IETF Logo Mail Archive

Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/

Trond Myklebust <trond.myklebust@fys.uio.no> Thu, 18 November 2010 15:19 UTC

Return-Path: <trond.myklebust@fys.uio.no>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE5383A6875 for <nfsv4@core3.amsl.com>; Thu, 18 Nov 2010 07:19:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyuW7VuU0Ybr for <nfsv4@core3.amsl.com>; Thu, 18 Nov 2010 07:19:19 -0800 (PST)
Received: from mail-out1.uio.no (mail-out1.uio.no [129.240.10.57]) by core3.amsl.com (Postfix) with ESMTP id A85563A6876 for <nfsv4@ietf.org>; Thu, 18 Nov 2010 07:19:18 -0800 (PST)
Received: from mail-mx1.uio.no ([129.240.10.29]) by mail-out1.uio.no with esmtp (Exim 4.69) (envelope-from <trond.myklebust@fys.uio.no>) id 1PJ6HM-0001vG-T7; Thu, 18 Nov 2010 16:20:04 +0100
Received: from c-68-40-206-115.hsd1.mi.comcast.net ([68.40.206.115] helo=[192.168.1.113]) by mail-mx1.uio.no with esmtpsa (SSLv3:CAMELLIA256-SHA:256) user trondmy (Exim 4.69) (envelope-from <trond.myklebust@fys.uio.no>) id 1PJ6HJ-0002cX-DR; Thu, 18 Nov 2010 16:20:04 +0100
From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
In-Reply-To: <4CE4D35E.7050201@desy.de>
References: <3614AF54-FA76-44ED-A070-EE5E37D9EB01@netapp.com> <1290045590.3070.43.camel@heimdal.trondhjem.org> <4CE4D35E.7050201@desy.de>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 18 Nov 2010 10:19:58 -0500
Message-ID: <1290093598.3187.39.camel@heimdal.trondhjem.org>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.0 (2.32.0-2.fc14)
Content-Transfer-Encoding: 7bit
X-UiO-Ratelimit-Test: rcpts/h 5 msgs/h 2 sum rcpts/h 6 sum msgs/h 2 total rcpts 1168 max rcpts/h 20 ratelimit 0
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.0, required=5.0, autolearn=disabled, UIO_MAIL_IS_INTERNAL=-5, uiobl=NO, uiouri=NO)
X-UiO-Scanned: 73AA2E816C55EE6CF68FE2DCF3049D0461E95855
X-UiO-SPAM-Test: remote_host: 68.40.206.115 spam_score: -49 maxlevel 80 minaction 2 bait 0 mail/h: 2 total 458 max/h 7 blacklist 0 greylist 0 ratelimit 0
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] https://datatracker.ietf.org/doc/draft-myklebust-nfsv4-pnfs-backend/
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 15:19:19 -0000

On Thu, 2010-11-18 at 08:18 +0100, Tigran Mkrtchyan wrote:
> On 11/18/2010 02:59 AM, Trond Myklebust wrote:
> > On Wed, 2010-11-17 at 16:04 -0800, Thomas Haynes wrote:
> >   
> For multihomed client 2 it's possible that MDS and  the client acting as
> a DS  will see different IP. I think this may produce 'false negatives'
> and some requests will be denied.

I don't see how: the DS doesn't exchange client2's IP address with the
MDS.

We could perhaps pass the clientid that client2 sent as part of the
EXCHANGE_ID, but I'm not sure that would significantly enhance the
security of the system.

> BTW, PROXY_OPEN desctiprions says:
> 
>    The PROXY_OPEN function authenticates the READ request by the pNFS
>    client.  If the data filehandle is valid, and the user identified by
>    the popa_user_id is authorised to access the file, then the metadata
>    server returns the true filehandle (as returned by LOOKUP and/or
> 
>    OPEN) of the file.
> 
> 
> but XDR says:
> 
>      union PROXY_OPEN4res switch (nfsstat4 status) {
>            case NFS4_OK:
>                    /* CURRENTFH: true filehandle */
>                    stateid4        popr_proxy_stateid;
>            default:
>                    void;
>      };
> 
> 
> In other words, description promises filehandle, but XDR returns
> stateid. Did I get it wrong?

The client can/should retrieve the filehandle using a GETFH op.

Cheers
  Trond

v2.23.0 | Report a Bug | By Email