[OpenAFS] identifying AFS traffic ?

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 27 Jun 2005 18:55:34 -0400

On Thursday, June 23, 2005 03:05:07 PM -0400 Ken Hornstein 
<kenh@cmf.nrl.navy.mil> wrote:

>> I'm looking for a way to identify AFS internet traffic flows, if
>> possible without too much packet analysis (so it can be done realtime
>> without heavy cpu load.)   If anyone can provide pointers to information
>> or even specific details that can be used to identify AFS packets, it
>> would be very helpful and much appreciated.
> For sites that care, UDP traffic to port 7000 is probably a very simple
> check that should be "good enough" for at least fileserver traffic, which
> is going to be the lion's share of traffic.

True.  But since the AFS cache manager multiplexes many connections from 
the same source port (usually 7001), actually identifying individual flows 
requires looking at the Rx packet header.

Now, wouldn't it be nice if I could remember where I put that diagram...

Well, anyway, the fields you want to look at are the epoch (32 bits) and 
the connection ID (32 bits), possibly masking off the low-order 2 bits of 
the latter.  These will be located at a constant offset within any UDP 
packet carrying Rx traffic.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA