Read on Twitter
Step 1 of porting https://FrauBSD.org/nfsdtop ">https://FrauBSD.org/nfsdtop&q... to FreeBSD is identifying the DTrace equivalent of the Linux bpftrace hooks kprobe:nfsd_read and kprobe:nfsd_write
I think I found them by firing a specific round of reads/writes to the FreeBSD NFS test server
I think I found them by firing a specific round of reads/writes to the FreeBSD NFS test server
On FreeBSD, it looks like fbt:kernel:nfsrvd_*:* are the DTrace hooks to watch server-side NFS traffic and fbt:kernel:nfscl_*:* are the hooks for client-side
Step 2. Find kernel functions backing FreeBSD NFS fbt probes in DTrace (there& #39;s a reason why I chose function boundary tracking hooks and not others) so we can tell what arguments it has access to (going to ultimately need access to protocol structs)
NB: If ever asked if there is one skill above all others that individually breeds/accelerates learning, it is the mastery of regular expressions. It allows you to craft sledge-hammers to swing at huge code-bases while keeping the amount of unhelpful noise returned to a minimum
PSA: But when that doesn& #39;t work, check, double-check, and triple-check your spelling! (someone else& #39;s brain may have contracted "server" to "svr" while apparently the alternative is "srv") 
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦🏼‍♀️" title="Woman facepalming (medium light skin tone)" aria-label="Emoji: Woman facepalming (medium light skin tone)">
" title="PSA: But when that doesn& #39;t work, check, double-check, and triple-check your spelling! (someone else& #39;s brain may have contracted "server" to "svr" while apparently the alternative is "srv") https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦🏼‍♀️" title="Woman facepalming (medium light skin tone)" aria-label="Emoji: Woman facepalming (medium light skin tone)">" class="img-responsive" style="max-width:100%;"/>
Ruling out additional noise, FreeBSD kernel defines the NFS read/write functions we are looking for in:
+ sys/fs/nfs/nfs_var.h (header)
+ sys/fs/nfsserver/nfs_nfsdserv.c (code)
https://svnweb.freebsd.org/base/head/sys/fs/nfsserver/nfs_nfsdserv.c?view=annotate">https://svnweb.freebsd.org/base/head...
+ sys/fs/nfs/nfs_var.h (header)
+ sys/fs/nfsserver/nfs_nfsdserv.c (code)
https://svnweb.freebsd.org/base/head/sys/fs/nfsserver/nfs_nfsdserv.c?view=annotate">https://svnweb.freebsd.org/base/head...
In the header we can see what types of arguments we have available at our disposal whenever an NFS client triggers a read/write event on the server
https://svnweb.freebsd.org/base/head/sys/fs/nfs/nfs_var.h?view=annotate">https://svnweb.freebsd.org/base/head...
https://svnweb.freebsd.org/base/head/sys/fs/nfs/nfs_var.h?view=annotate">https://svnweb.freebsd.org/base/head...
We will want to find definitions for each of the information-carrying types of arguments given to us. For example, we& #39;ll need to know what is in an nfsrv_descript structure as well as nfsexstuff (which is probably just extended NFS attributes with a funny name)
Once again, regex saves us a lot of time in searching for the definitions (and also knowing how FreeBSD strictly forms structure definitions -- "struct name {" <-- no funny business in the kernel headers, standardized style(9))
#l180">https://svnweb.freebsd.org/base/head/sys/nfsserver/nfs.h?view=annotate #l180">https://svnweb.freebsd.org/base/head...
#l180">https://svnweb.freebsd.org/base/head/sys/nfsserver/nfs.h?view=annotate #l180">https://svnweb.freebsd.org/base/head...
