[jira] [Commented] (HDFS-6439) NFS should not reject NFS requests to the NULL procedure whether port monitoring is enabled or not

Tue, 10 Jun 2014 11:17:25 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14026784#comment-14026784
 ] 

Brandon Li commented on HDFS-6439:
----------------------------------

Thank you, [~atm]. I've rebased your patch and uploaded a new one.
Basically, the new patch does the port monitoring in each NFS handlers. If we 
deny the request at RPC level, some NFS client might keep sending the same NFS 
request(e.g., GETATTR). For mountd, it only does the check for MNT request 
since some utilities (e.g., showmount) sends EXPORT request using 
non-privileged port which we don't want to fail. 
I also used the opportunity to do a cleanup for the NFS3Interface. 

Port monitor is by default disabled to not make the gateway easier to use, 
especially for Windows/MacOS NFS client and developers. 

Please review.


> NFS should not reject NFS requests to the NULL procedure whether port 
> monitoring is enabled or not
> --------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6439
>                 URL: https://issues.apache.org/jira/browse/HDFS-6439
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.4.0
>            Reporter: Brandon Li
>            Assignee: Aaron T. Myers
>         Attachments: HDFS-6439.003.patch, HDFS-6439.patch, HDFS-6439.patch, 
> linux-nfs-disallow-request-from-nonsecure-port.pcapng, 
> mount-nfs-requests.pcapng
>
>
> As discussed in HDFS-6406, this JIRA is to track the follow update:
> 1. Port monitoring is the feature name with traditional NFS server and we may 
> want to make the config property (along with related variable 
> allowInsecurePorts) something as dfs.nfs.port.monitoring. 
> 2 . According to RFC2623 (http://www.rfc-editor.org/rfc/rfc2623.txt):
> {quote}    Whether port monitoring is enabled or not, NFS servers SHOULD NOT 
> reject NFS requests to the NULL procedure (procedure number 0). See 
> subsection 2.3.1, "NULL procedure" for a complete explanation. {quote}
> I do notice that NFS clients (most time) send mount NULL and nfs NULL from 
> non-privileged port. If we deny NULL call in mountd or nfs server, the client 
> can't mount the export even as user root.
> 3. it would be nice to have the user guide updated for the port monitoring 
> feature.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to