[OpenAFS-devel] Stop me before I NAT again...
Todd M. Lewis
Todd_Lewis@unc.edu,
OpenAFS-devel <openafs-devel@openafs.org>
Mon, 29 Sep 2003 14:34:20 -0400
I know, the official answer is, "Change the UDP timeouts on your NAT
box." But of all the cool things my particular DSL modem/router allows
me to configure, UDP timeouts isn't one of them. Besides, there ought
to be a way to make this work in software.
In fact, in 2000 Matthew Fredette wrote his excellent natkeep-0.1, which
watches your network and, upon seeing outbound UDP packets, it
periodically sends identically addressed UDP packets with a ttl=1, so
they die once they pass through your NAT box, but with the side effect
of keeping your NAT UDP connection mappings alive, which makes AFS
clients work from home. Yea!
Unfortunately, natkeep uses GNU threads and the pcap library (nothing
against either of those per se) and is a little heavy handed. Making it
work with current Linux technologies looks like a lot of work, too.
(But don't let that stop you!)
Then I got to thinking, maybe I could hack the natkeep functionality
directly into OpenAFS. [This is where you sigh and groan, okay.] Turns
out there's a great place to put such a critter, too. As a sort of
proof of evil concept, I duplicated a couple of lines in
afs_CheckServerDaemon() like so:
--- afs_daemons.c-orig 2003-03-06 09:53:25.000000000 -0500
+++ afs_daemons.c 2003-09-26 16:21:02.000000000 -0400
@@ -75,6 +75,8 @@
now = osi_Time();
if (PROBE_INTERVAL + lastCheck <= now) {
afs_CheckServers(1, (struct cell *) 0); /* check down
servers */
+ afs_Trace1(afs_iclSetp, CM_TRACE_PROBEUP, ICL_TYPE_INT32, 600);
+ afs_CheckServers(0, (struct cell *) 0); /* check the up
servers too; -- tml */
lastCheck = now = osi_Time();
}
After setting PROBE_INTERVAL to 25 seconds via "fs checks -interval 25",
this makes my client check the up servers as well as the down servers
every 25 seconds, which keeps my NAT mappings fresh. It also hits my
fileservers 20+ times as often, which is probably not a Good Thing. In
fact, I would expect this technique to be about as popular among the
OpenAFS keepers as the sys_call_table hack is with Alan Cox. Still,
it's just a proof of concept. Of course I would _never_ run this sort
of thing from home except as a test (wink wink)!
So, here's the question: would an afs_CheckServers()-like function that
did a natkeep-like thing with a configurable ttl -- all optional and
properly integrated into configure of course -- for the purposes of
running OpenAFS clients from behind NAT boxes be welcome, or should I
slither back to my evil dark slime pit? If the former, I would welcome
suggestions about how best to use the existing osi_XXX() networking
calls for this purpose. (They must be there for a reason; calling
socket/connect/sendto may not be The Way, especially in a kernel module...)
Thanks for the bandwidth...
--
+-----------------------------------------------------------------+
/ Todd_Lewis@unc.edu 919-962-5273 http://www.unc.edu/~utoddl /
/ A Freudian slip is when you say one thing but mean your mother. /
+-----------------------------------------------------------------+