diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2014-05-19 13:40:22 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-05-22 15:55:48 -0400 |
| commit | 16e4d93f6de7063800f3f5e68f064b0ff8fae9b7 (patch) | |
| tree | eb964368d663b815cd56163366e4c67ed6bf392e /net/sunrpc/svcsock.c | |
| parent | abf1135b6ee31cc17f569f2a59f87c833ba0849c (diff) | |
NFSD: Ignore client's source port on RDMA transports
An NFS/RDMA client's source port is meaningless for RDMA transports.
The transport layer typically sets the source port value on the
connection to a random ephemeral port.
Currently, NFS server administrators must specify the "insecure"
export option to enable clients to access exports via RDMA.
But this means NFS clients can access such an export via IP using an
ephemeral port, which may not be desirable.
This patch eliminates the need to specify the "insecure" export
option to allow NFS/RDMA clients access to an export.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=250
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net/sunrpc/svcsock.c')
| -rw-r--r-- | net/sunrpc/svcsock.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c index 43bcb4699d69..0cb34f5d58dc 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c | |||
| @@ -400,6 +400,12 @@ static void svc_sock_setbufsize(struct socket *sock, unsigned int snd, | |||
| 400 | release_sock(sock->sk); | 400 | release_sock(sock->sk); |
| 401 | #endif | 401 | #endif |
| 402 | } | 402 | } |
| 403 | |||
| 404 | static int svc_sock_secure_port(struct svc_rqst *rqstp) | ||
| 405 | { | ||
| 406 | return svc_port_is_privileged(svc_addr(rqstp)); | ||
| 407 | } | ||
| 408 | |||
| 403 | /* | 409 | /* |
| 404 | * INET callback when data has been received on the socket. | 410 | * INET callback when data has been received on the socket. |
| 405 | */ | 411 | */ |
| @@ -678,6 +684,7 @@ static struct svc_xprt_ops svc_udp_ops = { | |||
| 678 | .xpo_prep_reply_hdr = svc_udp_prep_reply_hdr, | 684 | .xpo_prep_reply_hdr = svc_udp_prep_reply_hdr, |
| 679 | .xpo_has_wspace = svc_udp_has_wspace, | 685 | .xpo_has_wspace = svc_udp_has_wspace, |
| 680 | .xpo_accept = svc_udp_accept, | 686 | .xpo_accept = svc_udp_accept, |
| 687 | .xpo_secure_port = svc_sock_secure_port, | ||
| 681 | }; | 688 | }; |
| 682 | 689 | ||
| 683 | static struct svc_xprt_class svc_udp_class = { | 690 | static struct svc_xprt_class svc_udp_class = { |
| @@ -1234,6 +1241,7 @@ static struct svc_xprt_ops svc_tcp_bc_ops = { | |||
| 1234 | .xpo_detach = svc_bc_tcp_sock_detach, | 1241 | .xpo_detach = svc_bc_tcp_sock_detach, |
| 1235 | .xpo_free = svc_bc_sock_free, | 1242 | .xpo_free = svc_bc_sock_free, |
| 1236 | .xpo_prep_reply_hdr = svc_tcp_prep_reply_hdr, | 1243 | .xpo_prep_reply_hdr = svc_tcp_prep_reply_hdr, |
| 1244 | .xpo_secure_port = svc_sock_secure_port, | ||
| 1237 | }; | 1245 | }; |
| 1238 | 1246 | ||
| 1239 | static struct svc_xprt_class svc_tcp_bc_class = { | 1247 | static struct svc_xprt_class svc_tcp_bc_class = { |
| @@ -1272,6 +1280,7 @@ static struct svc_xprt_ops svc_tcp_ops = { | |||
| 1272 | .xpo_prep_reply_hdr = svc_tcp_prep_reply_hdr, | 1280 | .xpo_prep_reply_hdr = svc_tcp_prep_reply_hdr, |
| 1273 | .xpo_has_wspace = svc_tcp_has_wspace, | 1281 | .xpo_has_wspace = svc_tcp_has_wspace, |
| 1274 | .xpo_accept = svc_tcp_accept, | 1282 | .xpo_accept = svc_tcp_accept, |
| 1283 | .xpo_secure_port = svc_sock_secure_port, | ||
| 1275 | }; | 1284 | }; |
| 1276 | 1285 | ||
| 1277 | static struct svc_xprt_class svc_tcp_class = { | 1286 | static struct svc_xprt_class svc_tcp_class = { |