From owner-freebsd-current@FreeBSD.ORG Wed Dec 31 03:20:45 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81F1F16A4CE for ; Wed, 31 Dec 2003 03:20:45 -0800 (PST) Received: from dppl.com (sapas.dppl.net [216.182.10.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id C016043D1D for ; Wed, 31 Dec 2003 03:20:43 -0800 (PST) (envelope-from yds@CoolRat.org) Received: from bgp431201bgs.union01.nj.comcast.net (bgp431201bgs.union01.nj.comcast.net [68.36.218.39]) (IDENT: WhyDS, AUTH: PLAIN yds, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by dppl.com with esmtp; Wed, 31 Dec 2003 06:20:42 -0500 Date: Wed, 31 Dec 2003 06:20:41 -0500 From: Yarema To: Andrew Thompson Message-ID: <100550000.1072869641@volyn.coolrat.org> In-Reply-To: <20031223092117.GA723@kate.fud.org.nz> References: <3FC4C3DC.9040208@freebsd.org> <20031223092117.GA723@kate.fud.org.nz> X-Mailer: Mulberry/3.1.0 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: freebsd-current@FreeBSD.org Subject: Re: NFS hangs on 5.2-CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Dec 2003 11:20:45 -0000 --On Tuesday, December 23, 2003 22:21:17 +1300 Andrew Thompson wrote: > On Wed, Nov 26, 2003 at 08:16:44AM -0700, Scott Long wrote: >> It's my pleasure to announce the availability of 5.2-BETA ISO images and >> ftp install sets for i386 and alpha. >> [snip] >> - NFS might be unstable in certain situations, though we have not been >> able to identify what situations yet. > > I have been experiencing the nfs hangs like a few other people with > current for several months. > > I have narrowed it down to using pf from ports with the line, > > scrub in all > > in the conf file (on the server). I can read files fine, but any writes > will hang the process and "nfs server not available" lines appear in the > logs. > > If I remove that line and reload the pf rules, the copy will resume > immediately. > > ># pkg_info | grep pf > pf_freebsd-2.00_1 OpenBSD pf as a kldmodule ># uname -a > FreeBSD kate.fud.org.nz 5.2-RC FreeBSD 5.2-RC #0: Sat Dec 13 00:52:30 > NZDT 2003 andy@kate.fud.org.nz:/usr/obj/usr/src/sys/KATE i386 > > > Is anyone else seeing this? I am seeing this. Also using OpenBSD pf on: FreeBSD 5.2-CURRENT #0: Sun Dec 28 08:55:02 EST 2003 Both server and client are running the same FreeBSD build. A simple ls on the mounted filesystem would hang. I worked around this by changing the pf normalization rules from: scrub in all to: scrub in on $wan_if all scrub on $lan_if all no-df random-id reassemble tcp where I only do NFS on $lan_if. Otherwise I suppose the following would work just as well: scrub all no-df random-id reassemble tcp According to no-df is the magic option for this situation. However doing NFS over UDP still hangs, but at least TCP works fine. I did add the -h option to nfs_server_flags in rc.conf(5) as per the nfsd(8) man page: If nfsd is to be run on a host with multiple interfaces or interface aliases, use of the -h option is recommended. If you do not use the option NFS may not respond to UDP packets from the same IP address they were sent to. Use of this option is also recommended when securing NFS exports on a firewalling machine such that the NFS sockets can only be accessed by the inside interface. So to sum it up: 0) NFS over UDP still hangs 1) use the -h option to nfsd(8) 2) use the -T option to mount_nfs(8) 3) use "no-df" option to the "scrub" rule in pf(4) Hope this helps.. -- Yarema http://yds.CoolRat.org