Page MenuHomeFreeBSD

Rpcbind: skip ipv6 link local if a request doesn't come from link local address
ClosedPublic

Authored by Dmitry.Ovsyannikov_dell.com on Aug 10 2021, 3:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 17, 2:38 AM
Unknown Object (File)
Fri, Mar 15, 9:29 PM
Unknown Object (File)
Fri, Mar 15, 9:29 PM
Unknown Object (File)
Fri, Mar 15, 9:26 PM
Unknown Object (File)
Tue, Mar 12, 1:39 AM
Unknown Object (File)
Feb 10 2024, 1:46 PM
Unknown Object (File)
Jan 31 2024, 7:02 AM
Unknown Object (File)
Jan 10 2024, 9:23 PM
Subscribers
None

Details

Summary

RPCINFO on macOS behaves different compared to other linux clients and doesn't provide request address in rpcb structure of the RPCBPROC_GETADDRLIST call which doesn't seem to be forbidden.

In this case RPCBIND uses RPC call's source address and picks a closest corresponding local address.
Though if there are no addresses in the same subnet as the source address, return of RPCBIND may vary depending on the order of addresses returned in getifaddrs.
If a link local precedes global address it may be returned even if request comes neither from a link local nor from link local in a different scope, which will prevent services like nfs from working in tpc6 scenario on macOS clients.
Issue can be seen only on FreeBSD rpcbind port due to changes in workflow of addrmerge call.

Test Plan

Test with macOS client over rpcinfo

Client:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::1c1c:30b:1b4c:76e8%en0 prefixlen 64 secured scopeid 0x5
        inet6 2620::170:7c09:14d4:6177:d182:bb8e prefixlen 64 duplicated autoconf secured
        inet 10.219.57.212 netmask 0xfffffe00 broadcast 10.219.57.255
        inet6 2620::170:7c09:5df9:1265:d54a:bd87 prefixlen 64 autoconf temporary

Server:

vmx1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet 10.205.228.134 netmask 0xfffffc00 broadcast 10.205.231.255 zone 1
        inet6 fe80::250:56ff:fe8b:67ca%vmx1 prefixlen 64 scopeid 0x2 zone 1
        inet6 2620:0:170:9947:0:beef:7e4:8600 prefixlen 64 zone 1

Prior fix:

osx1014-template:~ protocols$ rpcinfo -l -T tcp6 2620:0:170:9947:0:beef:7e4:8600  100003 3
   program vers  tp_family/name/class     address                         service
    100003  3    inet6/tcp/cots_ord       fe80::250:56ff:fe8b:67ca.8.1      nfs
    100003  3    inet6/udp/clts           fe80::250:56ff:fe8b:67ca.8.1      nfs

After fix:

osx1014-template:~ protocols$ rpcinfo -l -T tcp6 2620:0:170:9947:0:beef:7e4:8600  100003 3
   program vers  tp_family/name/class     address                         service
    100003  3    inet6/tcp/cots_ord       2620:0:170:9947:0:beef:7e4:8600.8.1  nfs
    100003  3    inet6/udp/clts           2620:0:170:9947:0:beef:7e4:8600.8.1  nfs

Rpcbind kyua tests

addrmerge_test:addrmerge_bindip  ->  passed  [0.014s]
addrmerge_test:addrmerge_bindip6  ->  passed  [0.014s]
addrmerge_test:addrmerge_bindip6_rev  ->  passed  [0.012s]
addrmerge_test:addrmerge_bindip_rev  ->  passed  [0.012s]
addrmerge_test:addrmerge_ipv6_linklocal  ->  passed  [0.012s]
addrmerge_test:addrmerge_ipv6_linklocal_rev  ->  passed  [0.012s]
addrmerge_test:addrmerge_ipv6_other_subnet  ->  passed  [0.012s]
addrmerge_test:addrmerge_localhost_only  ->  passed  [0.013s]
addrmerge_test:addrmerge_localhost_only6  ->  passed  [0.013s]
addrmerge_test:addrmerge_noifaddrs  ->  passed  [0.012s]
addrmerge_test:addrmerge_one_addr_on_each_subnet  ->  passed  [0.012s]
addrmerge_test:addrmerge_one_addr_on_each_subnet6  ->  passed  [0.012s]
addrmerge_test:addrmerge_one_addr_on_each_subnet6_rev  ->  passed  [0.012s]
addrmerge_test:addrmerge_one_addr_on_each_subnet_rev  ->  passed  [0.013s]
addrmerge_test:addrmerge_point2point  ->  passed  [0.013s]
addrmerge_test:addrmerge_point2point6  ->  passed  [0.013s]
addrmerge_test:addrmerge_point2point6_rev  ->  passed  [0.011s]
addrmerge_test:addrmerge_point2point_rev  ->  passed  [0.011s]
addrmerge_test:addrmerge_recvdstaddr  ->  passed  [0.011s]
addrmerge_test:addrmerge_recvdstaddr6  ->  passed  [0.011s]
addrmerge_test:addrmerge_recvdstaddr6_rev  ->  passed  [0.011s]
addrmerge_test:addrmerge_recvdstaddr_rev  ->  passed  [0.011s]
addrmerge_test:addrmerge_singlehomed  ->  passed  [0.009s]
addrmerge_test:addrmerge_singlehomed6  ->  passed  [0.010s]

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped