diff mbox

rpc.nfsd: add no-ipv4 and no-ipv6 options

Message ID 55743EDE.7070707@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Kinglong Mee June 7, 2015, 12:53 p.m. UTC 
Sean reports running rpc.nfsd with --host options without IPv6 address.
rpc.nfsd prints error message, but runs correctly for IPv4.
It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address default.

rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or service not known 

This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 directly.

Reported-by: Sean Elble <elbles@sessys.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 support/include/nfs/nfs.h |  8 ++++++++
 utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
 utils/nfsd/nfsd.man       | 10 ++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)

Comments

Chuck Lever III June 7, 2015, 7:01 p.m. UTC | #1 
Hi Kinglong-

On Jun 7, 2015, at 8:53 AM, Kinglong Mee <kinglongmee@gmail.com> wrote:

> Sean reports running rpc.nfsd with --host options without IPv6 address.
> rpc.nfsd prints error message, but runs correctly for IPv4.
> It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address default.
> 
> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or service not known 

Why not just turn this message into a debugging message?


> This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 directly.
> 
> Reported-by: Sean Elble <elbles@sessys.com>
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
> ---
> support/include/nfs/nfs.h |  8 ++++++++
> utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
> utils/nfsd/nfsd.man       | 10 ++++++++++
> 3 files changed, 44 insertions(+), 1 deletion(-)
> 
> diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
> index 27054e5..2be61f0 100644
> --- a/support/include/nfs/nfs.h
> +++ b/support/include/nfs/nfs.h
> @@ -47,19 +47,27 @@ struct nfs_fh_old {
> 
> #define NFSCTL_UDPBIT		      (1 << (17 - 1))
> #define NFSCTL_TCPBIT		      (1 << (18 - 1))
> +#define NFSCTL_INETBIT		      (1 << (19 - 1))
> +#define NFSCTL_INET6BIT		      (1 << (20 - 1))
> 
> #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1))) 
> #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT) 
> #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT) 
> +#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= ~NFSCTL_INETBIT)
> +#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= ~NFSCTL_INET6BIT)
> 
> #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1))) 
> #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT) 
> #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT) 
> +#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
> +#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
> 
> #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
> #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 1))) 
> #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
> #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
> +#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
> +#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= NFSCTL_INET6BIT)
> 
> #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
> #define NFSCTL_ALLBITS (~0)
> diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
> index 201bb13..4cd1ea8 100644
> --- a/utils/nfsd/nfsd.c
> +++ b/utils/nfsd/nfsd.c
> @@ -42,6 +42,8 @@ static struct option longopts[] =
> 	{ "nfs-version", 1, 0, 'V' },
> 	{ "no-tcp", 0, 0, 'T' },
> 	{ "no-udp", 0, 0, 'U' },
> +	{ "no-ipv4", 0, 0, 'F'},
> +	{ "no-ipv6", 0, 0, 'S'},
> 	{ "port", 1, 0, 'P' },
> 	{ "port", 1, 0, 'p' },
> 	{ "debug", 0, 0, 'd' },
> @@ -135,7 +137,7 @@ main(int argc, char **argv)
> 	xlog_syslog(0);
> 	xlog_stderr(1);
> 
> -	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
> +	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", longopts, NULL)) != EOF) {
> 		switch(c) {
> 		case 'd':
> 			xlog_config(D_ALL, 1);
> @@ -238,6 +240,12 @@ main(int argc, char **argv)
> 		case 'U':
> 			NFSCTL_UDPUNSET(protobits);
> 			break;
> +		case 'F':
> +			NFSCTL_INETUNSET(protobits);
> +			break;
> +		case 'S':
> +			NFSCTL_INET6UNSET(protobits);
> +			break;
> 		case 'G':
> 			grace = strtol(optarg, &p, 0);
> 			if (*p || grace <= 0) {
> @@ -280,6 +288,16 @@ main(int argc, char **argv)
> 
> 	nfsd_enable_protos(&proto4, &proto6);
> 
> +	if (!NFSCTL_INETISSET(protobits)) {
> +		NFSCTL_TCPUNSET(proto4);
> +		NFSCTL_UDPUNSET(proto4);
> +	}
> +
> +	if (!NFSCTL_INET6ISSET(protobits)) {
> +		NFSCTL_TCPUNSET(proto6);
> +		NFSCTL_UDPUNSET(proto6);
> +	}
> +
> 	if (!NFSCTL_TCPISSET(protobits)) {
> 		NFSCTL_TCPUNSET(proto4);
> 		NFSCTL_TCPUNSET(proto6);
> @@ -301,6 +319,12 @@ main(int argc, char **argv)
> 		exit(1);
> 	}
> 
> +	if (!NFSCTL_INETISSET(protobits) &&
> +	    !NFSCTL_INET6ISSET(protobits)) {
> +		xlog(L_ERROR, "no internet protocols specified");
> +		exit(1);
> +	}
> +
> 	if (NFSCTL_VERISSET(versbits, 4) &&
> 	    !NFSCTL_TCPISSET(proto4) &&
> 	    !NFSCTL_TCPISSET(proto6)) {
> @@ -397,6 +421,7 @@ usage(const char *prog)
> 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
> 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
> 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
> +		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
> 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
> 		prog);
> 	exit(2);
> diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
> index 3ba847e..795f766 100644
> --- a/utils/nfsd/nfsd.man
> +++ b/utils/nfsd/nfsd.man
> @@ -77,6 +77,16 @@ Disable
> .B rpc.nfsd
> from accepting UDP connections from clients.
> .TP
> +.B \-F " or " \-\-no-ipv4
> +Disable
> +.B rpc.nfsd
> +from accepting IPv4 connections from clients.
> +.TP
> +.B \-S " or " \-\-no-ipv6
> +Disable
> +.B rpc.nfsd
> +from accepting IPv6 connections from clients.
> +.TP
> .B \-V " or " \-\-nfs-version vers
> This option can be used to request that 
> .B rpc.nfsd
> -- 
> 2.4.2
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Kinglong Mee June 8, 2015, 1:25 p.m. UTC | #2 
On 6/8/2015 3:01 AM, Chuck Lever wrote:
> Hi Kinglong-
> 
> On Jun 7, 2015, at 8:53 AM, Kinglong Mee <kinglongmee@gmail.com> wrote:
> 
>> Sean reports running rpc.nfsd with --host options without IPv6 address.
>> rpc.nfsd prints error message, but runs correctly for IPv4.
>> It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address default.
>>
>> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or service not known 
> 
> Why not just turn this message into a debugging message?

I think it's an important message for user, especially meeting error both,
we should not remove it.

Also, it's a useful feature of turning off ipv4 or ipv6 for some case.

thanks,
Kinglong Mee

> 
>> This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 directly.
>>
>> Reported-by: Sean Elble <elbles@sessys.com>
>> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
>> ---
>> support/include/nfs/nfs.h |  8 ++++++++
>> utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
>> utils/nfsd/nfsd.man       | 10 ++++++++++
>> 3 files changed, 44 insertions(+), 1 deletion(-)
>>
>> diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
>> index 27054e5..2be61f0 100644
>> --- a/support/include/nfs/nfs.h
>> +++ b/support/include/nfs/nfs.h
>> @@ -47,19 +47,27 @@ struct nfs_fh_old {
>>
>> #define NFSCTL_UDPBIT		      (1 << (17 - 1))
>> #define NFSCTL_TCPBIT		      (1 << (18 - 1))
>> +#define NFSCTL_INETBIT		      (1 << (19 - 1))
>> +#define NFSCTL_INET6BIT		      (1 << (20 - 1))
>>
>> #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1))) 
>> #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT) 
>> #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT) 
>> +#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= ~NFSCTL_INETBIT)
>> +#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= ~NFSCTL_INET6BIT)
>>
>> #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1))) 
>> #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT) 
>> #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT) 
>> +#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
>> +#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
>>
>> #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
>> #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 1))) 
>> #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
>> #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
>> +#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
>> +#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= NFSCTL_INET6BIT)
>>
>> #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
>> #define NFSCTL_ALLBITS (~0)
>> diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
>> index 201bb13..4cd1ea8 100644
>> --- a/utils/nfsd/nfsd.c
>> +++ b/utils/nfsd/nfsd.c
>> @@ -42,6 +42,8 @@ static struct option longopts[] =
>> 	{ "nfs-version", 1, 0, 'V' },
>> 	{ "no-tcp", 0, 0, 'T' },
>> 	{ "no-udp", 0, 0, 'U' },
>> +	{ "no-ipv4", 0, 0, 'F'},
>> +	{ "no-ipv6", 0, 0, 'S'},
>> 	{ "port", 1, 0, 'P' },
>> 	{ "port", 1, 0, 'p' },
>> 	{ "debug", 0, 0, 'd' },
>> @@ -135,7 +137,7 @@ main(int argc, char **argv)
>> 	xlog_syslog(0);
>> 	xlog_stderr(1);
>>
>> -	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
>> +	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", longopts, NULL)) != EOF) {
>> 		switch(c) {
>> 		case 'd':
>> 			xlog_config(D_ALL, 1);
>> @@ -238,6 +240,12 @@ main(int argc, char **argv)
>> 		case 'U':
>> 			NFSCTL_UDPUNSET(protobits);
>> 			break;
>> +		case 'F':
>> +			NFSCTL_INETUNSET(protobits);
>> +			break;
>> +		case 'S':
>> +			NFSCTL_INET6UNSET(protobits);
>> +			break;
>> 		case 'G':
>> 			grace = strtol(optarg, &p, 0);
>> 			if (*p || grace <= 0) {
>> @@ -280,6 +288,16 @@ main(int argc, char **argv)
>>
>> 	nfsd_enable_protos(&proto4, &proto6);
>>
>> +	if (!NFSCTL_INETISSET(protobits)) {
>> +		NFSCTL_TCPUNSET(proto4);
>> +		NFSCTL_UDPUNSET(proto4);
>> +	}
>> +
>> +	if (!NFSCTL_INET6ISSET(protobits)) {
>> +		NFSCTL_TCPUNSET(proto6);
>> +		NFSCTL_UDPUNSET(proto6);
>> +	}
>> +
>> 	if (!NFSCTL_TCPISSET(protobits)) {
>> 		NFSCTL_TCPUNSET(proto4);
>> 		NFSCTL_TCPUNSET(proto6);
>> @@ -301,6 +319,12 @@ main(int argc, char **argv)
>> 		exit(1);
>> 	}
>>
>> +	if (!NFSCTL_INETISSET(protobits) &&
>> +	    !NFSCTL_INET6ISSET(protobits)) {
>> +		xlog(L_ERROR, "no internet protocols specified");
>> +		exit(1);
>> +	}
>> +
>> 	if (NFSCTL_VERISSET(versbits, 4) &&
>> 	    !NFSCTL_TCPISSET(proto4) &&
>> 	    !NFSCTL_TCPISSET(proto6)) {
>> @@ -397,6 +421,7 @@ usage(const char *prog)
>> 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
>> 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
>> 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
>> +		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
>> 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
>> 		prog);
>> 	exit(2);
>> diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
>> index 3ba847e..795f766 100644
>> --- a/utils/nfsd/nfsd.man
>> +++ b/utils/nfsd/nfsd.man
>> @@ -77,6 +77,16 @@ Disable
>> .B rpc.nfsd
>> from accepting UDP connections from clients.
>> .TP
>> +.B \-F " or " \-\-no-ipv4
>> +Disable
>> +.B rpc.nfsd
>> +from accepting IPv4 connections from clients.
>> +.TP
>> +.B \-S " or " \-\-no-ipv6
>> +Disable
>> +.B rpc.nfsd
>> +from accepting IPv6 connections from clients.
>> +.TP
>> .B \-V " or " \-\-nfs-version vers
>> This option can be used to request that 
>> .B rpc.nfsd
>> -- 
>> 2.4.2
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> --
> Chuck Lever
> chuck[dot]lever[at]oracle[dot]com
> 
> 
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sean Elble June 8, 2015, 2:15 p.m. UTC | #3 
On 08.06.2015 09:25, Kinglong Mee wrote:
> On 6/8/2015 3:01 AM, Chuck Lever wrote:
>> Hi Kinglong-
>> 
>> On Jun 7, 2015, at 8:53 AM, Kinglong Mee <kinglongmee@gmail.com> 
>> wrote:
>> 
>>> Sean reports running rpc.nfsd with --host options without IPv6 
>>> address.
>>> rpc.nfsd prints error message, but runs correctly for IPv4.
>>> It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address 
>>> default.
>>> 
>>> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or 
>>> service not known
>> 
>> Why not just turn this message into a debugging message?
> 
> I think it's an important message for user, especially meeting error 
> both,
> we should not remove it.
> 
> Also, it's a useful feature of turning off ipv4 or ipv6 for some case.

Thanks for the patch Kinglong!

 From my perspective as a user/admin, I welcome the option to turn off 
either IPv4 or IPv6 selectively.  I could also see the sense in making 
it a debug level message, in that if it's not working as intended, 
you're going to inevitably put it into debug mode.  And, as it stands, I 
think more people see the message now (on account of it being displayed 
when a host cannot be resolved to both an IPv4 and IPv6 address) than 
those who would need to see the error, but that's sheer conjecture on my 
part.

In any case, the patch is much appreciated, and I believe the 
functionality is worth it, regardless of what is done with the message 
itself.

> 
> thanks,
> Kinglong Mee
> 
>> 
>>> This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 
>>> directly.
>>> 
>>> Reported-by: Sean Elble <elbles@sessys.com>
>>> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
>>> ---
>>> support/include/nfs/nfs.h |  8 ++++++++
>>> utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
>>> utils/nfsd/nfsd.man       | 10 ++++++++++
>>> 3 files changed, 44 insertions(+), 1 deletion(-)
>>> 
>>> diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
>>> index 27054e5..2be61f0 100644
>>> --- a/support/include/nfs/nfs.h
>>> +++ b/support/include/nfs/nfs.h
>>> @@ -47,19 +47,27 @@ struct nfs_fh_old {
>>> 
>>> #define NFSCTL_UDPBIT		      (1 << (17 - 1))
>>> #define NFSCTL_TCPBIT		      (1 << (18 - 1))
>>> +#define NFSCTL_INETBIT		      (1 << (19 - 1))
>>> +#define NFSCTL_INET6BIT		      (1 << (20 - 1))
>>> 
>>> #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 
>>> 1)))
>>> #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT)
>>> #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT)
>>> +#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= 
>>> ~NFSCTL_INETBIT)
>>> +#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= 
>>> ~NFSCTL_INET6BIT)
>>> 
>>> #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 
>>> 1)))
>>> #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT)
>>> #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT)
>>> +#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
>>> +#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
>>> 
>>> #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
>>> #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 
>>> 1)))
>>> #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
>>> #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
>>> +#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
>>> +#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= 
>>> NFSCTL_INET6BIT)
>>> 
>>> #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | 
>>> NFSCTL_TCPBIT))
>>> #define NFSCTL_ALLBITS (~0)
>>> diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
>>> index 201bb13..4cd1ea8 100644
>>> --- a/utils/nfsd/nfsd.c
>>> +++ b/utils/nfsd/nfsd.c
>>> @@ -42,6 +42,8 @@ static struct option longopts[] =
>>> 	{ "nfs-version", 1, 0, 'V' },
>>> 	{ "no-tcp", 0, 0, 'T' },
>>> 	{ "no-udp", 0, 0, 'U' },
>>> +	{ "no-ipv4", 0, 0, 'F'},
>>> +	{ "no-ipv6", 0, 0, 'S'},
>>> 	{ "port", 1, 0, 'P' },
>>> 	{ "port", 1, 0, 'p' },
>>> 	{ "debug", 0, 0, 'd' },
>>> @@ -135,7 +137,7 @@ main(int argc, char **argv)
>>> 	xlog_syslog(0);
>>> 	xlog_stderr(1);
>>> 
>>> -	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", 
>>> longopts, NULL)) != EOF) {
>>> +	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", 
>>> longopts, NULL)) != EOF) {
>>> 		switch(c) {
>>> 		case 'd':
>>> 			xlog_config(D_ALL, 1);
>>> @@ -238,6 +240,12 @@ main(int argc, char **argv)
>>> 		case 'U':
>>> 			NFSCTL_UDPUNSET(protobits);
>>> 			break;
>>> +		case 'F':
>>> +			NFSCTL_INETUNSET(protobits);
>>> +			break;
>>> +		case 'S':
>>> +			NFSCTL_INET6UNSET(protobits);
>>> +			break;
>>> 		case 'G':
>>> 			grace = strtol(optarg, &p, 0);
>>> 			if (*p || grace <= 0) {
>>> @@ -280,6 +288,16 @@ main(int argc, char **argv)
>>> 
>>> 	nfsd_enable_protos(&proto4, &proto6);
>>> 
>>> +	if (!NFSCTL_INETISSET(protobits)) {
>>> +		NFSCTL_TCPUNSET(proto4);
>>> +		NFSCTL_UDPUNSET(proto4);
>>> +	}
>>> +
>>> +	if (!NFSCTL_INET6ISSET(protobits)) {
>>> +		NFSCTL_TCPUNSET(proto6);
>>> +		NFSCTL_UDPUNSET(proto6);
>>> +	}
>>> +
>>> 	if (!NFSCTL_TCPISSET(protobits)) {
>>> 		NFSCTL_TCPUNSET(proto4);
>>> 		NFSCTL_TCPUNSET(proto6);
>>> @@ -301,6 +319,12 @@ main(int argc, char **argv)
>>> 		exit(1);
>>> 	}
>>> 
>>> +	if (!NFSCTL_INETISSET(protobits) &&
>>> +	    !NFSCTL_INET6ISSET(protobits)) {
>>> +		xlog(L_ERROR, "no internet protocols specified");
>>> +		exit(1);
>>> +	}
>>> +
>>> 	if (NFSCTL_VERISSET(versbits, 4) &&
>>> 	    !NFSCTL_TCPISSET(proto4) &&
>>> 	    !NFSCTL_TCPISSET(proto6)) {
>>> @@ -397,6 +421,7 @@ usage(const char *prog)
>>> 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
>>> 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
>>> 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
>>> +		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
>>> 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
>>> 		prog);
>>> 	exit(2);
>>> diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
>>> index 3ba847e..795f766 100644
>>> --- a/utils/nfsd/nfsd.man
>>> +++ b/utils/nfsd/nfsd.man
>>> @@ -77,6 +77,16 @@ Disable
>>> .B rpc.nfsd
>>> from accepting UDP connections from clients.
>>> .TP
>>> +.B \-F " or " \-\-no-ipv4
>>> +Disable
>>> +.B rpc.nfsd
>>> +from accepting IPv4 connections from clients.
>>> +.TP
>>> +.B \-S " or " \-\-no-ipv6
>>> +Disable
>>> +.B rpc.nfsd
>>> +from accepting IPv6 connections from clients.
>>> +.TP
>>> .B \-V " or " \-\-nfs-version vers
>>> This option can be used to request that
>>> .B rpc.nfsd
>>> --
>>> 2.4.2
>>> 
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" 
>>> in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> 
>> --
>> Chuck Lever
>> chuck[dot]lever[at]oracle[dot]com
>> 
>> 
>> 
>> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Chuck Lever June 8, 2015, 2:22 p.m. UTC | #4 
On Jun 8, 2015, at 10:15 AM, Sean Elble <elbles@sessys.com> wrote:

> On 08.06.2015 09:25, Kinglong Mee wrote:
>> On 6/8/2015 3:01 AM, Chuck Lever wrote:
>>> Hi Kinglong-
>>> On Jun 7, 2015, at 8:53 AM, Kinglong Mee <kinglongmee@gmail.com> wrote:
>>>> Sean reports running rpc.nfsd with --host options without IPv6 address.
>>>> rpc.nfsd prints error message, but runs correctly for IPv4.
>>>> It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address default.
>>>> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or service not known
>>> Why not just turn this message into a debugging message?
>> I think it's an important message for user, especially meeting error both,
>> we should not remove it.
>> Also, it's a useful feature of turning off ipv4 or ipv6 for some case.
> 
> Thanks for the patch Kinglong!
> 
> From my perspective as a user/admin, I welcome the option to turn off either IPv4 or IPv6 selectively.  I could also see the sense in making it a debug level message, in that if it's not working as intended, you're going to inevitably put it into debug mode.  And, as it stands, I think more people see the message now (on account of it being displayed when a host cannot be resolved to both an IPv4 and IPv6 address) than those who would need to see the error, but that's sheer conjecture on my part.
> 
> In any case, the patch is much appreciated, and I believe the functionality is worth it, regardless of what is done with the message itself.

I don’t understand the need to “turn off” an address family. That’s what
/etc/netconfig is supposed to be for. What’s not happening here that
should be?


>> thanks,
>> Kinglong Mee
>>>> This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 directly.
>>>> Reported-by: Sean Elble <elbles@sessys.com>
>>>> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
>>>> ---
>>>> support/include/nfs/nfs.h |  8 ++++++++
>>>> utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
>>>> utils/nfsd/nfsd.man       | 10 ++++++++++
>>>> 3 files changed, 44 insertions(+), 1 deletion(-)
>>>> diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
>>>> index 27054e5..2be61f0 100644
>>>> --- a/support/include/nfs/nfs.h
>>>> +++ b/support/include/nfs/nfs.h
>>>> @@ -47,19 +47,27 @@ struct nfs_fh_old {
>>>> #define NFSCTL_UDPBIT		      (1 << (17 - 1))
>>>> #define NFSCTL_TCPBIT		      (1 << (18 - 1))
>>>> +#define NFSCTL_INETBIT		      (1 << (19 - 1))
>>>> +#define NFSCTL_INET6BIT		      (1 << (20 - 1))
>>>> #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1)))
>>>> #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT)
>>>> #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT)
>>>> +#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= ~NFSCTL_INETBIT)
>>>> +#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= ~NFSCTL_INET6BIT)
>>>> #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1)))
>>>> #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT)
>>>> #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT)
>>>> +#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
>>>> +#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
>>>> #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
>>>> #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 1)))
>>>> #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
>>>> #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
>>>> +#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
>>>> +#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= NFSCTL_INET6BIT)
>>>> #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
>>>> #define NFSCTL_ALLBITS (~0)
>>>> diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
>>>> index 201bb13..4cd1ea8 100644
>>>> --- a/utils/nfsd/nfsd.c
>>>> +++ b/utils/nfsd/nfsd.c
>>>> @@ -42,6 +42,8 @@ static struct option longopts[] =
>>>> 	{ "nfs-version", 1, 0, 'V' },
>>>> 	{ "no-tcp", 0, 0, 'T' },
>>>> 	{ "no-udp", 0, 0, 'U' },
>>>> +	{ "no-ipv4", 0, 0, 'F'},
>>>> +	{ "no-ipv6", 0, 0, 'S'},
>>>> 	{ "port", 1, 0, 'P' },
>>>> 	{ "port", 1, 0, 'p' },
>>>> 	{ "debug", 0, 0, 'd' },
>>>> @@ -135,7 +137,7 @@ main(int argc, char **argv)
>>>> 	xlog_syslog(0);
>>>> 	xlog_stderr(1);
>>>> -	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
>>>> +	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", longopts, NULL)) != EOF) {
>>>> 		switch(c) {
>>>> 		case 'd':
>>>> 			xlog_config(D_ALL, 1);
>>>> @@ -238,6 +240,12 @@ main(int argc, char **argv)
>>>> 		case 'U':
>>>> 			NFSCTL_UDPUNSET(protobits);
>>>> 			break;
>>>> +		case 'F':
>>>> +			NFSCTL_INETUNSET(protobits);
>>>> +			break;
>>>> +		case 'S':
>>>> +			NFSCTL_INET6UNSET(protobits);
>>>> +			break;
>>>> 		case 'G':
>>>> 			grace = strtol(optarg, &p, 0);
>>>> 			if (*p || grace <= 0) {
>>>> @@ -280,6 +288,16 @@ main(int argc, char **argv)
>>>> 	nfsd_enable_protos(&proto4, &proto6);
>>>> +	if (!NFSCTL_INETISSET(protobits)) {
>>>> +		NFSCTL_TCPUNSET(proto4);
>>>> +		NFSCTL_UDPUNSET(proto4);
>>>> +	}
>>>> +
>>>> +	if (!NFSCTL_INET6ISSET(protobits)) {
>>>> +		NFSCTL_TCPUNSET(proto6);
>>>> +		NFSCTL_UDPUNSET(proto6);
>>>> +	}
>>>> +
>>>> 	if (!NFSCTL_TCPISSET(protobits)) {
>>>> 		NFSCTL_TCPUNSET(proto4);
>>>> 		NFSCTL_TCPUNSET(proto6);
>>>> @@ -301,6 +319,12 @@ main(int argc, char **argv)
>>>> 		exit(1);
>>>> 	}
>>>> +	if (!NFSCTL_INETISSET(protobits) &&
>>>> +	    !NFSCTL_INET6ISSET(protobits)) {
>>>> +		xlog(L_ERROR, "no internet protocols specified");
>>>> +		exit(1);
>>>> +	}
>>>> +
>>>> 	if (NFSCTL_VERISSET(versbits, 4) &&
>>>> 	    !NFSCTL_TCPISSET(proto4) &&
>>>> 	    !NFSCTL_TCPISSET(proto6)) {
>>>> @@ -397,6 +421,7 @@ usage(const char *prog)
>>>> 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
>>>> 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
>>>> 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
>>>> +		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
>>>> 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
>>>> 		prog);
>>>> 	exit(2);
>>>> diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
>>>> index 3ba847e..795f766 100644
>>>> --- a/utils/nfsd/nfsd.man
>>>> +++ b/utils/nfsd/nfsd.man
>>>> @@ -77,6 +77,16 @@ Disable
>>>> .B rpc.nfsd
>>>> from accepting UDP connections from clients.
>>>> .TP
>>>> +.B \-F " or " \-\-no-ipv4
>>>> +Disable
>>>> +.B rpc.nfsd
>>>> +from accepting IPv4 connections from clients.
>>>> +.TP
>>>> +.B \-S " or " \-\-no-ipv6
>>>> +Disable
>>>> +.B rpc.nfsd
>>>> +from accepting IPv6 connections from clients.
>>>> +.TP
>>>> .B \-V " or " \-\-nfs-version vers
>>>> This option can be used to request that
>>>> .B rpc.nfsd
>>>> --
>>>> 2.4.2
>>>> --
>>>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>>>> the body of a message to majordomo@vger.kernel.org
>>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>> --
>>> Chuck Lever
>>> chuck[dot]lever[at]oracle[dot]com
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Chuck Lever
chucklever@gmail.com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Chuck Lever June 8, 2015, 2:27 p.m. UTC | #5 
On Jun 8, 2015, at 10:22 AM, Chuck Lever <chucklever@gmail.com> wrote:

> 
> On Jun 8, 2015, at 10:15 AM, Sean Elble <elbles@sessys.com> wrote:
> 
>> On 08.06.2015 09:25, Kinglong Mee wrote:
>>> On 6/8/2015 3:01 AM, Chuck Lever wrote:
>>>> Hi Kinglong-
>>>> On Jun 7, 2015, at 8:53 AM, Kinglong Mee <kinglongmee@gmail.com> wrote:
>>>>> Sean reports running rpc.nfsd with --host options without IPv6 address.
>>>>> rpc.nfsd prints error message, but runs correctly for IPv4.
>>>>> It is caused by that rpc.nfsd tries to bind IPv4 and IPv6 address default.
>>>>> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name or service not known
>>>> Why not just turn this message into a debugging message?
>>> I think it's an important message for user, especially meeting error both,
>>> we should not remove it.
>>> Also, it's a useful feature of turning off ipv4 or ipv6 for some case.
>> 
>> Thanks for the patch Kinglong!
>> 
>> From my perspective as a user/admin, I welcome the option to turn off either IPv4 or IPv6 selectively.  I could also see the sense in making it a debug level message, in that if it's not working as intended, you're going to inevitably put it into debug mode.  And, as it stands, I think more people see the message now (on account of it being displayed when a host cannot be resolved to both an IPv4 and IPv6 address) than those who would need to see the error, but that's sheer conjecture on my part.
>> 
>> In any case, the patch is much appreciated, and I believe the functionality is worth it, regardless of what is done with the message itself.
> 
> I don’t understand the need to “turn off” an address family. That’s what
> /etc/netconfig is supposed to be for. What’s not happening here that
> should be?

What I mean is: I’d rather not add more command line options if there
is a way for rpc.nfsd to automatically and quietly do what is needed.
But I don’t understand the use case here. Sean, can you explain it for
bears of little brain?


> 
> 
>>> thanks,
>>> Kinglong Mee
>>>>> This patch add no-ipv4 and no-ipv6 options to disable ipv4/ipv6 directly.
>>>>> Reported-by: Sean Elble <elbles@sessys.com>
>>>>> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
>>>>> ---
>>>>> support/include/nfs/nfs.h |  8 ++++++++
>>>>> utils/nfsd/nfsd.c         | 27 ++++++++++++++++++++++++++-
>>>>> utils/nfsd/nfsd.man       | 10 ++++++++++
>>>>> 3 files changed, 44 insertions(+), 1 deletion(-)
>>>>> diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
>>>>> index 27054e5..2be61f0 100644
>>>>> --- a/support/include/nfs/nfs.h
>>>>> +++ b/support/include/nfs/nfs.h
>>>>> @@ -47,19 +47,27 @@ struct nfs_fh_old {
>>>>> #define NFSCTL_UDPBIT		      (1 << (17 - 1))
>>>>> #define NFSCTL_TCPBIT		      (1 << (18 - 1))
>>>>> +#define NFSCTL_INETBIT		      (1 << (19 - 1))
>>>>> +#define NFSCTL_INET6BIT		      (1 << (20 - 1))
>>>>> #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1)))
>>>>> #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT)
>>>>> #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT)
>>>>> +#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= ~NFSCTL_INETBIT)
>>>>> +#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= ~NFSCTL_INET6BIT)
>>>>> #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1)))
>>>>> #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT)
>>>>> #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT)
>>>>> +#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
>>>>> +#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
>>>>> #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
>>>>> #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 1)))
>>>>> #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
>>>>> #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
>>>>> +#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
>>>>> +#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= NFSCTL_INET6BIT)
>>>>> #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
>>>>> #define NFSCTL_ALLBITS (~0)
>>>>> diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
>>>>> index 201bb13..4cd1ea8 100644
>>>>> --- a/utils/nfsd/nfsd.c
>>>>> +++ b/utils/nfsd/nfsd.c
>>>>> @@ -42,6 +42,8 @@ static struct option longopts[] =
>>>>> 	{ "nfs-version", 1, 0, 'V' },
>>>>> 	{ "no-tcp", 0, 0, 'T' },
>>>>> 	{ "no-udp", 0, 0, 'U' },
>>>>> +	{ "no-ipv4", 0, 0, 'F'},
>>>>> +	{ "no-ipv6", 0, 0, 'S'},
>>>>> 	{ "port", 1, 0, 'P' },
>>>>> 	{ "port", 1, 0, 'p' },
>>>>> 	{ "debug", 0, 0, 'd' },
>>>>> @@ -135,7 +137,7 @@ main(int argc, char **argv)
>>>>> 	xlog_syslog(0);
>>>>> 	xlog_stderr(1);
>>>>> -	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
>>>>> +	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", longopts, NULL)) != EOF) {
>>>>> 		switch(c) {
>>>>> 		case 'd':
>>>>> 			xlog_config(D_ALL, 1);
>>>>> @@ -238,6 +240,12 @@ main(int argc, char **argv)
>>>>> 		case 'U':
>>>>> 			NFSCTL_UDPUNSET(protobits);
>>>>> 			break;
>>>>> +		case 'F':
>>>>> +			NFSCTL_INETUNSET(protobits);
>>>>> +			break;
>>>>> +		case 'S':
>>>>> +			NFSCTL_INET6UNSET(protobits);
>>>>> +			break;
>>>>> 		case 'G':
>>>>> 			grace = strtol(optarg, &p, 0);
>>>>> 			if (*p || grace <= 0) {
>>>>> @@ -280,6 +288,16 @@ main(int argc, char **argv)
>>>>> 	nfsd_enable_protos(&proto4, &proto6);
>>>>> +	if (!NFSCTL_INETISSET(protobits)) {
>>>>> +		NFSCTL_TCPUNSET(proto4);
>>>>> +		NFSCTL_UDPUNSET(proto4);
>>>>> +	}
>>>>> +
>>>>> +	if (!NFSCTL_INET6ISSET(protobits)) {
>>>>> +		NFSCTL_TCPUNSET(proto6);
>>>>> +		NFSCTL_UDPUNSET(proto6);
>>>>> +	}
>>>>> +
>>>>> 	if (!NFSCTL_TCPISSET(protobits)) {
>>>>> 		NFSCTL_TCPUNSET(proto4);
>>>>> 		NFSCTL_TCPUNSET(proto6);
>>>>> @@ -301,6 +319,12 @@ main(int argc, char **argv)
>>>>> 		exit(1);
>>>>> 	}
>>>>> +	if (!NFSCTL_INETISSET(protobits) &&
>>>>> +	    !NFSCTL_INET6ISSET(protobits)) {
>>>>> +		xlog(L_ERROR, "no internet protocols specified");
>>>>> +		exit(1);
>>>>> +	}
>>>>> +
>>>>> 	if (NFSCTL_VERISSET(versbits, 4) &&
>>>>> 	    !NFSCTL_TCPISSET(proto4) &&
>>>>> 	    !NFSCTL_TCPISSET(proto6)) {
>>>>> @@ -397,6 +421,7 @@ usage(const char *prog)
>>>>> 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
>>>>> 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
>>>>> 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
>>>>> +		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
>>>>> 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
>>>>> 		prog);
>>>>> 	exit(2);
>>>>> diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
>>>>> index 3ba847e..795f766 100644
>>>>> --- a/utils/nfsd/nfsd.man
>>>>> +++ b/utils/nfsd/nfsd.man
>>>>> @@ -77,6 +77,16 @@ Disable
>>>>> .B rpc.nfsd
>>>>> from accepting UDP connections from clients.
>>>>> .TP
>>>>> +.B \-F " or " \-\-no-ipv4
>>>>> +Disable
>>>>> +.B rpc.nfsd
>>>>> +from accepting IPv4 connections from clients.
>>>>> +.TP
>>>>> +.B \-S " or " \-\-no-ipv6
>>>>> +Disable
>>>>> +.B rpc.nfsd
>>>>> +from accepting IPv6 connections from clients.
>>>>> +.TP
>>>>> .B \-V " or " \-\-nfs-version vers
>>>>> This option can be used to request that
>>>>> .B rpc.nfsd
>>>>> --
>>>>> 2.4.2
>>>>> --
>>>>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>>>>> the body of a message to majordomo@vger.kernel.org
>>>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>> --
>>>> Chuck Lever
>>>> chuck[dot]lever[at]oracle[dot]com
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> --
> Chuck Lever
> chucklever@gmail.com
> 
> 
> 

--
Chuck Lever
chucklever@gmail.com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sean Elble June 8, 2015, 2:33 p.m. UTC | #6 
On 08.06.2015 10:27, Chuck Lever wrote:
>> I don’t understand the need to “turn off” an address family. 
>> That’s what
>> /etc/netconfig is supposed to be for. What’s not happening here that
>> should be?
> 
> What I mean is: I’d rather not add more command line options if there
> is a way for rpc.nfsd to automatically and quietly do what is needed.
> But I don’t understand the use case here. Sean, can you explain it 
> for
> bears of little brain?

Sure, and please correct me if any of my understanding is incorrect (as 
it may well be).  In my environment, I wanted to have NFS only listen on 
one interface of a multihomed host.  In using the "--host" parameter to 
do so, I saw the error message regarding IPv6 thrown.  While disabling 
IPv6 globally in /etc/netconfig is an option (one I understand to be 
"global", in that it'd affect *all* applications on the host), it'd be 
nice to disable IPv6 for a single service/daemon instead.

Of course, the fact that at least Ubuntu and RHEL (and almost certainly 
their upstream and their derivatives, respectively) relay the error 
message when running the NFS init scripts could confuse someone into 
thinking NFS failed to start properly (until they look at the output of 
netstat -nalp, etc.).  I'd almost argue that's a larger concern. By the 
same token, "--host" seems a little used option, for whatever reason.

In any case, I'm the little brained one in this group.  :-)

-Sean
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Chuck Lever June 8, 2015, 2:45 p.m. UTC | #7 
On Jun 8, 2015, at 10:33 AM, Sean Elble <elbles@sessys.com> wrote:

> On 08.06.2015 10:27, Chuck Lever wrote:
>>> I don’t understand the need to “turn off” an address family. That’s what
>>> /etc/netconfig is supposed to be for. What’s not happening here that
>>> should be?
>> What I mean is: I’d rather not add more command line options if there
>> is a way for rpc.nfsd to automatically and quietly do what is needed.
>> But I don’t understand the use case here. Sean, can you explain it for
>> bears of little brain?
> 
> Sure, and please correct me if any of my understanding is incorrect (as it may well be).  In my environment, I wanted to have NFS only listen on one interface of a multihomed host.  In using the "--host" parameter to do so, I saw the error message regarding IPv6 thrown.

OK, yes I read that last week, and had just forgotten it. That sounds to
me like - - host is broken (or, at least noisier than it should be in this
case).

Do you provide an IP address or a hostname when specifying - - host?

> While disabling IPv6 globally in /etc/netconfig is an option (one I understand to be "global", in that it'd affect *all* applications on the host), it'd be nice to disable IPv6 for a single service/daemon instead.
> 
> Of course, the fact that at least Ubuntu and RHEL (and almost certainly their upstream and their derivatives, respectively) relay the error message when running the NFS init scripts could confuse someone into thinking NFS failed to start properly (until they look at the output of netstat -nalp, etc.).  I'd almost argue that's a larger concern. By the same token, "--host" seems a little used option, for whatever reason.
> 
> In any case, I'm the little brained one in this group.  :-)

--
Chuck Lever
chucklever@gmail.com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sean Elble June 8, 2015, 4:49 p.m. UTC | #8 
On 08.06.2015 10:45, Chuck Lever wrote:
> On Jun 8, 2015, at 10:33 AM, Sean Elble <elbles@sessys.com> wrote:
> 
>> On 08.06.2015 10:27, Chuck Lever wrote:
>>>> I don’t understand the need to “turn off” an address family. 
>>>> That’s what
>>>> /etc/netconfig is supposed to be for. What’s not happening here 
>>>> that
>>>> should be?
>>> What I mean is: I’d rather not add more command line options if 
>>> there
>>> is a way for rpc.nfsd to automatically and quietly do what is needed.
>>> But I don’t understand the use case here. Sean, can you explain it 
>>> for
>>> bears of little brain?
>> 
>> Sure, and please correct me if any of my understanding is incorrect 
>> (as it may well be).  In my environment, I wanted to have NFS only 
>> listen on one interface of a multihomed host.  In using the "--host" 
>> parameter to do so, I saw the error message regarding IPv6 thrown.
> 
> OK, yes I read that last week, and had just forgotten it. That sounds 
> to
> me like - - host is broken (or, at least noisier than it should be in 
> this
> case).

Agreed.  I guess it's just a matter of what the appropriate fix is.

> 
> Do you provide an IP address or a hostname when specifying - - host?

I've provided both hostname and IP address, with the same result, IIRC.

> 
>> While disabling IPv6 globally in /etc/netconfig is an option (one I 
>> understand to be "global", in that it'd affect *all* applications on 
>> the host), it'd be nice to disable IPv6 for a single service/daemon 
>> instead.
>> 
>> Of course, the fact that at least Ubuntu and RHEL (and almost 
>> certainly their upstream and their derivatives, respectively) relay 
>> the error message when running the NFS init scripts could confuse 
>> someone into thinking NFS failed to start properly (until they look at 
>> the output of netstat -nalp, etc.).  I'd almost argue that's a larger 
>> concern. By the same token, "--host" seems a little used option, for 
>> whatever reason.
>> 
>> In any case, I'm the little brained one in this group.  :-)
> 
> --
> Chuck Lever
> chucklever@gmail.com
> 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
J. Bruce Fields June 8, 2015, 9:12 p.m. UTC | #9 
On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote:
> On 08.06.2015 10:27, Chuck Lever wrote:
> >>I don’t understand the need to “turn off” an address family.
> >>That’s what
> >>/etc/netconfig is supposed to be for. What’s not happening here that
> >>should be?
> >
> >What I mean is: I’d rather not add more command line options if there
> >is a way for rpc.nfsd to automatically and quietly do what is needed.
> >But I don’t understand the use case here. Sean, can you explain it
> >for
> >bears of little brain?
> 
> Sure, and please correct me if any of my understanding is incorrect
> (as it may well be).  In my environment, I wanted to have NFS only
> listen on one interface of a multihomed host.  In using the "--host"
> parameter to do so, I saw the error message regarding IPv6 thrown.
> While disabling IPv6 globally in /etc/netconfig is an option (one I
> understand to be "global", in that it'd affect *all* applications on
> the host), it'd be nice to disable IPv6 for a single service/daemon
> instead.

But doesn't something like

	rpc.nfsd --host 10.0.0.1 --no-ipv6

seem a bit redundant?

I mean, you've already told it to listen to that one (ipv4) address.
That'd argue for just disabling the warning in this case, I think.  But
my understanding of IPv6 is still poor.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sean Elble June 9, 2015, 1:57 a.m. UTC | #10 
> On Jun 8, 2015, at 5:12 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
> 
> On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote:
>> On 08.06.2015 10:27, Chuck Lever wrote:
>>>> I don’t understand the need to “turn off” an address family.
>>>> That’s what
>>>> /etc/netconfig is supposed to be for. What’s not happening here that
>>>> should be?
>>> 
>>> What I mean is: I’d rather not add more command line options if there
>>> is a way for rpc.nfsd to automatically and quietly do what is needed.
>>> But I don’t understand the use case here. Sean, can you explain it
>>> for
>>> bears of little brain?
>> 
>> Sure, and please correct me if any of my understanding is incorrect
>> (as it may well be).  In my environment, I wanted to have NFS only
>> listen on one interface of a multihomed host.  In using the "--host"
>> parameter to do so, I saw the error message regarding IPv6 thrown.
>> While disabling IPv6 globally in /etc/netconfig is an option (one I
>> understand to be "global", in that it'd affect *all* applications on
>> the host), it'd be nice to disable IPv6 for a single service/daemon
>> instead.
> 
> But doesn't something like
> 
> 	rpc.nfsd --host 10.0.0.1 --no-ipv6
> 
> seem a bit redundant?

In that case, perhaps it does.  But what if you were to use a hostname that resolved to both IPv4 and IPv6 addresses?

> 
> I mean, you've already told it to listen to that one (ipv4) address.
> That'd argue for just disabling the warning in this case, I think.  But
> my understanding of IPv6 is still poor.

Yours and mine both.  But until it gets better, I’m very comfortable in just turning it off in places where 1) I know it’s not needed and 2) Places where exploits could linger with most of our emphasis on IPv4 still.

> 
> --b.
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Chuck Lever June 9, 2015, 3:37 p.m. UTC | #11 
On Jun 8, 2015, at 9:57 PM, Sean Elble <elbles@sessys.com> wrote:

> 
>> On Jun 8, 2015, at 5:12 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
>> 
>> On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote:
>>> On 08.06.2015 10:27, Chuck Lever wrote:
>>>>> I don’t understand the need to “turn off” an address family.
>>>>> That’s what
>>>>> /etc/netconfig is supposed to be for. What’s not happening here that
>>>>> should be?
>>>> 
>>>> What I mean is: I’d rather not add more command line options if there
>>>> is a way for rpc.nfsd to automatically and quietly do what is needed.
>>>> But I don’t understand the use case here. Sean, can you explain it
>>>> for
>>>> bears of little brain?
>>> 
>>> Sure, and please correct me if any of my understanding is incorrect
>>> (as it may well be).  In my environment, I wanted to have NFS only
>>> listen on one interface of a multihomed host.  In using the "--host"
>>> parameter to do so, I saw the error message regarding IPv6 thrown.
>>> While disabling IPv6 globally in /etc/netconfig is an option (one I
>>> understand to be "global", in that it'd affect *all* applications on
>>> the host), it'd be nice to disable IPv6 for a single service/daemon
>>> instead.
>> 
>> But doesn't something like
>> 
>> 	rpc.nfsd --host 10.0.0.1 --no-ipv6
>> 
>> seem a bit redundant?
> 
> In that case, perhaps it does.  But what if you were to use a hostname that resolved to both IPv4 and IPv6 addresses?

I think the common expectation is that NFSD should present an IPv6
listener in that case.

If you give rpc.nfsd a hostname and it has no mapped IPv6 address, or
you give rpc.nfsd an IPv4 address, then no IPv6 listener should be
started.

>> I mean, you've already told it to listen to that one (ipv4) address.
>> That'd argue for just disabling the warning in this case, I think.

I agree with that (either disabling it, or getting rid of the false
negative).

>> But my understanding of IPv6 is still poor.
> 
> Yours and mine both.  But until it gets better, I’m very comfortable in just turning it off in places where 1) I know it’s not needed and 2) Places where exploits could linger with most of our emphasis on IPv4 still.

In the specific usage scenario you opened the thread with, you used
a hostname with no IPv6 mapping, and you got exactly what you wanted:
only an IPv4 listener.

Seems like the rpc.nfsd command line interface is already rich enough
to provide what you want?

--
Chuck Lever
chucklever@gmail.com



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
J. Bruce Fields June 9, 2015, 3:37 p.m. UTC | #12 
On Tue, Jun 09, 2015 at 11:37:38AM -0400, Chuck Lever wrote:
> 
> On Jun 8, 2015, at 9:57 PM, Sean Elble <elbles@sessys.com> wrote:
> 
> > 
> >> On Jun 8, 2015, at 5:12 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
> >> 
> >> On Mon, Jun 08, 2015 at 10:33:22AM -0400, Sean Elble wrote:
> >>> On 08.06.2015 10:27, Chuck Lever wrote:
> >>>>> I don’t understand the need to “turn off” an address family.
> >>>>> That’s what
> >>>>> /etc/netconfig is supposed to be for. What’s not happening here that
> >>>>> should be?
> >>>> 
> >>>> What I mean is: I’d rather not add more command line options if there
> >>>> is a way for rpc.nfsd to automatically and quietly do what is needed.
> >>>> But I don’t understand the use case here. Sean, can you explain it
> >>>> for
> >>>> bears of little brain?
> >>> 
> >>> Sure, and please correct me if any of my understanding is incorrect
> >>> (as it may well be).  In my environment, I wanted to have NFS only
> >>> listen on one interface of a multihomed host.  In using the "--host"
> >>> parameter to do so, I saw the error message regarding IPv6 thrown.
> >>> While disabling IPv6 globally in /etc/netconfig is an option (one I
> >>> understand to be "global", in that it'd affect *all* applications on
> >>> the host), it'd be nice to disable IPv6 for a single service/daemon
> >>> instead.
> >> 
> >> But doesn't something like
> >> 
> >> 	rpc.nfsd --host 10.0.0.1 --no-ipv6
> >> 
> >> seem a bit redundant?
> > 
> > In that case, perhaps it does.  But what if you were to use a hostname that resolved to both IPv4 and IPv6 addresses?
> 
> I think the common expectation is that NFSD should present an IPv6
> listener in that case.
> 
> If you give rpc.nfsd a hostname and it has no mapped IPv6 address, or
> you give rpc.nfsd an IPv4 address, then no IPv6 listener should be
> started.
> 
> >> I mean, you've already told it to listen to that one (ipv4) address.
> >> That'd argue for just disabling the warning in this case, I think.
> 
> I agree with that (either disabling it, or getting rid of the false
> negative).
> 
> >> But my understanding of IPv6 is still poor.
> > 
> > Yours and mine both.  But until it gets better, I’m very comfortable in just turning it off in places where 1) I know it’s not needed and 2) Places where exploits could linger with most of our emphasis on IPv4 still.
> 
> In the specific usage scenario you opened the thread with, you used
> a hostname with no IPv6 mapping, and you got exactly what you wanted:
> only an IPv4 listener.
> 
> Seems like the rpc.nfsd command line interface is already rich enough
> to provide what you want?

Yeah.  If somebody does need the --no-ipv4/6 stuff then we can add that
in addition, but first let's just kill the warning, it sounds to me like
that warning's just wrong.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/support/include/nfs/nfs.h b/support/include/nfs/nfs.h
index 27054e5..2be61f0 100644
--- a/support/include/nfs/nfs.h
+++ b/support/include/nfs/nfs.h
@@ -47,19 +47,27 @@  struct nfs_fh_old {
 
 #define NFSCTL_UDPBIT		      (1 << (17 - 1))
 #define NFSCTL_TCPBIT		      (1 << (18 - 1))
+#define NFSCTL_INETBIT		      (1 << (19 - 1))
+#define NFSCTL_INET6BIT		      (1 << (20 - 1))
 
 #define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1))) 
 #define NFSCTL_UDPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_UDPBIT) 
 #define NFSCTL_TCPUNSET(_cltbits)     ((_cltbits) &= ~NFSCTL_TCPBIT) 
+#define NFSCTL_INETUNSET(_cltbits)    ((_cltbits) &= ~NFSCTL_INETBIT)
+#define NFSCTL_INET6UNSET(_cltbits)   ((_cltbits) &= ~NFSCTL_INET6BIT)
 
 #define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1))) 
 #define NFSCTL_UDPISSET(_cltbits)     ((_cltbits) & NFSCTL_UDPBIT) 
 #define NFSCTL_TCPISSET(_cltbits)     ((_cltbits) & NFSCTL_TCPBIT) 
+#define NFSCTL_INETISSET(_cltbits)    ((_cltbits) & NFSCTL_INETBIT)
+#define NFSCTL_INET6ISSET(_cltbits)   ((_cltbits) & NFSCTL_INET6BIT)
 
 #define NFSCTL_VERDEFAULT (0xc)       /* versions 3 and 4 */
 #define NFSCTL_VERSET(_cltbits, _v)   ((_cltbits) |= (1 << ((_v) - 1))) 
 #define NFSCTL_UDPSET(_cltbits)       ((_cltbits) |= NFSCTL_UDPBIT)
 #define NFSCTL_TCPSET(_cltbits)       ((_cltbits) |= NFSCTL_TCPBIT)
+#define NFSCTL_INETSET(_cltbits)      ((_cltbits) |= NFSCTL_INETBIT)
+#define NFSCTL_INET6SET(_cltbits)     ((_cltbits) |= NFSCTL_INET6BIT)
 
 #define NFSCTL_ANYPROTO(_cltbits)     ((_cltbits) & (NFSCTL_UDPBIT | NFSCTL_TCPBIT))
 #define NFSCTL_ALLBITS (~0)
diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c
index 201bb13..4cd1ea8 100644
--- a/utils/nfsd/nfsd.c
+++ b/utils/nfsd/nfsd.c
@@ -42,6 +42,8 @@  static struct option longopts[] =
 	{ "nfs-version", 1, 0, 'V' },
 	{ "no-tcp", 0, 0, 'T' },
 	{ "no-udp", 0, 0, 'U' },
+	{ "no-ipv4", 0, 0, 'F'},
+	{ "no-ipv6", 0, 0, 'S'},
 	{ "port", 1, 0, 'P' },
 	{ "port", 1, 0, 'p' },
 	{ "debug", 0, 0, 'd' },
@@ -135,7 +137,7 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_stderr(1);
 
-	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:", longopts, NULL)) != EOF) {
+	while ((c = getopt_long(argc, argv, "dH:hN:V:p:P:sTUrG:L:FS", longopts, NULL)) != EOF) {
 		switch(c) {
 		case 'd':
 			xlog_config(D_ALL, 1);
@@ -238,6 +240,12 @@  main(int argc, char **argv)
 		case 'U':
 			NFSCTL_UDPUNSET(protobits);
 			break;
+		case 'F':
+			NFSCTL_INETUNSET(protobits);
+			break;
+		case 'S':
+			NFSCTL_INET6UNSET(protobits);
+			break;
 		case 'G':
 			grace = strtol(optarg, &p, 0);
 			if (*p || grace <= 0) {
@@ -280,6 +288,16 @@  main(int argc, char **argv)
 
 	nfsd_enable_protos(&proto4, &proto6);
 
+	if (!NFSCTL_INETISSET(protobits)) {
+		NFSCTL_TCPUNSET(proto4);
+		NFSCTL_UDPUNSET(proto4);
+	}
+
+	if (!NFSCTL_INET6ISSET(protobits)) {
+		NFSCTL_TCPUNSET(proto6);
+		NFSCTL_UDPUNSET(proto6);
+	}
+
 	if (!NFSCTL_TCPISSET(protobits)) {
 		NFSCTL_TCPUNSET(proto4);
 		NFSCTL_TCPUNSET(proto6);
@@ -301,6 +319,12 @@  main(int argc, char **argv)
 		exit(1);
 	}
 
+	if (!NFSCTL_INETISSET(protobits) &&
+	    !NFSCTL_INET6ISSET(protobits)) {
+		xlog(L_ERROR, "no internet protocols specified");
+		exit(1);
+	}
+
 	if (NFSCTL_VERISSET(versbits, 4) &&
 	    !NFSCTL_TCPISSET(proto4) &&
 	    !NFSCTL_TCPISSET(proto6)) {
@@ -397,6 +421,7 @@  usage(const char *prog)
 		"%s [-d|--debug] [-H hostname] [-p|-P|--port port]\n"
 		"     [-N|--no-nfs-version version] [-V|--nfs-version version]\n"
 		"     [-s|--syslog] [-T|--no-tcp] [-U|--no-udp] [-r|--rdma=]\n"
+		"     [-F|--no-ipv4] [-S|--no-ipv6]\n"
 		"     [-G|--grace-time secs] [-L|--leasetime secs] nrservs\n",
 		prog);
 	exit(2);
diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man
index 3ba847e..795f766 100644
--- a/utils/nfsd/nfsd.man
+++ b/utils/nfsd/nfsd.man
@@ -77,6 +77,16 @@  Disable
 .B rpc.nfsd
 from accepting UDP connections from clients.
 .TP
+.B \-F " or " \-\-no-ipv4
+Disable
+.B rpc.nfsd
+from accepting IPv4 connections from clients.
+.TP
+.B \-S " or " \-\-no-ipv6
+Disable
+.B rpc.nfsd
+from accepting IPv6 connections from clients.
+.TP
 .B \-V " or " \-\-nfs-version vers
 This option can be used to request that 
 .B rpc.nfsd