kAFS and AF_RXRPC

Introduction

The primary goal of the kAFS project is to provide a filesystem within the Linux kernel that can communicate with an AFS server to the same extent that OpenAFS can and, as such, can be a drop-in replacement for OpenAFS on the Linux platform. With the sources being in the upstream Linux kernel, kAFS can take advantage of GPL-only kernel APIs and can be fixed up by people wanting to make wholesale VFS interface changes.

kAFS comprises four in-kernel components:

and three userspace components:

A TODO list can be found here.

kAFS

The kAFS filesystem is a Linux filesystem for accessing AFS servers over the network. It is mounted using something like the following:

	    insmod /tmp/kafs.ko rootcell=grand.central.org
	    mount -t afs "#grand.central.org:root.cell." /afs -o autocell

Implemented features:

Features that need to be added:

Features that could be added:

  • RXAFSCB RPCs for debugging. Have to be careful of this is it can be a security problem, but it could require encryption to access.

The kAFS filesystem sources are integrated into the upstream Linux kernel here

AF_RXRPC

The AF_RXRPC network protocol is the network transport for RX on behalf of the kAFS program and the Python tools. It opens UDP sockets internally and exchanges network packets with peers over it.

An open AF_RXRPC socket can support multiple calls to different peers, both service calls and client calls. The sendmsg() and recvmsg() system calls are used with the ancillary data being used to manage the multiplexing and to pass information.

The kernel handles all the RX protocol metadata internally so that the user only sees the content data. This allows virtual connections to be shared transparently between userspace processes.

Implemented features:

Features that need to be added:

Features that could be added:

The AF_RXRPC sources are integrated into the upstream Linux kernel here.

An example client built using AF_RXRPC can be found here.

Kernel Keyrings and keyutils

The kernel keyrings facility was created to carry tokens for kAFS and AF_RXRPC to identify and authenticate a user with the various servers and to provide cryptographic keys for the network transport. PAGs are not available, rather the session keyring to which a process subscribes is the container for these keys.

Keys and keyrings can be manipulated by users to a certain extent, including adding and deleting keys, though security features exist to control a user's access.

The PAM package and the keyutils package are the main keyring manipulators.

Looking in /proc/keys something like the following would appear:

       396198eb I--Q---     1   1d 3b010000     0     0 rxrpc     afs@YOUR.CELL.COM

The current process's session keyring can be listed to see the kAFS/AF_RXRPC keys applicable to processes run under a shell:

       [root@andromeda ~]# keyctl show @s
       Keyring
        340802050 --alswrv      0     0  keyring: _ses
        566823513 --alswrv      0 65534   \_ keyring: _uid.0
        962697451 --als-rv      0     0   \_ rxrpc: afs@YOUR-FILE-SYSTEM.COM

kAFS and AF_RXRPC clients will pick up the appropriate rxrpc-type key automatically by name and use it if it is available.

The kernel keyrings sources are integrated into the upstream Linux kernel primarily here and here.

The keyutils utility sources can be found here

FS-Cache

The FS-Cache kernel module is a thin layer between any network filesystem and a cache. There is one caching back-end available (CacheFiles) that uses one disk file per network filesystem file to store data.

Supported features:

Features that need to be added:

Features that would be nice:

The FS-Cache sources are integrated into the upstream Linux kernel here

kafs-client

The kafs-client package will be the tools to configure and mount the kAFS filesystem and provide systemdintegration. It will also provide authentications support through aklog and PAM integration.

kafs-utils

The kafs-utils suite is a replacement for bos, vos, pts and co. written in v3 Python, utilising AF_RXRPC to provide the transport.

Implemented features:

Features that need to be added:

Features that would be nice to have.

The kafs-utils sources can be found here