Date: Wed, 13 Feb 2002 14:48:14 -0800 (PST) From: Gerd Knops <gerti-freebsd@bitart.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/34919: portmap can not exclusively bind to 127.0.0.1 [patch included] Message-ID: <200202132248.g1DMmEQ01440@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 34919
>Category: bin
>Synopsis: portmap can not exclusively bind to 127.0.0.1 [patch included]
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 13 14:50:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Gerd Knops
>Release: 4.5 stable
>Organization:
BITart Consulting
>Environment:
FreeBSD install.bitart.com 4.5-STABLE FreeBSD 4.5-STABLE #0: Wed Feb 13 15:55:02 CST 2002 me@install.bitart.com:/usr/obj/usr/src/sys/INFAX_BAK i386
>Description:
When using software like the Cryptographic File System (pretends to be an NFS server) it may be desirable to bind portmap only to address 127.0.0.1.
Unders 4.5 stable this isn't possible. '-h 127.0.0.1' results in portmap to attempt to bind to 127.0.0.1 twice, and it fails.
The patch below introduces the '-l' flag which enables portmap to bind to 127.0.0.1 exclusively.
>How-To-Repeat:
>Fix:
--- portmap.c.orig Wed Feb 13 16:01:01 2002
+++ portmap.c Wed Feb 13 16:05:45 2002
@@ -122,8 +122,9 @@
struct sockaddr_in addr;
int len = sizeof(struct sockaddr_in);
register struct pmaplist *pml;
+ int local = 0;
- while ((c = getopt(argc, argv, "dvh:")) != -1) {
+ while ((c = getopt(argc, argv, "dvlh:")) != -1) {
switch (c) {
case 'd':
@@ -139,6 +140,9 @@
hosts = realloc(hosts, nhosts * sizeof(char *));
hosts[nhosts - 1] = optarg;
break;
+ case 'l':
+ local = 1;
+ break;
default:
usage();
@@ -163,6 +167,7 @@
hosts = realloc(hosts, nhosts * sizeof(char *));
if (nhosts == 1)
hosts[0] = "0.0.0.0";
+ if(local == 1) hosts[0] = "127.0.0.1";
else
hosts[nhosts - 1] = "127.0.0.1";
--- portmap.8.orig Wed Feb 13 16:06:35 2002
+++ portmap.8 Wed Feb 13 16:17:22 2002
@@ -48,6 +48,7 @@
.Nm
.Op Fl d
.Op Fl v
+.Op Fl l
.Op Fl h Ar bindip
.Sh DESCRIPTION
.Nm Portmap
@@ -114,6 +115,10 @@
to portmap returning a udp packet from a different IP address then it was
sent to. Note that when specifying ip addresses with -h,
portmap will automatically add 127.0.0.1 to the list so you don't have to.
+.It Fl l
+This option allows for portmap to bind to 127.0.0.1 only. This can be
+used if you want to run CFS (Cryptographic File System) and want to
+only allow local access.
.El
.Sh SEE ALSO
.Xr hosts_access 5 ,
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202132248.g1DMmEQ01440>