tcpdump.png

Understanding Portmap with NFSv3

Updated: 2 days ago

Portmap is a service that converts RPC program numbers into protocol port numbers. It must be running in order to make RPC calls. Portmap makes the dynamic binding of remote programs possible. NFSv3 is based on portmap. We will dive into this today.


How Portmap works?

The portmap service maps RPC service and version numbers to transport-specific port numbers.


When an RPC service is started, it will tell portmap what port number it is listening to, and what RPC program numbers it is prepared to serve. When a client wishes to make an RPC call to a given program number, it will first contact portmap on the server machine to determine the port number where RPC packets should be sent.


Related:



The figure illustrates the following process:



  1. The server registers with portmap.

  2. The client gets the server's port from portmap.

  3. The client calls the server.




NFSv3 and Portmap


NFSv3 is based on portmap. The following description applies to NFS version 3 mounts. The NFS version 4 mount process does not include the portmap service nor does it include the MOUNT protocol.


When a client needs to mount a file system from a server, the client must obtain a file handle from the server. The file handle must correspond to the file system. This process requires that several transactions occur between the client and the server. In this example, the client is attempting to mount /home/terry from the server. A snoop trace for this transaction follows.





client -> server PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 proto=UDP

server -> client PORTMAP R GETPORT port=33492

client -> server MOUNT3 C Null

server -> client MOUNT3 R Null

client -> server MOUNT3 C Mount /export/home9/terry

server -> client MOUNT3 R Mount OK FH=9000 Auth=unix

client -> server PORTMAP C GETPORT prog=100003 (NFS) vers=3 proto=TCP

server -> client PORTMAP R GETPORT port=2049

client -> server NFS C NULL3

server -> client NFS R NULL3

client -> server NFS C FSINFO3 FH=9000

server -> client NFS R FSINFO3 OK

client -> server NFS C GETATTR3 FH=9000

server -> client NFS R GETATTR3 OK





  • In this trace, the client first requests the mount port number from the portmap service on the NFS server.

  • After the client receives the mount port number (33492), that number is used to test the availability of the service on the server.

  • After the client has determined that a service is running on that port number, the client then makes a mount request.

  • When the server responds to this request, the server includes the file handle for the file system (9000) being mounted.

  • The client then sends a request for the NFS port number. When the client receives the number from the server, the client tests the availability of the NFS service (nfsd). Also, the client requests NFS information about the file system that uses the file handle.


Check Portmap on Linux

The well known port number for portmap is 111. We can use rpcinfo -p to check which rpc service is registered to portmap. Normally this command will respond with all the registered RPC services running on the server.


The listing displays the program number, version, protocol, port, and service name. One of those listed is the mountd service.


program vers proto port service 100005 1 udp 33492 mountd





38 views

Join our newsletter! Get a free cloud server!  Never miss a post!

Thanks for submitting!