[OpenAFS] AFS hangs, possible nat issues?

Mark Huijgen mark@nl.simpc.com
Wed, 19 May 2010 14:29:27 +0200


On 05/14/2010 09:21 PM, Jeffrey Altman wrote:
> On 5/14/2010 3:11 PM, Steve Simmons wrote:
>   
>
>> Next step would be to have him try 1.5.74, but before he goes that far I'd be interested in anyone who's seen similar problems and what if anything fixed them.
>>     
> This is the solution.  The NAT ping functionality in the 1.5.74 rx
> library was added to ensure that there is sufficient outbound traffic to
> convince the firewall or NAT to leave the in-bound port open.
 
Would it be safe to apply this NAT ping functionality to the 1.4.x
series also?
I have patched my 1.4.12 linux client with these 2 patches I found in git:

rx lowlevel nat ping
http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=d24078658d183ea2e72e61c1888e9900bac0ec32
rx nat event connection reference
http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=d9cf88428aa542d1cd304e82f02333eced0194ae

Are these 2 patches enough?

After this I can see the rx version requests being sent every 20 sec to
every server which the client has talked to.
It keeps on doing this till the client is shutdown. No more timeouts now :)

I used a simple natkeep program before that sends udp packets with a
small TTL, but it seems some nat firewalls close the port as soon as
they receive the TTL expired ICMP reply causing AFS not to work at all
on these networks.

Mark Huijgen