If the "intr" and/or "soft" mount options are used for
NFSv4 mounts, the protocol can be broken when the
operation returns without waiting for the RPC reply.
The likelyhood of failure increases for NFSv4.1/4.2
mounts, since the session slot will be broken when
an RPC reply is not processed.
This is mentioned in the BUGS section of "man mount_nfs",
but more needs to be done. This patch adds code that
generates a warning message when the mount is done.
PR: 260011
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35407
mount_nfs creates entries in the mounttab file and umount removes
them. Entries in the mounttab file ae used by rpc.umntall to
notify the NFS server that NFSv3 entries need to be removed when
they have not been removed by umount.
Without this patch, an enty will be created in the mounttab file,
even if the nmount(2) syscall fails for the mount. This patch
modifies the code so that the mounttab entry is only created
after nmount(2) succeeds.
This change only affects NFSv3 and only affects how showmount
displays NFSv3 mounts.
MFC after: 2 weeks
The "bg" option does not go background until the initial mount
attempt fails, which can take 60+ seconds.
This new "bgnow" option goes background immediately, avoiding
the 60+ second delay, if the NFS server is not yet available.
The man page update is a content change.
Tested by: jwb
Reviewed by: debdrup, emaste
PR: 260764
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33733
interfaces are configured, but for many interfaces (e.g. all Intel)
ifconfig causes link renegotiation, so the first attempt to mount
NFS always fails. After that mount_nfs sleeps for 30 seconds, while
only a couple seconds are actually required for interface to get up.
Instead of sleeping, do select(2) on routing socket and check if
some interface became UP and in this case retry immediately.
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D23934
When mount_nfs calls nmount(2), certain NFSv4 specific errors such as
NFSERR_MINORVERMISMATCH can be returned.
Without this patch, 10021 is reported as an unknown error.
This is not particulcarily serious, but make it difficult for sysadmins
to figure out why the mount attempt is failing.
This patch uses nfsv4_errstr.h to convert 10021 and similar to error strings
that can be printed out.
A positive side effect of this patch is the removal of a reference to
sys/nfsclient/nfs.h, which should no longer be used, since it is
part of the old NFS client.
This patch should only affect reporting of failed mount attempts and not the
semantics of NFS mount attempts.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
The NFSv4 protocol doesn't use the Mount protocol, so it doesn't make sense
to add an entry for an NFSv4 mount to /var/db/mounttab. Also, r308871
modified umount so that it doesn't remove any entry created by mount_nfs.
Reported on freebsd-current@.
Reported by: clbuisson@orange.fr
MFC after: 2 weeks
The code was calling nmount with an fstype of everything in the program
name after the last '_'. This was there to support mount_nfs being
linked to mount_oldnfs. Support for the link was removed in 2015 with
r281691.
Reviewed by: rmacklem
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10301
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
to be negotiated, it could be a Kerberized mount. As such, filling
in the "principal" argument using the canonized host name makes sense.
If it is negotiated as AUTH_SYS, the "principal" argument is meaningless
but harmless.
Requested by: masato@itc.naist.jp
Tested by: masato@itc.naist.jp
PR: 201073
MFC after: 1 month
to mount_nfs(8). They are implemented on Linux, OS X, and Solaris,
and thus can be expected to appear in automounter maps.
Reviewed by: rmacklem@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Our mount_nfs does use -o nfsv<2|3|4> or -2 or -3 to specify the version.
OSX (these days), Solaris, and Linux use -o vers=<2,3,4>.
With the upcoming autofs support we can make a lot of (entrerprisy) setups
getting mount options from LDAP just work by providing -o vers= compatibility.
PR: 192379
Reviewed by: wblock, bjk (man page), rmacklem, emaste
MFC after: 3 days
Sponsored by: DARPA,AFRL
NFS client (which I guess is no longer experimental). The fstype "newnfs"
is now "nfs" and the regular/old NFS client is now fstype "oldnfs".
Although mounts via fstype "nfs" will usually work without userland
changes, an updated mount_nfs(8) binary is needed for kernels built with
"options NFSCL" but not "options NFSCLIENT". Updated mount_nfs(8) and
mount(8) binaries are needed to do mounts for fstype "oldnfs".
The GENERIC kernel configs have been changed to use options
NFSCL and NFSD (the new client and server) instead of NFSCLIENT and NFSSERVER.
For kernels being used on diskless NFS root systems, "options NFSCL"
must be in the kernel config.
Discussed on freebsd-fs@.
Since the existing implementation searches ':' backward, a path which
includes ':' could not be mounted. You can now mount such path by
enclosing an IP address by '[]'.
Though we should change to search ':' forward, it will break
'ipv6addr:path' which is currently working. So, it still searches ':'
backward, at least for now.
MFC after: 2 weeks
value is preceded by an option without value (for example -o
option1,option2=value). Options must be separated before searching for
'='. Also compare pnextopt explicitly against NULL.
PR: bin/134069
Approved by: trasz (mentor)
from UDP to TCP, so that it is consistent with TCP for NFS, which
became the default at r176198. Without this change, doing an NFS mount
against a server that only supports UDP would result in an unusable
mount point if a transport protocol option wasn't specified for the
mount.
Approved by: kib (mentor)
MFC after: 3 days
experimental client is used when the fstype is "newnfs" or the "nfsv4"
option is specified. It includes the addition of the option:
gssname - to specify a client side initiator host based principal name
which is specific to NFSv4.
It also includes a change to mount.c, so that it knows about
mount_newnfs, but not mount_nfs4.
Reviewed by: dfr
Approved by: kib (mentor)
in fallback_mount() function.
Add a comment to indicate that the fallback_mount() function
should eventually go away.
Submitted by: Jaakko Heinonen <jh saunalahti fi>
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
via nmount(), build up an iovec where each iovec member is an NFS mount
option, and pass the iovec down to the kernel via nmount(). These options
are then parsed in the kernel.
This should make it easier to add new NFS mount options in future.
Many, many thanks to Doug Rabson for taking my initial patches,
and cleaning them up. In addition, Doug added a fallback_mount()
function so that the newer mount_nfs program will work against older
kernels, to facilitate upgrading/downgrading scenarios.
Doug also re-wrote the mount_nfs.8 man page.
Reviewed by: dfr
NFS root r/w.
The real solution would be to bring the whole nmount(2)
framework, including FS drivers and userland tools, into
a consistent state at last; but things should work in the
meantime, too.
Reported by: kris
historical relic, and are no longer appropriate for either LAN or WAN
mounting. At modern (gigabit and 10 gigabit) LAN speeds packet loss
from socket buffer fill events is common, and sequence numbers wrap
quickly enough that data corruption is possible. TCP solves both of
these problems without imposing significant overhead.
MFC after: 1 month
This is for better compatibility with other environments (Linux, Solaris,
HP-UX, AIX and Tru64 support these options).
PR: bin/109924
MFC after: 1 week
If argv[0] == "mount_nfs4", then default to mounting NFSv4,
otherwise if argv[0] == "mount_nfs", default to the old mount_nfs behavior.
- Add a -4 option.
- Add the University of Michigan copyright from mount_nfs4.c, for the
code merged from mount_nfs4.c.
Reviewed by: rees
This will allow the NFS mount code to return a string error message
in addition to returning an error integer value.
Reviewed by: mohans
MFC after: 1 month
