From: Ole Holm Nielsen (Ole.H.Nielsen@fysik.dtu.dk)
Date: Thu Nov 24 2005 - 07:41:20 EST
I received helpful answers from a number of people regarding
the non-working nfswatch utility:
1. It is necessary to enable promiscuous mode on the network interface
using "pfconfig +p +c interface". The "nfswatch" manual is
misleading, since the pfconfig is required also for the "root"
superuser to use nfswatch.
2. The packetfilter devices must be created if they don't exist:
cd /dev; MAKEDEV pfilt
3. The Tru64 UNIX nfswatch utility is outdated (useless ?) since
it only handles NFSv2 traffic. This nfswatch cannot handle
NFS over TCP nor NFSv3. There is an nfswatch project on
SourceForge at http://sourceforge.net/projects/nfswatch/
but it doesn't seem to support Tru64 UNIX.
4. Since nfswatch is broken, only tcpdump can give you some information.
Eric Werme sent me a tcpdump command to try, and this finally
allowed me to get the information about NFS clients that I needed.
I've turned this into a little script "nfsdump" (see below) which
may be used as a "poor man's nfswatch".
Original question:
> We have an NFS overload situation of our Tru64 v5.1B server, and we
> need to run the "nfswatch" utility to identify the misbehaving NFS
> clients.
>
> Unfortunately, "nfswatch --allif" shows almost exclusively zero
> NFS traffic, although the server in reality is being killed by
> NFS traffic (the disk subsystem does 800 SCSI transfers/sec).
>
> Question: Does anyone which special tricks are required in order
> to make "nfswatch" behave correctly (the way it does on other
> UNIXes) ? I do have "options PACKETFILTER" defined in the kernel
> config file.
Thanks to:
allan@physics.umn.edu
werme@zk3.dec.com
farrell@pangea.Stanford.EDU
bard.tesaker@nt.ntnu.no
--
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
The script nfsdump:
-------------------
#!/bin/sh
# Dumping NFS client packets as a replacement for broken nfswatch
if test $# -ne 2
then
echo Usage: $0 interface-name number-of-packets
exit 1
fi
INTERFACE=$1
COUNT=$2
# Minimum number of calls which we bother to list
MINCALLS=10
TCPDUMP="/usr/sbin/tcpdump"
TCPDUMP_ARGS="-ts300 port 2049"
echo "Doing tcpdump of $COUNT packets on interface $INTERFACE and listing NFS
calls (over $MINCALLS)"
$TCPDUMP -i $INTERFACE -c$COUNT $TCPDUMP_ARGS | grep call | \
awk '{ match($1, "[.][^.]+$"); print substr($1, 1, RSTART-1) }' | \
sort | uniq -c | sort -n +1 | \
awk -v MINCALLS=$MINCALLS '{if($1>=MINCALLS) print $0}'
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:26 EDT