svn commit: r216430 - stable/8/sys/fs/nfsserver

[Rick Macklem]

Author: rmacklem
Date: Tue Dec 14 13:45:57 2010
New Revision: 216430
URL: http://svn.freebsd.org/changeset/base/216430

Log:
  MFC: r216330
  Disable attempts to establish a callback connection from the
  experimental NFSv4 server to a NFSv4 client when delegations are not
  being issued, even if the client advertises a callback path.
  This avoids a problem where a Linux client advertises a
  callback path that doesn't work, due to a firewall, and then
  times out an Open attempt before the FreeBSD server gives up
  its callback connection attempt. (Suggested by
  drb at karlov.mff.cuni.cz.) The server should probably have
  a 1sec timeout on callback connection attempts when there are
  no delegations issued to the client, but that patch will require
  changes to the krpc and this serves as a work around until then.
  
  Tested by:	drb at karlov.mff.cuni.cz
  Approved by:	re (kib)

Modified:
  stable/8/sys/fs/nfsserver/nfs_nfsdstate.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/fs/nfsserver/nfs_nfsdstate.c
==============================================================================
--- stable/8/sys/fs/nfsserver/nfs_nfsdstate.c	Tue Dec 14 10:06:28 2010	(r216429)
+++ stable/8/sys/fs/nfsserver/nfs_nfsdstate.c	Tue Dec 14 13:45:57 2010	(r216430)
@@ -147,12 +147,20 @@ nfsrv_setclient(struct nfsrv_descript *n
 	if (nfsrv_openpluslock > NFSRV_V4STATELIMIT)
 		return (NFSERR_RESOURCE);
 
-	if ((nd->nd_flag & ND_GSS) && nfsrv_nogsscallback)
+	if (nfsrv_issuedelegs == 0 ||
+	    ((nd->nd_flag & ND_GSS) != 0 && nfsrv_nogsscallback != 0))
 		/*
-		 * Don't do callbacks for AUTH_GSS.
-		 * (Since these aren't yet debugged, they might cause the
-		 *  server to crap out, if they get past the Init call to
-		 *  the client.)
+		 * Don't do callbacks when delegations are disabled or
+		 * for AUTH_GSS unless enabled via nfsrv_nogsscallback.
+		 * If establishing a callback connection is attempted
+		 * when a firewall is blocking the callback path, the
+		 * server may wait too long for the connect attempt to
+		 * succeed during the Open. Some clients, such as Linux,
+		 * may timeout and give up on the Open before the server
+		 * replies. Also, since AUTH_GSS callbacks are not
+		 * yet interoperability tested, they might cause the
+		 * server to crap out, if they get past the Init call to
+		 * the client.
 		 */
 		new_clp->lc_program = 0;