Project

General

Profile

Bug #25886

Ensure NFS shares networks do not overlap

Added by Nick Wolff about 1 year ago. Updated 7 months ago.

Status:
Resolved
Priority:
Important
Assignee:
William Grzybowski
Category:
GUI (new)
Target version:
Seen in:
TrueNAS - 11.0-U2.2
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Related projects 1 project

Description

You can put in overlapping nfs networks that aren't identically typed out (158.95.150.0/23 158.95.151.0/23) for a single share which will potentially break the gui and debugs along with causing log messages from bad nfs configs

/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 158.95.150.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 158.95.151.0/23

root@ausstitnas-01:~ # cat /etc/exports
/mnt/tank/Sun_DR_14092017 -alldirs -maproot="root":"" 158.95.156.21 158.95.156.63 158.95.156.32 158.95.156.54 158.95.156.33 158.95.156.54 158.95.156.64 158.95.156.55
/mnt/tank/recovery -alldirs -ro -maproot="root":"" 158.95.156.97
/mnt/tank/Sun_DR_20170815.1745 -alldirs -maproot="root":"" 158.95.156.21 158.95.156.73 158.95.156.33 158.95.156.64
/mnt/tank/TEST -alldirs -maproot="root":"" 158.95.156.32 158.95.156.21
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 151.138.130.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 151.138.132.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 151.138.134.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 151.138.136.0/24
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 158.95.150.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 158.95.156.0/24
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 158.95.151.0/23
/mnt/tank/aus_home -alldirs -maproot="root":"wheel" -network 151.138.135.0/23
/mnt/tank/Software -alldirs -ro -mapall="nobody":"" -network 151.138.136.0/24


Related issues

Related to FreeNAS - Bug #33786: Be less restrictive for NFS exportsDone

Associated revisions

Revision e873b53e (diff)
Added by William Grzybowski about 1 year ago

fix(gui): make sure NFS shares network do not overlap

Checking just the string is ovbiously not good enough:

158.95.150.0/23 and 158.95.151.0/23 belong to the same network, even
though 158.95.151.0/23 is not a valid network (it has host bits set).

Ticket: #25886

Revision b2348b78 (diff)
Added by William Grzybowski about 1 year ago

fix(gui): make sure NFS shares network do not overlap

Checking just the string is obviously not good enough:

158.95.150.0/23 and 158.95.151.0/23 belong to the same network, even
though 158.95.151.0/23 is not a valid network (it has host bits set).

Ticket: #25886

Revision 72d57118 (diff)
Added by William Grzybowski about 1 year ago

fix(gui): check for overlapping network on same share

Ticket: #25886

Revision 72dcf2c6 (diff)
Added by William Grzybowski about 1 year ago

fix(gui): check for overlapping network on same share

Ticket: #25886
(cherry picked from commit 72d571189394522fda8e7aeeaf5195d5c933f403)

History

#1 Updated by Dru Lavigne about 1 year ago

  • Status changed from Untriaged to Unscreened
  • Assignee changed from Bonnie Follweiler to William Grzybowski
  • Target version deleted (TrueNAS-11.0-U2.1)

William: please load balance.

#2 Updated by William Grzybowski about 1 year ago

  • Status changed from Unscreened to Screened
  • Priority changed from No priority to Important
  • Target version set to TrueNAS 11.1-U1

#3 Updated by Nick Wolff about 1 year ago

  • Assignee changed from William Grzybowski to Bonnie Follweiler
  • Seen in changed from 11.0-U2 to 11.0-U2.2

I'm moving to QA to pinup and verify prior to devs as discussed with kris on this type of issue.

Also good to note this should effect truenas and freenas

#4 Updated by Bonnie Follweiler about 1 year ago

  • Assignee changed from Bonnie Follweiler to William Grzybowski

After talking it over with William, he has sufficient info/access to address this issue therefore I am re-assigning it back to him.

#5 Updated by Dru Lavigne about 1 year ago

  • Project changed from TrueNAS to FreeNAS
  • Category changed from 42 to 2
  • Target version changed from TrueNAS 11.1-U1 to 11.1
  • Private changed from No to Yes

#6 Updated by William Grzybowski about 1 year ago

  • Status changed from Screened to Needs Developer Review
  • Assignee changed from William Grzybowski to Vladimir Vinogradenko

#7 Updated by Vladimir Vinogradenko about 1 year ago

  • Status changed from Needs Developer Review to Reviewed by Developer
  • Assignee changed from Vladimir Vinogradenko to William Grzybowski

#8 Updated by William Grzybowski about 1 year ago

  • Status changed from Reviewed by Developer to Ready For Release

#9 Updated by Dru Lavigne about 1 year ago

  • Subject changed from Overlapping nfs subnets to Ensure NFS shares networks do not overlap

#10 Updated by Dru Lavigne about 1 year ago

  • File deleted (debug-20170914095640.tar)

#11 Updated by Dru Lavigne about 1 year ago

  • Private changed from Yes to No

#12 Updated by Dru Lavigne about 1 year ago

  • Target version changed from 11.1 to 11.1-RC1

#13 Updated by Dru Lavigne about 1 year ago

  • Status changed from Ready For Release to Resolved

#14 Updated by Nick Wolff about 1 year ago

  • QA Status Test Fails FreeNAS added
  • QA Status deleted (Not Tested)

Test fails

root@fncertified:~ # cat /etc/exports
/mnt/tank/nfs-testing -network 10.0.0.0/16
/mnt/tank/nfs-testing -network 10.0.1.0/16
root@fncertified:~ # cat /etc/version
FreeNAS-11.1-RC1 (ff06285bd)
root@fncertified:~ #
/var/log/messages:
Nov 6 11:23:12 fncertified kernel: Non-unique normal route, mask not entered
Nov 6 11:23:12 fncertified kernel: Non-unique normal route, mask not entered

#15 Updated by William Grzybowski about 1 year ago

  • Status changed from Resolved to 15

Please describe the steps you did to create the share

#16 Updated by Nick Wolff about 1 year ago

Added two network in a row with space inbetween them in Authorized networks field in new nfs entry then hit ok.

I then went back and entered a third to see if it made a difference on update.

Both times it successfully was created.

Networks were 10.0.0.0/16 10.0.1.0/16 10.0.2.0/16 which are all logically identical.

#17 Updated by William Grzybowski about 1 year ago

  • Status changed from 15 to Reviewed by Developer
  • Target version changed from 11.1-RC1 to 11.1
  • QA Status Not Tested added
  • QA Status deleted (Test Fails FreeNAS)

#18 Updated by William Grzybowski about 1 year ago

  • Status changed from Reviewed by Developer to Ready For Release

#19 Updated by Dru Lavigne about 1 year ago

  • Target version changed from 11.1 to 11.1-RC2

#20 Updated by Nick Wolff about 1 year ago

  • Needs QA changed from Yes to No
  • QA Status Test Passes FreeNAS added

#21 Updated by Nick Wolff about 1 year ago

  • QA Status deleted (Not Tested)

#22 Updated by Dru Lavigne about 1 year ago

  • Target version changed from 11.1-RC2 to 11.1-RC3

#23 Updated by Dru Lavigne about 1 year ago

  • Status changed from Ready For Release to Resolved

#24 Updated by Dru Lavigne 7 months ago

  • Description updated (diff)

#25 Updated by Caleb St. John 7 months ago

  • Related to Bug #33786: Be less restrictive for NFS exports added

Also available in: Atom PDF