IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New The fun of supporting old OS on New Infratructure
So... I have this one machine that is A hybrid of RedHat v6.2 (OLD Piglet) and newer version of Fedora Core.

I have Firewalls/Routers that are CentOSv6.5 and an NFS server that is CentOSv5.10

This all started when I swapped out my router/firewall from a machine that was having difficulty communicating and would only communicate on IPv6, even though I had/have zero IPv6 on my Corporate Network.

So, the issue. Intermittent write support for NFS would fail if the file was over 1480 bytes in size. (After 3 days of deduction... I discovered this bit after MUCH MUCH testing)

I discovered a backport into the CentOSv6.5 kernel from a 3.x.x started enforcing a Fragmentation restriction that came about due to a DoS or other exploit/issue.

What it was, Linux kernel 2.4.20 and before, an NFS bug on files larger than MTU, needing fragmentation. The OS handled it... up to the last packet, which nfs handled it... a filesystem check would fail and the nfs subsystem would 0 length file size the file, due to the error and the OS would correct it... not violating the restrictions before Kernel 2.6.32-431.20.3.el6... but with 2.6.32-431.20.3.el6, the routing Kernel would reject the packet as it changed either some kind of encapsulation or some kind of other header info.

So... to get this to work on this machine that has a reduced set of work it is doing now... set the wsize and rsize on the nfs mount to 1024, which is smaller than the MTU and bit boundary kosher. This then forces NFS to do all the fragmentation work and therefore not change the method on it. It only affect NFs... so I don't care.

Meh, tcpdump in -vvv mode was the only way I was able to watch it. Watched about 16MB of straight text, from the client, server and both NICs on the router/firewall... I had to line it all up, glad I have time synchronized on all my machines via NTP.
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
New Glad you got it figured out. IPv6 is a black hole.
IPv6 stuff has started biting me at work. Symantec's SEP has a bunch of poorly-described rules blocking various IPv6 things in their firewall that caused me a few hours of heartburn over a couple of weeks when I was unable to reach various web sites that worked fine on my phone.

It's not uncommon for parts of websites to claim to be IPv6 compliant while other parts aren't. So one could connect to, say, their e-commerce page but their home page would time out. (Apparently if the IPv6 stuff isn't present, Winders will somehow fallback to IPv4, but if the site claims IPv6 works but it's not fully configured then Winders will not do that and things will fail.)

http://test-ipv6.com/

http://ipv6-test.com/validate.php

I discovered a simple way to test if a firewall is causing problems by accident.

ping -6 www.google.com

will give a "General Failure" if IPv6 is setup and is being blocked by a firewall. While

ping -4 www.google.com

will work (using IPv4).

If/when IPv4 is turned off, there would seem to be a Y2K-like level of panic while home users and mom-and-pop web sites rush to get compliant. Probably a lot less money available to fix things, though.

:-/

Anyway, good sleuthing, Greg! Here's hoping you don't have to do that again for a while!

Cheers,
Scott.
New Testing is the step child of open software.
It's fun to code, and maybe even "unit test", but it's not much so for integration testing. So, the user, particularly the beta testers wind up doing the bulk of it. And of course some problemss never get caught. And who wants to maintain obsolescent versions of code?

Users should really somehow fund the maintenance of the versions of software they use. That's what your clients *are* doing. But, unless you provide feedback to others so that everyone benefits from you findings, others have to rediscover and resolve the same problems over and over again.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."”

-- Isaac Asimov
New I found that documenting things this old...
2001/2002 Operating systems when dealing with newer systems... futile. Nobody cares and nobody wants it.. because it *TO* specific. Not only that, but 12+ year old systems should be gone, period.

Dealing with new stuff is always there.

It took testing more than anything else and then finding the relevant info... not something anyone cares about except for the people I work for.
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
New Re: 12+ year old systems should be gone, period
I agree with you there. With hardware so cheap, it doesn't make sense to squeeze every little bit of use out of it. Other than having a stable OS and relevant apps, it's the user data that's important.

But, when it comes to "if it ain't broke, don't fix it" (to the extreme) crew it doesn't seem to matter. It's good that it keeps you and Andrew gainfully employed!
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."”

-- Isaac Asimov
     The fun of supporting old OS on New Infratructure - (folkert) - (4)
         Glad you got it figured out. IPv6 is a black hole. - (Another Scott)
         Testing is the step child of open software. - (a6l6e6x) - (2)
             I found that documenting things this old... - (folkert) - (1)
                 Re: 12+ year old systems should be gone, period - (a6l6e6x)

They both savoured the strange warm glow of being much more ignorant than ordinary people, who were only ignorant of ordinary things.
37 ms