileged source port initially, > > > but if the connection is severed and reestablished later the source > > > port is no longer < 1024. Client is -CURRENT, server is solaris with > > > nfssrv:nfs_portmon=1. > > Indeed it looks like the new RPC code (I didn't verify that the old > works though) doesn't honour the resvport mount option on reconnects. I think I found the bug. The new RPC code doesn't properly elevate privileges before bindresvport() call in clnt_reconnect_connect(). For initial connection bindresvport() succeeds because the process has elevated privileges at that time. Does this patch fix the problem for you? %%% Index: sys/rpc/clnt_rc.c =================================================================== --- sys/rpc/clnt_rc.c (revision 187877) +++ sys/rpc/clnt_rc.c (working copy) @@ -181,11 +181,12 @@ again: rpc_createerr.cf_error.re_errno = 0; goto out; } - if (rc->rc_privport) - bindresvport(so, NULL); oldcred = td->td_ucred; td->td_ucred = rc->rc_ucred; + if (rc->rc_privport) + bindresvport(so, NULL); + if (rc->rc_nconf->nc_semantics == NC_TPI_CLTS) rc->rc_client = clnt_dg_create(so, (struct sockaddr *) &rc->rc_addr, rc->rc_prog, rc->rc_vers, %%% -- Jaakko