1 December 1993 This is NFSWATCH Version 4.1. It lets you monitor NFS requests to any given machine, or the entire local network. It mostly monitors NFS client traffic (NFS requests); it also monitors the NFS reply traffic from a server in order to measure the response time for each RPC. This is primarily a release to fix bugs that were present in the previous release. The following changes and bug fixes have been made since NFSWATCH 4.0: - Compiles and runs under Solaris 2.2 and Solaris 2.3. - Compiles and runs under DEC OSF/1 V1.3 and later. - The NFS procedure display code has been fixed. - Now understands Auspex file handles (thanks to Guy Harris). - Now understands IRIX file handles (thanks to Jim Patterson). - Now saves "-procs" output in the log file (thanks to Gary Schaps). - The screendump feature now works properly on Solaris 2.x systems (thanks to Gerry Singleton). - The mechanism by which NFS file handles are parsed has been split out into a separate module and completely redesigned. It is now independent of the platform on which nfswatch is running, and uses a variety of heuristics to figure out what the file handle represents. Doubtless these heuristics will fail in some cases; we have not been able to test the code against all possible NFS servers. If you find that nfswatch is not properly decoding a file handle from one of your servers (say, foo.bar.com), you can help us out by doing % nfswatch -dst foo.bar.com -fhdebug and capturing a page or two of the output. Then mail it to us, and also tell us exactly what software is running on the server (e.g., "DEC OSF/1 V1.3"). We cannot promise to fix the problem, of course. The following features and bug fixes appeared in NFSWATCH 4.0: - NFSWATCH now runs on Sun SPARC machines under SunOS 5.x (Solaris 2.x) using the Data Link Provider Interface (DLPI), dlpi(7). - NFSWATCH now runs on Silicon Graphics machines under IRIX 4.0 using the snoop(7) interface. It should also work on versions 3.2 and 3.3 (you'll need "-lbsd" on 3.2). Thanks to Tim Hudson of Mincom Pty for the patches. - NFSWATCH "almost" works on System V Release 4 systems. There are some problems with the fact that Solaris 2.x uses DLPI 2.0 (good), but most SVR4s out there still use DLPI 1.3 (bad). I've had a few beta testers working on it, but they have not yet gotten it to work. If you manage to get it working, *please* send patches. - NFSWATCH now keeps track of timing information in the procedure display, showing how quickly NFS calls receive replies. Thanks to Peter Phillips of the University of British Columbia for the code. - NFSWATCH now has an authenticator display, which shows the username or user id of the originator of each packet. Thanks again to Peter Phillips for the code. - A first pass at support for FDDI interfaces has been added. The support is better on some systems than others, as described below: IRIX40: Has not been tested, and almost definitely will not work "as is". The packet header that's read into from snoop probably needs to be different. Send us patches if you get it to work. SUNOS4: Has been tested on a Sun-4/380 under SunOS 4.1.2. Works with the SunNet FDDI/DX boards. SUNOS5: Has not been tested, but "should" work. Send us patches if it doesn't. SVR4: Has not been tested, but "should" work. Send us patches if it doesn't. (And if you get the rest of it working; see above.) ULTRIX: Works with Ultrix V4.2 or later *only*. All flavors of Ultrix 4.2 (including 4.2A, 4.2B, 4.2C) require kernel patches before you can use the FDDI code. Obtain the patched versions of net_common.o and pfilt.o from your Customer Support Center. - A new option, "-server hostname" has been added to watch all the traffic between a server and its clients; this is equivalent to "src == hostname || dst == hostname", which is not specifiable using the other options. Thanks again to Peter Phillips for the patches. - A new option, "-map", is available to help translate file system device names to "english" names, e.g. "/usr" instead of "fs1(7,23)". Thanks yet again to Peter Phillips. - Two new options have been added to allow NFSWATCH to be run from cron, via rsh, etc. The "-bg" option tells NFSWATCH to run in the background, with no screen display. All information will be put into the logfile only. The "-T maxtime" option tells NFSWATCH to terminate execution after maxtime seconds. - A new interactive command has been added. The "n" command toggles the display of client names or client host numbers in client mode, so that foreign hosts can be identified. - The maximum number of client hosts for a single server has been increased to 512. The maximum number of internet addresses for a single host has been increased to 16. The maximum number of interfaces that can be watched at one time has been increased to 16. - The bug in which file matching did not work on Sun-3 systems has been fixed. - The bug in which the standard input got closed upon exit, making the curses routines screw up, has been fixed. - The bug causing miscompilation of nit.c on SunOS 4.0 has been fixed. - Note that due to limitations in the SVR4 DLPI, the ethernet broad- cast, arp, and rarp packet counters will not be supported. Also note that on SVR4s still using DLPI 1.3, which does not support promiscuous mode, the "-all" and "-dst" options to NFSWATCH will not work. NFSWATCH has been successfully compiled and at least minimally tested on the following architectures and operating systems: Architecture Operating System ------------ ---------------- Sun-3 (68000) SunOS 4.1.1 Sun-4 (SPARC) SunOS 4.1.1, 4.1.2, 4.1.3 Sun-4 (SPARC) SunOS 5.1, 5.2, 5.3 DEC VAX Ultrix 4.0, 4.1, 4.2 DEC RISC Ultrix 4.0, 4.1, 4.2 DEC Alpha AXP DEC OSF/1 V1.3 and later SGI Personal IRIS IRIX 4.0.1 SGI 4D/440 IRIX 4.0.5 To compile NFSWATCH, just say "make." The Makefile will use the "uname" command to determine what operating system should be compiled for. If for some reason this blows up in your face, say "make OS=foo" where "foo" is one of the following: Macro Value Operating System ----------- ---------------- IRIX40 Silicon Graphics IRIX 4.0 SUNOS4 Sun Microsystems SunOS 4.x SUNOS5 Sun Microsystems SunOS 5.x (Solaris 2.x) SVR4 AT&T System V Release 4 ULTRIX Digital Equipment Ultrix 4.x DECOSF Digital Equipment Corp. OSF/1 V1.3 & later On Sun systems, NFSWATCH needs to either be run as root, or made setuid root (this is safe; it setuids itself back after opening the needed device). On Ultrix systems, it does not need to be setuid root or run as root, but the super-user has to enable promiscuous mode operation using pfconfig(8). On SGI systems, it needs to be either run as root or made setuid to root. On SVR4 systems, it needs to be either run as root or made setuid to root. On pre-4.2 Ultrix systems, the enclosed "pfcopyall" program can be used to change the value of the "pfcopyall" variable in the kernel so that you can see packets sent by the host you are running on. Otherwise, these packets will not be included in the output of NFSWATCH. You can redistribute this program as much as you want. All we ask is that you give credit where credit is due. If you make modifications or bug fixes, please send them back to us, in "diff -c" format, so they can be incorporated into the next release. Dave Curry Jeff Mogul Purdue University Digital Equipment Corp. Engineering Computer Network Western Research Laboratory 1285 Electrical Engineering Bldg. 250 University Avenue West Lafayette, IN 47907-1285 Palo Alto, CA 94301 davy@ecn.purdue.edu mogul@decwrl.dec.com