23 Apr 2010 This is NFSWATCH Version 4.99.11. Changes from Version 4.99.10 are: - README file converted to utf8 - Fix compile issues on Solaris and Linux alpha machines - Add a ChangeLog file - Add TODO note about broken strict aliasing rule ------------------------------------------------------------------------------- 15 Apr 2009 This is NFSWATCH Version 4.99.10. Changes from Version 4.99.9 are: - use libpcap for packet capturing, thus allowing to monitor NFS traffic also on InfiniBand and other interconnects. - Add some TODO items... ------------------------------------------------------------------------------- 25 May 2007 This is NFSWATCH Version 4.99.9. Changes from Version 4.99.8 are: - Improve filehandle decoding on Linux. - Exclude known non-exports instead of guessing exports. - Do not handle the second argument of RENAME3 and LINK3, as it doesn't seem to work anyway. ------------------------------------------------------------------------------- 13 March 2007 This is NFSWATCH Version 4.99.8. Changes from Version 4.99.7 are: - Handle more Linux filehandle's fsid_type - Improve parsing of device name and instance number in dlpi ------------------------------------------------------------------------------- 30 January 2007 This is NFSWATCH Version 4.99.7. Changes from Version 4.99.6 are: - Make per-procedure statistics work for NFSv3 - Makefile cleanups ------------------------------------------------------------------------------- 14 June 2006 This is NFSWATCH Version 4.99.6. Changes from Version 4.99.5 are: - Fix buffer overflow problems - Compiler warnings cleanup - Allow compiling on IRIX (using GCC) ------------------------------------------------------------------------------- 22 November 2005 This is NFSWATCH Version 4.99.5. Changes from Version 4.99.4 are: - Analyze NFS on TCP - Improve total packet count display - Allow compiling for 64-bit Solaris - Allow compiling for older Solaris releases (5.6 and 5.7) - Compiler warnings cleanup ------------------------------------------------------------------------------- 13 July 2005 This is NFSWATCH Version 4.99.4. Changes from Version 4.99.3 are: - Fix NFS packet counting bug - Improve Linux filehandle parsing ------------------------------------------------------------------------------- 2 June 2005 This is NFSWATCH Version 4.99.3. Changes from Version 4.99.2 are: - Add xfs to the list of recognized filesystems ------------------------------------------------------------------------------- 22 April 2005 This is NFSWATCH Version 4.99.2. Changes from Version 4.99.1 are: - Cleanup spec file for Fedora Extras ------------------------------------------------------------------------------- 25 February 2005 This is NFSWATCH Version 4.99.1. Changes from Version 4.3 are: - Deal with NFSv3 and Linux filehandles ------------------------------------------------------------------------------- 12 February 1996 This is NFSWATCH Version 4.3. The only changes from Version 4.2 are: - Should now compile properly on Solaris 2.5 (SunOS 5.5). Thanks to Alexandre Oliva for the patch. As with Solaris 2.4, expect several warnings on xdr.c. - Added a patch to let is_exported() on SVR4 deal with symbolic links in /etc/dfs/dfstab. Thanks to Ronald Hello for the patch. - Added a patch to allow NFSWATCH to find out about more local file system types (XFS on IRIX, PCFS and HSFS on SunOS). Thanks to Andreas Stolcke for the patch. - Added a patch to allow NFSwatch to understand Network Appliance FAServer file handles. Thanks to Guy Harris for the patch. ------------------------------------------------------------------------------- 31 March 1995 This is NFSWATCH Version 4.2. The only changes from Version 4.1 are: - Should now compile properly on Solaris 2.4 (SunOS 5.4), although you should expect several warnings on xdr.c due to some annoying discrepancies between type definitions. - Added a workaround to a bug in Solaris 2.3 that causes screwed up packets when the snapshot length is small. - Added a patch to fix identification of file system devices in Solaris 2.x. - Added the "qeN" devices for Sun's SQE board (Quad Ethernet). ------------------------------------------------------------------------------- 1 December 1993 This is NFSWATCH Version 4.1. It lets you monitor NFS requests to any given machine, or the entire local network. It mostly monitors NFS client traffic (NFS requests); it also monitors the NFS reply traffic from a server in order to measure the response time for each RPC. This is primarily a release to fix bugs that were present in the previous release. The following changes and bug fixes have been made since NFSWATCH 4.0: - Compiles and runs under Solaris 2.2 and Solaris 2.3. - Compiles and runs under DEC OSF/1 V1.3 and later. - The NFS procedure display code has been fixed. - Now understands Auspex file handles (thanks to Guy Harris). - Now understands IRIX file handles (thanks to Jim Patterson). - Now saves "-procs" output in the log file (thanks to Gary Schaps). - The screendump feature now works properly on Solaris 2.x systems (thanks to Gerry Singleton). - The mechanism by which NFS file handles are parsed has been split out into a separate module and completely redesigned. It is now independent of the platform on which nfswatch is running, and uses a variety of heuristics to figure out what the file handle represents. Doubtless these heuristics will fail in some cases; we have not been able to test the code against all possible NFS servers. If you find that nfswatch is not properly decoding a file handle from one of your servers (say, foo.bar.com), you can help us out by doing % nfswatch -dst foo.bar.com -fhdebug and capturing a page or two of the output. Then mail it to us, and also tell us exactly what software is running on the server (e.g., "DEC OSF/1 V1.3"). We cannot promise to fix the problem, of course. The following features and bug fixes appeared in NFSWATCH 4.0: - NFSWATCH now runs on Sun SPARC machines under SunOS 5.x (Solaris 2.x) using the Data Link Provider Interface (DLPI), dlpi(7). - NFSWATCH now runs on Silicon Graphics machines under IRIX 4.0 using the snoop(7) interface. It should also work on versions 3.2 and 3.3 (you'll need "-lbsd" on 3.2). Thanks to Tim Hudson of Mincom Pty for the patches. - NFSWATCH "almost" works on System V Release 4 systems. There are some problems with the fact that Solaris 2.x uses DLPI 2.0 (good), but most SVR4s out there still use DLPI 1.3 (bad). I've had a few beta testers working on it, but they have not yet gotten it to work. If you manage to get it working, *please* send patches. - NFSWATCH now keeps track of timing information in the procedure display, showing how quickly NFS calls receive replies. Thanks to Peter Phillips of the University of British Columbia for the code. - NFSWATCH now has an authenticator display, which shows the username or user id of the originator of each packet. Thanks again to Peter Phillips for the code. - A first pass at support for FDDI interfaces has been added. The support is better on some systems than others, as described below: IRIX40: Has not been tested, and almost definitely will not work "as is". The packet header that's read into from snoop probably needs to be different. Send us patches if you get it to work. SUNOS4: Has been tested on a Sun-4/380 under SunOS 4.1.2. Works with the SunNet FDDI/DX boards. SUNOS5: Has not been tested, but "should" work. Send us patches if it doesn't. SVR4: Has not been tested, but "should" work. Send us patches if it doesn't. (And if you get the rest of it working; see above.) ULTRIX: Works with Ultrix V4.2 or later *only*. All flavors of Ultrix 4.2 (including 4.2A, 4.2B, 4.2C) require kernel patches before you can use the FDDI code. Obtain the patched versions of net_common.o and pfilt.o from your Customer Support Center. - A new option, "-server hostname" has been added to watch all the traffic between a server and its clients; this is equivalent to "src == hostname || dst == hostname", which is not specifiable using the other options. Thanks again to Peter Phillips for the patches. - A new option, "-map", is available to help translate file system device names to "english" names, e.g. "/usr" instead of "fs1(7,23)". Thanks yet again to Peter Phillips. - Two new options have been added to allow NFSWATCH to be run from cron, via rsh, etc. The "-bg" option tells NFSWATCH to run in the background, with no screen display. All information will be put into the logfile only. The "-T maxtime" option tells NFSWATCH to terminate execution after maxtime seconds. - A new interactive command has been added. The "n" command toggles the display of client names or client host numbers in client mode, so that foreign hosts can be identified. - The maximum number of client hosts for a single server has been increased to 512. The maximum number of internet addresses for a single host has been increased to 16. The maximum number of interfaces that can be watched at one time has been increased to 16. - The bug in which file matching did not work on Sun-3 systems has been fixed. - The bug in which the standard input got closed upon exit, making the curses routines screw up, has been fixed. - The bug causing miscompilation of nit.c on SunOS 4.0 has been fixed. - Note that due to limitations in the SVR4 DLPI, the ethernet broad- cast, arp, and rarp packet counters will not be supported. Also note that on SVR4s still using DLPI 1.3, which does not support promiscuous mode, the "-all" and "-dst" options to NFSWATCH will not work. NFSWATCH has been successfully compiled and at least minimally tested on the following architectures and operating systems: Architecture Operating System ------------ ---------------- Sun-3 (68000) SunOS 4.1.1 Sun-4 (SPARC) SunOS 4.1.1, 4.1.2, 4.1.3 Sun-4 (SPARC) SunOS 5.1, 5.2, 5.3 DEC VAX Ultrix 4.0, 4.1, 4.2 DEC RISC Ultrix 4.0, 4.1, 4.2 DEC Alpha AXP DEC OSF/1 V1.3 and later SGI Personal IRIS IRIX 4.0.1 SGI 4D/440 IRIX 4.0.5 To compile NFSWATCH, just say "make." The Makefile will use the "uname" command to determine what operating system should be compiled for. If for some reason this blows up in your face, say "make OS=foo" where "foo" is one of the following: Macro Value Operating System ----------- ---------------- IRIX40 Silicon Graphics IRIX 4.0 SUNOS4 Sun Microsystems SunOS 4.x SUNOS5 Sun Microsystems SunOS 5.x (Solaris 2.x) SVR4 AT&T System V Release 4 ULTRIX Digital Equipment Ultrix 4.x DECOSF Digital Equipment Corp. OSF/1 V1.3 & later On Sun systems, NFSWATCH needs to either be run as root, or made setuid root (this is safe; it setuids itself back after opening the needed device). On Ultrix systems, it does not need to be setuid root or run as root, but the super-user has to enable promiscuous mode operation using pfconfig(8). On SGI systems, it needs to be either run as root or made setuid to root. On SVR4 systems, it needs to be either run as root or made setuid to root. On pre-4.2 Ultrix systems, the enclosed "pfcopyall" program can be used to change the value of the "pfcopyall" variable in the kernel so that you can see packets sent by the host you are running on. Otherwise, these packets will not be included in the output of NFSWATCH. You can redistribute this program as much as you want. All we ask is that you give credit where credit is due. If you make modifications or bug fixes, please send them back to us, in "diff -c" format, so they can be incorporated into the next release. Original authors (email addresses out of date AFAIK): Dave Curry Jeff Mogul IBM Internet Security Services Digital Equipment Corp. Integrated Systems Solutions Corporation Western Research Laboratory Long Meadow Road, Mail Stop 223 250 University Avenue Sterling Forest, NY 10979 Palo Alto, CA 94301 davy@vnet.ibm.com mogul@wrl.dec.com Current Maintainer: Christian Iseli Ludwig Institute for Cancer Research and Swiss Institute of Bioinformatics Bâtiment Génopode, Université de Lausanne CH-1015 Lausanne, Switzerland c4chris@users.sourceforge.net