On 2008-01-31 22:44, Paul B. Henson wrote:
On Thu, 31 Jan 2008, Jefferson Ogata wrote:
I would say Sun's position is reasonable with respect to the behavior of
IP Filter, and unreasonable with respect to not tearing down the TCP
connection during umount.
Regarding not tearing down the TCP connection, they say that is how it has
always worked, the code in question is evidently "complicated", and they
don't really want to touch it...
While less common, even if they close the connection on shutdown, the
problem could still potentially occur on a system crash.
It would be nice if they would at least randomize the source ports on
new connections.
Maybe you could fire up a program before 73nfs.client that would bind a
random number of TCP ports from 1023 down, forcing the NFS client to
come up on a new port.
Any recommendations on resolving this problem?
Use return-rst on your TCP block rule?
Or maybe mounting your NFS filesystems via automount would change the
behavior enough that things would work?
<sigh>, I was hoping more for fixes than kludges :), but thanks for the
suggestions...
Yeah, well, it's Solaris. ;^)
Though I don't consider return-rst to be a kluge, really. What's klugey
about that?
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retrieve anything from a bear."--National Park Service
