2005-01-07 01:45:51 +00:00
|
|
|
/*-
|
1997-02-10 02:22:35 +00:00
|
|
|
* Copyright (c) 1989, 1993, 1995
|
1994-05-24 10:09:53 +00:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
* Rick Macklem at The University of Guelph.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1997-02-10 02:22:35 +00:00
|
|
|
* @(#)nfs.h 8.4 (Berkeley) 5/1/95
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
2001-09-18 23:32:09 +00:00
|
|
|
#ifndef _NFSSERVER_NFS_H_
|
|
|
|
#define _NFSSERVER_NFS_H_
|
1994-08-21 06:50:16 +00:00
|
|
|
|
1999-12-29 05:07:58 +00:00
|
|
|
#ifdef _KERNEL
|
1998-06-30 03:01:37 +00:00
|
|
|
#include "opt_nfs.h"
|
1998-06-30 11:19:22 +00:00
|
|
|
#endif
|
1998-06-30 03:01:37 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Tunable constants for nfs
|
|
|
|
*/
|
|
|
|
|
2004-03-14 06:21:56 +00:00
|
|
|
#define NFS_TICKINTVL 10 /* Desired time for a tick (msec) */
|
1995-06-27 11:07:30 +00:00
|
|
|
#define NFS_HZ (hz / nfs_ticks) /* Ticks/sec */
|
|
|
|
#define NFS_TIMEO (1 * NFS_HZ) /* Default timeout = 1 second */
|
|
|
|
#define NFS_MINTIMEO (1 * NFS_HZ) /* Min timeout to use */
|
|
|
|
#define NFS_MAXTIMEO (60 * NFS_HZ) /* Max timeout to backoff to */
|
|
|
|
#define NFS_MINIDEMTIMEO (5 * NFS_HZ) /* Min timeout for non-idempotent ops*/
|
1994-05-24 10:09:53 +00:00
|
|
|
#define NFS_MAXUIDHASH 64 /* Max. # of hashed uid entries/mp */
|
1995-06-27 11:07:30 +00:00
|
|
|
#ifndef NFS_GATHERDELAY
|
|
|
|
#define NFS_GATHERDELAY 10 /* Default write gather delay (msec) */
|
|
|
|
#endif
|
1999-12-29 05:07:58 +00:00
|
|
|
#ifdef _KERNEL
|
1997-03-29 12:34:33 +00:00
|
|
|
#define DIRBLKSIZ 512 /* XXX we used to use ufs's DIRBLKSIZ */
|
|
|
|
#endif
|
1995-06-27 11:07:30 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Oddballs
|
|
|
|
*/
|
|
|
|
#define NFS_SRVMAXDATA(n) \
|
|
|
|
(((n)->nd_flag & ND_NFSV3) ? (((n)->nd_nam2) ? \
|
|
|
|
NFS_MAXDGRAMDATA : NFS_MAXDATA) : NFS_V2MAXDATA)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX
|
|
|
|
* The B_INVAFTERWRITE flag should be set to whatever is required by the
|
|
|
|
* buffer cache code to say "Invalidate the block after it is written back".
|
|
|
|
*/
|
|
|
|
#define B_INVAFTERWRITE B_NOCACHE
|
|
|
|
|
|
|
|
/*
|
2002-05-16 21:28:32 +00:00
|
|
|
* The IO_METASYNC flag should be implemented for local filesystems.
|
1995-06-27 11:07:30 +00:00
|
|
|
* (Until then, it is nothin at all.)
|
|
|
|
*/
|
|
|
|
#ifndef IO_METASYNC
|
|
|
|
#define IO_METASYNC 0
|
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-10 02:22:35 +00:00
|
|
|
|
2001-09-18 23:32:09 +00:00
|
|
|
/* NFS state flags XXX -Wunused */
|
|
|
|
#define NFSRV_SNDLOCK 0x01000000 /* Send socket lock */
|
|
|
|
#define NFSRV_WANTSND 0x02000000 /* Want above */
|
1997-02-10 02:22:35 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Structures for the nfssvc(2) syscall. Not that anyone but nfsd and mount_nfs
|
|
|
|
* should ever try and use it.
|
|
|
|
*/
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a socket to monitor for NFS requests.
|
|
|
|
*/
|
|
|
|
struct nfsd_addsock_args {
|
1994-05-24 10:09:53 +00:00
|
|
|
int sock; /* Socket to serve */
|
1997-02-10 02:22:35 +00:00
|
|
|
caddr_t name; /* Client addr for connection based sockets */
|
1994-05-24 10:09:53 +00:00
|
|
|
int namelen; /* Length of name */
|
|
|
|
};
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
/*
|
|
|
|
* Start processing requests.
|
|
|
|
*/
|
|
|
|
struct nfsd_nfsd_args {
|
|
|
|
const char *principal; /* GSS-API service principal name */
|
|
|
|
int minthreads; /* minimum service thread count */
|
|
|
|
int maxthreads; /* maximum service thread count */
|
|
|
|
};
|
|
|
|
|
1997-02-10 02:22:35 +00:00
|
|
|
/*
|
|
|
|
* XXX to allow amd to include nfs.h without nfsproto.h
|
|
|
|
*/
|
|
|
|
#ifdef NFS_NPROCS
|
2001-09-18 23:32:09 +00:00
|
|
|
#include <nfsserver/nfsrvstats.h>
|
1997-02-10 02:22:35 +00:00
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Flags for nfssvc() system call.
|
|
|
|
*/
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#define NFSSVC_OLDNFSD 0x004
|
1994-05-24 10:09:53 +00:00
|
|
|
#define NFSSVC_ADDSOCK 0x008
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#define NFSSVC_NFSD 0x010
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1994-10-23 23:26:18 +00:00
|
|
|
/*
|
2001-09-18 23:32:09 +00:00
|
|
|
* vfs.nfsrv sysctl(3) identifiers
|
1994-10-23 23:26:18 +00:00
|
|
|
*/
|
2001-09-18 23:32:09 +00:00
|
|
|
#define NFS_NFSRVSTATS 1 /* struct: struct nfsrvstats */
|
1997-03-27 20:01:07 +00:00
|
|
|
#define NFS_NFSPRIVPORT 2 /* int: prohibit nfs to resvports */
|
1994-10-23 23:26:18 +00:00
|
|
|
|
1999-12-29 05:07:58 +00:00
|
|
|
#ifdef _KERNEL
|
1994-11-02 00:11:00 +00:00
|
|
|
|
The socket code upcalls into the NFS server using the so_upcall
mechanism so that early processing on mbufs can be performed before
a context switch to the NFS server threads. Because of this, if
the socket code is running without Giant, the NFS server also needs
to be able to run the upcall code without relying on the presence on
Giant. This change modifies the NFS server to run using a "giant
code lock" covering operation of the whole subsystem. Work is in
progress to move to data-based locking as part of the NFSv4 server
changes.
Introduce an NFS server subsystem lock, 'nfsd_mtx', and a set of
macros to operate on the lock:
NFSD_LOCK_ASSERT() Assert nfsd_mtx owned by current thread
NFSD_UNLOCK_ASSERT() Assert nfsd_mtx not owned by current thread
NFSD_LOCK_DONTCARE() Advisory: this function doesn't care
NFSD_LOCK() Lock nfsd_mtx
NFSD_UNLOCK() Unlock nfsd_mtx
Constify a number of global variables/structures in the NFS server
code, as they are not modified and contain constants only:
nfsrvv2_procid nfsrv_nfsv3_procid nonidempotent
nfsv2_repstat nfsv2_type nfsrv_nfsv3_procid
nfsrvv2_procid nfsrv_v2errmap nfsv3err_null
nfsv3err_getattr nfsv3err_setattr nfsv3err_lookup
nfsv3err_access nfsv3err_readlink nfsv3err_read
nfsv3err_write nfsv3err_create nfsv3err_mkdir
nfsv3err_symlink nfsv3err_mknod nfsv3err_remove
nfsv3err_rmdir nfsv3err_rename nfsv3err_link
nfsv3err_readdir nfsv3err_readdirplus nfsv3err_fsstat
nfsv3err_fsinfo nfsv3err_pathconf nfsv3err_commit
nfsrv_v3errmap
There are additional structures that should be constified but due
to their being passed into general purpose functions without const
arguments, I have not yet converted.
In general, acquire nfsd_mtx when accessing any of the global NFS
structures, including struct nfssvc_sock, struct nfsd, struct
nfsrv_descript.
Release nfsd_mtx whenever calling into VFS, and acquire Giant for
calls into VFS. Giant is not required for any part of the
operation of the NFS server with the exception of calls into VFS.
Giant will never by acquired in the upcall code path. However, it
may operate entirely covered by Giant, or not. If debug.mpsafenet
is set to 0, the system calls will acquire Giant across all
operations, and the upcall will assert Giant. As such, by default,
this enables locking and allows us to test assertions, but should not
cause any substantial new amount of code to be run without Giant.
Bugs should manifest in the form of lock assertion failures for now.
This approach is similar (but not identical) to modifications to the
BSD/OS NFS server code snapshot provided by BSDi as part of their
SMPng snapshot. The strategy is almost the same (single lock over
the NFS server), but differs in the following ways:
- Our NFS client and server code bases don't overlap, which means
both fewer bugs and easier locking (thanks Peter!). Also means
NFSD_*() as opposed to NFS_*().
- We make broad use of assertions, whereas the BSD/OS code does not.
- Made slightly different choices about how to handle macros building
packets but operating with side effects.
- We acquire Giant only when entering VFS from the NFS server daemon
threads.
- Serious bugs in BSD/OS implementation corrected -- the snapshot we
received was clearly a work in progress.
Based on ideas from: BSDi SMPng Snapshot
Reviewed by: rick@snowhite.cis.uoguelph.ca
Extensive testing by: kris
2004-05-24 04:06:14 +00:00
|
|
|
extern struct mtx nfsd_mtx;
|
|
|
|
#define NFSD_LOCK_ASSERT() mtx_assert(&nfsd_mtx, MA_OWNED)
|
|
|
|
#define NFSD_UNLOCK_ASSERT() mtx_assert(&nfsd_mtx, MA_NOTOWNED)
|
|
|
|
#define NFSD_LOCK_DONTCARE()
|
|
|
|
#define NFSD_LOCK() mtx_lock(&nfsd_mtx)
|
|
|
|
#define NFSD_UNLOCK() mtx_unlock(&nfsd_mtx)
|
|
|
|
|
1997-10-12 20:26:33 +00:00
|
|
|
#ifdef MALLOC_DECLARE
|
|
|
|
MALLOC_DECLARE(M_NFSRVDESC);
|
|
|
|
MALLOC_DECLARE(M_NFSD);
|
1998-05-24 14:41:56 +00:00
|
|
|
#endif
|
|
|
|
|
2001-09-18 23:32:09 +00:00
|
|
|
/* Forward declarations */
|
|
|
|
struct nfssvc_sock;
|
|
|
|
struct nfsrv_descript;
|
|
|
|
struct uio;
|
|
|
|
struct vattr;
|
|
|
|
struct nameidata;
|
1997-10-12 20:26:33 +00:00
|
|
|
|
2004-03-07 16:28:31 +00:00
|
|
|
extern struct callout nfsrv_callout;
|
2001-09-18 23:32:09 +00:00
|
|
|
extern struct nfsrvstats nfsrvstats;
|
1998-09-07 05:42:15 +00:00
|
|
|
|
2002-01-08 19:41:06 +00:00
|
|
|
extern int nfsrv_ticks;
|
2001-09-18 23:32:09 +00:00
|
|
|
extern int nfsrvw_procrastinate;
|
|
|
|
extern int nfsrvw_procrastinate_v3;
|
2004-04-11 13:33:34 +00:00
|
|
|
extern int nfsrv_numnfsd;
|
1994-11-02 00:11:00 +00:00
|
|
|
|
2001-09-18 23:32:09 +00:00
|
|
|
/* Various values converted to XDR form. */
|
2002-01-08 19:41:06 +00:00
|
|
|
extern u_int32_t nfsrv_nfs_false, nfsrv_nfs_true, nfsrv_nfs_xdrneg1,
|
|
|
|
nfsrv_nfs_prog;
|
|
|
|
extern u_int32_t nfsrv_rpc_reply, nfsrv_rpc_msgdenied, nfsrv_rpc_mismatch,
|
|
|
|
nfsrv_rpc_vers;
|
|
|
|
extern u_int32_t nfsrv_rpc_auth_unix, nfsrv_rpc_msgaccepted, nfsrv_rpc_call,
|
|
|
|
nfsrv_rpc_autherr;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-09-18 23:32:09 +00:00
|
|
|
/* Procedure table data */
|
The socket code upcalls into the NFS server using the so_upcall
mechanism so that early processing on mbufs can be performed before
a context switch to the NFS server threads. Because of this, if
the socket code is running without Giant, the NFS server also needs
to be able to run the upcall code without relying on the presence on
Giant. This change modifies the NFS server to run using a "giant
code lock" covering operation of the whole subsystem. Work is in
progress to move to data-based locking as part of the NFSv4 server
changes.
Introduce an NFS server subsystem lock, 'nfsd_mtx', and a set of
macros to operate on the lock:
NFSD_LOCK_ASSERT() Assert nfsd_mtx owned by current thread
NFSD_UNLOCK_ASSERT() Assert nfsd_mtx not owned by current thread
NFSD_LOCK_DONTCARE() Advisory: this function doesn't care
NFSD_LOCK() Lock nfsd_mtx
NFSD_UNLOCK() Unlock nfsd_mtx
Constify a number of global variables/structures in the NFS server
code, as they are not modified and contain constants only:
nfsrvv2_procid nfsrv_nfsv3_procid nonidempotent
nfsv2_repstat nfsv2_type nfsrv_nfsv3_procid
nfsrvv2_procid nfsrv_v2errmap nfsv3err_null
nfsv3err_getattr nfsv3err_setattr nfsv3err_lookup
nfsv3err_access nfsv3err_readlink nfsv3err_read
nfsv3err_write nfsv3err_create nfsv3err_mkdir
nfsv3err_symlink nfsv3err_mknod nfsv3err_remove
nfsv3err_rmdir nfsv3err_rename nfsv3err_link
nfsv3err_readdir nfsv3err_readdirplus nfsv3err_fsstat
nfsv3err_fsinfo nfsv3err_pathconf nfsv3err_commit
nfsrv_v3errmap
There are additional structures that should be constified but due
to their being passed into general purpose functions without const
arguments, I have not yet converted.
In general, acquire nfsd_mtx when accessing any of the global NFS
structures, including struct nfssvc_sock, struct nfsd, struct
nfsrv_descript.
Release nfsd_mtx whenever calling into VFS, and acquire Giant for
calls into VFS. Giant is not required for any part of the
operation of the NFS server with the exception of calls into VFS.
Giant will never by acquired in the upcall code path. However, it
may operate entirely covered by Giant, or not. If debug.mpsafenet
is set to 0, the system calls will acquire Giant across all
operations, and the upcall will assert Giant. As such, by default,
this enables locking and allows us to test assertions, but should not
cause any substantial new amount of code to be run without Giant.
Bugs should manifest in the form of lock assertion failures for now.
This approach is similar (but not identical) to modifications to the
BSD/OS NFS server code snapshot provided by BSDi as part of their
SMPng snapshot. The strategy is almost the same (single lock over
the NFS server), but differs in the following ways:
- Our NFS client and server code bases don't overlap, which means
both fewer bugs and easier locking (thanks Peter!). Also means
NFSD_*() as opposed to NFS_*().
- We make broad use of assertions, whereas the BSD/OS code does not.
- Made slightly different choices about how to handle macros building
packets but operating with side effects.
- We acquire Giant only when entering VFS from the NFS server daemon
threads.
- Serious bugs in BSD/OS implementation corrected -- the snapshot we
received was clearly a work in progress.
Based on ideas from: BSDi SMPng Snapshot
Reviewed by: rick@snowhite.cis.uoguelph.ca
Extensive testing by: kris
2004-05-24 04:06:14 +00:00
|
|
|
extern const int nfsrvv2_procid[NFS_NPROCS];
|
|
|
|
extern const int nfsrv_nfsv3_procid[NFS_NPROCS];
|
2001-09-18 23:32:09 +00:00
|
|
|
extern int32_t (*nfsrv3_procs[NFS_NPROCS])(struct nfsrv_descript *nd,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct nfssvc_sock *slp, struct mbuf **mreqp);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* A list of nfssvc_sock structures is maintained with all the sockets
|
|
|
|
* that require service by the nfsd.
|
|
|
|
*/
|
1995-06-27 11:07:30 +00:00
|
|
|
#ifndef NFS_WDELAYHASHSIZ
|
|
|
|
#define NFS_WDELAYHASHSIZ 16 /* and with this */
|
|
|
|
#endif
|
|
|
|
#define NWDELAYHASH(sock, f) \
|
1998-05-31 20:09:01 +00:00
|
|
|
(&(sock)->ns_wdelayhashtbl[(*((u_int32_t *)(f))) % NFS_WDELAYHASHSIZ])
|
1994-05-24 10:09:53 +00:00
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#ifdef NFS_LEGACYRPC
|
1998-05-31 17:27:58 +00:00
|
|
|
/*
|
|
|
|
* Network address hash list element
|
|
|
|
*/
|
|
|
|
union nethostaddr {
|
1998-05-31 20:09:01 +00:00
|
|
|
u_int32_t had_inetaddr;
|
1998-05-31 17:27:58 +00:00
|
|
|
struct sockaddr *had_nam;
|
|
|
|
};
|
|
|
|
|
1997-05-13 17:25:44 +00:00
|
|
|
struct nfsrv_rec {
|
2000-05-26 02:09:24 +00:00
|
|
|
STAILQ_ENTRY(nfsrv_rec) nr_link;
|
1997-08-16 19:16:27 +00:00
|
|
|
struct sockaddr *nr_address;
|
1997-05-13 17:25:44 +00:00
|
|
|
struct mbuf *nr_packet;
|
|
|
|
};
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
struct nfssvc_sock {
|
2000-05-26 02:09:24 +00:00
|
|
|
TAILQ_ENTRY(nfssvc_sock) ns_chain; /* List of all nfssvc_sock's */
|
1994-05-24 10:09:53 +00:00
|
|
|
struct file *ns_fp;
|
|
|
|
struct socket *ns_so;
|
1997-08-16 19:16:27 +00:00
|
|
|
struct sockaddr *ns_nam;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct mbuf *ns_raw;
|
|
|
|
struct mbuf *ns_rawend;
|
2000-05-26 02:09:24 +00:00
|
|
|
STAILQ_HEAD(, nfsrv_rec) ns_rec;
|
1995-06-27 11:07:30 +00:00
|
|
|
struct mbuf *ns_frag;
|
|
|
|
int ns_flag;
|
|
|
|
int ns_solock;
|
|
|
|
int ns_cc;
|
|
|
|
int ns_reclen;
|
1998-05-31 20:09:01 +00:00
|
|
|
u_int32_t ns_sref;
|
2000-05-26 02:09:24 +00:00
|
|
|
LIST_HEAD(, nfsrv_descript) ns_tq; /* Write gather lists */
|
|
|
|
LIST_HEAD(nfsrvw_delayhash, nfsrv_descript) ns_wdelayhashtbl[NFS_WDELAYHASHSIZ];
|
1994-05-24 10:09:53 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* Bits for "ns_flag" */
|
2004-04-06 01:58:58 +00:00
|
|
|
#define SLP_VALID 0x01 /* Socket valid for use (XXX) */
|
|
|
|
#define SLP_DOREC 0x02 /* Socket ready for processing */
|
|
|
|
#define SLP_NEEDQ 0x04 /* Socket has request queued */
|
|
|
|
#define SLP_DISCONN 0x08 /* Error received from stream socket */
|
|
|
|
#define SLP_GETSTREAM 0x10 /* nfsrv_getstream in prog on sock */
|
|
|
|
#define SLP_LASTFRAG 0x20 /* Socket received end-of-record */
|
1994-05-24 10:09:53 +00:00
|
|
|
#define SLP_ALLFLAGS 0xff
|
|
|
|
|
2000-05-26 02:09:24 +00:00
|
|
|
extern TAILQ_HEAD(nfssvc_sockhead, nfssvc_sock) nfssvc_sockhead;
|
1995-07-29 11:44:31 +00:00
|
|
|
extern int nfssvc_sockhead_flag;
|
1994-10-17 17:47:45 +00:00
|
|
|
#define SLP_INIT 0x01
|
|
|
|
#define SLP_WANTINIT 0x02
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* One of these structures is allocated for each nfsd.
|
|
|
|
*/
|
|
|
|
struct nfsd {
|
2000-05-26 02:09:24 +00:00
|
|
|
TAILQ_ENTRY(nfsd) nfsd_chain; /* List of all nfsd's */
|
1995-06-27 11:07:30 +00:00
|
|
|
int nfsd_flag; /* NFSD_ flags */
|
|
|
|
struct nfssvc_sock *nfsd_slp; /* Current socket */
|
|
|
|
int nfsd_authlen; /* Authenticator len */
|
|
|
|
u_char nfsd_authstr[RPCAUTH_MAXSIZ]; /* Authenticator data */
|
|
|
|
int nfsd_verflen; /* and the Verifier */
|
|
|
|
u_char nfsd_verfstr[RPCVERF_MAXSIZ];
|
|
|
|
struct nfsrv_descript *nfsd_nd; /* Associated nfsrv_descript */
|
1994-05-24 10:09:53 +00:00
|
|
|
};
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
/* Bits for "nfsd_flag" */
|
1994-05-24 10:09:53 +00:00
|
|
|
#define NFSD_WAITING 0x01
|
1994-10-17 17:47:45 +00:00
|
|
|
#define NFSD_REQINPROG 0x02
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
/*
|
|
|
|
* This structure is used by the server for describing each request.
|
|
|
|
* Some fields are used only when write request gathering is performed.
|
|
|
|
*/
|
|
|
|
struct nfsrv_descript {
|
|
|
|
u_quad_t nd_time; /* Write deadline (usec) */
|
|
|
|
off_t nd_off; /* Start byte offset */
|
|
|
|
off_t nd_eoff; /* and end byte offset */
|
2000-05-26 02:09:24 +00:00
|
|
|
LIST_ENTRY(nfsrv_descript) nd_hash; /* Hash list */
|
2001-09-18 23:32:09 +00:00
|
|
|
LIST_ENTRY(nfsrv_descript) nd_tq; /* and timer list */
|
|
|
|
LIST_HEAD(, nfsrv_descript) nd_coalesce;/* coalesced writes */
|
1995-06-27 11:07:30 +00:00
|
|
|
struct mbuf *nd_mrep; /* Request mbuf list */
|
|
|
|
struct mbuf *nd_md; /* Current dissect mbuf */
|
|
|
|
struct mbuf *nd_mreq; /* Reply mbuf list */
|
1997-08-16 19:16:27 +00:00
|
|
|
struct sockaddr *nd_nam; /* and socket addr */
|
|
|
|
struct sockaddr *nd_nam2; /* return socket addr */
|
1995-06-27 11:07:30 +00:00
|
|
|
caddr_t nd_dpos; /* Current dissect pos */
|
1997-06-03 17:22:47 +00:00
|
|
|
u_int32_t nd_procnum; /* RPC # */
|
1995-06-27 11:07:30 +00:00
|
|
|
int nd_stable; /* storage type */
|
|
|
|
int nd_flag; /* nd_flag */
|
|
|
|
int nd_len; /* Length of this write */
|
|
|
|
int nd_repstat; /* Reply status */
|
1998-05-31 20:09:01 +00:00
|
|
|
u_int32_t nd_retxid; /* Reply xid */
|
1995-06-27 11:07:30 +00:00
|
|
|
struct timeval nd_starttime; /* Time RPC initiated */
|
|
|
|
fhandle_t nd_fh; /* File handle */
|
2006-01-28 19:24:40 +00:00
|
|
|
struct ucred *nd_cr; /* Credentials */
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int nd_credflavor; /* Security flavor */
|
1995-06-27 11:07:30 +00:00
|
|
|
};
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#else
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This structure is used by the server for describing each request.
|
|
|
|
*/
|
|
|
|
struct nfsrv_descript {
|
|
|
|
struct mbuf *nd_mrep; /* Request mbuf list */
|
|
|
|
struct mbuf *nd_md; /* Current dissect mbuf */
|
|
|
|
struct mbuf *nd_mreq; /* Reply mbuf list */
|
|
|
|
struct sockaddr *nd_nam; /* and socket addr */
|
|
|
|
struct sockaddr *nd_nam2; /* return socket addr */
|
|
|
|
caddr_t nd_dpos; /* Current dissect pos */
|
|
|
|
u_int32_t nd_procnum; /* RPC # */
|
|
|
|
int nd_stable; /* storage type */
|
|
|
|
int nd_flag; /* nd_flag */
|
|
|
|
int nd_repstat; /* Reply status */
|
|
|
|
fhandle_t nd_fh; /* File handle */
|
|
|
|
struct ucred *nd_cr; /* Credentials */
|
|
|
|
int nd_credflavor; /* Security flavor */
|
|
|
|
};
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
/* Bits for "nd_flag" */
|
|
|
|
#define ND_NFSV3 0x08
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#ifdef NFS_LEGACYRPC
|
|
|
|
|
2000-05-26 02:09:24 +00:00
|
|
|
extern TAILQ_HEAD(nfsd_head, nfsd) nfsd_head;
|
1995-07-29 11:44:31 +00:00
|
|
|
extern int nfsd_head_flag;
|
1994-10-17 17:47:45 +00:00
|
|
|
#define NFSD_CHECKSLP 0x01
|
1994-10-02 17:27:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
/*
|
|
|
|
* These macros compare nfsrv_descript structures.
|
|
|
|
*/
|
|
|
|
#define NFSW_CONTIG(o, n) \
|
|
|
|
((o)->nd_eoff >= (n)->nd_off && \
|
|
|
|
!bcmp((caddr_t)&(o)->nd_fh, (caddr_t)&(n)->nd_fh, NFSX_V3FH))
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#endif
|
|
|
|
|
1997-07-16 09:06:30 +00:00
|
|
|
/*
|
|
|
|
* Defines for WebNFS
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define WEBNFS_ESC_CHAR '%'
|
|
|
|
#define WEBNFS_SPECCHAR_START 0x80
|
|
|
|
|
|
|
|
#define WEBNFS_NATIVE_CHAR 0x80
|
|
|
|
/*
|
|
|
|
* ..
|
|
|
|
* Possibly more here in the future.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Macro for converting escape characters in WebNFS pathnames.
|
|
|
|
* Should really be in libkern.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define HEXTOC(c) \
|
|
|
|
((c) >= 'a' ? ((c) - ('a' - 10)) : \
|
|
|
|
((c) >= 'A' ? ((c) - ('A' - 10)) : ((c) - '0')))
|
|
|
|
#define HEXSTRTOI(p) \
|
|
|
|
((HEXTOC(p[0]) << 4) + HEXTOC(p[1]))
|
|
|
|
|
1997-05-10 16:12:03 +00:00
|
|
|
#ifdef NFS_DEBUG
|
|
|
|
|
|
|
|
extern int nfs_debug;
|
|
|
|
#define NFS_DEBUG_ASYNCIO 1 /* asynchronous i/o */
|
|
|
|
#define NFS_DEBUG_WG 2 /* server write gathering */
|
|
|
|
#define NFS_DEBUG_RC 4 /* server request caching */
|
|
|
|
|
|
|
|
#define NFS_DPF(cat, args) \
|
|
|
|
do { \
|
|
|
|
if (nfs_debug & NFS_DEBUG_##cat) printf args; \
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
#define NFS_DPF(cat, args)
|
|
|
|
|
|
|
|
#endif
|
1997-02-10 02:22:35 +00:00
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#ifdef NFS_LEGACYRPC
|
|
|
|
int netaddr_match(int, union nethostaddr *, struct sockaddr *);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfs_getreq(struct nfsrv_descript *, struct nfsd *, int);
|
|
|
|
int nfsrv_send(struct socket *, struct sockaddr *, struct mbuf *);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int nfsrv_dorec(struct nfssvc_sock *, struct nfsd *,
|
|
|
|
struct nfsrv_descript **);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfs_slplock(struct nfssvc_sock *, int);
|
|
|
|
void nfs_slpunlock(struct nfssvc_sock *);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
void nfsrv_initcache(void);
|
|
|
|
void nfsrv_destroycache(void);
|
|
|
|
void nfsrv_timer(void *);
|
|
|
|
int nfsrv_getcache(struct nfsrv_descript *, struct mbuf **);
|
|
|
|
void nfsrv_updatecache(struct nfsrv_descript *, int, struct mbuf *);
|
|
|
|
void nfsrv_cleancache(void);
|
|
|
|
void nfsrv_rcv(struct socket *so, void *arg, int waitflag);
|
|
|
|
void nfsrv_slpderef(struct nfssvc_sock *slp);
|
|
|
|
void nfsrv_wakenfsd(struct nfssvc_sock *slp);
|
|
|
|
int nfsrv_writegather(struct nfsrv_descript **, struct nfssvc_sock *,
|
|
|
|
struct mbuf **);
|
|
|
|
#endif
|
|
|
|
struct mbuf *nfs_rephead(int, struct nfsrv_descript *, int, struct mbuf **,
|
|
|
|
caddr_t *);
|
2001-09-18 23:32:09 +00:00
|
|
|
void nfsm_srvfattr(struct nfsrv_descript *, struct vattr *,
|
|
|
|
struct nfs_fattr *);
|
|
|
|
void nfsm_srvwcc(struct nfsrv_descript *, int, struct vattr *, int,
|
|
|
|
struct vattr *, struct mbuf **, char **);
|
|
|
|
void nfsm_srvpostopattr(struct nfsrv_descript *, int, struct vattr *,
|
|
|
|
struct mbuf **, char **);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int nfs_namei(struct nameidata *, struct nfsrv_descript *, fhandle_t *,
|
|
|
|
int, struct nfssvc_sock *, struct sockaddr *, struct mbuf **,
|
2008-09-16 21:57:39 +00:00
|
|
|
caddr_t *, struct vnode **, int, struct vattr *, int *, int);
|
2001-09-18 23:32:09 +00:00
|
|
|
void nfsm_adj(struct mbuf *, int, int);
|
|
|
|
int nfsm_mbuftouio(struct mbuf **, struct uio *, int, caddr_t *);
|
|
|
|
void nfsrv_init(int);
|
|
|
|
int nfsrv_errmap(struct nfsrv_descript *, int);
|
|
|
|
void nfsrvw_sort(gid_t *, int);
|
|
|
|
|
|
|
|
int nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_commit(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int nfsrv_fhtovp(fhandle_t *, int, struct vnode **, int *,
|
|
|
|
struct nfsrv_descript *, struct nfssvc_sock *, struct sockaddr *,
|
|
|
|
int *, int);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_setpublicfs(struct mount *, struct netexport *,
|
|
|
|
struct export_args *);
|
|
|
|
int nfs_ispublicfh(fhandle_t *);
|
|
|
|
int nfsrv_fsinfo(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_getattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_link(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_lookup(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_mkdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_mknod(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_noop(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_null(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_readdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_readdirplus(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_readlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_remove(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_rename(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_rmdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_setattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_statfs(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_symlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
2001-09-18 23:32:09 +00:00
|
|
|
int nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
|
2008-09-16 21:57:39 +00:00
|
|
|
struct mbuf **mrq);
|
1999-12-29 05:07:58 +00:00
|
|
|
#endif /* _KERNEL */
|
1994-08-21 06:50:16 +00:00
|
|
|
|
|
|
|
#endif
|