lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Nov 2023 11:55:29 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Lorenzo Bianconi <lorenzo@...nel.org>, Chuck Lever
 <chuck.lever@...cle.com>
Cc: linux-nfs@...r.kernel.org, lorenzo.bianconi@...hat.com, neilb@...e.de, 
	netdev@...r.kernel.org, kuba@...nel.org
Subject: Re: [PATCH v5 3/3] NFSD: convert write_ports to netlink command

On Thu, 2023-11-30 at 11:22 -0500, Jeff Layton wrote:
> On Thu, 2023-11-30 at 10:57 +0100, Lorenzo Bianconi wrote:
> > > > 
> > > > +/* ============== NFSD_CMD_LISTENER_START ============== */
> > > > +/* NFSD_CMD_LISTENER_START - do */
> > > > +struct nfsd_listener_start_req {
> > > > +	struct {
> > > > +		__u32 transport_name_len;
> > > > +		__u32 port:1;
> > > > +	} _present;
> > > > +
> > > > +	char *transport_name;
> > > > +	__u32 port;
> > > > +};
> > > 
> > > How do you deconfigure a listener with this interface? i.e. suppose I
> > > want to stop nfsd from listening on a particular port? I think this too
> > > is a place where a declarative interface would be better:
> > 
> > Is it possible with current APIs? as for 2/3 so far I have just added netlink
> > counter for current implementation but I am fine to change the logic here to
> > better APIs.
> > 
> > > 
> 
> No, I don't think you can do this with the current API at all. I
> consider it a major deficiency. I don't think we want to repeat that
> mistake in the new interface.
> 
> > > Have userland send down a list of the ports that we should currently be
> > > listening on, and let the kernel do the work to match the request. Again
> > > too, an empty list could mean "close everything".
> > > 
> > > 
> 

Another thought: should this interface also report and allow you to
specify the address to listen on?

When the write_ports interface was first created, it lacked a field for
the address to listen on. Later we added a way to just hand off a socket
to the kernel to pass that info.

I think it's possible today to send down a socket that only listens on a
particular address, and you have no real way to tell that with the
current "ports" file.

Should we instead plumb a complete struct sockaddr_storage (or some
other suitable address structure) into this interface?
-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists