NetBSD Problem Report #41074
From www@NetBSD.org Wed Mar 25 20:28:24 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 6960963BAFE
for <gnats-bugs@gnats.netbsd.org>; Wed, 25 Mar 2009 20:28:24 +0000 (UTC)
Message-Id: <20090325202824.38EB963B8BA@www.NetBSD.org>
Date: Wed, 25 Mar 2009 20:28:24 +0000 (UTC)
From: louis@zabrico.com
Reply-To: louis@zabrico.com
To: gnats-bugs@NetBSD.org
Subject: ipnat kills NFS connections
X-Send-Pr-Version: www-1.0
>Number: 41074
>Category: kern
>Synopsis: ipnat kills NFS connections
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 25 20:30:01 +0000 2009
>Closed-Date: Sun Apr 19 14:21:19 +0000 2009
>Last-Modified: Sun Apr 19 14:21:19 +0000 2009
>Originator: Louis Guillaume
>Release: NetBSD 5.0_RC2
>Organization:
>Environment:
NetBSD xxxxxxxxxx 5.0_RC2 NetBSD 5.0_RC2 (GENERIC) #1: Thu Mar 19 13:39:03 EDT 2009 louis@xxxxxxxxxxxx:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
On a freshly installed machine (sources from the netbsd-5 branch) I notice that NFS services are killed upon the loading of NAT rules...
Installing NAT rules ... 0 entries flushed from NAT table
nfs server 192.168.1.110:/export/isis/root: not responding
This happens on a net-booted system with ipfilter. The same system running netbsd-4 with identical NAT rules does not have this problem. There is only one NAT rule on this system:
map sip0 192.168.0.0/24 -> 0/32
If ipnat is started after boot, the NAT system works and traffic going out through sip0 is properly translated. Machines on the "inside" can see out, but at the same time the NFS services are dropped.
>How-To-Repeat:
1. Boot up a NetBSD 5.0_RC2
2. mount an NFS share
3. Start ipnat with the rule shown above.
4. See NFS break.
Try to reproduce the problem on netbsd-4 and see that you can't.
>Fix:
>Release-Note:
>Audit-Trail:
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
tsutsui@ceres.dti.ne.jp
Subject: Re: kern/41074: ipnat kills NFS connections
Date: Mon, 6 Apr 2009 22:25:24 +0900
> >Synopsis: ipnat kills NFS connections
:
> Installing NAT rules ... 0 entries flushed from NAT table
> nfs server 192.168.1.110:/export/isis/root: not responding
I see the similar problem on i386 NFS server running ipnat
and sparc client using UDP 8k block without ipnat, but
I have not confirmed well if ipnat actually causes the problem.
"options NFS_BOOT_RWSIZE=1024" on the client kernel or using
NFS via TCP seems to work, so ipnat might have some bugs around
fragmented UDP packets?
---
Izumi Tsutsui
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
tsutsui@ceres.dti.ne.jp
Subject: Re: kern/41074: ipnat kills NFS connections
Date: Tue, 7 Apr 2009 02:49:08 +0900
I wrote:
> > >Synopsis: ipnat kills NFS connections
:
> "options NFS_BOOT_RWSIZE=1024" on the client kernel or using
> NFS via TCP seems to work, so ipnat might have some bugs around
> fragmented UDP packets?
It looks ipnat incorrectly blocks fragmented UDP packets.
The following ugly patch makes 8k UDP NFS work again.
---
Index: ip_nat.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_nat.c,v
retrieving revision 1.38
diff -u -r1.38 ip_nat.c
--- ip_nat.c 26 Jul 2008 19:44:28 -0000 1.38
+++ ip_nat.c 6 Apr 2009 17:41:04 -0000
@@ -3841,7 +3841,7 @@
* If there is no current entry in the nat table for this IP#,
* create one for it (if there is a matching rule).
*/
- if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP)) {
+ if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP) && 0) {
natfailed = -1;
goto nonatfrag;
}
@@ -4150,7 +4150,7 @@
} else {
u_32_t hv, msk, rmsk;
- if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP)) {
+ if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP) && 0) {
natfailed = -1;
goto nonatfrag;
}
---
Izumi Tsutsui
From: darrenr@NetBSD.org (Darren Reed)
To: gnats-bugs@netbsd.org, louis@zabrico.com
Cc: darrenr@netbsd.org
Subject: Re: kern/41074
Date: Thu, 16 Apr 2009 08:38:13 +0000 (UTC)
This patch on sourceforge fixes this...
Unfortuantely I can't find any record of a bug# being associated with it :(
http://ipfilter.cvs.sourceforge.net/viewvc/ipfilter/ipfilter/ip_nat.c?r1=1.2.2.47&r2=1.2.2.48&pathrev=v4-1-RELEASE
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
louis@zabrico.com, tsutsui@ceres.dti.ne.jp
Subject: Re: kern/41074: ipnat kills NFS connections
Date: Thu, 16 Apr 2009 20:36:45 +0900
darrenr@NetBSD.org wrote:
> This patch on sourceforge fixes this...
>
> Unfortuantely I can't find any record of a bug# being associated with it :(
>
> http://ipfilter.cvs.sourceforge.net/viewvc/ipfilter/ipfilter/ip_nat.c?r1=1.2.2.47&r2=1.2.2.48&pathrev=v4-1-RELEASE
Yes, it fixes UDP NFS problem on my environment.
Could you please commit it?
I think it should be pulled up to 5.0 too.
---
Izumi Tsutsui
State-Changed-From-To: open->feedback
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Fri, 17 Apr 2009 10:11:38 +0900
State-Changed-Why:
Fixed in upstream. Could you please also try the change?
State-Changed-From-To: feedback->closed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Sun, 19 Apr 2009 23:21:19 +0900
State-Changed-Why:
Will be tracked in PR kern/38773.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home