Re: NFS client may be broken in 2.2.11pre4 (SOLVED)

bmccann@indusriver.com
Tue, 03 Aug 1999 05:45:01 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Schwab: "Re: More linker magic.."
Previous message: Matthew Kirkwood: "Re: More linker magic.."

I've confirmed NFS in 2.2.11pre4 is not working between either of my
NFS clients and my 2.2.11pre2 NFS server. The two clients use an NE2000
and a Tulip Ethernet NIC so its probably not a ethernet driver problem.

I also grep'ed around the kernel tree and the kernel message is from
the IP firewall code. (in 'dump_packet'). For some reason, the 2.2.11pre4
IP stack is dropping incoming NFS fragment packets received from the server.
(This appears consistent with observed behavior. I can login and access
a couple of short files but then die when reading long files).

This is consistent with Philip Troin's report:

> I've got a weird problem with -pre4.
> I'm getting IP fragments dropped by the firewall code without having
> any firewall rules set in.
>
> The fragments are from NFS packets (all NFS traffic hangs badly).
>
> eth0 PROTO=17 209.133.45.186:0 209.133.45.185:0 L=1500 S=0x00 I=15127
> F=0x20B9 T=64 (#0)
>
> root@ceramic:~# ipchains -L
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> root@ceramic:~# uname -a
> Linux ceramic 2.2.11-pre4-knfs #1 SMP Sat Jul 31 19:47:43 PDT 1999 i686 unknown
> root@ceramic:~# cat /proc/version
> Linux version 2.2.11-pre4-knfs (root@ceramic) (gcc version egcs-2.91.66 Debian GNU/Linux (egcs-1.1.2 release)) #1 SMP Sat Jul 31 19:47:43 PDT
> 1999
>
> The exact same box with 2.2.11pre2 works ok.
>
> It's with vanilla 2.2.11pre4 + HJL's NFS patches.
>
> Phil.

I too do not have firewalling enabled on either of my 2.2.11pre4 NFS clients.

SOLUTION--------------------------------------------

The following code was added at line 614 in ip_fw.c in either pre3 or pre4:

/* If it is a truncated first fragment then it can be
* used to rewrite port information, and thus should
* be blocked.
*/
if (offset && (ntohs(ip->frag_off) & IP_MF)) {
if (!testing && net_ratelimit()) {
/*printk(KERN_ERR "Suspect short first fragment.\n");*/
dump_packet(ip,rif,NULL,NULL,0,0,0,0);
}
return FW_BLOCK;
}

According to dump_packet, the NFS UDP packet is a fragment and it has the
MustFragment bit set. This code should be removed and/or fixed.

I have confirmed that removing this code lets NFS work correctly.

-Ben McCann

--- Ben McCann Indus River Networks 31 Nagog Park Acton, MA, 01720 email: bmccann@indusriver.com web: www.indusriver.com phone: (978) 266-8140 fax: (978) 266-8111

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Andreas Schwab: "Re: More linker magic.."
Previous message: Matthew Kirkwood: "Re: More linker magic.."