[OpenAFS] identifying AFS traffic ?
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 27 Jun 2005 18:55:34 -0400
On Thursday, June 23, 2005 03:05:07 PM -0400 Ken Hornstein
<kenh@cmf.nrl.navy.mil> wrote:
>> I'm looking for a way to identify AFS internet traffic flows, if
>> possible without too much packet analysis (so it can be done realtime
>> without heavy cpu load.) If anyone can provide pointers to information
>> or even specific details that can be used to identify AFS packets, it
>> would be very helpful and much appreciated.
>
> For sites that care, UDP traffic to port 7000 is probably a very simple
> check that should be "good enough" for at least fileserver traffic, which
> is going to be the lion's share of traffic.
True. But since the AFS cache manager multiplexes many connections from
the same source port (usually 7001), actually identifying individual flows
requires looking at the Rx packet header.
Now, wouldn't it be nice if I could remember where I put that diagram...
Well, anyway, the fields you want to look at are the epoch (32 bits) and
the connection ID (32 bits), possibly masking off the low-order 2 bits of
the latter. These will be located at a constant offset within any UDP
packet carrying Rx traffic.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA