Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 7 Mar 2006 19:51:39 -0500
From:      Kris Kennaway <kris@obsecurity.org>
To:        Miguel Lopes Santos Ramos <miguel@anjos.strangled.net>
Cc:        kuriyama@imgsrc.co.jp, freebsd-stable@freebsd.org, kris@obsecurity.org
Subject:   Re: rpc.lockd brokenness (2)
Message-ID:  <20060308005138.GA49684@xor.obsecurity.org>
In-Reply-To: <200603080030.k280U2Yh003731@compaq.anjos.strangled.net>
References:  <20060307224337.GA28034@xor.obsecurity.org> <200603080030.k280U2Yh003731@compaq.anjos.strangled.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 08, 2006 at 12:30:02AM +0000, Miguel Lopes Santos Ramos wrote:
> > From: Kris Kennaway <kris@obsecurity.org>
> > Subject: Re: rpc.lockd brokenness (2)
> >
> [...]
> > but there's no evidence in the trace that it ever tries to write.  Can
> > you also obtain a ktrace -i dump from cron?
>=20
> The file remains empty.
> I really don't know enough about NFS, but isn't that getattr message repe=
ated
> some seconds latter, and repeated... (even though it always gets an answe=
r)

They have different file handles (which weren't identified in the
previous trace, i.e. they predate the start of the trace), so it could
just be background noise from other reads on the system.

> The ktrace is in http://mega.ist.utl.pt/~mlsr/ktrace.txt
>=20
> I'm not sure it's good. I can't see cron.pid there.
> I had to reboot to end the process, otherwise I couldn't kill cron and
> the trace didn't grow either.

I wonder if something else is going wrong and it's not rpc.lockd at
all.

> > Also while you're there, could you obtain a binary format tcpdump
> > (tcpdump -w) instead?  This may be parsed with tools like ethereal
> > which will help with the analysis.
>=20
> The tcpdump -w is in http://mega.ist.utl.pt/~mlsr/nfs.bin

It looks like this wasn't made using -s 0 - sorry if I wasn't
explicit.

Kris

--BXVAT5kNtrzKuDFl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)

iD8DBQFEDiqaWry0BWjoQKURArUJAJ0WEWNoh560HhqyDCV10kPSIT1YKwCdGoR7
yL32XeCd6ZYJWrr1IkO4j84=
=HMQc
-----END PGP SIGNATURE-----

--BXVAT5kNtrzKuDFl--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060308005138.GA49684>