NFS hangs on 5.2-CURRENT
Yarema
yds at CoolRat.org
Wed Dec 31 03:20:45 PST 2003
--On Tuesday, December 23, 2003 22:21:17 +1300 Andrew Thompson
<andy at fud.org.nz> wrote:
> On Wed, Nov 26, 2003 at 08:16:44AM -0700, Scott Long wrote:
>> It's my pleasure to announce the availability of 5.2-BETA ISO images and
>> ftp install sets for i386 and alpha.
>> [snip]
>> - NFS might be unstable in certain situations, though we have not been
>> able to identify what situations yet.
>
> I have been experiencing the nfs hangs like a few other people with
> current for several months.
>
> I have narrowed it down to using pf from ports with the line,
>
> scrub in all
>
> in the conf file (on the server). I can read files fine, but any writes
> will hang the process and "nfs server not available" lines appear in the
> logs.
>
> If I remove that line and reload the pf rules, the copy will resume
> immediately.
>
>
># pkg_info | grep pf
> pf_freebsd-2.00_1 OpenBSD pf as a kldmodule
># uname -a
> FreeBSD kate.fud.org.nz 5.2-RC FreeBSD 5.2-RC #0: Sat Dec 13 00:52:30
> NZDT 2003 andy at kate.fud.org.nz:/usr/obj/usr/src/sys/KATE i386
>
>
> Is anyone else seeing this?
I am seeing this. Also using OpenBSD pf on:
FreeBSD 5.2-CURRENT #0: Sun Dec 28 08:55:02 EST 2003
Both server and client are running the same FreeBSD build. A simple ls on
the mounted filesystem would hang. I worked around this by changing the pf
normalization rules from:
scrub in all
to:
scrub in on $wan_if all
scrub on $lan_if all no-df random-id reassemble tcp
where I only do NFS on $lan_if. Otherwise I suppose the following would
work just as well:
scrub all no-df random-id reassemble tcp
According to <http://www.OpenBSD.org/faq/pf/scrub.html> no-df is the magic
option for this situation.
However doing NFS over UDP still hangs, but at least TCP works fine. I did
add the -h option to nfs_server_flags in rc.conf(5) as per the nfsd(8) man
page:
If nfsd is to be run on a host with multiple interfaces or interface
aliases, use of the -h option is recommended. If you do not use the
option NFS may not respond to UDP packets from the same IP address they
were sent to. Use of this option is also recommended when securing NFS
exports on a firewalling machine such that the NFS sockets can only be
accessed by the inside interface.
So to sum it up:
0) NFS over UDP still hangs
1) use the -h option to nfsd(8)
2) use the -T option to mount_nfs(8)
3) use "no-df" option to the "scrub" rule in pf(4)
Hope this helps..
--
Yarema
http://yds.CoolRat.org
More information about the freebsd-current
mailing list