[OpenAFS-devel] 1.4.8 has (re) introduced IP address ACL problems?
Jason Edgecombe
jason@rampaginggeek.com
Wed, 10 Dec 2008 20:32:07 -0500
Jeffrey Hutzelman wrote:
> --On Monday, December 08, 2008 10:47:42 PM -0500 Jeffrey Altman
> <jaltman@secure-endpoints.com> wrote:
>
>> Deon George wrote:
>>> The server has many NIC's - and thus each NIC has its own address (and
>>> subnet). (Each NIC only has 1 address).
>>>
>>> Thus, I have limited the address that openafs uses using a NetInfo file
>>> (in /usr/afs/local and in /usr/vice/etc).
>>>
>>> [root@penguin local]# cat /usr/afs/local/NetInfo
>>> 10.1.3.1
>>> [root@penguin local]# cat /usr/vice/etc/NetInfo
>>> 10.1.3.1
>>>
>>> ...deon
>>
>> The NetRestrict file would remove unwanted addresses. The NetInfo
>> file adds addresses that otherwise would be unknown.
>>
>> See the man pages. http://www.openafs.org/manpages/
>
> That man page does not agree with my recollection of how the software
> actually works. Since I just checked the code and my recollection
> agrees with the code, the man page is wrong.
>
> The NetInfo file restricts the set of interfaces that can be used, and
> has the behavior Deon expects. If a NetInfo file is present, then
> only addresses listed in it are advertised, period. If a NetRestrict
> file is present, then addresses contained in it are _not_ listed. If
> both files are present, then both sets of restrictions apply.
> Further, even if an address is listed in NetInfo, it is not advertised
> unless it also appears on an interface or is prefixed by 'F'.
Does the man page need to be corrected, and if so, what needs to be changed?
Thanks,
Jason