From patchwork Sat Feb 25 13:13:11 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 9591703
Return-Path: <linux-nfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0B15C6042B for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 25 Feb 2017 13:20:31 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC8C72863D
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 25 Feb 2017 13:20:30 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BE3FD28655; Sat, 25 Feb 2017 13:20:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37B852863D
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 25 Feb 2017 13:20:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751393AbdBYNU3 (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Sat, 25 Feb 2017 08:20:29 -0500
Received: from mx1.redhat.com ([209.132.183.28]:53462 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751284AbdBYNU2 (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Sat, 25 Feb 2017 08:20:28 -0500
Received: from smtp.corp.redhat.com
	(int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7149A7F36F
	for <linux-nfs@vger.kernel.org>; Sat, 25 Feb 2017 13:13:13 +0000 (UTC)
Received: from ceres.poochiereds.net (unknown [10.10.120.128])
	by smtp.corp.redhat.com (Postfix) with ESMTP id F30AA2D653
	for <linux-nfs@vger.kernel.org>; Sat, 25 Feb 2017 13:13:12 +0000 (UTC)
From: Jeff Layton <jlayton@redhat.com>
To: linux-nfs@vger.kernel.org
Subject: [RFC nfs-utils PATCH] nfsd: don't enable a UDP socket by default
Date: Sat, 25 Feb 2017 08:13:11 -0500
Message-Id: <20170225131311.14101-1-jlayton@redhat.com>
X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.26]);
	Sat, 25 Feb 2017 13:13:13 +0000 (UTC)
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Most major NFS clients have supported TCP for at least a decade now,
and v4-only shops are becoming more prevalent. It seems reasonable that
serving over UDP should be something that is "opt-in".

I've always hesitated to do this in the past, but now that we have
nfs.conf, it seems like the time may be right to disable UDP in default
configurations. In particular, it would be good to try this in the more
bleeding edge distros (Fedora, Ubuntu, SuSE, etc...) and see how
problematic it is.

Change the default in rpc.nfsd to just open TCP ports by default. Add
new -u and -t options that allow users to explicitly override what's
in the config file, and update the usage message and manpage.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 nfs.conf                  |  2 +-
 support/include/nfs/nfs.h |  2 +-
 utils/nfsd/nfsd.c         | 18 +++++++++++++-----
 utils/nfsd/nfsd.man       | 14 ++++++++------
 4 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/nfs.conf b/nfs.conf
index 81ece0602dba..5d5a23463cff 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -42,7 +42,7 @@
 # port=0
 # grace-time=90
 # lease-time=90
-# udp=y
+# udp=n
 # tcp=y
 # vers2=n
 # vers3=y
diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
index 15ecc6bfc485..5b1ef0ce3883 100644
--- a/support/include/nfs/nfs.h
+++ b/support/include/nfs/nfs.h
@@ -27,6 +27,7 @@ struct nfs_fh_len {
 
 #define NFSCTL_UDPBIT		      (1 << (17 - 1))
 #define NFSCTL_TCPBIT		      (1 << (18 - 1))
+#define NFSCTL_PROTODEFAULT	      (NFSCTL_TCPBIT)
 
 #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1))) 
 #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT) 
@@ -42,6 +43,5 @@ struct nfs_fh_len {
 #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
 
 #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
-#define NFSCTL_ALLBITS (~0)
 
 #endif /* _NFS_NFS_H */
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index 20f4b7952203..5d101f0e98c3 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -44,7 +44,9 @@ static struct option longopts[] =
 	{ "help", 0, 0, 'h' },
 	{ "no-nfs-version", 1, 0, 'N' },
 	{ "nfs-version", 1, 0, 'V' },
+	{ "tcp", 0, 0, 't' },
 	{ "no-tcp", 0, 0, 'T' },
+	{ "udp", 0, 0, 'u' },
 	{ "no-udp", 0, 0, 'U' },
 	{ "port", 1, 0, 'P' },
 	{ "port", 1, 0, 'p' },
@@ -68,7 +70,7 @@ main(int argc, char **argv)
 	unsigned int minorvers = 0;
 	unsigned int minorversset = 0;
 	unsigned int versbits = NFSCTL_VERDEFAULT;
-	unsigned int protobits = NFSCTL_ALLBITS;
+	unsigned int protobits = NFSCTL_PROTODEFAULT;
 	int grace = -1;
 	int lease = -1;
 
@@ -138,7 +140,7 @@ main(int argc, char **argv)
 		}
 	}
 
-	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
+	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:stTitUrG:L:", longopts, NULL)) != EOF) {
 		switch(c) {
 		case 'd':
 			xlog_config(D_ALL, 1);
@@ -222,9 +224,15 @@ main(int argc, char **argv)
 			xlog_syslog(1);
 			xlog_stderr(0);
 			break;
+		case 't':
+			NFSCTL_TCPSET(protobits);
+			break;
 		case 'T':
 			NFSCTL_TCPUNSET(protobits);
 			break;
+		case 'u':
+			NFSCTL_UDPSET(protobits);
+			break;
 		case 'U':
 			NFSCTL_UDPUNSET(protobits);
 			break;
@@ -372,9 +380,9 @@ usage(const char *prog)
 {
 	fprintf(stderr, "Usage:\n"
 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
-		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
-		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
-		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
+		"   [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
+		"   [-s|--syslog] [-t|--tcp] [-T|--no-tcp] [-u|--udp] [-U|--no-udp]\n"
+		"   [-r|--rdma=] [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
 		prog);
 	exit(2);
 }
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
index 8901fb6c6872..e0c640a64094 100644
--- a/utils/nfsd/nfsd.man
+++ b/utils/nfsd/nfsd.man
@@ -67,15 +67,17 @@ logs error messages (and debug messages, if enabled) to stderr. This option make
 log these messages to syslog instead. Note that errors encountered during
 option processing will still be logged to stderr regardless of this option.
 .TP
+.B \-t " or " \-\-tcp
+Instruct the kernel nfs server to open and listen on a TCP socket. This is the default.
+.TP
 .B \-T " or " \-\-no-tcp
-Disable 
-.B rpc.nfsd 
-from accepting TCP connections from clients.
+Instruct the kernel nfs server not to open and listen on a TCP socket.
+.TP
+.B \-u " or " \-\-udp
+Instruct the kernel nfs server to open and listen on a UDP socket.
 .TP
 .B \-U " or " \-\-no-udp
-Disable
-.B rpc.nfsd
-from accepting UDP connections from clients.
+Instruct the kernel nfs server not to open and listen on a UDP socket. This is the default.
 .TP
 .B \-V " or " \-\-nfs-version vers
 This option can be used to request that