tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

on NFS decoding improvements

From: Denis Ovsienko <infrastation () yandex ru>
Date: Sat, 02 Nov 2013 18:28:25 +0400
List,

there is some space for improvement with regard to NFS decoding. In particular, for TCP NFS tcp_print() detects NFS 
very early and diverts decoding to either nfsreq_print() or nfsreply_print(). This layering violation causes a few 
issues:

1. The two NFS-specific functions currently print (via print_nfsaddr() function) the source and destination 
addresses/ports of a packet. This printing does not include TCP-specific (flags, options and sequence numbers) and 
UDP-specific (checksum) information.
2. The print_nfsaddr() function prints message xid instead of the non-NFS UDP/TCP port.
3. The NFS-decoded TCP packets don't update the seq/ack hash table in tcp_print().

There is a git branch that fixes the TCP part of the problem with two commits: 
https://github.com/Longinus00/tcpdump/commits/print-tcp_nfs

I have verified that these commits don't introduce regressions. The only thing that gets in the way of immediate merge 
is that the cleanups naturally change the output format, for example (with an extra commit not in the branch):

(old, TCP NFS packets)
IP 10.230.61.9.865991996 > 10.230.61.77.2049: 148 getattr fh 0,11/1370219428
IP 10.230.61.77.2049 > 10.230.61.9.865991996: reply ok 112 getattr REG 644 ids 0/0 sz 10485760
IP 10.230.61.9.882769212 > 10.230.61.77.2049: 148 getattr fh 0,11/1370219428
IP 10.230.61.77.2049 > 10.230.61.9.882769212: reply ok 112 getattr REG 644 ids 0/0 sz 10485760

(new, same packets)
IP 10.230.61.9.760 > 10.230.61.77.2049: Flags [P.], seq 45328:45480, ack 9735069, win 10183, options [nop,nop,TS val 
327000059 ecr 30912442], length 152: NFS request xid 865991996  getattr fh 0,11/1370219428
IP 10.230.61.77.2049 > 10.230.61.9.760: Flags [P.], seq 9735069:9735185, ack 45480, win 24576, options [nop,nop,TS val 
30912442 ecr 327000059], length 116: NFS reply xid 865991996 reply ok 112 getattr REG 644 ids 0/0 sz 10485760
IP 10.230.61.9.760 > 10.230.61.77.2049: Flags [P.], seq 45480:45632, ack 9735185, win 10183, options [nop,nop,TS val 
327000059 ecr 30912442], length 152: NFS request xid 882769212  getattr fh 0,11/1370219428
IP 10.230.61.77.2049 > 10.230.61.9.760: Flags [P.], seq 9735185:9735301, ack 45632, win 24576, options [nop,nop,TS val 
30912442 ecr 327000059], length 116: NFS reply xid 882769212 reply ok 112 getattr REG 644 ids 0/0 sz 10485760

I intend to merge the commits in a few days unless anyone argues that the output format must be retained.

Thank you.

-- 
    Denis Ovsienko
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: