Re: [nfsv4] NFSv4.2 draft inter server copy correction
Chuck Lever <chuck.lever@oracle.com> Tue, 03 March 2015 19:21 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC4401A88B4 for <nfsv4@ietfa.amsl.com>; Tue, 3 Mar 2015 11:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yu-dd7c9gdaL for <nfsv4@ietfa.amsl.com>; Tue, 3 Mar 2015 11:21:06 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B65681A8894 for <nfsv4@ietf.org>; Tue, 3 Mar 2015 11:21:06 -0800 (PST)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t23JL4qt026189 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 3 Mar 2015 19:21:04 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t23JL4Ct013501 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Mar 2015 19:21:04 GMT
Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id t23JL4oB013341; Tue, 3 Mar 2015 19:21:04 GMT
Received: from anon-dhcp-162.1015granger.net (/73.18.157.175) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 03 Mar 2015 11:20:58 -0800
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <0554F463-635E-4A3D-AA81-741A0A660D4B@primarydata.com>
Date: Tue, 03 Mar 2015 14:20:57 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <AC7B75FD-1972-4E0A-8AE3-EA6DE667940F@oracle.com>
References: <92AB6B1B-BC15-41E0-97AA-224F3A39F773@netapp.com> <CADaq8je1Ew7QdmSjMNoKiOKNMF=Yq_f95uFKeWFe9A9abFPSoA@mail.gmail.com> <14C1E5BC-B879-402C-B0D9-5166E3C8BE97@netapp.com> <464E978D-0B8F-472D-8F40-A2D436CA8F14@primarydata.com> <CAHVgHyXgKW0f0ab7h935=7O1KXQUSZ4C2rgT-oWd_B6weYaEJQ@mail.gmail.com> <0554F463-635E-4A3D-AA81-741A0A660D4B@primarydata.com>
To: Tom Haynes <thomas.haynes@primarydata.com>
X-Mailer: Apple Mail (2.1878.6)
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/lWP5lWj7xguW-p6TJJo6Pl8XWIY>
Cc: "Adamson, Andy" <William.Adamson@netapp.com>, "William A. (Andy) Adamson" <androsadamson@gmail.com>, NFSv4 <nfsv4@ietf.org>
Subject: Re: [nfsv4] NFSv4.2 draft inter server copy correction
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 19:21:09 -0000
On Mar 3, 2015, at 2:11 PM, Tom Haynes <thomas.haynes@primarydata.com> wrote: > >> On Mar 3, 2015, at 10:38 AM, Andy Adamson <androsadamson@gmail.com> wrote: >> >> On Tue, Mar 3, 2015 at 12:56 PM, Tom Haynes >> <thomas.haynes@primarydata.com> wrote: >>> >>>> On Mar 2, 2015, at 6:47 AM, Adamson, Andy <William.Adamson@netapp.com> wrote: >>>> >>>> >>>>> On Feb 28, 2015, at 5:56 AM, David Noveck <davenoveck@gmail.com> wrote: >>>>> >>>>>> I don’t think we want to do an OPEN from the destination server, because we already have an open stateid, and doing an OPEN from the destination >>>>>> server will conflict with: [4.4.1] >>>>> >>>>> True but the way 4.4.1 is written, it is not clear that where will always be an OPEN e.g. "may need", "can achieve", "might be desired”. >>>> >>>> The whole point of passing the source stateid and file handle is to obviate the need for an OPEN from the destination server, and totally avoid the issues of a share or byterange lock on the OPEN’s from the client. If the destination server is implemented to use the compound with the OPEN in Section 4.10.1.2, then when the OPENs issued by the client do have a conflicting share or byte-range lock, the copy will fail. Since there is no reason for the OPEN/GETFH, I say remove it. >>>> >>> >>> >>> This section details how the destination can authenticate. >> >> OK. Some questions. From the spec: >> >> The client will then send these URLs to the destination server in the >> COPY operation. Suppose that the 192.0.2.0/24 network is a high >> speed network and the destination server decides to transfer the file >> over this network. If the destination contacts the source server >> from 192.0.2.56 over this network using NFSv4.1, it does the >> following: >> >> COMPOUND { PUTROOTFH, LOOKUP "_COPY" ; LOOKUP >> "FvhH1OKbu8VrxvV1erdjvR7N" ; LOOKUP "203.0.113.56"; LOOKUP "_FH" ; >> >> ^^^^^^^^^^^^^^ >> (Why is a 203.0.113 address being used over the 192.0.2. network?) > > This was a question Olga asked last week? > > In a multi-homed > environment, the destination server might not contact the source > server from the same network address specified by the client in the > COPY_NOTIFY. This can be overcome using the procedure described > below. > > .. > > Look at the available URLs: > > nfs://203.0.113.18//_COPY/FvhH1OKbu8VrxvV1erdjvR7N/203.0.113.56/ > _FH/0x12345 > > nfs://192.0.2.18//_COPY/FvhH1OKbu8VrxvV1erdjvR7N/203.0.113.56/_FH/ > 0x12345 NFS URIs are defined in the FedFS NSDB protocol doc. Do these URLs conform to that specification, or does NFSv4.2 construct NFS URLs differently? See https://datatracker.ietf.org/doc/draft-ietf-nfsv4-federated-fs-protocol/?include_text=1 Section 2.8.1. > Each of the components is part of the tuple which describes allowed access. > > By presenting each of them within the compound, the destination is > authenticating itself to the source. > > > >> >> OPEN "0x12345" ; GETFH } >> >> If you are doing an OPEN CLAIM_FH, why do you need a GETFH? >> >> I'm guessing that the idea here is that the OPEN by file handle in the >> URL using the file handle from the SAVE_FH in the COPY compound (e.g. >> the file handle from the OPEN to the source server by the client) in >> this URL will return an "authenticated file handle" in GETFH that the >> destination server can then use for the copy READ and this makes it >> 'authenticated'? I'm guessing, because there is no mention of this in >> the spec. Also not mentioned is which stateid a READ from the >> destination server will use. The ca_src_stateid or the stateid >> returned by the OPEN in the above URL? >> >> Provided that the random number is unpredictable and has been kept >> secret by the parties involved, the source server will therefore know >> that these NFSv4.x operations are being issued by the destination >> server identified in the COPY_NOTIFY. This random number technique >> only provides initial authentication of the destination server, and >> cannot defend against man-in-the-middle attacks after authentication >> or an eavesdropper that observes the random number on the wire. >> Other secure communication techniques (e.g., IPsec) are necessary to >> block these attacks. >> >>> >>> So if the destination server uses the FH directly, then the random number is useless since it will never be called. >> >> Why not get rid of the OPEN/GETFH in the URL and replace it with the >> PUTFH"0x12345"/READ "ca_src_stateid' that you actually want? Then >> authentication occurs as the random number is presented, then there is >> no OPEN for the source server to treat in a special way. >> > > > I think the confusion here is that the suggested approach is just one > implementation approach that could be taken, especially if someone > wants to use the pseudo-random number mumbo-jumbo to fake > themselves into thinking there has been no man-in-the-middle attack. > > Another perfectly valid approach is to throw Section 4.10.1.2. out and > just use OPEN CLAIM_FH. If the source doesn’t allow access, then > try getting a FH with the mumbo-jumbo. > > > > >>> >>> And, the source is supposed to understand that it must not fail the copy for the destination opening the file even in the >>> presence of a conflicting share and/or byte-range lock. >>> You can ask how the client is supposed to differentiate between >>> the destination opening the file for some other user versus this COPY and the answer is by processing the path >>> given by the URL. >>> >>> >>> >>>> —>Andy >>>> >>>>> On Fri, Feb 27, 2015 at 2:50 PM, Adamson, Andy <William.Adamson@netapp.com> wrote: >>>>> Hi Tom >>>>> >>>>> in 4.10.1.2. Inter-Server Copy via ONC RPC without RPCSEC_GSS: >>>>> >>>>> The client will then send these URLs to the destination server in the >>>>> COPY operation. Suppose that the 192.0.2.0/24 network is a high >>>>> speed network and the destination server decides to transfer the file >>>>> over this network. If the destination contacts the source server >>>>> from 192.0.2.56 over this network using NFSv4.1, it does the >>>>> following: >>>>> >>>>> COMPOUND { PUTROOTFH, LOOKUP "_COPY" ; LOOKUP >>>>> "FvhH1OKbu8VrxvV1erdjvR7N" ; LOOKUP "203.0.113.56"; LOOKUP "_FH" ; >>>>> OPEN "0x12345" ; GETFH } >>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>>>> >>>>> I don’t think we want to do an OPEN from the destination server, because we already have an open stateid, and doing an OPEN from the destination server will conflict with: >>>>> >>>>> 4.4.1. Locking the Files >>>>> >>>>> >>>>> Both the source and destination file may need to be locked to protect >>>>> the content during the copy operations. A client can achieve this by >>>>> a combination of OPEN and LOCK operations. I.e., either share or >>>>> byte range locks might be desired. >>>>> >>>>> >>>>> I also think the GETFH is not needed, as the COPY compound has the SAVE_FH which provides the FH of the file to READ. >>>>> >>>>> —>Andy >>>>> _______________________________________________ >>>>> nfsv4 mailing list >>>>> nfsv4@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/nfsv4 >>>>> >>>> >>> >>> _______________________________________________ >>> nfsv4 mailing list >>> nfsv4@ietf.org >>> https://www.ietf.org/mailman/listinfo/nfsv4 > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 -- Chuck Lever chuck[dot]lever[at]oracle[dot]com
- [nfsv4] NFSv4.2 draft inter server copy correction Adamson, Andy
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… David Noveck
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Adamson, Andy
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Tom Haynes
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Andy Adamson
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Tom Haynes
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Chuck Lever
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Tom Haynes
- Re: [nfsv4] NFSv4.2 draft inter server copy corre… Chuck Lever