[OpenAFS] OpenAFS fileserver behind NAT

Ray Link rlink+@pitt.edu
Thu, 16 May 2002 15:49:33 -0400 (EDT)


On Wed, 15 May 2002, Matt wrote:

> In IBM AFS 3.6p1 there is apparently a fix for this
> problem -- you can put "fake" IP addresses in a
> NetInfo file, that won't be checked for authenticity.
>
> Does anybody know a fix or workaround for this in
> OpenAFS?

Specifically, you could prefix the lines in the NetInfo file with an "f "
to make the parsing routines skip validity checks for those lines.

After looking in src/util/netinfo.c, it looks like the OpenAFS versions
of ParseNetInfoFile() and extract_Addr() don't have this functionality.
Specifically, extract_Addr() immediately flags any line with non-numeric
data as being an invalid IP.  There is no special-casing for the "f "
prefix.

I recently ran across this same problem when attempting to make public
the OpenAFS cell that I run at home behind a NATbox.  Is this something
that can be added to OpenAFS without too much difficulty?  I might be
willing to tackle this myself, but I'm not sure yet if it would involve
touching anything outside src/util/netutil.c.  Seeing that all of the
IP validation is done in netutil.c, I'd be worried about other places
in the code that expect to be able to make full use of this address
list, expecting all addresses in it to be perfectly usable.

==== Ray Link === University of Pittsburgh CSSD === rlink@pitt.edu ====

There is no spoon, only Zuul.