On May 19, 2008, at 7:08 AM, Talpey, Thomas wrote:
At 04:56 AM 5/19/2008, Benny Halevy wrote:
On May. 19, 2008, 11:14 +0300, xing jing <xingjing@xxxxxxxxxx> wrote:
recently, I want to get some information (like file access patten)
from a trace of NFS client. The simplest way may be parse the file
handle to get the file ino and directory ino, but I don't know how
to
get them from the 64 of 16 hexadecimal. Can you tell me how to parse
file handle to get useful information, thanks very much.
That file handle contents are opaque to the client so you'd
need to have the server's code or reverse engineer its
structure.
Wireshark understands the format of many NFS server filehandles. You
can simply zoom-in on the filehandle in the details pane to see much
of
this. Alternatively, you can look back in the trace to find the LOOKUP
or READDIR/READDIRPLUS to find the mapping between name and
filehandle.
By the way, not all filehandles are 64 bytes. That, too, is a server-
specific choice.
Wireshark has the ability to sniff filehandles from certain server
types. I believe both Linux server file handles and NetApp file
handles are supported. You need to set this in the preference pane
for the NFS decoder, it won't try to discover which server type you
use automatically. Otherwise it will treat file handles as entirely
opaque.
Also, there is a checkbox in the NFS decoder preference pane for
enabling wireshark to associated file handles with file names and
display the file names where appropriate.
The checkbox is "Snoop FH to filename mappings".
Tom.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs"
in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
