Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Revisiting: ipfilter/ipnat problems on -current

On Sat, Sep 06, 2008 at 09:35:58PM -0700, Paul Goyette wrote:
> On Sun, 7 Sep 2008, Quentin Garnier wrote:
>> I'd start doing a tcpdump.  If ipfilter is involved, it means it is
>> tied to a specific network data pattern.
> Yeah, but packets seem to be corrupted after they've been received and  
> verified.  Where does tcpdump hook into things?  Is it before ipfilter  
> or after?  Hopefully after...  I guess I'd need to run tcpdump on both  

Before, of course.  (And with reason!)

> the NFS server and the client and compare.

That's not the point.  If you want to compare data (which is interesting
in itself, by the way, as you might want to check how different the
files are, if it happens on a page boundary, etc.), you copy a file on a
USB key or something and then go on the NFS server and use cmp(1).

The point is knowing what traffic pattern makes ipfilter do the wrong

Also, have you tried lowering the NFS packet size?

Quentin Garnier - -
"See the look on my face from staying too long in one place
[...] every time the morning breaks I know I'm closer to falling"
KT Tunstall, Saving My Face, Drastic Fantastic, 2007.

Attachment: pgpRp7HQ8YHBj.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index