By user12625760 on Sep 24, 2008
This entry has been sitting in my draft queue for over a year mainly as it is no longer be relevant as NFSv4 should have rendered the script useless. The rest of this entry refers to NFSv2 and NFSv3 filehandles only.
How can you decode an NFS filehandle?
NFS file handles are opaque so only the server who hands them out can draw firm conclusions from them. However since the implementation in SunOS has not changed it is possible to write a script that will turn a file handle that has been handed out by a server running Solaris into an inode number and device. Hence way back when I wrote that script and only today someone made good use of it so here it is for everyone.
The script has not been touched in over 10 years until I added the CDDL but should still be able to understand messages files and snoop -v output and then decode the file handles.
This snoop was taken while accessing a the file “passwd” that was in /export/home on the server:
: s4u-10-gmp03.eu TS 19 $; /usr/sbin/snoop -p 3,3 -i /tmp/snoop.cg13442 -v | decodefh | grep NFS RPC: Program = 100003 (NFS), version = 3, procedure = 4 NFS: ----- Sun NFS ----- NFS: NFS: Proc = 4 (Check access permission) NFS: File handle = [8CB2] NFS: 0080000000000002000A000000019DAC03419521000A000000019DA96E637436 decodefh: SunOS NFS server file handle decodes as: maj=32,min=0, inode=105900 NFS: Access bits = 0x0000002d NFS: .... ...1 = Read NFS: .... ..0. = (no lookup) NFS: .... .1.. = Modify NFS: .... 1... = Extend NFS: ...0 .... = (no delete) NFS: ..1. .... = Execute NFS:
Now taking this information to the server you need to find the file system that is shared and has major number 32 and minor number 0 and then look for the file with the inode number 105900 :
# share - /export/home rw "" # df /export/home / (/dev/dsk/c0t0d0s0 ):13091934 blocks 894926 files # ls -lL /dev/dsk/c0t0d0s0 brw-r----- 1 root sys 32, 0 Aug 22 15:11 /dev/dsk/c0t0d0s0 # find /export/home -inum 105900 /export/home/passwd #
Clearly this is a trivial example but you get the idea.
The script also understands messages files:
$ grep 'nfs:.\*702911' /var/adm/messages | head -2 | decodefh Sep 21 03:14:34 vi64-netrax4450a-gmp03 nfs: [ID 702911 kern.notice] (file handle: d41cd448 a3dd9683 a00 2040000 1000000 a00 2000000 2000000) decodefh: SunOS NFS server file handle decodes as: maj=13575,min=54344, inode=33816576 Sep 21 08:34:11 vi64-netrax4450a-gmp03 nfs: [ID 702911 kern.notice] (file handle: d41cd448 a3dd9683 a00 2040000 1000000 a00 2000000 2000000) decodefh: SunOS NFS server file handle decodes as: maj=13575,min=54344, inode=33816576 $
and finally can take the file handle from the command line:
$ decodefh 0080000000000002000A000000019DAC03419521000A000000019DA96E637436 0080000000000002000A000000019DAC03419521000A000000019DA96E637436 decodefh: SunOS NFS server file handle decodes as: maj=32,min=0, inode=105900 $
So here is the script: http://blogs.sun.com/chrisg/resource/decodefh.sh
Remember this will only work for filehandles generated by NFS servers running Solaris and only for NFS versions 2 & 3. It is possible that the format could change in the future but at the time of writing and for the last 13 years it has been stable.