bin/114097: NFS Abstraction: mountd(8) binding

Thu Jun 28 15:30:04 UTC 2007

>Number:         114097
>Category:       bin
>Synopsis:       NFS Abstraction: mountd(8) binding
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 28 15:30:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Brian A. Seklecki
>Release:        6.x / i386
>Organization:
Collaborative Fusion, Inc.
>Environment:
FreeBSD rampage 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #0: Thu Mar 22 21:08:30 EDT 2007     root at rampage:/mnt2/usr/obj/export/RELENG_6_2/src/sys/SMP  i386

>Description:

Match rpcbind(8) / nfsd(8) behavior for explicit local source address binding of UDP/TCP Sockets:

See original ticket:

http://www.freebsd.org/cgi/query-pr.cgi?pr=84494


>How-To-Repeat:
Create strict service VIP abstraction on an NFS server behind a Firewall.
>Fix:
A similar patch that sets sin.sin_addr.s_addr in a for individual sockets for each instance of "-h <ip>" parsed by getopt() in argcv[]:

-----

My basic patch to fix in my lab environment:

--- /usr/src/usr.sbin/mountd/mountd.c   Tue Dec 19 04:14:02 2006
+++ mountd.c    Wed Jun 27 22:15:32 2007
@@ -242,6 +242,10 @@
 int debug = 0;
 #endif
 
+int nhosts = 0;
+char **hosts = NULL;
+
+
 /*
  * Mountd server for NFS mount protocol as described in:
  * NFS: Network File System Protocol Specification, RFC1094, Appendix A
@@ -290,7 +294,7 @@
                        errx(1, "NFS server is not available or
loadable");
        }
 
-       while ((c = getopt(argc, argv, "2dlnp:r")) != -1)
+       while ((c = getopt(argc, argv, "2dlnp:rh")) != -1)
                switch (c) {
                case '2':
                        force_v2 = 1;
@@ -314,6 +318,16 @@
                            svcport == 0 || svcport >= IPPORT_MAX)
                                usage();
                        break;
+                case 'h':
+                        ++nhosts;
+                        hosts = realloc(hosts, nhosts * sizeof(char
*));
+                        if (hosts == NULL)
+                                errx(1, "Out of memory");
+                        hosts[nhosts - 1] = strdup(optarg);
+                        if (hosts[nhosts - 1] == NULL)
+                                errx(1, "Out of memory");
+                        break;
+
                default:
                        usage();
                };
@@ -397,6 +411,12 @@
                sin6.sin6_len = sizeof(struct sockaddr_in6);
                sin6.sin6_family = AF_INET6;
                sin6.sin6_port = htons(svcport);
+               struct  in_addr src_t;
+               fprintf(stdout, "%d \n", nhosts);
+                inet_aton(hosts[nhosts - 1], &src_t);
+                //inet_aton("192.168.3.58", &src_t);
+                sin.sin_addr.s_addr = src_t.s_addr;
+ 
        }
        if (udpsock != -1 && udpconf != NULL) {
                if (svcport != 0) {
@@ -540,7 +560,7 @@
 usage()
 {
        fprintf(stderr,
-               "usage: mountd [-2] [-d] [-l] [-n] [-p <port>] [-r] "
+               "usage: mountd [-2] [-d] [-l] [-n] [-p <port>] [-r]"
+               "[-h <bindip>] [export_file]\n");
        exit(1);
 }


>Release-Note:
>Audit-Trail:
>Unformatted:
