NFS and TCP port numbers

[alexander medvedev <alexm () pycckue org>]

hallo,

i am wondering whether tcpdump should print rpc xid numbers instead of TCP
port numbers in TCP NFS packets.

check out the port numbers in the following dump:

12:27:39.078026 IP x.x.99.25.5001 > x.x.99.26.5002: . ack 29 win 65535
12:27:39.088348 IP x.x.99.26.5001 > x.x.99.25.2049: . ack 709 win 65535
12:27:41.851964 IP x.x.99.26.1757567062 > x.x.99.25.2049: 264 getattr fh 0,11/1702064896
12:27:41.852053 IP x.x.99.25.2049 > x.x.99.26.1757567062: reply ok 84 getattr ERROR: unk 10009

non-nfs ip packets are ok.
but see that 1757567062 number instead of the port number?

it turns out that nfs printer prints rm_xid instead of the tcp port
number, like here in nfsreply_print():

snprintf(srcid, sizeof(srcid), "%u", NFS_PORT);
                snprintf(dstid, sizeof(dstid), "%u",
                    EXTRACT_32BITS(&rp->rm_xid));

where rp = (const struct rpc_msg *)bp;


i also saw this packet in the beginning of the same dump:

12:27:38.940780 IP x.x.99.26.0 > x.x.99.25.2049: 0 null

note the src port number 0, but this is the same problem as above.

is it the expected behavior?
i'd personally rather see a tcp port number.


thanks!

-alexm
14:13 16/02/2006




-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.