On Wed, 14 Aug 2013 14:39:51 -0400 Jeffrey Altman <[email protected]> wrote:
> > So can we send it to only NAT clients? We can't detect NATed clients > > with perfect accuracy, but I think we can make a guess, with little > > chance for false positives, since we have the alleged local IPs for > > the client from TellMeAboutYourself. > > Given that the TellMeAboutYourself addresses cannot be trusted and > there are still many file servers out in the wild that do trust them > and block try to send packets to them, I want the clients to stop > sending addresses entirely. That's fine; in fact, that's even better. Newer clients don't need this reverse NAT ping; if we make newer clients not respond with TMAY addresses, then the proposed heuristic will not turn on reverse NAT ping for them. > I believe that end users that are having trouble with NATs should > upgrade their clients. For many of them, this isn't their problem, so I don't see much pressure for them to upgrade or even realize that this is happening. The people that notice are those that are generating the callback breaks, or the server operators. Currently those generating the callback breaks can't do anything about this, and the best the server operator can do is play firewall whack-a-mole, which is a losing battle. That's why I think doing something about this on the server side is valuable. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
