Bug 13049

Summary: [PATCH] NFS replies with incorrect source IP
Product: Base System Reporter: iedowse <iedowse>
Component: kernAssignee: Matt Dillon <dillon>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.2-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description iedowse 1999-08-09 23:30:01 UTC 
	As described in PR's kern/2858, kern/5964, kern/6412, kern/9612,
	and possibly others, NFS can send replies using the wrong source
	IP address.

	NFS over UDP uses just one socket to send and receive, so it can
	neither determine at which local IP a request was directed, nor
	control from which IP the reply is sent. The patches below fix
	this problem by setting up one udp socket for each local IP
	address.

	These patches are against -current, but we have been using them
	on a number of busy 3.2-stable machines without any problems for
	over a month.

	One unfortunate side-effect of these changes is that if the new
	nfsd is run with an old kernel, a panic will result. This is
	because of an old bug in nfssvc_addsock() - see the 'mynam != NULL'
	change below. It is safe to run the old nfsd with the new kernel.
Comment 1 Bill Fenner 1999-09-10 02:30:11 UTC 
>	NFS over UDP uses just one socket to send and receive, so it can
>	neither determine at which local IP a request was directed

Can't it use IP_RECVDSTADDR?

>	nor control from which IP the reply is sent.

You could rebind the socket before & after sending each reply.  That's
probably a high enough overhead that multiple sockets is the right way
to go anyway.

  BIll
Comment 2 Matt Dillon freebsd_committer freebsd_triage 1999-11-08 18:53:12 UTC 
Responsible Changed
From-To: freebsd-bugs->dillon

I'm working on a solution to the problem.  Having nfsd simply bind itself 
to every possible interface ip will blow up installations that make heavy 
use of IP aliases.  All we really need to do is add an option to nfsd to 
allow it to bind to a specific IP.  If a sysop wishes to bind to multiple 
IPs the sysop can simply run several nfsd's.  It would be very rare for a  
sysop to want to bind to all interface IPs since the situation where this 
problem tends to come up the most is where you want to bind NFS to one  
interface but not another, and protect it with ipfw. 

I will do a separate commit right now on the bug fixes submitted by the PR.
Comment 3 Matt Dillon freebsd_committer freebsd_triage 1999-11-11 17:37:10 UTC 
State Changed
From-To: open->closed

Committed changes to the nfs driver in the kernel and to the nfsd utility 
to allow nfsd to be bound to specific ip addresses into current.
Comment 4 Garrett A. Wollman 1999-11-15 01:35:15 UTC 
<<On Mon, 8 Nov 1999 10:59:50 -0800 (PST), <dillon@FreeBSD.ORG> said:

> I'm working on a solution to the problem.  Having nfsd simply bind itself
> to every possible interface ip will blow up installations that make heavy
> use of IP aliases.  All we really need to do is add an option to nfsd to
> allow it to bind to a specific IP.

Actually, the Right Thing (significantly harder than what you're
suggesting) is to:

1) Provide an IP_HDRINCL- or IP_RECVDSTADDR-equivalent option for
UDP on the sending side.

2) Make NFS keep track of the original destination address and use
said option (/control message) when sending replies.

The same approach will fix named, dhcpd, Kerberos' KDC and admin
server, and doubtless many other datagram-based servers which
currently must open and bind zillions of sockets in order to work
around the lack of this functionality (which I believe is a bug).
SOCK_RAW ought to work with UDP as well.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick