bin/105334: Error in output of tcpdump
Ricardo Nabinger Sanchez
rnsanchez at wait4.org
Tue Dec 19 13:31:14 PST 2006
The following reply was made to PR bin/105334; it has been noted by GNATS.
From: Ricardo Nabinger Sanchez <rnsanchez at wait4.org>
To: Oliver Fromme <olli at lurza.secnetix.de>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: bin/105334: Error in output of tcpdump
Date: Tue, 19 Dec 2006 18:53:00 -0200
Hi Oliver,
On Mon, 27 Nov 2006 21:04:20 +0100 (CET)
Oliver Fromme <olli at lurza.secnetix.de> wrote:
> Then start the following daemons as root (in this order):
> # rpcbind
> # mountd
> # nfsd
> No options are required. Check /var/log/messages for errors.
> If you already had a mountd daemon running, you need to send
> it a SIGHUP so it wil re-read the /etc/exports file:
> # kill -HUP $(cat /var/run/mountd.pid)
>
> Now mount the exported directory to /mnt:
> # mount -t nfs -o ro 127.0.0.1:/usr/bin /mnt
>
> Use this command to watch NFS UDP traffic on localhost:
> # tcpdump -ni lo0 udp port 2049
Thanks for these easy steps. I could reproduce the problem, and discovered
that, oddly, what tcpdump prints is not the source port, it's an ID. Look:
18:20:07.299689 IP 127.0.0.1.1490240411 > 127.0.0.1.2049: 100 fsstat [|nfs]
18:20:07.299772 IP 127.0.0.1.2049 > 127.0.0.1.1490240411: reply ok 168 fsstat
[|nfs]
== src/contrib/contrib_tcpdump/print-nfs.c:420
void
nfsreq_print(register const u_char *bp, u_int length,
register const u_char *bp2)
{
...
rp = (const struct sunrpc_msg *)bp;
if (!nflag) {
snprintf(srcid, sizeof(srcid), "%u",
EXTRACT_32BITS(&rp->rm_xid));
strlcpy(dstid, "nfs", sizeof(dstid));
} else {
snprintf(srcid, sizeof(srcid), "%u",
EXTRACT_32BITS(&rp->rm_xid));
snprintf(dstid, sizeof(dstid), "%u", NFS_PORT);
}
print_nfsaddr(bp2, srcid, dstid);
...
==
The "else" branch is taken (because -n was passed to tcpdump), and in the
first snprintf you can see that "rp->rm_xid" is printed where one expects to
see source port.
A hack may workaround this, given that the header position is fixed and can
be recomputed, and then the source port can be printed instead of rm_xid. I
really don't know if this is what the author wanted, it doesn't make sense to
me to have a ID of some kind printed along with the IP address where one is
expecting the source port of the packet (POLA violation, perhaps?).
Moreover, I don't know who should tackle this PR (FreeBSD or tcpdump
developers?). :)
Sorry for the long delay to reply (Real Life Problems (tm)).
--
Ricardo Nabinger Sanchez <rnsanchez@{gmail.com,wait4.org}>
Powered by FreeBSD
"Left to themselves, things tend to go from bad to worse."
More information about the freebsd-bugs
mailing list