Hi list
Attached is a new patch for nfs name snooping and
name-snooping api.
Requested changes have been implemented, except tracking of filename
changes as RENAME, RMDIR, etc.
These are quite difficult to implement since filenames are not unique
(compared to filehandles which are unique).
Perhaps it is possible to combine filenames with parent filehandles
and that would allow RENAME to be possible to implement.
This needs some more thought, especially how it will affect whether
name-snooping.[ch] will remain generic enough so it is useful for other
similar tasks and not unique to nfs.
It is not perfect yet, but it is quite useful even in the current state.
The main problem I see with the patch currently is that eventhough
HCLNFSD, MOUNT, NLM, KLM all use the same functions from packet-nfs.c
to print both filenames and filehandles, it is not possible to find
matching "nfs.name" filenames from non packet-nfs.c dissectors.
Something in ethereal makes it not match displayfilters such as
"nfs.name==xxx" when called from outside packet-nfs.c .
If this could be solved, the patch would (IMHO) be very close to perfect.
best regards
ronnie sahlberg
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Attachment:
nfs_snoop.tgz
Description: application/gzip-compressed
