From owner-freebsd-fs@FreeBSD.ORG  Tue May  8 11:13:48 2012
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7455F106566B
	for <freebsd-fs@freebsd.org>; Tue,  8 May 2012 11:13:48 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca
	[131.104.91.44])
	by mx1.freebsd.org (Postfix) with ESMTP id 2E51E8FC16
	for <freebsd-fs@freebsd.org>; Tue,  8 May 2012 11:13:48 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap4EAKP+qE+DaFvO/2dsb2JhbABEhXKuOoIMAQEEASNWBRYOCgICDRkCWQYTCYgABQundJMggS+JVIRxgRgElX6QQoMF
X-IronPort-AV: E=Sophos;i="4.75,550,1330923600"; d="scan'208";a="171082730"
Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca)
	([131.104.91.206])
	by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 08 May 2012 07:13:47 -0400
Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1])
	by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 12CCAB3EFE;
	Tue,  8 May 2012 07:13:47 -0400 (EDT)
Date: Tue, 8 May 2012 07:13:47 -0400 (EDT)
From: Rick Macklem <rmacklem@uoguelph.ca>
To: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
Message-ID: <1387389132.59565.1336475627040.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <alpine.GSO.2.01.1205072034320.1678@freddy.simplesystems.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.17.91.202]
X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - FF3.0 (Win)/6.0.10_GA_2692)
Cc: freebsd-fs@freebsd.org
Subject: Re: NFSv4 Questions
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 11:13:48 -0000

Bob Friesenhahn wrote:
> On Mon, 7 May 2012, Rick Macklem wrote:
> >>
> > It is my understanding that NFSv4 servers are not supposed to
> > require
> > a "reserved" port#. However, at a quick glance, I can't find that
> > stated
> > in RFC 3530. (It may be implied by the fact that NFSv4 uses a "user"
> > based
> > security model and not a "host" based one.)
> >
> > As such, the client should never need to "waste" a reserved port# on
> > a NFSv4
> > connection.
> 
> Firewalls might use the reserved port as part of a filtering
> algorithm.
> 
Hmm, since the IETF working group was determined to "get rid of this
bunk w.r.t. reserved port #s being used to enhance security", I might
argue that said firewalls were misconfigured/broken.

However, I can see an argument that, instead of silently ignoring the
option, it should be obeyed, but with a note in the man page that it
shouldn't be used for NFSv4.

rick

> Bob
> --
> Bob Friesenhahn
> bfriesen@simple.dallas.tx.us,
> http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer, http://www.GraphicsMagick.org/