Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Jan 2009 13:53:43 -0800
From:      Sean Bruno <sean.bruno@dsl-only.net>
To:        Jaakko Heinonen <jh@saunalahti.fi>
Cc:        Michiel Boland <michiel@boland.org>, current@freebsd.org
Subject:   Re: NFS mounts dissapearing
Message-ID:  <1233266023.3592.1082.camel@localhost.localdomain>
In-Reply-To: <20090129152006.GA3790@a91-153-125-115.elisa-laajakaista.fi>
References:  <1233098540.2494.6.camel@localhost.localdomain> <49809B45.1000703@boland.org> <1233166048.3592.1.camel@localhost.localdomain> <20090129081654.GB854@a91-153-125-115.elisa-laajakaista.fi> <20090129152006.GA3790@a91-153-125-115.elisa-laajakaista.fi>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 2009-01-29 at 17:20 +0200, Jaakko Heinonen wrote:
> On 2009-01-29, Jaakko Heinonen wrote:
> > > > It appears to me that TCP connections to remote nfsd use a
> > > > privileged source port initially, 
> > > > but if the connection is severed and reestablished later the source
> > > > port is no longer < 1024. Client is -CURRENT, server is solaris with
> > > > nfssrv:nfs_portmon=1.
> >
> > Indeed it looks like the new RPC code (I didn't verify that the old
> > works though) doesn't honour the resvport mount option on reconnects.
> 
> I think I found the bug. The new RPC code doesn't properly elevate
> privileges before bindresvport() call in clnt_reconnect_connect(). For
> initial connection bindresvport() succeeds because the process has
> elevated privileges at that time.
> 
> Does this patch fix the problem for you?
> 
> %%%
> Index: sys/rpc/clnt_rc.c
> ===================================================================
> --- sys/rpc/clnt_rc.c	(revision 187877)
> +++ sys/rpc/clnt_rc.c	(working copy)
> @@ -181,11 +181,12 @@ again:
>  		rpc_createerr.cf_error.re_errno = 0;
>  		goto out;
>  	}
> -	if (rc->rc_privport)
> -		bindresvport(so, NULL);
>  
>  	oldcred = td->td_ucred;
>  	td->td_ucred = rc->rc_ucred;
> +	if (rc->rc_privport)
> +		bindresvport(so, NULL);
> +
>  	if (rc->rc_nconf->nc_semantics == NC_TPI_CLTS)
>  		rc->rc_client = clnt_dg_create(so,
>  		    (struct sockaddr *) &rc->rc_addr, rc->rc_prog, rc->rc_vers,
> %%%
> 

Yes.  This patch resolves my issues.  Thanks for the quick fix!

Commit!

Sean Bruno

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1233266023.3592.1082.camel>