Individual NFSv4 opcodes are contained within a COMPOUND NFSv4 procedure. If one runs to print the RTT of NFSv4 opcodes, you only get results for the COMPOUND procedure and not individual ops. We have a script which parses the output of the This uses two-pass mode. However, when running this in single-pass mode like: We see a difference in the number of operations the two commands report. Sometimes two-pass will either not print the opcode, or not even consider the operation in its analysis. Hand-counting operations shows that two-pass is inaccurate and single-pass is accurate. Is this some behaviour of the NFSv4 dissector which we don't understand, or is this likely a bug in the NFSv4 two-pass dissector? (note: most of our analysis so far has been done on packet captures where tcpdump has dropped at least some traffic due to buffer overrun during receive. We've yet to test this on a "perfect" packet capture) asked 16 Nov '15, 16:26  superjamie |
One Answer:
...
I'd say "two-pass is inaccurate and single-pass is accurate" indicates that there's a bug somewhere. There's no such thing as "the NFSv4 two-pass dissector"; there's only one dissector, the NFSv4 dissector. This is almost certainly a bug in that dissector; please file a bug on it at the Wireshark Bugzilla. answered 16 Nov '15, 17:10  Guy Harris ♦♦ |
Thanks Guy, have done: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11720