nfsuserd + jails mbufs leak ?
Rick Macklem
rmacklem at uoguelph.ca
Sat Dec 31 22:34:03 UTC 2016
Julien Cigar wrote:
>I just upgraded a bunch of machines from 10.0 to 10.3. Those machines
>have a lot of jails with NFS shares (mounted on the HOST), for example:
[stuff snipped]
>On the hosts since I upgraded to 10.3 I'm seeing tons of:
>Dec 31 14:29:33 duvel nfsuserd:[675]: req from ip=0xc0a80a21 port=618
>
>It is not clear to me yet why I'm getting this, but from what I
>understand it's because requests are not coming from 127.0.0.1 but from
>the jail ip (192.168.10.x in my case).. Parallel to this I'm observing a
>constant increase of mbufs usage so that at some point in time I'm
>getting an exhaustion of mbufs:
Yes, nfsuserd only accepts upcalls from 127.0.0.1 (about the only time a
reserved port# actually means anything).
As such, it doesn't work when you have jails.
I came up with a patch that switched nfsuserd to using AF_LOCAL, but the
person testing this at the time had hangs, so I never committed it to head, etc.
(I don't know what the mbuf leak is, but since it is busted and useless, I don't
think fixing the leak is necessary.;-)
Your choices are:
1 - As you mentioned, don't run nfsuserd. If you are using FreeBSD and/or Linux
clients, this should work once you set vfs.nfsd.enablestringtouid (or whatever
it is called) to 1.
2 - I had a patch that added an option to nfsuserd that allowed specification of
a different ip address (unfortunately, I don't have this old patch handy, but
might be able to find it at the end of this week. Email if you want me to find it.)
rick
More information about the freebsd-fs
mailing list