File 0017-mountd-make-default-ttl-settable-by-option.patch of Package nfs-utils.25913
From f0de610866fdec2cb337d6f3413e941141ea6da9 Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 15 Mar 2021 09:57:03 -0400
Subject: [PATCH] mountd: make default ttl settable by option
The DEFAULT_TTL affects the rate at which authentication messages are
logged. So it is useful to make it settable.
Add "-ttl" and "-T", and add clear statement in the documentation of
both the benefits and the possible negative effects of choosing a larger
value
Signed-off-by: NeilBrown <neil@brown.name>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
nfs.conf | 1 +
support/include/exportfs.h | 3 ++-
support/nfs/exports.c | 4 +++-
systemd/nfs.conf.man | 1 +
utils/mountd/cache.c | 6 +++---
utils/mountd/mountd.c | 18 ++++++++++++++++--
utils/mountd/mountd.man | 19 ++++++++++++++++---
utils/mountd/v4root.c | 3 ++-
8 files changed, 44 insertions(+), 11 deletions(-)
--- a/nfs.conf
+++ b/nfs.conf
@@ -31,6 +31,7 @@
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
+# ttl=1800
#
#[nfsdcltrack]
# debug=0
--- a/support/include/exportfs.h
+++ b/support/include/exportfs.h
@@ -105,7 +105,8 @@ typedef struct mexport {
} nfs_export;
#define HASH_TABLE_SIZE 1021
-#define DEFAULT_TTL (30 * 60)
+
+extern int default_ttl;
typedef struct _exp_hash_entry {
nfs_export * p_first;
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -47,6 +47,8 @@ struct flav_info flav_map[] = {
const int flav_map_size = sizeof(flav_map)/sizeof(flav_map[0]);
+int default_ttl = 30 * 60;
+
static char *efname = NULL;
static XFILE *efp = NULL;
static int first;
@@ -100,7 +102,7 @@ static void init_exportent (struct expor
ee->e_nsquids = 0;
ee->e_nsqgids = 0;
ee->e_uuid = NULL;
- ee->e_ttl = DEFAULT_TTL;
+ ee->e_ttl = default_ttl;
}
struct exportent *
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -155,6 +155,7 @@ Recognized values:
.BR threads ,
.BR reverse-lookup ,
.BR cache-use-upaddr ,
+.BR ttl ,
.BR state-directory-path ,
.BR ha-callout .
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -123,7 +123,7 @@ static void auth_unix_ip(int f)
bp = buf; blen = sizeof(buf);
qword_add(&bp, &blen, "nfsd");
qword_add(&bp, &blen, ipaddr);
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
if (use_ipaddr && client) {
memmove(ipaddr + 1, ipaddr, strlen(ipaddr) + 1);
ipaddr[0] = '$';
@@ -196,7 +196,7 @@ static void auth_unix_gid(int f)
bp = buf; blen = sizeof(buf);
qword_adduint(&bp, &blen, uid);
- qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL);
+ qword_adduint(&bp, &blen, time(0) + default_ttl);
if (rv >= 0) {
qword_adduint(&bp, &blen, ngroups);
for (i=0; i<ngroups; i++)
@@ -892,7 +892,7 @@ static int dump_to_cache(int f, char *bu
time_t now = time(0);
if (ttl <= 1)
- ttl = DEFAULT_TTL;
+ ttl = default_ttl;
qword_add(&bp, &blen, domain);
qword_add(&bp, &blen, path);
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -73,9 +73,10 @@ static struct option longopts[] =
{ "no-udp", 0, 0, 'u' },
{ "log-auth", 0, 0, 'l'},
{ "cache-use-ipaddr", 0, 0, 'i'},
+ { "ttl", 1, 0, 'T'},
{ NULL, 0, 0, 0 }
};
-static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gli";
+static char shortopts[] = "o:nFd:p:P:hH:N:V:vurs:t:gliT:";
#define NFSVERSBIT(vers) (0x1 << (vers - 1))
#define NFSVERSBIT_ALL (NFSVERSBIT(2) | NFSVERSBIT(3) | NFSVERSBIT(4))
@@ -668,6 +669,7 @@ main(int argc, char **argv)
int descriptors = 0;
int c;
int vers;
+ int ttl;
struct sigaction sa;
struct rlimit rlim;
@@ -709,6 +711,9 @@ main(int argc, char **argv)
else
NFSCTL_VERUNSET(nfs_version, vers);
}
+ ttl = conf_get_num("mountd", "ttl", default_ttl);
+ if (ttl > 0)
+ default_ttl = ttl;
/* Parse the command line options and arguments. */
@@ -789,6 +794,15 @@ main(int argc, char **argv)
case 'i':
use_ipaddr = 2;
break;
+ case 'T':
+ ttl = atoi(optarg);
+ if (ttl <= 0) {
+ fprintf(stderr, "%s: bad ttl number of seconds: %s\n",
+ argv[0], optarg);
+ usage(argv[0], 1);
+ }
+ default_ttl = ttl;
+ break;
case 0:
break;
case '?':
@@ -907,7 +921,7 @@ usage(const char *prog, int n)
{
fprintf(stderr,
"Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n"
-" [-l|--log-auth] [-i|--cache-use-ipaddr]\n"
+" [-l|--log-auth] [-i|--cache-use-ipaddr] [-T|--ttl ttl]\n"
" [-o num|--descriptors num]\n"
" [-p|--port port] [-V version|--nfs-version version]\n"
" [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
--- a/utils/mountd/mountd.man
+++ b/utils/mountd/mountd.man
@@ -93,9 +93,10 @@ Turn on debugging. Valid kinds are: all,
.TP
.BR \-l " or " \-\-log\-auth
Enable logging of responses to authentication and access requests from
-nfsd. Each response is then cached by the kernel for 30 minutes, and
-will be refreshed after 15 minutes if the relevant client remains
-active.
+nfsd. Each response is then cached by the kernel for 30 minutes (or as set by
+.B \-\-ttl
+below), and will be refreshed after 15 minutes (half the ttl time) if
+the relevant client remains active.
Note that
.B -l
is equivalent to
@@ -129,6 +130,17 @@ log messages produced by the
.B -l
option easier to read.
.TP
+.B \-T " or " \-\-ttl
+Provide a time-to-live (TTL) for cached information given to the kernel.
+The kernel will normally request an update if the information is needed
+after half of this time has expired. Increasing the provided number,
+which is in seconds, reduces the rate of cache update requests, and this
+is particularly noticeable when these requests are logged with
+.BR \-l .
+However increasing also means that changes to hostname to address
+mappings can take longer to be noticed.
+The default TTL is 1800 (30 minutes).
+.TP
.B \-F " or " \-\-foreground
Run in foreground (do not daemonize)
.TP
@@ -263,6 +275,7 @@ section include
.BR descriptors ,
.BR port ,
.BR threads ,
+.BR ttl ,
.BR reverse-lookup ", and"
.BR state-directory-path ,
.B ha-callout
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -47,7 +47,7 @@ static nfs_export pseudo_root = {
.e_nsqgids = 0,
.e_fsid = 0,
.e_mountpoint = NULL,
- .e_ttl = DEFAULT_TTL,
+ .e_ttl = 0,
},
.m_exported = 0,
.m_xtabent = 1,
@@ -91,6 +91,7 @@ v4root_create(char *path, nfs_export *ex
struct exportent *curexp = &export->m_export;
dupexportent(&eep, &pseudo_root.m_export);
+ eep.e_ttl = default_ttl;
eep.e_hostname = curexp->e_hostname;
strncpy(eep.e_path, path, sizeof(eep.e_path));
if (strcmp(path, "/") != 0)
