Subscribe

Async FPolicy Server Is Blocking

According to the documentation in "FPolicy for Data ONTAP 7.3 User's Guide" (from the file mm_oc_731_fpolicy.pdf), it states the following:

 

The asynchronous notification feature enables the storage system to send FPolicy notifications to the
FPolicy server asynchronously. This means that the storage system sends a response to client requests
without waiting for the FPolicy server to respond to the file screening request.

 

To me, what this means is that when a NetApp Filer storage device makes a call to our FPolicy Server application using the RPC method call "FP_ScreenRequest2" (we register as 'version=2'), the file operation from the end user, for example, when a user saves a file, shoule NOT be blocked and have to wait for our FPolicy Server application to return a value from the "FP_ScreenRequest2" RPC method call.

 

However, in my testing, this does not appear to be the case.  I can start up my FPolicy Server application, attach a debugger to it, put a breakpoint in the "FP_ScreenRequest2" method.  Then, I open an existing file in Notepad, modify it, then click to save it.  This causes a "FP_ScreenRequest2" to be triggered and my breakpoint it hit.  But now, Notepad is frozen.  And it will not unfreeze until my "FP_ScreenRequest2" method returns.  This is not an asynchronous behavior in my opinion.

 

Can anybody else confirm or deny this?

 

Additional information:

I am testing against a NetApp Filer simulator, not a real physical NetApp storage device.

Our FPolicy is:

 

> fpolicy
CIFS file policy is enabled.

File policy BW_43fb057a0990485f9c6bc7e24a4d344f (file screening) is enabled.
File screen servers P/S Connect time (dd:hh:mm) Reqs Fails
------------------------------------------------------------------------------
10.6.167.92 \\NETAPP-TEST Pri 00:00:07 2 0
ServerID: 146 IDL Version: 2 SMB Request Pipe Name: \ntapfprq_BW_43fb057a0990485f9c6bc7e24a4d344f
Options enabled: async, version2

Operations monitored:
File create,File rename,File delete,File write,Setattr
Directory rename,Directory delete,Directory create
Above operations are monitored for CIFS only
List of extensions to screen:
???
List of extensions not to screen:
Extensions-not-to-screen list is empty.
Number of requests screened : 7
Number of screen failures : 0
Number of requests blocked locally : 0

When our FPolicy Server application registers with the NetApp Filer storage device, it get some Filer information and then uses the the "FP_Registration_V2" RPC method:

 

The version of the NetApp Filer 'NETAPPSIM' was found to be: Short version: '8.1.1X34'. Long version: 'NetApp Release 8.1.1X34 7-Mode: Thu May 31 21:30:59 PDT 2012'

Registering with FPolicy V2 with the following information:

filerId: 2
filerOps: 0x1005ff6
policyName: BW_43fb057a0990485f9c6bc7e24a4d344f
registrationInfo: \\NETAPP-TEST\CONTOSO\async=true,version2=true
pipe: ntapfprq_BW_43fb057a0990485f9c6bc7e24a4d344f

So you can see we're registering with 'async', but we're not getting what I would consider asynchronous behavior.

 

Any help would be appreciated.  If you need more information, I can try to provide it.

 

Thank you.