X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fstatd%2Fcallback.c;h=d1cc139992734476b25233fd117716d6775d3485;hp=09477271d6c5a4918a049ccde3ed02678dfb39c4;hb=b5b794b165956a7d213b04e51b06597b7b1f8bee;hpb=430052cab3c8044ef6d1be7b5a5ded13c45d0c40

diff --git a/utils/statd/callback.c b/utils/statd/callback.c
index 0947727..d1cc139 100644
--- a/utils/statd/callback.c
+++ b/utils/statd/callback.c
@@ -6,7 +6,13 @@
  * NSM for Linux.
  */
 
-#include "config.h"
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <netdb.h>
+
+#include "rpcmisc.h"
 #include "statd.h"
 #include "notlist.h"
 
@@ -14,27 +20,82 @@
 /* notify_list *cbnl = NULL; ... never used */
 
 
-/* 
+/*
  * Services SM_NOTIFY requests.
- * Any clients that have asked us to monitor that host are put on
- * the global callback list, which is processed as soon as statd
- * returns to svc_run.
+ *
+ * When NLM uses an SM_MON request to tell statd to monitor a remote,
+ * the request contains a "mon_name" argument.  This is usually the
+ * "caller_name" argument of an NLMPROC_LOCK request.  On Linux, the
+ * NLM can send statd the remote's IP address instead of its
+ * caller_name.  The NSM protocol does not allow both the remote's
+ * caller_name and it's IP address to be sent in the same SM_MON
+ * request.
+ *
+ * The remote's caller_name is useful because it makes it simple
+ * to identify rebooting remotes by matching the "mon_name" argument
+ * they sent via an SM_NOTIFY request.
+ *
+ * The caller_name string may not be a fully qualified domain name,
+ * or even registered in the DNS database, however.  Having the
+ * remote's IP address is useful because then there is no ambiguity
+ * about where to send an SM_NOTIFY after the local system reboots.
+ *
+ * Without the actual caller_name, however, statd must use an
+ * heuristic to match an incoming SM_NOTIFY request to one of the
+ * hosts it is currently monitoring.  The incoming mon_name in an
+ * SM_NOTIFY address is converted to a list of IP addresses using
+ * DNS.  Each mon_name on statd's monitor list is also converted to
+ * an address list, and the two lists are checked to see if there is
+ * a matching address.
+ *
+ * There are some risks to this strategy:
+ *
+ *   1.  The external DNS database is not reliable.  It can change
+ *       over time, or the forward and reverse mappings could be
+ *       inconsistent.
+ *
+ *   2.  If statd's monitor list becomes substantial, finding a match
+ *       can generate a not inconsequential amount of DNS traffic.
+ *
+ *   3.  statd is a single-threaded service.  When DNS becomes slow or
+ *       unresponsive, statd also becomes slow or unresponsive.
+ *
+ *   4.  If the remote does not have a DNS entry at all (or if the
+ *       remote can resolve itself, but the local host can't resolve
+ *       the remote's hostname), the remote cannot be monitored, and
+ *       therefore NLM locking cannot be provided for that host.
+ *
+ *   5.  Local DNS resolution can produce different results for the
+ *       mon_name than the results the remote might see for the same
+ *       query, especially if the remote did not send a caller_name
+ *       or mon_name that is a fully qualified domain name.
+ *
+ *       Note that a caller_name is passed from NFS client to server,
+ *       but the client never knows what mon_name the server might use
+ *       to notify it of a reboot.  On Linux, the client extracts the
+ *       server's name from the devname it was passed by the mount
+ *       command.  This is often not a fully-qualified domain name.
  */
 void *
 sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp)
 {
 	notify_list    *lp, *call;
 	static char    *result = NULL;
+	struct sockaddr *sap = nfs_getrpccaller(rqstp->rq_xprt);
+	char		ip_addr[INET6_ADDRSTRLEN];
 
-	dprintf(N_DEBUG, "Received SM_NOTIFY from %s, state: %d",
+	xlog(D_CALL, "Received SM_NOTIFY from %s, state: %d",
 				argp->mon_name, argp->state);
 
 	/* quick check - don't bother if we're not monitoring anyone */
-	/* LH - this was != MULL, meaning that if anyone _was_ in our RTNL,
-	 * we'd never pass this point. */
-	if (!(lp = rtnl)) {
-		note(N_WARNING, "SM_NOTIFY from %s while not monitoring any hosts.",
-				argp->mon_name, argp->state);
+	if (rtnl == NULL) {
+		xlog_warn("SM_NOTIFY from %s while not monitoring any hosts",
+				argp->mon_name);
+		return ((void *) &result);
+	}
+
+	if (!statd_present_address(sap, ip_addr, sizeof(ip_addr))) {
+		xlog_warn("Unrecognized sender address");
 		return ((void *) &result);
 	}
 
@@ -43,15 +104,15 @@ sm_notify_1_svc(struct stat_chge *argp, struct svc_req *rqstp)
 	 * it. Lockd will want to continue monitoring the remote host
 	 * until it issues an SM_UNMON call.
 	 */
-	while ((lp = nlist_gethost(lp, argp->mon_name, 0)) != NULL) {
-		if (NL_STATE(lp) != argp->state) {
+	for (lp = rtnl ; lp ; lp = lp->next)
+		if (NL_STATE(lp) != argp->state &&
+		    (statd_matchhostname(argp->mon_name, lp->dns_name) ||
+		     statd_matchhostname(ip_addr, lp->dns_name))) {
 			NL_STATE(lp) = argp->state;
 			call = nlist_clone(lp);
-			NL_TYPE(call) = NOTIFY_CALLBACK;
 			nlist_insert(&notify, call);
 		}
-		lp = NL_NEXT(lp);
-	}
+
 
 	return ((void *) &result);
 }