[OpenAFS-devel] understanding rxkad
Hartmut Reuter
reuter@rzg.mpg.de
Fri, 06 Oct 2006 15:25:08 +0200
John Hascall wrote:
> Below is the first packet resulting from 'vos exam 536870918'
> as recorded by tcdump
>
> 21:18:34.909524 IP (tos 0x0, ttl 64, id 30762, offset 0, flags [none], length:
> 72) sw-cs-4.its.iastate.edu.57716 > sw-db-1.its.iastate.edu.afs3-volser: [udp su
> m ok] rx data cid 63564ddc call# 1 seq 1 ser 1 <client-init>,<last-pckt> vol ca
> ll op#-740061092 (44)
> 0x0000: 4500 0048 782a 0000 4011 db69 81ba 91d1 E..Hx*..@..i....
> 0x0010: 81ba 91cb e174 1b5d 0034 555a 785f dd1a .....t.].4UZx_..
> 0x0020: 6356 4ddc 0000 0001 0000 0001 0000 0001 cVM.............
> 0x0030: 0105 0002 d3c6 0004 d3e3 905c 0e72 180e ...........\.r..
> 0x0040: 0000 0000 2000 0006
>
> Ok, ignoring the first 28 bytes (20 IP, 8 UDP),
> we have:
> H 785f dd1a Epoch
> e 6356 4ddc Conn-ID(chan-ID=00)
> a 0000 0001 Call 1
> d 0000 0001 Sequence 1
> e 0000 0001 Serial 1
> r 0105 0002 Type(1=data) Flags<client,last> Status=0, Security=2
> d3c6 0004 Checksum Service-ID
>
> PL d3e3 905c (encrypted XListOneVolume?)
> ao 0e72 180e
> ya 0000 0000 (partition 0)
> d 2000 0006 (536870918, volume-id)
>
> What I'm not understanding are the first 8 bytes of payload.
> If this command is executed with '-noauth' they are replaced
> with 4 bytes (0000 007d) aka XListOneVolume.
>
> Why would just those bytes be encrypted? Are they encrypted?
> Or is it some encoding I just don't understand? How does the
> receiving end know that just those bytes are encrypted? Etc?
> And with what key (since the two packets that follow are
> challenge, response) [then the reply and ackall].
rxkad is sort of stateless: The client starts sending encrypted data (in
this case only the command). When the server has no security data for
this connection he replies with the challange packet which then by the
client is replied by the challange response packet which contains the
security data. These are decrypted with the KeyFile on the server and
allow then the server to extract the session key to decrypt the 1st packet.
The advantage is that a server restart between RPCs doesn't really
matter because both sides resynchronize their security data automatically.
If you would have called the vos command with -encrypt then probably
also the whole payload would have been encrypted.
Hartmut
>
>
> Thanks,
> John
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
-----------------------------------------------------------------
Hartmut Reuter e-mail reuter@rzg.mpg.de
phone +49-89-3299-1328
RZG (Rechenzentrum Garching) fax +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------