Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/mountd Allow setting the reserved port we bind, wit...
details: https://anonhg.NetBSD.org/src/rev/010bf41fe7c5
branches: trunk
changeset: 584465:010bf41fe7c5
user: christos <christos%NetBSD.org@localhost>
date: Mon Sep 19 00:59:56 2005 +0000
description:
Allow setting the reserved port we bind, witb -p. I've had this patch for
3 months stashed...
diffstat:
usr.sbin/mountd/mountd.8 | 24 ++++++++++++++++------
usr.sbin/mountd/mountd.c | 50 +++++++++++++++++++++++++++++++++++++++++------
2 files changed, 60 insertions(+), 14 deletions(-)
diffs (183 lines):
diff -r ae4893fc7cb9 -r 010bf41fe7c5 usr.sbin/mountd/mountd.8
--- a/usr.sbin/mountd/mountd.8 Mon Sep 19 00:49:52 2005 +0000
+++ b/usr.sbin/mountd/mountd.8 Mon Sep 19 00:59:56 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: mountd.8,v 1.28 2005/01/17 15:20:09 wiz Exp $
+.\" $NetBSD: mountd.8,v 1.29 2005/09/19 00:59:56 christos Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)mountd.8 8.4 (Berkeley) 4/28/95
.\"
-.Dd January 14, 2005
+.Dd September 18, 2005
.Dt MOUNTD 8
.Os
.Sh NAME
@@ -40,6 +40,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl dNn
+.Op Fl p Ar port
.Op Fl P Ar policy
.Op Ar exportsfile
.Sh DESCRIPTION
@@ -78,11 +79,15 @@
is only provided for backwards compatibility. Requests
are checked for reserved ports on a per-export basis, see
.Xr exports 5 .
-.It Ar exportsfile
-The
-.Ar exportsfile
-argument specifies an alternative location
-for the exports file.
+.It Fl p Ar port
+Force
+.Nm
+to bind to the given port. If this
+option is not given,
+.Nm
+may bind to every anonymous port
+(in the range 600-1023) which causes trouble when trying to use
+NFS through a firewall.
.It Fl P Ar policy
IPsec
.Ar policy
@@ -94,6 +99,11 @@
the last string will take effect. If an invalid IPsec policy string is used
.Nm
logs an error message and terminates itself.
+.It Ar exportsfile
+The
+.Ar exportsfile
+argument specifies an alternative location
+for the exports file.
.El
.Pp
When
diff -r ae4893fc7cb9 -r 010bf41fe7c5 usr.sbin/mountd/mountd.c
--- a/usr.sbin/mountd/mountd.c Mon Sep 19 00:49:52 2005 +0000
+++ b/usr.sbin/mountd/mountd.c Mon Sep 19 00:59:56 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mountd.c,v 1.95 2005/06/02 06:01:09 lukem Exp $ */
+/* $NetBSD: mountd.c,v 1.96 2005/09/19 00:59:56 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -47,7 +47,7 @@
#if 0
static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
#else
-__RCSID("$NetBSD: mountd.c,v 1.95 2005/06/02 06:01:09 lukem Exp $");
+__RCSID("$NetBSD: mountd.c,v 1.96 2005/09/19 00:59:56 christos Exp $");
#endif
#endif /* not lint */
@@ -236,6 +236,7 @@
#ifdef ISO
static int get_isoaddr __P((const char *, size_t, char *, struct grouplist *));
#endif
+static void bind_resv_port __P((int, sa_family_t, in_port_t));
static struct exportlist *exphead;
static struct mountlist *mlhead;
static struct grouplist *grphead;
@@ -295,6 +296,7 @@
int xcreated = 0, s;
int c, one = 1;
int maxrec = RPC_MAXDATASIZE;
+ in_port_t forcedport = 0;
#ifdef IPSEC
char *policy = NULL;
#define ADDOPTS "P:"
@@ -302,7 +304,7 @@
#define ADDOPTS
#endif
- while ((c = getopt(argc, argv, "dNnr" ADDOPTS)) != -1)
+ while ((c = getopt(argc, argv, "dNnrp:" ADDOPTS)) != -1)
switch (c) {
#ifdef IPSEC
case 'P':
@@ -310,6 +312,10 @@
errx(1, "Invalid ipsec policy `%s'", policy);
break;
#endif
+ case 'p':
+ /* A forced port "0" will dynamically allocate a port */
+ forcedport = atoi(optarg);
+ break;
case 'd':
debug = 1;
break;
@@ -394,7 +400,7 @@
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
if (udpsock != -1 && udpconf != NULL) {
- bindresvport(udpsock, NULL);
+ bind_resv_port(udpsock, AF_INET, forcedport);
#ifdef IPSEC
if (policy)
ipsecsetup(AF_INET, udpsock, policy);
@@ -414,7 +420,7 @@
}
if (tcpsock != -1 && tcpconf != NULL) {
- bindresvport(tcpsock, NULL);
+ bind_resv_port(tcpsock, AF_INET, forcedport);
#ifdef IPSEC
if (policy)
ipsecsetup(AF_INET, tcpsock, policy);
@@ -436,7 +442,7 @@
}
if (udp6sock != -1 && udp6conf != NULL) {
- bindresvport(udp6sock, NULL);
+ bind_resv_port(udp6sock, AF_INET6, forcedport);
#ifdef IPSEC
if (policy)
ipsecsetup(AF_INET6, tcpsock, policy);
@@ -456,7 +462,7 @@
}
if (tcp6sock != -1 && tcp6conf != NULL) {
- bindresvport(tcp6sock, NULL);
+ bind_resv_port(tcp6sock, AF_INET6, forcedport);
#ifdef IPSEC
if (policy)
ipsecsetup(AF_INET6, tcpsock, policy);
@@ -2680,3 +2686,33 @@
*cp = '/';
return 0;
}
+
+static void
+bind_resv_port(int sock, sa_family_t family, in_port_t port)
+{
+ struct sockaddr *sa;
+ struct sockaddr_in sasin;
+ struct sockaddr_in6 sasin6;
+
+ switch (family) {
+ case AF_INET:
+ (void)memset(&sasin, 0, sizeof(sasin));
+ sasin.sin_len = sizeof(sasin);
+ sasin.sin_family = family;
+ sasin.sin_port = htons(port);
+ sa = (struct sockaddr *)(void *)&sasin;
+ break;
+ case AF_INET6:
+ (void)memset(&sasin6, 0, sizeof(sasin6));
+ sasin6.sin6_len = sizeof(sasin6);
+ sasin6.sin6_family = family;
+ sasin6.sin6_port = htons(port);
+ sa = (struct sockaddr *)(void *)&sasin6;
+ break;
+ default:
+ syslog(LOG_ERR, "Unsupported address family %d", family);
+ return;
+ }
+ if (bindresvport_sa(sock, sa) == -1)
+ syslog(LOG_ERR, "Cannot bind to reserved port %d (%m)", port);
+}
Home |
Main Index |
Thread Index |
Old Index