On Mon, Oct 28, 2019 at 12:45:41PM -0400, Bruce Fields wrote: > On Thu, Oct 24, 2019 at 01:08:20PM -0400, Chuck Lever wrote: > > > > > > > On Oct 24, 2019, at 11:38 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > > > > > On Thu, Oct 24, 2019 at 09:34:10AM -0400, Chuck Lever wrote: > > >> Record results of a GSS proxy ACCEPT_SEC_CONTEXT upcall and the > > >> svc_authenticate() function to make field debugging of NFS server > > >> Kerberos issues easier. > > > > > > Inclined to apply. > > > > > > The only thing that bugs me a bit is that this is just summarizing > > > information that's passing between the kernel and userspace--so it seems > > > like a job for strace or wireshark or something. > > > > You could use those tools. However: > > > > - strace probably isn't going to provide symbolic values for the GSS major status > > > > - wireshark is unwieldy for initial debugging on servers with no graphics capability > > I don't think tcpdump, copy the file, then run wireshark, is that bad, > and there are probably ways to automate that if necessary. > > The bigger problem seems to be that there's no way to do the capture: > > https://unix.stackexchange.com/questions/219853/how-to-passively-capture-from-unix-domain-sockets-af-unix-socket-monitoring > > I wish we could fix that somehow. But, I don't know what to do about the AF_LOCAL tracing problem. Oh well. Applying. --b.
