[OpenAFS] UDP timeouts
Jaap Winius
jwinius@umrk.nl
Thu, 05 May 2011 16:28:48 +0200
Quoting Stanis=C5=82aw Kami=C5=84ski <stasheck.fora@gmail.com>:
> Could you share how did you find that they are dropped?
Mostly I's see lines like the following in the syslog of the host =20
running the firewall:
Apr 30 16:33:16 noord kernel: [181949.998779] DROP IN=3Dbr1 OUT=3D =20
PHYSIN=3Deth1 MAC=3D00:16:0a:24:d5:3d:00:25:2e:64:1a:8f:08:00 =20
SRC=3D95.97.11.43 DST=3D95.97.10.82 LEN=3D104 TOS=3D0x00 PREC=3D0x00 TTL=3D=
62 =20
ID=3D30486 PROTO=3DUDP SPT=3D7000 DPT=3D7001 LEN=3D84
A few packets would have a different destination port:
Apr 30 16:33:31 noord kernel: [181964.989020] DROP IN=3Dbr1 OUT=3D =20
PHYSIN=3Deth1 MAC=3D00:16:0a:24:d5:3d:00:25:2e:64:1a:8f:08:00 =20
SRC=3D95.97.11.43 DST=3D95.97.10.82 LEN=3D104 TOS=3D0x00 PREC=3D0x00 TTL=3D=
62 =20
ID=3D30491 PROTO=3DUDP SPT=3D7000 DPT=3D1025 LEN=3D84
At the moment there are 3-4 AFS workstations at each location and at =20
the end of the day I'd see 200-300 lines like this in the syslog. =20
There's no other reason for it that I can see, since UDP ports =20
7000-7007 are open in the firewalls on both ends. After the =20
ip_conntrack_udp timeouts were increased, all such entries in the =20
syslog disappeared.
Cheers,
Jaap