Bug #13846
opennfs export to IPv6 and IPv4 fails with wrong error message, share_nfs(1M) manpage update requested
0%
Description
I have a new file server with two interfaces. aggr0 has both IPv4 and IPv6 addresses on it 140.XXX.YYY.ZZZ & 2607:AAAA:BBBB:CCCC:0:DDDD:0:EEEE (referenced below as sharing to 140.XXX.YYY.0/24 and 2607:AAAA:BBBB:CCCC::/64). nas_aggr0 has just an IPv4 address (10.XX.YY.ZZ/24).
The host has OmniOS 151038. I set up and exported a filesystem to nas_aggr0 (@10.XX.YY.0/24) but made an error and tried to mount it via aggr0. Instead of getting the expected mount denied error I got an error about "invalid access list entry: 10.XX.YY.0/24". After correcting the mount to go via nas_aggr0 (which had no problems) I did some testing and found that the 'invlaid access list' error was fairly common where it shouldn't have been presented. All of the below tests were done on aggr0 since it is the only one with both IPv4 and IPv6. In some cases "access denied" might have made sense, in some there should not have been any error at all - presuming the mixing of IPv4 and IPv6 addresses was correct. Since the share_nfs(1M) manpage doesn't mention that I can't be sure that I was or wasn't doing it right.
All errors noted here were logged in /var/adm/messages on the file server.
- testing exporting just to IPv4 subnet
sudo zfs set sharenfs='rw=@140.XXX.YYY.0/24' pool0/exporttest0
v4 mount: mount success, no error logged
v6 mount: rejected as expected
- testing exporting just to IPv6 subnet
sudo zfs set sharenfs='rw=@[2607:AAAA:BBBB:CCCC::]/64' pool0/exporttest0
v4 mount: rejected as expected
v6 mount: mount success, no error logged
- testing using both IPv6 and IPv4 subnet addresses (in that order)
sudo zfs set sharenfs='rw=@[2607:AAAA:BBBB:CCCC::]/64:@140.XXX.YYY.0/24' pool0/exporttest0
v4 mount: mount fail, error logged:
"invalid access list entry: [2607:4000:200:110::]/64"
v6 mount: mount success, no error logged
- testing using both IPv4 and IPv6 subnet addresses (reverse order)
sudo zfs set sharenfs='rw=140.XXX.YYY.0/24:
[2607:AAAA:BBBB:CCCC::]/64' pool0/exporttest0
v4 mount: mount success, no error logged
v6 mount: mount fail, error printed:
"invalid access list entry: 140.XXX.YYY.0/24"
- testing exporting to a specific host's name
sudo zfs set sharenfs='rw=specific.host.dom.ain' pool0/exporttest0
v4 mount: mount success, no error logged
v6 mount: mount success, no error logged
- testing using exporting to that host's specific IP addresses:
sudo zfs set sharenfs='rw=140.XXX.YYY.ZZZ:
[2607:AAAA:BBBB:CCCC:0:DDDD:0:EEEE]' pool0/exporttest0
v4 mount: mount success, no error logged
v6 mount: mount fail, error logged:
"invalid access list entry: 140.XXX.YYY.DDD"
Part of this testing was complicated by share_nfs(1M) manpage not even mentioning IPv6. It would be useful to update the access_list network section to address IPv6, as well as mixing IPv4 and IPv6.