On Jan 11, 2013, at 1:44 AM, fanchaoting <fanchaoting@xxxxxxxxxxxxxx> wrote:
> now i found that nfs kernel use 0x40000000 as callback program number.
Which "nfs kernel"? The one in OS X uses 0x4E465343, at least in Mountain Lion.
The NFSv4 specification (RFC 3530) does *NOT* say "0x40000000 is the callback program number", it says "There is no predefined RPC program number for the NFS4_CALLBACK program.", so Wireshark *MUST NOT* assume that it is 0x40000000.
It's probably OK for it to assume that it is *one of the possible* callback program numbers, although it would probably be better if it were to have the callback program number as a preference that defaults to 0x40000000 (which Solaris also appears to use), but it is *NOT* OK to get rid of the code that sets up the callback when it dissects a packet that gives the callback program number:
> diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
> index 63d1019..7b5ec88 100644
> --- a/epan/dissectors/packet-nfs.c
> +++ b/epan/dissectors/packet-nfs.c
> @@ -7979,10 +7979,7 @@ dissect_nfs_cb_client4(tvbuff_t *tvb, int offset, proto_tree *tree)
> {
> proto_tree *cb_location = NULL;
> proto_item *fitem = NULL;
> - int cbprog;
>
> - cbprog = tvb_get_ntohl(tvb, offset);
> - reg_callback(cbprog);
> offset = dissect_rpc_uint32(tvb, tree, hf_nfs_cb_program, offset);
> fitem = proto_tree_add_text(tree, tvb, offset, 0, "cb_location");
>
> @@ -8991,7 +8988,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
> proto_tree *ftree = NULL;
> proto_tree *newftree = NULL;
> guint32 string_length;
> - int cbprog;
> const char *name = NULL, *source_name = NULL, *dest_name=NULL;
> const char *opname=NULL;
> guint32 last_fh_hash=0;
...
> if (ops > MAX_NFSV4_OPS) {
> @@ -9469,8 +9469,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
> offset = dissect_nfs_create_session_flags(tvb, offset, newftree, hf_nfs_create_session_flags_csa);
> offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_fore_chan_attrs");
> offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_back_chan_attrs");
> - cbprog = tvb_get_ntohl(tvb, offset);
> - reg_callback(cbprog);
> offset = dissect_rpc_uint32(tvb, newftree, hf_nfs_cb_program, offset);
> offset = dissect_rpc_secparms4(tvb, offset, newftree);
> break;
so the changes shown above *MUST NOT* be made to the NFS dissector.