[HDFS-6439] NFS should not reject NFS requests to the NULL procedure whether port monitoring is enabled or not - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.0
Component/s: nfs
Labels:
None

Target Version/s:

2.5.0
Hadoop Flags:

Reviewed

Description

As discussed in ~~HDFS-6406~~, this JIRA is to track the follow update:

1. Port monitoring is the feature name with traditional NFS server and we may want to make the config property (along with related variable allowInsecurePorts) something as dfs.nfs.port.monitoring.

2 . According to RFC2623 (http://www.rfc-editor.org/rfc/rfc2623.txt):

Whether port monitoring is enabled or not, NFS servers SHOULD NOT reject NFS requests to the NULL procedure (procedure number 0). See subsection 2.3.1, "NULL procedure" for a complete explanation.

I do notice that NFS clients (most time) send mount NULL and nfs NULL from non-privileged port. If we deny NULL call in mountd or nfs server, the client can't mount the export even as user root.

3. it would be nice to have the user guide updated for the port monitoring feature.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

mount-nfs-requests.pcapng
20/May/14 22:20
399 kB
Brandon Li
linux-nfs-disallow-request-from-nonsecure-port.pcapng
22/May/14 22:58
83 kB
Brandon Li
HDFS-6439.patch
21/May/14 01:48
6 kB
Aaron Myers
HDFS-6439.patch
22/May/14 00:57
10 kB
Aaron Myers
HDFS-6439.005.patch
17/Jun/14 21:33
60 kB
Brandon Li
HDFS-6439.004.patch
11/Jun/14 17:56
60 kB
Brandon Li
HDFS-6439.003.patch
10/Jun/14 17:52
59 kB
Brandon Li

Issue Links

is related to

HDFS-6406 Add capability for NFS gateway to reject connections from unprivileged ports

Closed

Activity

People

Assignee:: Aaron Myers

Reporter:: Brandon Li

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 20/May/14 21:55

Updated:: 15/Aug/14 05:41

Resolved:: 18/Jun/14 20:51