1 December 1993
This is NFSWATCH Version 4.1. It lets you monitor NFS requests to any given
machine, or the entire local network. It mostly monitors NFS client traffic
(NFS requests); it also monitors the NFS reply traffic from a server in
order to measure the response time for each RPC.
This is primarily a release to fix bugs that were present in the previous
release. The following changes and bug fixes have been made since NFSWATCH
4.0:
- Compiles and runs under Solaris 2.2 and Solaris 2.3.
- Compiles and runs under DEC OSF/1 V1.3 and later.
- The NFS procedure display code has been fixed.
- Now understands Auspex file handles (thanks to Guy Harris).
- Now understands IRIX file handles (thanks to Jim Patterson).
- Now saves "-procs" output in the log file (thanks to Gary Schaps).
- The screendump feature now works properly on Solaris 2.x systems
(thanks to Gerry Singleton).
- The mechanism by which NFS file handles are parsed has been split
out into a separate module and completely redesigned. It is now
independent of the platform on which nfswatch is running, and uses
a variety of heuristics to figure out what the file handle
represents. Doubtless these heuristics will fail in some cases;
we have not been able to test the code against all possible NFS
servers.
If you find that nfswatch is not properly decoding a file handle
from one of your servers (say, foo.bar.com), you can help us out
by doing
% nfswatch -dst foo.bar.com -fhdebug
and capturing a page or two of the output. Then mail it to us,
and also tell us exactly what software is running on the server
(e.g., "DEC OSF/1 V1.3"). We cannot promise to fix the problem,
of course.
The following features and bug fixes appeared in NFSWATCH 4.0:
- NFSWATCH now runs on Sun SPARC machines under SunOS 5.x (Solaris
2.x) using the Data Link Provider Interface (DLPI), dlpi(7).
- NFSWATCH now runs on Silicon Graphics machines under IRIX 4.0
using the snoop(7) interface. It should also work on versions 3.2
and 3.3 (you'll need "-lbsd" on 3.2). Thanks to Tim Hudson of
Mincom Pty for the patches.
- NFSWATCH "almost" works on System V Release 4 systems. There are
some problems with the fact that Solaris 2.x uses DLPI 2.0 (good),
but most SVR4s out there still use DLPI 1.3 (bad). I've had a few
beta testers working on it, but they have not yet gotten it to
work. If you manage to get it working, *please* send patches.
- NFSWATCH now keeps track of timing information in the procedure
display, showing how quickly NFS calls receive replies. Thanks to
Peter Phillips of the University of British Columbia for the code.
- NFSWATCH now has an authenticator display, which shows the username
or user id of the originator of each packet. Thanks again to Peter
Phillips for the code.
- A first pass at support for FDDI interfaces has been added. The
support is better on some systems than others, as described below:
IRIX40: Has not been tested, and almost definitely will not work
"as is". The packet header that's read into from snoop
probably needs to be different. Send us patches if you
get it to work.
SUNOS4: Has been tested on a Sun-4/380 under SunOS 4.1.2. Works
with the SunNet FDDI/DX boards.
SUNOS5: Has not been tested, but "should" work. Send us patches
if it doesn't.
SVR4: Has not been tested, but "should" work. Send us patches if
it doesn't. (And if you get the rest of it working; see
above.)
ULTRIX: Works with Ultrix V4.2 or later *only*. All flavors of
Ultrix 4.2 (including 4.2A, 4.2B, 4.2C) require kernel
patches before you can use the FDDI code. Obtain the
patched versions of net_common.o and pfilt.o from your
Customer Support Center.
- A new option, "-server hostname" has been added to watch all the
traffic between a server and its clients; this is equivalent to
"src == hostname || dst == hostname", which is not specifiable
using the other options. Thanks again to Peter Phillips for the
patches.
- A new option, "-map", is available to help translate file system
device names to "english" names, e.g. "/usr" instead of
"fs1(7,23)". Thanks yet again to Peter Phillips.
- Two new options have been added to allow NFSWATCH to be run from
cron, via rsh, etc. The "-bg" option tells NFSWATCH to run in the
background, with no screen display. All information will be put
into the logfile only. The "-T maxtime" option tells NFSWATCH to
terminate execution after maxtime seconds.
- A new interactive command has been added. The "n" command toggles
the display of client names or client host numbers in client mode,
so that foreign hosts can be identified.
- The maximum number of client hosts for a single server has been
increased to 512. The maximum number of internet addresses for a
single host has been increased to 16. The maximum number of
interfaces that can be watched at one time has been increased to
16.
- The bug in which file matching did not work on Sun-3 systems has
been fixed.
- The bug in which the standard input got closed upon exit, making
the curses routines screw up, has been fixed.
- The bug causing miscompilation of nit.c on SunOS 4.0 has been
fixed.
- Note that due to limitations in the SVR4 DLPI, the ethernet broad-
cast, arp, and rarp packet counters will not be supported. Also
note that on SVR4s still using DLPI 1.3, which does not support
promiscuous mode, the "-all" and "-dst" options to NFSWATCH will
not work.
NFSWATCH has been successfully compiled and at least minimally tested on the
following architectures and operating systems:
Architecture Operating System
------------ ----------------
Sun-3 (68000) SunOS 4.1.1
Sun-4 (SPARC) SunOS 4.1.1, 4.1.2, 4.1.3
Sun-4 (SPARC) SunOS 5.1, 5.2, 5.3
DEC VAX Ultrix 4.0, 4.1, 4.2
DEC RISC Ultrix 4.0, 4.1, 4.2
DEC Alpha AXP DEC OSF/1 V1.3 and later
SGI Personal IRIS IRIX 4.0.1
SGI 4D/440 IRIX 4.0.5
To compile NFSWATCH, just say "make." The Makefile will use the "uname"
command to determine what operating system should be compiled for. If for
some reason this blows up in your face, say "make OS=foo" where "foo" is one
of the following:
Macro Value Operating System
----------- ----------------
IRIX40 Silicon Graphics IRIX 4.0
SUNOS4 Sun Microsystems SunOS 4.x
SUNOS5 Sun Microsystems SunOS 5.x (Solaris 2.x)
SVR4 AT&T System V Release 4
ULTRIX Digital Equipment Ultrix 4.x
DECOSF Digital Equipment Corp. OSF/1 V1.3 & later
On Sun systems, NFSWATCH needs to either be run as root, or made setuid root
(this is safe; it setuids itself back after opening the needed device). On
Ultrix systems, it does not need to be setuid root or run as root, but the
super-user has to enable promiscuous mode operation using pfconfig(8). On
SGI systems, it needs to be either run as root or made setuid to root. On
SVR4 systems, it needs to be either run as root or made setuid to root.
On pre-4.2 Ultrix systems, the enclosed "pfcopyall" program can be used to
change the value of the "pfcopyall" variable in the kernel so that you can
see packets sent by the host you are running on. Otherwise, these packets
will not be included in the output of NFSWATCH.
You can redistribute this program as much as you want. All we ask is that
you give credit where credit is due. If you make modifications or bug fixes,
please send them back to us, in "diff -c" format, so they can be incorporated
into the next release.
Dave Curry Jeff Mogul
Purdue University Digital Equipment Corp.
Engineering Computer Network Western Research Laboratory
1285 Electrical Engineering Bldg. 250 University Avenue
West Lafayette, IN 47907-1285 Palo Alto, CA 94301
davy@ecn.purdue.edu mogul@decwrl.dec.com
|