- Issue #1:
Yesterday I spent a couple hours scratching my head over why tcpdump (freshly
built from source) was having such a hard time interpreting NFS traffic on
Alpha Linux. I tracked the problem down to the size of the rm_xid field of
struct rpc_msg. It's declared as a u_long, which is 8 bytes on Alpha, when
it's only 4 bytes on the wire. This of course puts rm_direction and
everything else at the wrong offset, confusing tcpdump.
I already filed a glibc bug report about this. It's #2226 in the libc GNATS
database, which you can get to from the glibc home page:
http://www.gnu.org/software/libc/libc.html
It seemed worth sending an e-mail to the tcpdump list as well, as this could
be interpreted as a tcpdump bug. (Perhaps it's unsafe to assume that casting
raw packet data to a struct rpc_msg * will work?)
In fact, the latest e-mail I've received on this from the glibc developers
suggests that they may punt:
Thorsten Kukuk <[EMAIL PROTECTED]> wrote:
> We can nothing do without breaking all RPC applications on Alpha.
> This mistake was done at the very first Alpha port.
> Even fixing it in glibc with a new symbol version for backward
> compatibility breaks a lot of old programs.
- Issue #2:
My particular situation necessitated some hacking the tcpdump code before I
could even get to this problem. I'm working with a userland NFS server that
operates on a non-standard port. tcpdump will normally only interpret UDP
packets to/from port 2049 as NFS. Even with -T rpc, it fails to decode the
packets properly.
Eric Werme in our Tru64 UNIX group ([EMAIL PROTECTED]) had previously helped
me debug a problem with this server by using tcpdump. When I asked him about
this, it became clear that he's working with a separate codebase with some
unique features:
> When prototype NFS V3 code wandered in here, I immediately wrote decodes
> for it and kept going with mount, NIS, etc, most of which have no fixed
> port.
> The original tcpdump only decoded NFS V2, and I'll readily believe it
> keyed off 2049.
> Our tcpdump keys off the RPC program number [...]
> Feel free to mention to the tcpdump.org folks that I'm willing help
> get this stuff into tcpdump.
For my purposes, having the ability to automatically recognize NFS traffic on
a port other than 2049 would be very helpful.
--Kenneth C. Schalk
Alpha Microprocessor Development Group
Compaq Computer
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
