jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
openafs/doc/protocol/fs-cm-spec.h
Jeffrey Altman 5526ba218f doc-doxygen-20090531 
LICENSE BSD

Doxygen converted versions of the IBM provided architecture and
protocol documentation.

Funded under an SBIR grant.
2009-05-31 17:52:46 +00:00

3982 lines
200 KiB
C++
Raw Permalink Blame History

/*!
\page title AFS-3 Programmer's Reference: File Server/Cache Manager
Interface
\author Edward R. Zayas
Transarc Corporation
\version 1.1
\date 20 Aug 1991 9:38 Copyright 1991 Transarc Corporation All Rights Reserved
FS-00-D162
\page chap1 Chapter 1: Overview
\section sec1-1 Section 1.1: Introduction
\subsection sec1-1-1 Section 1.1.1: The AFS 3.1 Distributed File System
\par
AFS 3.1 is a distributed file system (DFS) designed to meet the following set
of requirements:
\li Server-client model: Permanent file storage for AFS is maintained by a
collection of file server machines. This centralized storage is accessed by
individuals running on client machines, which also serve as the computational
engines for those users. A single machine may act as both an AFS file server
and client simultaneously. However, file server machines are generally assumed
to be housed in a secure environment, behind locked doors.
\li Scale: Unlike other existing DFSs, AFS was designed with the specific goal
of supporting a very large user community. Unlike the rule-of-thumb ratio of 20
client machines for every server machine (20:1) used by Sun Microsystem's NFS
distributed file system [4][5], the AFS architecture aims at smoothly
supporting client/server ratios more along the lines of 200:1 within a single
installation.
\par
AFS also provides another, higher-level notion of scalability. Not only can
each independently-administered AFS site, or cell, grow very large (on the
order of tens of thousands of client machines), but individual cells may easily
collaborate to form a single, unified file space composed of the union of the
individual name spaces. Thus, users have the image of a single unix file system
tree rooted at the /afs directory on their machine. Access to files in this
tree is performed with the standard unix commands, editors, and tools,
regardless of a file's location.
\par
These cells and the files they export may be geographically dispersed, thus
requiring client machines to access remote file servers across network pathways
varying widely in speed, latency, and reliability. The AFS architecture
encourages this concept of a single, wide-area file system. As of this writing,
the community AFS filespace includes sites spanning the continental United
States and Hawaii, and also reaches overseas to various installations in
Europe, Japan, and Australia.
\li Performance: This is a critical consideration given the scalability and
connectivity requirements described above. A high-performance system in the
face of high client/server ratios and the existence of low-bandwidth,
high-latency network connections as well as the normal high-speed ones is
achieved by two major mechanisms:
\li Caching: Client machines make extensive use of caching techniques wherever
possible. One important application of this methodology is that each client is
required to maintain a cache of files it has accessed from AFS file servers,
performing its operations exclusively on these local copies. This file cache is
organized in a least-recently-used (LRU) fashion. Thus, each machine will build
a local working set of objects being referenced by its users. As long as the
cached images remain 'current' (i.e., compatible with the central version
stored at the file servers), operations may be performed on these files without
further communication with the central servers. This results in significant
reductions in network traffic and server loads, paving the way for the target
client/server ratios.
\par
This file cache is typically located on the client's local hard disk, although
a strictly in-memory cache is also supported. The disk cache has the advantage
that its contents will survive crashes and reboots, with the expectation that
the majority of cached objects will remain current. The local cache parameters,
including the maximum number of blocks it may occupy on the local disk, may be
changed on the fly. In order to avoid having the size of the client file cache
become a limit on the length of an AFS file, caching is actually performed on
chunks of the file. These chunks are typically 64 Kbytes in length, although
the chunk size used by the client is settable when the client starts up.
\li Callbacks: The use of caches by the file system, as described above, raises
the thorny issue of cache consistency. Each client must efficiently determine
whether its cached file chunks are identical to the corresponding sections of
the file as stored at the server machine before allowing a user to operate on
those chunks. AFS employs the notion of a callback as the backbone of its cache
consistency algorithm. When a server machine delivers one or more chunks of a
file to a client, it also includes a callback 'promise' that the client will be
notified if any modifications are made to the data in the file. Thus, as long
as the client machine is in possession of a callback for a file, it knows it is
correctly synchronized with the centrally-stored version, and allows its users
to operate on it as desired without any further interaction with the server.
Before a file server stores a more recent version of a file on its own disks,
it will first break all outstanding callbacks on this item. A callback will
eventually time out, even if there are no changes to the file or directory it
covers.
\li Location transparency: The typical AFS user does not know which server or
servers houses any of his or her files. In fact, the user's storage may be
distributed among several servers. This location transparency also allows user
data to be migrated between servers without users having to take corrective
actions, or even becoming aware of the shift.
\li Reliability: The crash of a server machine in any distributed file system
will cause the information it hosts to become unavailable to the user
community. The same effect is caused when server and client machines are
isolated across a network partition. AFS addresses this situation by allowing
data to be replicated across two or more servers in a read-only fashion. If the
client machine loses contact with a particular server from which it is
attempting to fetch data, it hunts among the remaining machines hosting
replicas, looking for one that is still in operation. This search is performed
without the user's knowledge or intervention, smoothly masking outages whenever
possible. Each client machine will automatically perform periodic probes of
machines on its list of known servers, updating its internal records concerning
their status. Consequently, server machines may enter and exit the pool without
administrator intervention.
\par
Replication also applies to the various databases employed by the AFS server
processes. These system databases are read/write replicated with a single
synchronization site at any instant. If a synchronization site is lost due to
failure, the remaining database sites elect a new synchronization site
automatically without operator intervention.
\li Security: A production file system, especially one which allows and
encourages transparent access between administrative domains, must be conscious
of security issues. AFS considers the server machines as 'trusted', being kept
behind locked doors and only directly manipulated by administrators. On the
other hand, client machines are, by definition, assumed to exist in inherently
insecure environments. These client machines are recognized to be fully
accessible to their users, making AFS servers open to attacks mounted by
possibly modified hardware, operating systems, and software from its clients.
\li To provide credible file system security, AFS employs an authentication
system based on the Kerberos facility developed by Project Athena at MIT
[6][7]. Users operating from client machines are required to interact with
Authentication Server agents running on the secure server machines to generate
secure tokens of identity. These tokens express the user's identity in an
encrypted fashion, and are stored in the kernel of the client machine. When the
user attempts to fetch or store files, the server may challenge the user to
verify his or her identity. This challenge, hidden from the user and handled
entirely by the RPC layer, will transmit this token to the file server involved
in the operation. The server machine, upon decoding the token and thus
discovering the user's true identity, will allow the caller to perform the
operation if permitted. Access control: The standard unix access control
mechanism associates mode bits with every file and directory, applying them
based on the user's numerical identifier and the user's membership in various
groups. AFS has augmented this traditional access control mechanism with Access
Control Lists (ACLs). Every AFS directory has an associated ACL which defines
the principals or parties that may operate on all files contained in the
directory, and which operations these principals may perform. Rights granted by
these ACLs include read, write, delete, lookup, insert (create new files, but
don't overwrite old files), and administer (change the ACL). Principals on
these ACLs include individual users and groups of users. These groups may be
defined by AFS users without administrative intervention. AFS ACLs provide for
much finer-grained access control for its files.
\li Administrability: Any system with the scaling goals of AFS must pay close
attention to its ease of administration. The task of running an AFS
installation is facilitated via the following mechanisms:
\li Pervasive RPC interfaces: Access to AFS server agents is performed mostly
via RPC interfaces. Thus, servers may be queried and operated upon regardless
of their location. In combination with the security system outlined above, even
administrative functions such as instigating backups, reconfiguring server
machines, and stopping and restarting servers may be performed by an
administrator sitting in front of any AFS-capable machine, as long as the
administrator holds the proper tokens.
\li Replication: As AFS supports read-only replication for user data and
read-write replication for system databases, much of the system reconfiguration
work in light of failures is performed transparently and without human
intervention. Administrators thus typically have more time to respond to many
common failure situations.
\li Data mobility: Improved and balanced utilization of disk resources is
facilitated by the fact that AFS supports transparent relocation of user data
between partitions on a single file server machine or between two different
machines. In a situation where a machine must be brought down for an extended
period, all its storage may be migrated to other servers so that users may
continue their work completely unaffected.
\li Automated 'nanny' services: Each file server machine runs a BOS Server
process, which assists in the machine's administration. This server is
responsible for monitoring the health of the AFS agents under its care,
bringing them up in the proper order after a system reboot, answering requests
as to their status and restarting them when they fail. It also accepts commands
to start, suspend, or resume these processes, and install new server binaries.
Accessible via an RPC interface, this supervisory process relieves
administrators of some oversight responsibilities and also allows them to
perform their duties from any machine running AFS, regardless of location or
geographic distance from the targeted file server machine.
\li On-line backup: Backups may be performed on the data stored by the AFS file
server machines without bringing those machines down for the duration.
Copy-on-write 'snapshots' are taken of the data to be preserved, and tape
backup is performed from these clones. One added benefit is that these backup
clones are on-line and accessible by users. Thus, if someone accidentally
deletes a file that is contained in their last snapshot, they may simply copy
its contents as of the time the snapshot was taken back into their active
workspace. This facility also serves to improve the administrability of the
system, greatly reducing the number of requests to restore data from tape.
\li On-line help: The set of provided program tools used to interact with the
active AFS agents are self-documenting in that they will accept command-line
requests for help, displaying descriptive text in response.
\li Statistics: Each AFS agent facilitates collection of statistical data on
its performance, configuration, and status via its RPC interface. Thus, the
system is easy to monitor. One tool that takes advantage of this facility is
the scout program. Scout polls file server machines periodically, displaying
usage statistics, current disk capacities, and whether the server is
unavailable. Administrators monitoring this information can thus quickly react
to correct overcrowded disks and machine crashes.
\li Coexistence: Many organizations currently employ other distributed file
systems, most notably NFS. AFS was designed to run simultaneously with other
DFSs without interfering in their operation. In fact, an NFS-AFS translator
agent exists that allows pure-NFS client machines to transparently access files
in the AFS community.
\li Portability: Because AFS is implemented using the standard VFS and vnode
interfaces pioneered and advanced by Sun Microsystems, AFS is easily portable
between different platforms from a single vendor or from different vendors.
\subsection sec1-1-2 Section 1.1.2: Scope of this Document
\par
This document is a member of a documentation suite providing specifications of
the operations and interfaces offered by the various AFS servers and agents.
Specifically, this document will focus on two of these system agents:
\li File Server: This AFS entity is responsible for providing a central disk
repository for a particular set of files and for making these files accessible
to properly-authorized users running on client machines. The File Server is
implemented as a user-space process
\li Cache Manager: This code, running within the kernel of an AFS client
machine, is a user's representative in communicating with the File Servers,
fetching files back and forth into the local cache as needed. The Cache Manager
also keeps information as to the composition of its own cell as well as the
other AFS cells in existence. It resolves file references and operations,
determining the proper File Server (or group of File Servers) that may satisfy
the request. In addition, it is also a reliable repository for the user's
authentication information, holding on to their tokens and wielding them as
necessary when challenged.
\subsection sec1-1-3 Section 1.1.3: Related Documents
\par
The full AFS specification suite of documents is listed below:
\li AFS-3 Programmer's Reference: Architectural Overview: This paper provides
an architectual overview of the AFS distributed file system, describing the
full set of servers and agents in a coherent way, illustrating their
relationships to each other and examining their interactions.
\li AFS-3 Programmer's Reference:Volume Server/Volume Location Server
Interface: This document describes the services through which 'containers' of
related user data are located and managed.
\li AFS-3 Programmer's Reference: Protection Server Interface: This paper
describes the server responsible for providing two-way mappings between
printable usernames and their internal AFS identifiers. The Protection Server
also allows users to create, destroy, and manipulate 'groups' of users, which
are suitable for placement on ACLs. AFS-3 Programmer's Reference: BOS Server
Interface: This paper explicates the 'nanny' service described above, which
assists in the administrability of the AFS environment.
\li AFS-3 Programmer's Reference: Specification for the Rx Remote Procedure
Call Facility: This document specifies the design and operation of the remote
procedure call and lightweight process packages used by AFS.
\par
In addition to these papers, the AFS 3.1 product is delivered with its own
user, administrator, installation, and command reference documents.
\section sec1-2 Section 1.2: Basic Concepts
\par
To properly understand AFS operation, specifically the tasks and objectives of
the File Server and Cache Manager, it is necessary to introduce and explain the
following concepts:
\li Cell: A cell is the set of server and client machines operated by an
administratively independent organization. The cell administrators make
decisions concerning such issues as server deployment and configuration, user
backup schedules, and replication strategies on their own hardware and disk
storage completely independently from those implemented by other cell
administrators regarding their own domains. Every client machine belongs to
exactly one cell, and uses that information to determine the set of database
servers it uses to locate system resources and generate authentication
information.
\li Volume: AFS disk partitions do not directly host individual user files or
directories. Rather, connected subtrees of the system's directory structure are
placed into containers called volumes. Volumes vary in size dynamically as
objects are inserted, overwritten, and deleted. Each volume has an associated
quota, or maximum permissible storage. A single unix disk partition may host
one or more volumes, and in fact may host as many volumes as physically fit in
the storage space. However, a practical maximum is 3,500 volumes per disk
partition, since this is the highest number currently handled by the salvager
program. The salvager is run on occasions where the volume structures on disk
are inconsistent, repairing the damage. A compile-time constant within the
salvager imposes the above limit, causing it to refuse to repair any
inconsistent partition with more than 3,500 volumes. Volumes serve many
purposes within AFS. First, they reduce the number of objects with which an
administrator must be concerned, since operations are normally performed on an
entire volume at once (and thus on all files and directories contained within
the volume). In addition, volumes are the unit of replication, data mobility
between servers, and backup. Disk utilization may be balanced by transparently
moving volumes between partitions.
\li Mount Point: The connected subtrees contained within individual volumes
stored at AFS file server machines are 'glued' to their proper places in the
file space defined by a site, forming a single, apparently seamless unix tree.
These attachment points are referred to as mount points. Mount points are
persistent objects, implemented as symbolic links whose contents obey a
stylized format. Thus, AFS mount points differ from NFS-style mounts. In the
NFS environment, the user dynamically mounts entire remote disk partitions
using any desired name. These mounts do not survive client restarts, and do not
insure a uniform namespace between different machines.
\par
As a Cache Manager resolves an AFS pathname as part of a file system operation
initiated by a user process, it recognizes mount points and takes special
action to resolve them. The Cache Manager consults the appropriate Volume
Location Server to discover the File Server (or set of File Servers) hosting
the indicated volume. This location information is cached, and the Cache
Manager then proceeds to contact the listed File Server(s) in turn until one is
found that responds with the contents of the volume's root directory. Once
mapped to a real file system object, the pathname resolution proceeds to the
next component.
\li Database Server: A set of AFS databases is required for the proper
functioning of the system. Each database may be replicated across two or more
file server machines. Access to these databases is mediated by a database
server process running at each replication site. One site is declared to be the
synchronization site, the sole location accepting requests to modify the
databases. All other sites are read-only with respect to the set of AFS users.
When the synchronization site receives an update to its database, it
immediately distributes it to the other sites. Should a synchronization site go
down through either a hard failure or a network partition, the remaining sites
will automatically elect a new synchronization site if they form a quorum, or
majority. This insures that multiple synchronization sites do not become active
in the network partition scenario.
\par
The classes of AFS database servers are listed below:
\li Authentication Server: This server maintains the authentication database
used to generate tokens of identity.
\li Protection Server: This server maintains mappings between human-readable
user account names and their internal numerical AFS identifiers. It also
manages the creation, manipulation, and update of user-defined groups suitable
for use on ACLs.
\li Volume Location Server: This server exports information concerning the
location of the individual volumes housed within the cell.
\section sec1-3 Section 1.3: Document Layout
\par
Following this introduction and overview, Chapter 2 describes the architecture
of the File Server process design. Similarly, Chapter 3 describes the
architecture of the in-kernel Cache Manager agent. Following these
architectural examinations, Chapter 4 provides a set of basic coding
definitions common to both the AFS File Server and Cache Manager, required to
properly understand the interface specifications which follow. Chapter 5 then
proceeds to specify the various File Server interfaces. The myriad Cache
Manager interfaces are presented in Chapter 6, thus completing the document.
\page chap2 Chapter 2: File Server Architecture
\section sec2-1 Section 2.1: Overview
\par
The AFS File Server is a user-level process that presides over the raw disk
partitions on which it supports one or more volumes. It provides 'half' of the
fundamental service of the system, namely exporting and regimenting access to
the user data entrusted to it. The Cache Manager provides the other half,
acting on behalf of its human users to locate and access the files stored on
the file server machines.
\par
This chapter examines the structure of the File Server process. First, the set
of AFS agents with which it must interact are discussed. Next, the threading
structure of the server is examined. Some details of its handling of the race
conditions created by the callback mechanism are then presented. This is
followed by a discussion of the read-only volume synchronization mechanism.
This functionality is used in each RPC interface call and intended to detect
new releases of read-only volumes. File Servers do not generate callbacks for
objects residing in read-only volumes, so this synchronization information is
used to implement a 'whole-volume' callback. Finally, the fact that the File
Server may drop certain information recorded about the Cache Managers with
which it has communicated and yet guarantee correctness of operation is
explored.
\section sec2-2 Section 2.2: Interactions
\par
By far the most frequent partner in File Server interactions is the set of
Cache Managers actively fetching and storing chunks of data files for which the
File Server provides central storage facilities. The File Server also
periodically probes the Cache Managers recorded in its tables with which it has
recently dealt, determining if they are still active or whether their records
might be garbage-collected.
\par
There are two other server entities with which the File Server interacts,
namely the Protection Server and the BOS Server. Given a fetch or store request
generated by a Cache Manager, the File Server needs to determine if the caller
is authorized to perform the given operation. An important step in this process
is to determine what is referred to as the caller's Current Protection
Subdomain, or CPS. A user's CPS is a list of principals, beginning with the
user's internal identifier, followed by the the numerical identifiers for all
groups to which the user belongs. Once this CPS information is determined, the
File Server scans the ACL controlling access to the file system object in
question. If it finds that the ACL contains an entry specifying a principal
with the appropriate rights which also appears in the user's CPS, then the
operation is cleared. Otherwise, it is rejected and a protection violation is
reported to the Cache Manager for ultimate reflection back to the caller.
\par
The BOS Server performs administrative operations on the File Server process.
Thus, their interactions are quite one-sided, and always initiated by the BOS
Server. The BOS Server does not utilize the File Server's RPC interface, but
rather generates unix signals to achieve the desired effect.
\section sec2-3 Section 2.3: Threading
\par
The File Server is organized as a multi-threaded server. Its threaded behavior
within a single unix process is achieved by use of the LWP lightweight process
facility, as described in detail in the companion "AFS-3 Programmer's
Reference: Specification for the Rx Remote Procedure Call Facility" document.
The various threads utilized by the File Server are described below:
\li WorkerLWP: This lightweight process sleeps until a request to execute one
of the RPC interface functions arrives. It pulls the relevant information out
of the request, including any incoming data delivered as part of the request,
and then executes the server stub routine to carry out the operation. The
thread finishes its current activation by feeding the return code and any
output data back through the RPC channel back to the calling Cache Manager. The
File Server initialization sequence specifies that at least three but no more
than six of these WorkerLWP threads are to exist at any one time. It is
currently not possible to configure the File Server process with a different
number of WorkerLWP threads.
\li FiveMinuteCheckLWP: This thread runs every five minutes, performing such
housekeeping chores as cleaning up timed-out callbacks, setting disk usage
statistics, and executing the special handling required by certain AIX
implementations. Generally, this thread performs activities that do not take
unbounded time to accomplish and do not block the thread. If reassurance is
required, FiveMinuteCheckLWP can also be told to print out a banner message to
the machine's console every so often, stating that the File Server process is
still running. This is not strictly necessary and an artifact from earlier
versions, as the File Server's status is now easily accessible at any time
through the BOS Server running on its machine.
\li HostCheckLWP: This thread, also activated every five minutes, performs
periodic checking of the status of Cache Managers that have been previously
contacted and thus appear in this File Server's internal tables. It generates
RXAFSCB Probe() calls from the Cache Manager interface, and may find itself
suspended for an arbitrary amount of time when it enounters unreachable Cache
Managers.
\section sec2-4 Section 2.4: Callback Race Conditions
\par
Callbacks serve to implement the efficient AFS cache consistency mechanism, as
described in Section 1.1.1. Because of the asynchronous nature of callback
generation and the multi-threaded operation and organization of both the File
Server and Cache Manager, race conditions can arise in their use. As an
example, consider the case of a client machine fetching a chunk of file X. The
File Server thread activated to carry out the operation ships the contents of
the chunk and the callback information over to the requesting Cache Manager.
Before the corresponding Cache Manager thread involved in the exchange can be
scheduled, another request arrives at the File Server, this time storing a
modified image of the same chunk from file X. Another worker thread comes to
life and completes processing of this second request, including execution of an
RXAFSCB CallBack() to the Cache Manager who still hasn't picked up on the
results of its fetch operation. If the Cache Manager blindly honors the RXAFSCB
CallBack() operation first and then proceeds to process the fetch, it will wind
up believing it has a callback on X when in reality it is out of sync with the
central copy on the File Server. To resolve the above class of callback race
condition, the Cache Manager effectively doublechecks the callback information
received from File Server calls, making sure they haven't already been
nullified by other file system activity.
\section sec2-5 Section 2.5: Read-Only Volume Synchronization
\par
The File Server issues a callback for each file chunk it delivers from a
read-write volume, thus allowing Cache Managers to efficiently synchronize
their local caches with the authoritative File Server images. However, no
callbacks are issued when data from read-only volumes is delivered to clients.
Thus, it is possible for a new snapshot of the read-only volume to be
propagated to the set of replication sites without Cache Managers becoming
aware of the event and marking the appropriate chunks in their caches as stale.
Although the Cache Manager refreshes its volume version information
periodically (once an hour), there is still a window where a Cache Manager will
fail to notice that it has outdated chunks.
\par
The volume synchronization mechanism was defined to close this window,
resulting in what is nearly a 'whole-volume' callback device for read-only
volumes. Each File Server RPC interface function handling the transfer of file
data is equipped with a parameter (a volSyncP), which carries this volume
synchronization information. This parameter is set to a non-zero value by the
File Server exclusively when the data being fetched is coming from a read-only
volume. Although the struct AFSVolSync defined in Section 5.1.2.2 passed via a
volSyncP consists of six longwords, only the first one is set. This leading
longword carries the creation date of the read-only volume. The Cache Manager
immediately compares the synchronization value stored in its cached volume
information against the one just received. If they are identical, then the
operation is free to complete, secure in the knowledge that all the information
and files held from that volume are still current. A mismatch, though,
indicates that every file chunk from this volume is potentially out of date,
having come from a previous release of the read-only volume. In this case, the
Cache Manager proceeds to mark every chunk from this volume as suspect. The
next time the Cache Manager considers accessing any of these chunks, it first
checks with the File Server it came from which the chunks were obtained to see
if they are up to date.
\section sec2-6 Section 2.6: Disposal of Cache Manager Records
\par
Every File Server, when first starting up, will, by default, allocate enough
space to record 20,000 callback promises (see Section 5.3 for how to override
this default). Should the File Server fully populate its callback records, it
will not allocate more, allowing its memory image to possibly grow in an
unbounded fashion. Rather, the File Server chooses to break callbacks until it
acquires a free record. All reachable Cache Managers respond by marking their
cache entries appropriately, preserving the consistency guarantee. In fact, a
File Server may arbitrarily and unilaterally purge itself of all records
associated with a particular Cache Manager. Such actions will reduce its
performance (forcing these Cache Managers to revalidate items cached from that
File Server) without sacrificing correctness.
\page chap3 Chapter 3: Cache Manager Architecture
\section sec3-1 Section 3.1: Overview
\par
The AFS Cache Manager is a kernel-resident agent with the following duties and
responsibilities:
\li Users are to be given the illusion that files stored in the AFS distributed
file system are in fact part of the local unix file system of their client
machine. There are several areas in which this illusion is not fully realized:
\li Semantics: Full unix semantics are not maintained by the set of agents
implementing the AFS distributed file system. The largest deviation involves
the time when changes made to a file are seen by others who also have the file
open. In AFS, modifications made to a cached copy of a file are not necessarily
reflected immediately to the central copy (the one hosted by File Server disk
storage), and thus to other cache sites. Rather, the changes are only
guaranteed to be visible to others who simultaneously have their own cached
copies open when the modifying process executes a unix close() operation on the
file.
\par
This differs from the semantics expected from the single-machine, local unix
environment, where writes performed on one open file descriptor are immediately
visible to all processes reading the file via their own file descriptors. Thus,
instead of the standard "last writer wins" behavior, users see "last closer
wins" behavior on their AFS files. Incidentally, other DFSs, such as NFS, do
not implement full unix semantics in this case either.
\li Partial failures: A panic experienced by a local, single-machine unix file
system will, by definition, cause all local processes to terminate immediately.
On the other hand, any hard or soft failure experienced by a File Server
process or the machine upon which it is executing does not cause any of the
Cache Managers interacting with it to crash. Rather, the Cache Managers will
now have to reflect their failures in getting responses from the affected File
Server back up to their callers. Network partitions also induce the same
behavior. From the user's point of view, part of the file system tree has
become inaccessible. In addition, certain system calls (e.g., open() and
read()) may return unexpected failures to their users. Thus, certain coding
practices that have become common amongst experienced (single-machine) unix
programmers (e.g., not checking error codes from operations that "can't" fail)
cause these programs to misbehave in the face of partial failures.
\par
To support this transparent access paradigm, the Cache Manager proceeds to:
\li Intercept all standard unix operations directed towards AFS objects,
mapping them to references aimed at the corresponding copies in the local
cache.
\li Keep a synchronized local cache of AFS files referenced by the client
machine's users. If the chunks involved in an operation reading data from an
object are either stale or do not exist in the local cache, then they must be
fetched from the File Server(s) on which they reside. This may require a query
to the volume location service in order to locate the place(s) of residence.
Authentication challenges from File Servers needing to verify the caller's
identity are handled by the Cache Manager, and the chunk is then incorporated
into the cache.
\li Upon receipt of a unix close, all dirty chunks belonging to the object will
be flushed back to the appropriate File Server.
\li Callback deliveries and withdrawals from File Servers must be processed,
keeping the local cache in close synchrony with the state of affairs at the
central store.
\li Interfaces are also be provided for those principals who wish to perform
AFS-specific operations, such as Access Control List (ACL) manipulations or
changes to the Cache Manager's configuration.
\par
This chapter takes a tour of the Cache Manager's architecture, and examines how
it supports these roles and responsibilities. First, the set of AFS agents with
which it must interact are discussed. Next, some of the Cache Manager's
implementation and interface choices are examined. Finally, the server's
ability to arbitrarily dispose of callback information without affecting the
correctness of the cache consistency algorithm is explained.
\section sec3-2 Section 3.2: Interactions
\par
The main AFS agent interacting with a Cache Manager is the File Server. The
most common operation performed by the Cache Manager is to act as its users'
agent in fetching and storing files to and from the centralized repositories.
Related to this activity, a Cache Manager must be prepared to answer queries
from a File Server concerning its health. It must also be able to accept
callback revocation notices generated by File Servers. Since the Cache Manager
not only engages in data transfer but must also determine where the data is
located in the first place, it also directs inquiries to Volume Location Server
agents. There must also be an interface allowing direct interactions with both
common and administrative users. Certain AFS-specific operations must be made
available to these parties. In addition, administrative users may desire to
dynamically reconfigure the Cache Manager. For example, information about a
newly-created cell may be added without restarting the client's machine.
\section sec3-3 Section 3.3: Implementation Techniques
\par
The above roles and behaviors for the Cache Manager influenced the
implementation choices and methods used to construct it, along with the desire
to maximize portability. This section begins by showing how the VFS/vnode
interface, pioneered and standardized by Sun Microsystems, provides not only
the necessary fine-grain access to user file system operations, but also
facilitates Cache Manager ports to new hardware and operating system platforms.
Next, the use of unix system calls is examined. Finally, the threading
structure employed is described.
\subsection sec3-3-1 Section 3.3.1: VFS Interface
\par
As mentioned above, Sun Microsystems has introduced and propagated an important
concept in the file system world, that of the Virtual File System (VFS)
interface. This abstraction defines a core collection of file system functions
which cover all operations required for users to manipulate their data. System
calls are written in terms of these standardized routines. Also, the associated
vnode concept generalizes the original unix inode idea and provides hooks for
differing underlying environments. Thus, to port a system to a new hardware
platform, the system programmers have only to construct implementations of this
base array of functions consistent with the new underlying machine.
\par
The VFS abstraction also allows multiple file systems (e.g., vanilla unix, DOS,
NFS, and AFS) to coexist on the same machine without interference. Thus, to
make a machine AFS-capable, a system designer first extends the base vnode
structure in well-defined ways in order to store AFS-specific operations with
each file description. Then, the base function array is coded so that calls
upon the proper AFS agents are made to accomplish each function's standard
objectives. In effect, the Cache Manager consists of code that interprets the
standard set of unix operations imported through this interface and executes
the AFS protocols to carry them out.
\subsection sec3-3-2 Section 3.3.2: System Calls
\par
As mentioned above, many unix system calls are implemented in terms of the base
function array of vnode-oriented operations. In addition, one existing system
call has been modified and two new system calls have been added to perform
AFS-specific operations apart from the Cache Manager's unix 'emulation'
activities. The standard ioctl() system call has been augmented to handle
AFS-related operations on objects accessed via open unix file descriptors. One
of the brand-new system calls is pioctl(), which is much like ioctl() except it
names targeted objects by pathname instead of file descriptor. Another is afs
call(), which is used to initialize the Cache Manager threads, as described in
the section immediately following.
\subsection sec3-3-3 Section 3.3.3: Threading
\par
In order to execute its many roles, the Cache Manager is organized as a
multi-threaded entity. It is implemented with (potentially multiple
instantiations of) the following three thread classes:
\li CallBack Listener: This thread implements the Cache Manager callback RPC
interface, as described in Section 6.5.
\li Periodic Maintenance: Certain maintenance and checkup activities need to be
performed at five set intervals. Currently, the frequency of each of these
operations is hard-wired. It would be a simple matter, though, to make these
times configurable by adding command-line parameters to the Cache Manager.
\li Thirty seconds: Flush pending writes for NFS clients coming in through the
NFS-AFS Translator facility.
\li One minute: Make sure local cache usage is below the assigned quota, write
out dirty buffers holding directory data, and keep flock()s alive.
\li Three minutes: Check for the resuscitation of File Servers previously
determined to be down, and check the cache of previously computed access
information in light of any newly expired tickets.
\li Ten minutes: Check health of all File Servers marked as active, and
garbage-collect old RPC connections.
\li One hour: Check the status of the root AFS volume as well as all cached
information concerning read-only volumes.
\li Background Operations: The Cache Manager is capable of prefetching file
system objects, as well as carrying out delayed stores, occurring sometime
after a close() operation. At least two threads are created at Cache Manager
initialization time and held in reserve to carry out these objectives. This
class of background threads implements the following three operations:
\li Prefetch operation: Fetches particular file system object chunks in the
expectation that they will soon be needed.
\li Path-based prefetch operation: The prefetch daemon mentioned above operates
on objects already at least partly resident in the local cache, referenced by
their vnode. The path-based prefetch daemon performs the same actions, but on
objects named solely by their unix pathname.
\li Delayed store operation: Flush all modified chunks from a file system
object to the appropriate File Server's disks.
\section sec3-4 Section 3.4: Disposal of Cache Manager Records
\par
The Cache Manager is free to throw away any or all of the callbacks it has
received from the set of File Servers from which it has cached files. This
housecleaning does not in any way compromise the correctness of the AFS cache
consistency algorithm. The File Server RPC interface described in this paper
provides a call to allow a Cache Manager to advise of such unilateral
jettisoning. However, failure to use this routine still leaves the machine's
cache consistent. Let us examine the case of a Cache Manager on machine C
disposing of its callback on file X from File Server F. The next user access on
file X on machine C will cause the Cache Manager to notice that it does not
currently hold a callback on it (although the File Server will think it does).
The Cache Manager on C attempts to revalidate its entry when it is entirely
possible that the file is still in sync with the central store. In response,
the File Server will extend the existing callback information it has and
deliver the new promise to the Cache Manager on C. Now consider the case where
file X is modified by a party on a machine other than C before such an access
occurs on C. Under these circumstances, the File Server will break its callback
on file X before performing the central update. The Cache Manager on C will
receive one of these "break callback" messages. Since it no longer has a
callback on file X, the Cache Manager on C will cheerfully acknowledge the File
Server's notification and move on to other matters. In either case, the
callback information for both parties will eventually resynchronize. The only
potential penalty paid is extra inquiries by the Cache Manager and thus
providing for reduced performance instead of failure of operation.
\page chap4 Chapter 4: Common Definitions and Data Structures
\par
This chapter discusses the definitions used in common by the File Server and
the Cache Manager. They appear in the common.xg file, used by Rxgen to generate
the C code instantiations of these definitions.
\section sec4-1 Section 4.1: File-Related Definitions
\subsection sec4-1-1 Section 4.1.1: struct AFSFid
\par
This is the type for file system objects within AFS.
\n \n Fields
\li unsigned long Volume - This provides the identifier for the volume in which
the object resides.
\li unsigned long Vnode - This specifies the index within the given volume
corresponding to the object.
\li unsigned long Unique - This is a 'uniquifier' or generation number for the
slot identified by the Vnode field.
\section sec4-2 Section 4.2: Callback-related Definitions
\subsection sec4-2-1 Section 4.2.1: Types of Callbacks
\par
There are three types of callbacks defined by AFS-3:
\li EXCLUSIVE: This version of callback has not been implemented. Its intent
was to allow a single Cache Manager to have exclusive rights on the associated
file data.
\li SHARED: This callback type indicates that the status information kept by a
Cache Manager for the associated file is up to date. All cached chunks from
this file whose version numbers match the status information are thus
guaranteed to also be up to date. This type of callback is non-exclusive,
allowing any number of other Cache Managers to have callbacks on this file and
cache chunks from the file.
\li DROPPED: This is used to indicate that the given callback promise has been
cancelled by the issuing File Server. The Cache Manager is forced to mark the
status of its cache entry as unknown, forcing it to stat the file the next time
a user attempts to access any chunk from it.
\subsection sec4-2-2 Section 4.2.2: struct AFSCallBack
\par
This is the canonical callback structure passed in many File Server RPC
interface calls.
\n \b Fields
\li unsigned long CallBackVersion - Callback version number.
\li unsigned long ExpirationTime - Time when the callback expires, measured in
seconds.
\li unsigned long CallBackType - The type of callback involved, one of
EXCLUSIVE, SHARED, or DROPPED.
\subsection sec4-2-3 Section 4.2.3: Callback Arrays
\par
AFS-3 sometimes does callbacks in bulk. Up to AFSCBMAX (50) callbacks can be
handled at once. Layouts for the two related structures implementing callback
arrays, struct AFSCBFids and struct AFSCBs, follow below. Note that the
callback descriptor in slot i of the array in the AFSCBs structure applies to
the file identifier contained in slot i in the fid array in the matching
AFSCBFids structure.
\subsubsection sec4-2-3-1 Section 4.2.3.1: struct AFSCBFids
\n \b Fields
\li u int AFSCBFids len - Number of AFS file identifiers stored in the
structure, up to a maximum of AFSCBMAX.
\li AFSFid *AFSCBFids val - Pointer to the first element of the array of file
identifiers.
\subsubsection sec4-2-3-2 Section 4.2.3.2: struct AFSCBs
\n \b Fields
\li u int AFSCBs len - Number of AFS callback descriptors stored in the
structure, up to a maximum of AFSCBMAX.
\li AFSCallBack *AFSCBs val - Pointer to the actual array of callback
descriptors
\section sec4-3 Section 4.3: Locking Definitions
\subsection sec4-3-1 Section 4.3.1: struct AFSDBLockDesc
\par
This structure describes the state of an AFS lock.
\n \b Fields
\li char waitStates - Types of lockers waiting for the lock.
\li char exclLocked - Does anyone have a boosted, shared or write lock? (A
boosted lock allows the holder to have data read-locked and then 'boost' up to
a write lock on the data without ever relinquishing the lock.)
\li char readersReading - Number of readers that actually hold a read lock on
the associated object.
\li char numWaiting - Total number of parties waiting to acquire this lock in
some fashion.
\subsection sec4-3-2 Section 4.3.2: struct AFSDBCacheEntry
\par
This structure defines the description of a Cache Manager local cache entry, as
made accessible via the RXAFSCB GetCE() callback RPC call. Note that File
Servers do not make the above call. Rather, client debugging programs (such as
cmdebug) are the agents which call RXAFSCB GetCE().
\n \b Fields
\li long addr - Memory location in the Cache Manager where this description is
located.
\li long cell - Cell part of the fid.
\li AFSFid netFid - Network (standard) part of the fid
\li long Length - Number of bytes in the cache entry.
\li long DataVersion - Data version number for the contents of the cache entry.
\li struct AFSDBLockDesc lock - Status of the lock object controlling access to
this cache entry.
\li long callback - Index in callback records for this object.
\li long cbExpires - Time when the callback expires.
\li short refCount - General reference count.
\li short opens - Number of opens performed on this object.
\li short writers - Number of writers active on this object.
\li char mvstat - The file classification, indicating one of normal file, mount
point, or volume root.
\li char states - Remembers the state of the given file with a set of
bits indicating, from lowest-order to highest order: stat info valid, read-only
file, mount point valid, pending core file, wait-for-store, and mapped file.
\subsection sec4-3-3 Section 4.3.3: struct AFSDBLock
\par
This is a fuller description of an AFS lock, including a string name used to
identify it.
\n \b Fields
\li char name[16] - String name of the lock.
\li struct AFSDBLockDesc lock - Contents of the lock itself.
\section sec4-4 Section 4.4: Miscellaneous Definitions
\subsection sec4-4-1 Section 4.4.1: Opaque structures
\par
A maximum size for opaque structures passed via the File Server interface is
defined as AFSOPAQUEMAX. Currently, this is set to 1,024 bytes. The AFSOpaque
typedef is defined for use by those parameters that wish their contents to
travel completely uninterpreted across the network.
\subsection sec4-4-2 Section 4.4.2: String Lengths
\par
Two common definitions used to specify basic AFS string lengths are AFSNAMEMAX
and AFSPATHMAX. AFSNAMEMAX places an upper limit of 256 characters on such
things as file and directory names passed as parameters. AFSPATHMAX defines the
longest pathname expected by the system, composed of slash-separated instances
of the individual directory and file names mentioned above. The longest
acceptable pathname is currently set to 1,024 characters.
\page chap5 Chapter 5: File Server Interfaces
\par
There are several interfaces offered by the File Server, allowing it to export
the files stored within the set of AFS volumes resident on its disks to the AFS
community in a secure fashion and to perform self-administrative tasks. This
chapter will cover the three File Server interfaces, summarized below. There is
one File Server interface that will not be discussed in this document, namely
that used by the Volume Server. It will be fully described in the companion
AFS-3 Programmer's Reference:Volume Server/Volume Location Server Interface.
\li RPC: This is the main File Server interface, supporting all of the Cache
Manager's needs for providing its own clients with appropriate access to file
system objects stored within AFS. It is closedly tied to the callback interface
exported by the Cache Manager as described in Section 6.5, which has special
implications for any application program making direct calls to this interface.
\li Signals: Certain operations on a File Server must be performed by it
sending unix signals on the machine on which it is executing. These operations
include performing clean shutdowns and adjusting debugging output levels.
Properly-authenticated administrative users do not have to be physically logged
into a File Server machine to generate these signals. Rather, they may use the
RPC interface exported by that machine's BOS Server process to generate them
from any AFS-capable machine.
\li Command Line: Many of the File Server's operating parameters may be set
upon startup via its command line interface. Such choices as the number of data
buffers and callback records to hold in memory may be made here, along with
various other decisions such as lightweight thread stack size.
\section sec5-1 Section 5.1: RPC Interface
\subsection sec5-1-1 Section 5.1.1: Introduction and Caveats
\par
The documentation for the AFS-3 File Server RPC interface commences with some
basic definitions and data structures used in conjunction with the function
calls. This is followed by an examination of the set of non-streamed RPC
functions, namely those routines whose parameters are all fixed in size. Next,
the streamed RPC functions, those with parameters that allow an arbitrary
amount of data to be delivered, are described. A code fragment and accompanying
description and analysis are offered as an example of how to use the streamed
RPC calls. Finally, a description of the special requirements on any
application program making direct calls to this File Server interface appears.
The File Server assumes that any entity making calls to its RPC functionality
is a bona fide and full-fledged Cache Manager. Thus, it expects this caller to
export the Cache Manager's own RPC interface, even if the application simply
uses File Server calls that don't transfer files and thus generate callbacks.
\par
Within those sections describing the RPC functions themselves, the purpose of
each call is detailed, and the nature and use of its parameters is documented.
Each of these RPC interface routines returns an integer error code, and a
subset of the possible values are described. A complete and systematic list of
potential error returns for each function is difficult to construct and
unwieldy to examine. This is due to fact that error codes from many different
packages and from many different levels may arise. Instead of attempting
completeness, the error return descriptions discuss error codes generated
within the functions themselves (or a very small number of code levels below
them) within the File Server code itself, and not from such associated packages
as the Rx, volume, and protection modules. Many of these error code are defined
in the companion AFS-3 documents.
\par
By convention, a return value of zero reveals that the function call was
successful and that all of its OUT parameters have been set by the File Server.
\subsection sec5-1-2 Section 5.1.2: Definitions and Structures
\subsubsection sec5-1-2-1 Section 5.1.2.1: Constants and Typedefs
\par
The following constants and typedefs are required to properly use the File
Server RPC interface, both to provide values and to interpret information
returned by the calls. The constants appear first, followed by the list of
typedefs, which sometimes depend on the constants above. Items are alphabetized
within each group.
\par
All of the constants appearing below whose names contain the XSTAT string are
used in conjuction with the extended data collection facility supported by the
File Server. The File Server defines some number of data collections, each of
which consists of an array of longword values computed by the File Server.
\par
There are currently two data collections defined for the File Server. The first
is identified by the AFS XSTATSCOLL CALL INFO constant. This collection of
longwords relates the number of times each internal function within the File
Server code has been executed, thus providing profiling information. The second
File Server data collection is identified by the AFS XSTATSCOLL PERF INFO
constant. This set of longwords contains information related to the File
Server's performance.
\par Section 5.1.2.1.1 AFS DISKNAMESIZE [Value = 32]
Specifies the maximum length for an AFS disk partition, used directly in the
definition for the DiskName typedef. A DiskName appears as part of a struct
ViceDisk, a group of which appear inside a struct ViceStatistics, used for
carrying basic File Server statistics information.
\par Section 5.1.2.1.2 AFS MAX XSTAT LONGS [Value = 1,024]
Defines the maximum size for a File Server data collection, as exported via the
RXAFS GetXStats() RPC call. It is used directly in the AFS CollData typedef.
\par Section 5.1.2.1.3 AFS XSTATSCOLL CALL INFO [Value = 0]
This constant identifies the File Server's data collection containing profiling
information on the number of times each of its internal procedures has been
called.
\par
Please note that this data collection is not supported by the File Server at
this time. A request for this data collection will result the return of a
zero-length array.
\par Section 5.1.2.1.4 AFS XSTATSCOLL PERF INFO [Value = 1]
This constant identifies the File Server's data collection containing
performance-related information.
\par Section 5.1.2.1.5 AFS CollData [typedef long AFS CollData<AFS MAX XSTAT
LONGS>;]
This typedef is used by Rxgen to create a structure used to pass File Server
data collections to the caller. It resolves into a C typedef statement defining
a structure of the same name with the following fields:
\n \b Fields
\li u int AFS CollData len - The number of longwords contained within the data
pointed to by the next field.
\li long *AFS CollData val - A pointer to a sequence of AFS CollData len
long-words.
\par Section 5.1.2.1.6 AFSBulkStats [typedef AFSFetchStatus
AFSBulkStats<AFSCBMAX>;]
This typedef is used by Rxgen to create a structure used to pass a set of
statistics structures, as described in the RXAFS BulkStatus documentation in
Section 5.1.3.21. It resolves into a C typedef statement defining a structure
of the same name with the following fields:
\n \b Fields
\li u int AFSBulkStats len - The number of struct AFSFetchStatus units
contained within the data to which the next field points.
\li AFSFetchStatus *AFSBulkStats val - This field houses pointer to a sequence
of AFSBulkStats len units of type struct AFSFetchStatus.
\par Section 5.1.2.1.7 DiskName [typedef opaque DiskName[AFS DISKNAMESIZE];]
The name of an AFS disk partition. This object appears as a field within a
struct ViceDisk,a group of which appear inside a struct ViceStatistics, used
for carrying basic File Server statistics information. The term opaque
appearing above inidcates that the object being defined will be treated as an
undifferentiated string of bytes.
\par Section 5.1.2.1.8 ViceLockType [typedef long ViceLockType;]
This defines the format of a lock used internally by the Cache Manager. The
content of these locks is accessible via the RXAFSCB GetLock() RPC function. An
isomorphic and more refined version of the lock structure used by the Cache
Manager, mapping directly to this definition, is struct AFSDBLockDesc, defined
in Section 4.3.1.
\subsubsection sec5-1-2-2 Section 5.1.2.2: struct AFSVolSync
\par
This structure conveys volume synchronization information across many of the
File Server RPC interface calls, allowing something akin to a "whole-volume
callback" on read-only volumes.
\n \b Fields
\li unsigned long spare1 ... spare6 - The first longword, spare1, contains the
volume's creation date. The rest are currently unused.
\subsubsection sec5-1-2-3 Section 5.1.2.3: struct AFSFetchStatus
\par
This structure defines the information returned when a file system object is
fetched from a File Server.
\n \b Fields
\li unsigned long InterfaceVersion - RPC interface version, defined to be 1.
\li unsigned long FileType - Distinguishes the object as either a file,
directory, symlink, or invalid.
\li unsigned long LinkCount - Number of links to this object.
\li unsigned long Length - Length in bytes.
\li unsigned long DataVersion - Object's data version number.
\li unsigned long Author - Identity of the object's author.
\li unsigned long Owner - Identity of the object's owner.
\li unsigned long CallerAccess - The set of access rights computed for the
caller on this object.
\li unsigned long AnonymousAccess - The set of access rights computed for any
completely unauthenticated principal.
\li unsigned long UnixModeBits - Contents of associated unix mode bits.
\li unsigned long ParentVnode - Vnode for the object's parent directory.
\li unsigned long ParentUnique - Uniquifier field for the parent object.
\li unsigned long SegSize - (Not implemented).
\li unsigned long ClientModTime - Time when the caller last modified the data
within the object.
\li unsigned long ServerModTime - Time when the server last modified the data
within the object.
\li unsigned long Group - (Not implemented).
\li unsigned long SyncCounter - (Not implemented).
\li unsigned long spare1 ... spare4 - Spares.
\subsubsection sec5-1-2-4 Section 5.1.2.4: struct AFSStoreStatus
\par
This structure is used to convey which of a file system object's status fields
should be set, and their new values. Several File Server RPC calls, including
RXAFS StoreStatus(), RXAFS CreateFile(), RXAFS SymLink(), RXAFS MakeDir(), and
the streamed call to store file data onto the File Server.
\n \b Fields
\li unsigned long Mask - Bit mask, specifying which of the following fields
should be assigned into the File Server's status block on the object.
\li unsigned long ClientModTime - The time of day that the object was last
modified.
\li unsigned long Owner - The principal identified as the owner of the file
system object.
\li unsigned long Group - (Not implemented).
\li unsigned long UnixModeBits - The set of associated unix mode bits.
\li unsigned long SegSize - (Not implemented).
\subsubsection sec5-1-2-5 Section 5.1.2.5: struct ViceDisk
\par
This structure occurs in struct ViceStatistics, and describes the
characteristics and status of a disk partition used for AFS storage.
\n \b Fields
\li long BlocksAvailable - Number of 1 Kbyte disk blocks still available on the
partition.
\li long TotalBlocks - Total number of disk blocks in the partition.
\li DiskName Name - The human-readable character string name of the disk
partition (e.g., /vicepa).
\subsubsection sec5-1-2-6 Section 5.1.2.6: struct ViceStatistics
\par
This is the File Server statistics structure returned by the RXAFS
GetStatistics() RPC call.
\n \b Fields
\li unsigned long CurrentMsgNumber - Not used.
\li unsigned long OldestMsgNumber - Not used.
\li unsigned long CurrentTime - Time of day, as understood by the File Server.
\li unsigned long BootTime - Kernel's boot time.
\li unsigned long StartTime - Time when the File Server started up.
\li long CurrentConnections - Number of connections to Cache Manager instances.
\li unsigned long TotalViceCalls - Count of all calls made to the RPC
interface.
\li unsigned long TotalFetchs - Total number of fetch operations, either status
or data, performed.
\li unsigned long FetchDatas - Total number of data fetch operations
exclusively.
\li unsigned long FetchedBytes - Total number of bytes fetched from the File
Server since it started up.
\li long FetchDataRate - Result of dividing the FetchedBytes field by the
number of seconds the File Server has been running.
\li unsigned long TotalStores - Total number of store operations, either status
or data, performed.
\li unsigned long StoreDatas - Total number of data store operations
exclusively.
\li unsigned long StoredBytes - Total number of bytes stored to the File Server
since it started up.
\li long StoreDataRate - The result of dividing the StoredBytes field by the
number of seconds the File Server has been running.
\li unsigned long TotalRPCBytesSent - Outdated
\li unsigned long TotalRPCBytesReceived - Outdated
\li unsigned long TotalRPCPacketsSent - Outdated
\li unsigned long TotalRPCPacketsReceived - Outdated
\li unsigned long TotalRPCPacketsLost - Outdated
\li unsigned long TotalRPCBogusPackets - Outdated
\li long SystemCPU - Result of reading from the kernel the usage times
attributed to system activities.
\li long UserCPU - Result of reading from the kernel the usage times attributed
to user-level activities.
\li long NiceCPU - Result of reading from the kernel the usage times attributed
to File Server activities that have been nice()d (i.e., run at a lower
priority).
\li long IdleCPU - Result of reading from the kernel the usage times attributed
to idling activities.
\li long TotalIO - Summary of the number of bytes read/written from the disk.
\li long ActiveVM - Amount of virtual memory used by the File Server.
\li long TotalVM - Total space available on disk for virtual memory activities.
\li long EtherNetTotalErrors - Not used.
\li long EtherNetTotalWrites - Not used.
\li long EtherNetTotalInterupts - Not used.
\li long EtherNetGoodReads - Not used.
\li long EtherNetTotalBytesWritten - Not used.
\li long EtherNetTotalBytesRead - Not used.
\li long ProcessSize - The size of the File Server's data space in 1 Kbyte
chunks.
\li long WorkStations - The total number of client Cache Managers
(workstations) for which information is held by the File Server.
\li long ActiveWorkStations - The total number of client Cache Managers
(workstations) that have recently interacted with the File Server. This number
is strictly less than or equal to the WorkStations field.
\li long Spare1 ... Spare8 - Not used.
\li ViceDisk Disk1 ... Disk10 - Statistics concerning up to 10 disk partitions
used by the File Server. These records keep information on all partitions, not
just partitions reserved for AFS storage.
\subsubsection sec5-1-2-7 Section 5.1.2.7: struct afs PerfStats
\par
This is the structure corresponding to the AFS XSTATSCOLL PERF INFO data
collection that is defined by the File Server (see Section 5.1.2.1.4). It is
accessible via the RXAFS GetXStats() interface routine, as defined in Section
5.1.3.26.
The fields within this structure fall into the following classifications:
\li Number of requests for the structure.
\li Vnode cache information.
\li Directory package numbers.
\li Rx information.
\li Host module fields
\li Spares.
\par
Please note that the Rx fields represent the contents of the rx stats structure
maintained by Rx RPC facility itself. Also, a full description of all the
structure's fields is not possible here. For example, the reader is referred to
the companion Rx document for further clarification on the Rx-related fields
within afs PerfStats.
\n \b Fields
\li long numPerfCalls - Number of performance collection calls received.
\li long vcache L Entries - Number of entries in large (directory) vnode cache.
\li long vcache L Allocs - Number of allocations for the large vnode cache.
\li long vcache L Gets - Number of get operations for the large vnode cache.
\li long vcache L Reads - Number of reads performed on the large vnode cache.
\li long vcache L Writes - Number of writes executed on the large vnode.cache.
\li long vcache S Entries - Number of entries in the small (file) vnode cache.
\li long vcache S Allocs - Number of allocations for the small vnode cache.
\li long vcache S Gets - Number of get operations for the small vnode cache.
\li long vcache S Reads - Number of reads performed on the small vnode cache.
\li long vcache S Writes - Number of writes executed on the small vnode cache.
\li long vcache H Entries - Number of entries in the header of the vnode cache.
\li long vcache H Gets - Number of get operations on the header of the vnode
cache.
\li long vcache H Replacements - Number of replacement operations on the header
of the vnode cache.
\li long dir Buffers - Number of directory package buffers in use.
\li long dir Calls - Number of read calls made to the directory package.
\li long dir IOs - Number of directory I/O operations performed.
\li long rx packetRequests - Number of Rx packet allocation requests.
\li long rx noPackets RcvClass - Number of failed packet reception requests.
\li long rx noPackets SendClass - Number of failed packet transmission
requests.
\li long rx noPackets SpecialClass - Number of 'special' Rx packet rquests.
\li long rx socketGreedy - Did setting the Rx socket to SO GREEDY succeed?
\li long rx bogusPacketOnRead - Number of short packets received.
\li long rx bogusHost - Latest host address from bogus packets.
\li long rx noPacketOnRead - Number of attempts to read a packet when one was
not physically available.
\li long rx noPacketBuffersOnRead - Number of packets dropped due to buffer
shortages.
\li long rx selects - Number of selects performed, waiting for a packet arrival
or a timeout.
\li long rx sendSelects - Number of selects forced upon a send.
\li long rx packetsRead RcvClass - Number of packets read belonging to the
'Rcv' class.
\li long rx packetsRead SendClass - Number of packets read that belong to the
'Send' class.
\li long rx packetsRead SpecialClass - Number of packets read belonging to the
'Special' class.
\li long rx dataPacketsRead - Number of unique data packets read off the wire.
\li long rx ackPacketsRead - Number of acknowledgement packets read.
\li long rx dupPacketsRead - Number of duplicate data packets read.
\li long rx spuriousPacketsRead - Number of inappropriate packets read.
\li long rx packetsSent RcvClass - Number of packets sent belonging to the
'Rcv' class.
\li long rx packetsSent SendClass - Number of packets sent belonging to the
'Send' class.
\li long rx packetsSent SpecialClass - Number of packets sent belonging to the
'Special' class.
\li long rx ackPacketsSent - Number of acknowledgement packets sent.
\li long rx pingPacketsSent - Number of ping packets sent.
\li long rx abortPacketsSent - Number of abort packets sent.
\li long rx busyPacketsSent - Number of busy packets sent.
\li long rx dataPacketsSent - Number of unique data packets sent.
\li long rx dataPacketsReSent - Number of retransmissions sent.
\li long rx dataPacketsPushed - Number of retransmissions pushed by a NACK.
\li long rx ignoreAckedPacket - Number of packets whose acked flag was set at
rxi Start() time.
\li long rx totalRtt Sec - Total round trip time in seconds.
\li long rx totalRtt Usec - Microsecond portion of the total round trip time,
\li long rx minRtt Sec - Minimum round trip time in seconds.
\li long rx minRtt Usec - Microsecond portion of minimal round trip time.
\li long rx maxRtt Sec - Maximum round trip time in seconds.
\li long rx maxRtt Usec - Microsecond portion of maximum round trip time.
\li long rx nRttSamples - Number of round trip samples.
\li long rx nServerConns - Total number of server connections.
\li long rx nClientConns - Total number of client connections.
\li long rx nPeerStructs - Total number of peer structures.
\li long rx nCallStructs - Total number of call structures.
\li long rx nFreeCallStructs - Total number of call structures residing on the
free list.
\li long host NumHostEntries - Number of host entries.
\li long host HostBlocks - Number of blocks in use for host entries.
\li long host NonDeletedHosts - Number of non-deleted host entries.
\li long host HostsInSameNetOrSubnet - Number of host entries in the same
[sub]net as the File Server.
\li long host HostsInDiffSubnet - Number of host entries in a different subnet
as the File Server.
\li long host HostsInDiffNetwork - Number of host entries in a different
network entirely as the File Server.
\li long host NumClients - Number of client entries.
\li long host ClientBlocks - Number of blocks in use for client entries.
\li long spare[32] - Spare fields, reserved for future use.
\subsubsection sec5-1-2-8 Section 5.1.2.8: struct AFSFetchVolumeStatus
\par
The results of asking the File Server for status information concerning a
particular volume it hosts.
\n \b Fields
\li long Vid - Volume ID.
\li long ParentId - Volume ID in which the given volume is 'primarily' mounted.
\li This is used to properly resolve pwd operations, as a volume may be mounted
simultaneously at multiple locations.
\li char Online - Is the volume currently online and fully available?
\li char InService - This field records whether the volume is currently in
service. It is indistinguishable from the Blessed field,
\li char Blessed - See the description of the InService field immediately
above.
\li char NeedsSalvage -Should this volume be salvaged (run through a
consistency- checking procedure)?
\li long Type - The classification of this volume, namely a read/write volume
(RWVOL = 0), read-only volume (ROVOL = 1), or backup volume (BACKVOL = 2).
\li long MinQuota - Minimum number of 1 Kbyte disk blocks to be set aside for
this volume. Note: this field is not currently set or accessed by any AFS
agents.
\li long MaxQuota - Maximum number of 1 Kbyte disk blocks that may be occupied
by this volume.
\li long BlocksInUse - Number of 1 Kbyte disk blocks currently in use by this
volume.
\li long PartBlocksAvail - Number of available 1 Kbyte blocks currently unused
in the volume's partition.
\li long PartMaxBlocks - Total number of blocks, in use or not, for the
volume's partition.
\subsubsection sec5-1-2-9 Section 5.1.2.9: struct AFSStoreVolumeStatus
\par
This structure is used to convey which of a file system object's status fields
should be set, and their new values. The RXAFS SetVolumeStatus() RPC call is
the only user of this structure.
\n \b Fields
\li long Mask - Bit mask to determine which of the following two fields should
be stored in the centralized status for a given volume.
\li long MinQuota - Minimum number of 1 Kbyte disk blocks to be set aside for
this volume.
\li long MaxQuota - Maximum number of 1 Kbyte disk blocks that may be occupied
by this volume.
\subsubsection sec5-1-2-10 Section 5.1.2.10: struct AFSVolumeInfo
\par
This field conveys information regarding a particular volume through certain
File Server RPC interface calls. For information regarding the different volume
types that exist, please consult the companion document, AFS-3 Programmer's
Reference:Volume Server/Volume Location Server Interface.
\n \b Fields
\li unsigned long Vid - Volume ID.
\li long Type - Volume type (see struct AFSFetchVolumeStatus in Section 5.1.2.8
above).
\li unsigned long Type0 ... Type4 - The volume IDs for the possible volume
types in existance for this volume.
\li unsigned long ServerCount - The number of File Server machines on which an
instance of this volume is located.
\li unsigned long Server0 ... Server7 - Up to 8 IP addresses of File Server
machines hosting an instance on this volume. The first ServerCount of these
fields hold valid server addresses.
\li unsigned short Port0 ... Port7 - Up to 8 UDP port numbers on which
operations on this volume should be directed. The first ServerCount of these
fields hold valid port identifiers.
\subsection sec5-1-3 Section 5.1.3: Non-Streamed Function Calls
\par
The following is a description of the File Server RPC interface routines that
utilize only parameters with fixed maximum lengths. The majority of the File
Server calls fall into this suite, with only a handful using streaming
techniques to pass objects of unbounded size between a File Server and Cache
Manager.
\par
Each function is labeled with an opcode number. This is the low-level numerical
identifier for the function, and appears in the set of network packets
constructed for the RPC call.
\subsubsection sec5-1-3-1 Section 5.1.3.1: RXAFS FetchACL - Fetch the
ACL associated with the given AFS file identifier
\code
int RXAFS FetchACL(IN struct rx connection *a rxConnP,
IN AFSFid *a dirFidP,
OUT AFSOpaque *a ACLP,
OUT AFSFetchStatus *a dirNewStatP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 131] Fetch the ACL for the directory identified by a dirFidP, placing
it in the space described by the opaque structure to which a ACLP points. Also
returned is the given directory's status, written to a dirNewStatP. An ACL may
thus take up at most AFSOPAQUEMAX (1,024) bytes, since this is the maximum size
of an AFSOpaque.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation. EINVAL An
internal error in looking up the client record was encountered, or an invalid
fid was provided. VICETOKENDEAD Caller's authentication token has expired.
\subsubsection sec5-1-3-2 Section 5.1.3.2: RXAFS FetchStatus - Fetch
the status information regarding a given file system object
\code
int RXAFS FetchStatus(IN struct rx connection *a rxConnP,
IN AFSFid *a fidToStatP,
OUT AFSFetchStatus *a currStatP,
OUT AFSCallBack *a callBackP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 132] Fetch the current status information for the file or directory
identified by a fidToStatP, placing it into the area to which a currStatP
points. If the object resides in a read/write volume, then the related callback
information is returned in a callBackP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation. EINVAL An
internal error in looking up the client record was encountered, or an invalid
fid was provided. VICETOKENDEAD Caller's authentication token has expired.
\subsubsection sec5-1-3-3 Section 5.1.3.3: RXAFS StoreACL - Associate
the given ACL with the named directory
\code
int RXAFS StoreACL(IN struct rx connection *a rxConnP,
IN AFSOpaque *a ACLToStoreP,
IN AFSFid *a dirFidP,
OUT AFSFetchStatus *a dirNewStatP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 134] Store the ACL information to which a ACLToStoreP points to the
File Server, associating it with the directory identified by a dirFidP. The
resulting status information for the a dirFidP directory is returned in a
dirNewStatP. Note that the ACL supplied via a ACLToStoreP may be at most
AFSOPAQUEMAX (1,024) bytes long, since this is the maximum size accommodated by
an AFSOpaque.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation.
\n E2BIG The given ACL is too large.
\n EINVAL The given ACL could not translated to its on-disk format.
\subsubsection sec5-1-3-4 Section 5.1.3.4: RXAFS StoreStatus - Store
the given status information for the specified file
\code
int RXAFS StoreStatus(IN struct rx connection *a rxConnP,
IN AFSFid *a fidP,
IN AFSStoreStatus *a currStatusP,
OUT AFSFetchStatus *a srvStatusP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 135] Store the status information to which a currStatusP points,
associating it with the file identified by a fidP. All outstanding callbacks on
this object are broken. The resulting status structure stored at the File
Server is returned in a srvStatusP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation.
\n EINVAL An internal error in looking up the client record was encountered, or
an invalid fid was provided, or an attempt was made to change the mode of a
symbolic link.
\n VICETOKENDEAD Caller's authentication token has expired.
\subsubsection sec5-1-3-5 Section 5.1.3.5: RXAFS RemoveFile - Delete
the given file
\code
int RXAFS RemoveFile(IN struct rx connection *a rxConnP,
IN AFSFid *a dirFidP,
IN char *a name<AFSNAMEMAX>,
OUT AFSFetchStatus *a srvStatusP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 136] Destroy the file named a name within the directory identified by a
dirFidP. All outstanding callbacks on this object are broken. The resulting
status structure stored at the File Server is returned in a srvStatusP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation.
\n EINVAL An internal error in looking up the client record was encountered, or
an invalid fid was provided, or an attempt was made to remove "." or "..".
\n EISDIR The target of the deletion was supposed to be a file, but it is
really a directory.
\n ENOENT The named file was not found.
\n ENOTDIR The a dirFidP parameter references an object which is not a
directory, or the deletion target is supposed to be a directory but is not.
\n ENOTEMPTY The target directory being deleted is not empty.
\n VICETOKENDEAD Caller's authentication token has expired.
\subsubsection sec5-1-3-6 Section 5.1.3.6: RXAFS CreateFile - Create
the given file
\code
int RXAFS CreateFile(IN struct rx connection *a rxConnP,
IN AFSFid *DirFid,
IN char *Name,
IN AFSStoreStatus *InStatus,
OUT AFSFid *OutFid,
OUT AFSFetchStatus *OutFidStatus,
OUT AFSFetchStatus *OutDirStatus,
OUT AFSCallBack *CallBack,
OUT AFSVolSync *a volSyncP)
/* associated with the new file. */
\endcode
\par Description
[Opcode 137] This call is used to create a file, but not for creating a
directory or a symbolic link. If this call succeeds, it is the Cache Manager's
responsibility to either create an entry locally in the directory specified by
DirFid or to invalidate this directory's cache entry.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller is not permitted to perform this operation.
\n EINVAL An internal error in looking up the client record was encountered, or
an invalid fid or name was provided.
\n ENOTDIR The DirFid parameter references an object which is not a directory.
\n VICETOKENDEAD Caller's authentication token has expired.
\subsubsection sec5-1-3-7 Section 5.1.3.7: RXAFS Rename - Rename the
specified file in the given directory
\code
int RXAFS Rename(IN struct rx connection *a rxConnP,
IN AFSFid *a origDirFidP,
IN char *a origNameP,
IN AFSFid *a newDirFidP,
IN char *a newNameP,
OUT AFSFetchStatus *a origDirStatusP,
OUT AFSFetchStatus *a newDirStatusP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 138] Rename file a origNameP in the directory identified by a
origDirFidP. Its new name is to be a newNameP, and it will reside in the
directory identified by a newDirFidP. Each of these names must be no more than
AFSNAMEMAX (256) characters long. The status of the original and new
directories after the rename operation completes are deposited in a
origDirStatusP and a newDirStatusP respectively. Existing callbacks are broken
for all files and directories involved in the operation.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES New file exists but user doesn't have Delete rights in the directory.
\n EINVAL Name provided is invalid.
\n EISDIR Original object is a file and new object is a directory.
\n ENOENT The object to be renamed doesn't exist in the parent directory.
\n ENOTDIR Original object is a directory and new object is a file.
\n EXDEV Rename attempted across a volume boundary, or create a pathname loop,
or hard links exist to the file.
\subsubsection sec5-1-3-8 Section 5.1.3.8: RXAFS Symlink - Create a
symbolic link
\code
int RXAFS Symlink(IN struct rx connection *a rxConnP,
IN AFSFid *a dirFidP,
IN char *a nameP,
IN char *a linkContentsP,
IN AFSStoreStatus *a origDirStatP,
OUT AFSFid *a newFidP,
OUT AFSFetchStatus *a newFidStatP,
OUT AFSFetchStatus *a newDirStatP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 139] Create a symbolic link named a nameP in the directory identified
by a dirFidP. The text of the symbolic link is provided in a linkContentsP, and
the desired status fields for the symbolic link given by a origDirStatP. The
name offered in a nameP must be less than AFSNAMEMAX (256) characters long, and
the text of the link to which a linkContentsP points must be less than
AFSPATHMAX (1,024) characters long. Once the symbolic link has been
successfully created, its file identifier is returned in a newFidP. Existing
callbacks to the a dirFidP directory are broken before the symbolic link
creation completes. The status fields for the symbolic link itself and its
parent's directory are returned in a newFidStatP and a newDirStatP
respectively.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL Illegal symbolic link name provided.
\subsubsection sec5-1-3-9 Section 5.1.3.9: RXAFS Link - Create a hard
link
\code
int RXAFS Link(IN struct rx connection *a rxConnP,
IN AFSFid *a dirFidP,
IN char *a nameP,
IN AFSFid *a existingFidP,
OUT AFSFetchStatus *a newFidStatP,
OUT AFSFetchStatus *a newDirStatP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 140] Create a hard link named a nameP in the directory identified by a
dirFidP. The file serving as the basis for the hard link is identified by
existingFidP. The name offered in a nameP must be less than AFSNAMEMAX (256)
characters long. Existing callbacks to the a dirFidP directory are broken
before the hard link creation completes. The status fields for the file itself
and its parent's directory are returned in a newFidStatP and a newDirStatP
respectively.
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EISDIR An attempt was made to create a hard link to a directory.
\n EXDEV Hard link attempted across directories.
\subsubsection sec5-1-3-10 Section 5.1.3.10: RXAFS MakeDir - Create a
directory
\code
int RXAFS MakeDir(IN struct rx connection *a rxConnP,
IN AFSFid *a parentDirFid,P
IN char *a newDirNameP,
IN AFSStoreStatus *a currStatP,
OUT AFSFid *a newDirFidP,
OUT AFSFetchStatus *a dirFidStatP,
OUT AFSFetchStatus *a parentDirStatP,
OUT AFSCallBack *a newDirCallBackP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 141] Create a directory named a newDirNameP within the directory
identified by a parentDirFidP. The initial status fields for the new directory
are provided in a currStatP. The new directory's name must be less than
AFSNAMEMAX (256) characters long. The new directory's ACL is inherited from its
parent. Existing callbacks on the parent directory are broken before the
creation completes. Upon successful directory creation, the new directory's
file identifier is returned in a newDirFidP, and the resulting status
information for the new and parent directories are stored in a dirFidStatP and
a parentDirStatP respectively. In addition, a callback for the new directory is
returned in a newDirCallBackP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL The directory name provided is unacceptable.
\subsubsection sec5-1-3-11 Section 5.1.3.11: RXAFS RemoveDir - Remove a
directory
\code
int RXAFS RemoveDir(IN struct rx connection *a rxConnP,
IN AFSFid *a parentDirFidP,
IN char *a dirNameP,
OUT AFSFetchStatus *a newParentDirStatP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 142] Remove the directory named a dirNameP from within its parent
directory, identified by a parentDirFid. The directory being removed must be
empty, and its name must be less than AFSNAMEMAX (256) characters long.
Existing callbacks to the directory being removed and its parent directory are
broken before the deletion completes. Upon successful deletion, the status
fields for the parent directory are returned in a newParentDirStatP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\subsubsection sec5-1-3-12 Section 5.1.3.12: RXAFS GetStatistics - Get
common File Server statistics
\code
int RXAFS GetStatistics(IN struct rx connection *a rxConnP,
OUT ViceStatistics *a FSInfoP)
\endcode
\par Description
[Opcode 146] Fetch the structure containing a set of common File Server
statistics. These numbers represent accumulated readings since the time the
File Server last restarted. For a full description of the individual fields
contained in this structure, please see Section 5.1.2.6.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-3-13 Section 5.1.3.13: RXAFS GiveUpCallBacks -
Ask the File Server to break the given set of callbacks on the corresponding
set of file identifiers
\code
int RXAFS GiveUpCallBacks(IN struct rx connection *a rxConnP,
IN AFSCBFids *a fidArrayP,
IN AFSCBs *a callBackArrayP)
\endcode
\par Description
[Opcode 147] Given an array of up to AFSCBMAX file identifiers in a fidArrayP
and a corresponding number of callback structures in a callBackArrayP, ask the
File Server to remove these callbacks from its register. Note that this routine
only affects callbacks outstanding on the given set of files for the host
issuing the RXAFS GiveUpCallBacks call. Callback promises made to other
machines on any or all of these files are not affected.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
EINVAL More file identifiers were provided in the a fidArrayP than callbacks in
the a callBackArray.
\subsubsection sec5-1-3-14 Section 5.1.3.14: RXAFS GetVolumeInfo - Get
information about a volume given its name
\code
int RXAFS GetVolumeInfo(IN struct rx connection *a rxConnP,
IN char *a volNameP,
OUT VolumeInfo *a volInfoP)
\endcode
\par Description
[Opcode 148] Ask the given File Server for information regarding a volume whose
name is a volNameP. The volume name must be less than AFSNAMEMAX characters
long, and the volume itself must reside on the File Server being probed.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Please note that definitions for the error codes with VL prefixes may
be found in the vlserver.h include file
\par Error Codes
Could not contact any of the corresponding Volume Location Servers.
VL BADNAME An improperly-formatted volume name provided.
\n VL ENTDELETED An entry was found for the volume, reporting that the volume
has been deleted.
\n VL NOENT The given volume was not found.
\subsubsection sec5-1-3-15 Section 5.1.3.15: RXAFS GetVolumeStatus -
Get basic status information for the named volume
\code
int RXAFS GetVolumeStatus(IN struct rx connection *a rxConnP,
IN long a volIDP,
OUT AFSFetchVolumeStatus *a volFetchStatP,
OUT char *a volNameP,
OUT char *a offLineMsgP,
OUT char *a motdP)
\endcode
\par Description
[Opcode 149] Given the numeric volume identifier contained in a volIDP, fetch
the basic status information corresponding to that volume. This status
information is stored into a volFetchStatP. A full description of this status
structure is found in Section 5.1.2.8. In addition, three other facts about the
volume are returned. The volume's character string name is placed into a
volNameP. This name is guaranteed to be less than AFSNAMEMAX characters long.
The volume's offline message, namely the string recording why the volume is
off-line (if it is), is stored in a offLineMsgP . Finally, the volume's
"Message of the Day" is placed in a motdP. Each of the character strings
deposited into a offLineMsgP and a motdP is guaranteed to be less than
AFSOPAQUEMAX (1,024) characters long.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL A volume identifier of zero was specified.
\subsubsection sec5-1-3-16 Section 5.1.3.16: RXAFS SetVolumeStatus -
Set the basic status information for the named volume
\code
int RXAFS SetVolumeStatus(struct rx connection *a rxConnP,
long avolIDP,
AFSStoreVolumeStatus *a volStoreStatP,
char *a volNameP,
char *a offLineMsgP,
char *a motdP)
/* for the named volume */
\endcode
\par Description
[Opcode 150] Given the numeric volume identifier contained in a volIDP, set
that volume's basic status information to the values contained in a
volStoreStatP. A full description of the fields settable by this call,
including the necessary masking, is found in Section 5.1.2.9. In addition,
three other items relating to the volume may be set. Non-null character strings
found in a volNameP, a offLineMsgP, and a motdP will be stored in the volume's
printable name, off-line message, and "Message of the Day" fields respectively.
The volume name provided must be less than AFSNAMEMAX (256) characters long,
and the other two strings must be less than AFSOPAQUEMAX (1,024) characters
long each.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL A volume identifier of zero was specified.
\subsubsection sec5-1-3-17 Section 5.1.3.17: RXAFS GetRootVolume -
Return the name of the root volume for the file system
\code
int RXAFS GetRootVolume(IN struct rx connection *a rxConnP,
OUT char *a rootVolNameP)
\endcode
\par Description
[Opcode 151] Fetch the name of the volume which serves as the root of the AFS
file system and place it into a rootVolNameP. This name will always be less
than AFSNAMEMAX characters long. Any File Server will respond to this call, not
just the one hosting the root volume. The queried File Server first tries to
discover the name of the root volume by reading from the
/usr/afs/etc/RootVolume file on its local disks. If that file doesn't exist,
then it will return the default value, namely "root.afs".
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-3-18 5.1.3.18: RXAFS CheckToken - (Obsolete)
Check that the given user identifier matches the one in the supplied
authentication token
\code
int RXAFS CheckToken(IN struct rx connection *a rxConnP,
IN long ViceId,
IN AFSOpaque *token)
\endcode
\par Description
[Opcode 152] This function only works for the now-obsolete RPC facility used by
AFS, R. For modern systems using the Rx RPC mechanism, we always get an error
return from this routine.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
ECONNREFUSED Always returned on Rx connections.
\subsubsection sec5-1-3-19 Section 5.1.3.19: RXAFS GetTime - Get the
File Server's time of day
\code
int RXAFS GetTime(IN struct rx connection *a rxConnP,
OUT unsigned long *a secondsP,
OUT unsigned long *a uSecondsP)
\endcode
\par Description
[Opcode 153] Get the current time of day from the File Server specified in the
Rx connection information contained in a rxConnP. The time is returned in
elapsed seconds (a secondsP) and microseconds (a uSecondsP) since that standard
unix "start of the world".
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-3-20 Section 5.1.3.20: RXAFS NGetVolumeInfo - Get
information about a volume given its name
\code
int RXAFS NGetVolumeInfo(IN struct rx connection *a rxConnP,
IN char *a volNameP,
OUT AFSVolumeInfo *a volInfoP)
\endcode
\par Description
[Opcode 154] This function is identical to RXAFS GetVolumeInfo() (see Section
5.1.3.14), except that it returns a struct AFSVolumeInfo instead of a struct
VolumeInfo. The basic difference is that struct AFSVolumeInfo also carries an
accompanying UDP port value for each File Server listed in the record.
\subsubsection sec5-1-3-21 Section 5.1.3.21: RXAFS BulkStatus - Fetch
the status information regarding a set of given file system objects
\code
int RXAFS BulkStatus(IN struct rx connection *a rxConnP,
IN AFSCBFids *a fidToStatArrayP,
OUT AFSBulkStats *a currStatArrayP,
OUT AFSCBs *a callBackArrayP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 155] This routine is identical to RXAFS FetchStatus() as described in
Section 5.1.3.2, except for the fact that it allows the caller to ask for the
current status fields for a set of up to AFSCBMAX (50) file identifiers at
once.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL The number of file descriptors for which status information was
requested is illegal.
\subsubsection sec5-1-3-22 Section 5.1.3.22: RXAFS SetLock - Set an
advisory lock on the given file identifier
\code
int RXAFS SetLock(IN struct rx connection *a rxConnP,
IN AFSFid *a fidToLockP,
IN ViceLockType a lockType,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 156] Set an advisory lock on the file identified by a fidToLockP. There
are two types of locks that may be specified via a lockType: LockRead and
LockWrite. An advisory lock times out after AFS LOCKWAIT (5) minutes, and must
be extended in order to stay in force (see RXAFS ExtendLock(), Section
5.1.3.23).
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EINVAL An illegal lock type was specified.
\n EWOULDBLOCK The lock was already incompatibly granted to another party.
\subsubsection sec5-1-3-23 Section 5.1.3.23: RXAFS ExtendLock - Extend
an advisory lock on a file
\code
int RXAFS ExtendLock(IN struct rx connection *a rxConnP,
IN AFSFid *a fidToBeExtendedP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 157] Extend the advisory lock that has already been granted to the
caller on the file identified by a fidToBeExtendedP.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EINVAL The caller does not already have the given file locked.
\subsubsection sec5-1-3-24 Section 5.1.3.24: RXAFS ReleaseLock -
Release the advisory lock on a file
\code
int RXAFS ReleaseLock(IN struct rx connection *a rxConnP,
IN AFSFid *a fidToUnlockP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
[Opcode 158] Release the advisory lock held on the file identified by a
fidToUnlockP. If this was the last lock on this file, the File Server will
break all existing callbacks to this file.
\par
Rx connection information for the related File Server is contained in a
rxConnP. Volume version information is returned for synchronization purposes in
a volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\subsubsection sec5-1-3-25 Section 5.1.3.25: RXAFS XStatsVersion - Get
the version number associated with the File Server's extended statistics
structure
\code
int RXAFS XStatsVersion(IN struct rx connection *a rxConnP,
OUT long *a versionNumberP)
\endcode
\par Description
[Opcode 159] This call asks the File Server for the current version number of
the extended statistics structures it exports (see RXAFS GetXStats(), Section
5.1.3.26). The version number is placed into a versionNumberP.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-3-26 Section 5.1.3.26: RXAFS GetXStats - Get the
current contents of the specified extended statistics structure
\code
int RXAFS GetXStats(IN struct rx connection *a rxConnP,
IN long a clientVersionNumber,
IN long a collectionNumber,
OUT long *a srvVersionNumberP,
OUT long *a timeP,
OUT AFS CollData *a dataP)
\endcode
\par Description
[Opcode 160] This function fetches the contents of the specified File Server
extended statistics structure. The caller provides the version number of the
data it expects to receive in a clientVersionNumber. Also provided in a
collectionNumber is the numerical identifier for the desired data collection.
There are currently two of these data collections defined: AFS XSTATSCOLL CALL
INFO, which is the list of tallies of the number of invocations of internal
File Server procedure calls, and AFS XSTATSCOLL PERF INFO, which is a list of
performance-related numbers. The precise contents of these collections are
described in Sections 5.1.2.7. The current version number of the File Server
collections is returned in a srvVersionNumberP, and is always set upon return,
even if the caller has asked for a difierent version. If the correct version
number has been specified, and a supported collection number given, then the
collection data is returned in a dataP. The time of collection is also
returned, being placed in a timeP.
\par
Rx connection information for the related File Server is contained in a
rxConnP.
\par Error Codes
---No error codes are generated.
\subsection sec5-1-4 Section 5.1.4: Streamed Function Calls
\par
There are two streamed functions in the File Server RPC interface, used to
fetch and store arbitrary amounts of data from a file. While some non-streamed
calls pass such variable-length objects as struct AFSCBFids, these objects have
a pre-determined maximum size.
\par
The two streamed RPC functions are also distinctive in that their single Rxgen
declarations generate not one but two client-side stub routines. The first is
used to ship the IN parameters off to the designated File Server, and the
second to gather the OUT parameters and the error code. If a streamed
definition declares a routine named X YZ(), the two resulting stubs will be
named StartX YZ() and EndX YZ(). It is the application programmer's job to
first invoke StartX YZ(), then manage the unbounded data transfer, then finish
up by calling EndX YZ(). The first longword in the unbounded data stream being
fetched from a File Server contains the number of data bytes to follow. The
application then reads the specified number of bytes from the stream.
\par
The following sections describe the four client-side functions resulting from
the Fetch-Data() and StoreData() declarations in the Rxgen interface definition
file. These are the actual routines the application programmer will include in
the client code. For reference, here are the interface definitions that
generate these functions. Note that the split keyword is what causes Rxgen to
generate the separate start and end routines. In each case, the number after
the equal sign specifies the function's identifying opcode number. The opcode
is passed to the File Server by the StartRXAFS FetchData() and StartRXAFS
StoreData() stub routines.
\code
FetchData(IN AFSFid *a_fidToFetchP,
IN long a_offset,
IN long a_lenInBytes,
OUT AFSFetchStatus *a_fidStatP,
OUT AFSCallBack *a_callBackP,
OUT AFSVolSync *a_volSyncP) split = 130;
StoreData(IN AFSFid *Fid,
IN AFSStoreStatus *InStatus,
IN long Pos,
IN long Length,
IN long FileLength,
OUT AFSFetchStatus *OutStatus,
OUT AFSVolSync *a_volSyncP) split = 133;
\endcode
\subsubsection sec5-1-4-1 Section 5.1.4.1: StartRXAFS FetchData - Begin
a request to fetch file data
\code
int StartRXAFS FetchData(IN struct rx call *a rxCallP,
IN AFSFid *a fidToFetchP,
IN long a offset,
IN long a lenInBytes)
\endcode
\par Description
Begin a request for a lenInBytes bytes of data starting at byte offset a offset
from the file identified by a fidToFetchP. After successful completion of this
call, the data stream will make the desired bytes accessible. The first
longword in the stream contains the number of bytes to actually follow.
\par
Rx call information to the related File Server is contained in a rxCallP.
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-4-2 Section 5.1.4.2: EndRXAFS FetchData -
Conclude a request to fetch file data
\code
int EndRXAFS FetchData(IN struct rx call *a rxCallP,
OUT AFSFetchStatus *a fidStatP,
OUT AFSCallBack *a callBackP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
Conclude a request to fetch file data, as commenced by an StartRXAFS
FetchData() invocation. By the time this routine has been called, all of the
desired data has been read off the data stream. The status fields for the file
from which the data was read are stored in a fidStatP. If the file was from a
read/write volume, its callback information is placed in a callBackP.
\par
Rx call information to the related File Server is contained in a rxCallP.
Volume version information is returned for synchronization purposes in a
volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights. EIO Given file
could not be opened or statted on the File Server, or there was an error
reading the given data off the File Server's disk.
\n -31 An Rx write into the stream ended prematurely.
\subsubsection sec5-1-4-3 Section 5.1.4.3: StartRXAFS StoreData - Begin
a request to store file data
\code
int StartRXAFS StoreData(IN struct rx call *a rxCallP,
IN AFSFid *a fidToStoreP,
IN reStatus *a fidStatusP,
IN AFSStolong a offset,
IN long a lenInBytes,
IN long a fileLenInBytes)
\endcode
\par Description
Begin a request to write a lenInBytes of data starting at byte offset a offset
to the file identified by a fidToStoreP, causing that file's length to become a
fileLenInBytes bytes. After successful completion of this call, the data stream
will be ready to begin accepting the actual data being written.
\par
Rx call information to the related File Server is contained in a rxCallP.
\par Error Codes
---No error codes generated.
\subsubsection sec5-1-4-4 Section 5.1.4.4: EndRXAFS StoreData -
Conclude a request to store file data
\code
int EndRXAFS StoreData(IN struct rx call *a rxCallP,
OUT AFSFetchStatus *a fidStatP,
OUT AFSCallBack *a callBackP,
OUT AFSVolSync *a volSyncP)
\endcode
\par Description
Conclude a request to store file data, as commenced by a StartRXAFS StoreData()
invocation. By the time this routine has been called, all of the file data has
been inserted into the data stream. The status fields for the file to which the
data was written are stored in a fidStatP. All existing callbacks to the given
file are broken before the store concludes.
\par
Rx call information to the related File Server is contained in a rxCallP.
Volume version information is returned for synchronization purposes in a
volSyncP.
\par Error Codes
EACCES The caller does not have the necessary access rights.
\n EISDIR The file being written to is a symbolic link.
\n ENOSPEC A write to the File Server's file on local disk failed.
\n -32 A short read was encountered by the File Server on the data stream.
\subsection sec5-1-5 Section 5.1.5: Example of Streamed Function Call
Usage
\subsubsection sec5-1-5-1 Section 5.1.5.1: Preface
\par
The following code fragment is offered as an example of how to use the streamed
File Server RPC calls. In this case, a client fetches some amount of data from
the given File Server and writes it to a local file it uses to cache the
information. For simplicity, many issues faced by a true application programmer
are not addressed here. These issues include locking, managing file chunking,
data version number mismatches, volume location, Rx connection management,
defensive programming (e.g., checking parameters before using them),
client-side cache management algorithms, callback management, and full error
detection and recovery. Pseudocode is incorporated when appropriate to keep the
level of detail reasonable. For further descriptions of some of these details
and issues, the reader is referred to such companion documents as AFS-3
Programmer's Reference: Specification for the Rx Remote Procedure Call
Facility, AFS-3 Programmer's Reference:Volume Server/Volume Location Server
Interface, and AFS-3 Programmer's Reference: Architectural Overview.
\par
A discussion of the methods used within the example code fragment follows
immediately afterwards in Section 5.1.5.3.
\subsubsection sec5-1-5-2 Section 5.1.5.2: Code Fragment Illustrating
Fetch Operation
\code
int code; /*Return code*/
long bytesRead; /*Num bytes read from Rx*/
struct myConnInfo *connP; /*Includes Rx conn info*/
struct rx_call *rxCallP; /*Rx call ptr*/
struct AFSFid *afsFidP; /*Fid for file to fetch*/
int lclFid; /*Fid for local cache file*/
long offsetBytes; /*Starting fetch offset*/
long bytesToFetch; /*Num bytes to fetch*/
long bytesFromFS; /*Num bytes FileServer returns*/
char *fetchBuffP; /*Buffer to hold stream data*/
int currReadBytes; /*Num bytes for current read*/
/*
* Assume that connP, afsFidP, offsetBytes, lclFid,and
* bytesToFetch have all been given their desired values.
*/ . . .
rxCallP = rx_NewCall(connP->rxConnP);
code = StartRXAFS_FetchData( rxCallP, /*Rx call to use*/
afsFidP, /*Fid being fetched from*/
offsetBytes, /*Offset in bytes*/
bytesToFetch); /*Num bytes wanted*/
if (code == 0)
{
bytesRead = rx_Read(rxCallP, &bytesFromFS, sizeof(long));
if (bytesRead != sizeof(long)) ExitWithError(SHORT_RX_READ);
bytesFromFS = ntohl(bytesFromFS);
xmitBuffer = malloc(FETCH_BUFF_BYTES);
lclFid = open(CacheFileName, O_RDWR, mode);
pos = lseek(lclFid, offsetBytes, L_SET);
while (bytesToFetch > 0) {
currReadBytes = (bytesToFetch > FETCH_BUFF_BYTES) ?
FETCH_BUFF_BYTES : bytesToFetch;
bytesRead = rx_Read(rxCallP, fetchBuffP, currReadBytes);
if (bytesRead != currReadBytes) ExitWithError(SHORT_RX_READ);
code = write(lclFid, fetchBuffP, currReadBytes);
if (code) ExitWithError(LCL_WRITE_FAILED);
bytesToFetch -= bytesRead;
} /*Read from the Rx stream*/
close(lclFid);
} else ExitWithError(code);
code = EndRXAFS_FetchData( rxCallP, /*Rx call to use*/
fidStatP, /*Resulting stat fields*/
fidCallBackP, /*Resulting callback info*/
volSynchP); /*Resulting volume sync info*/
code = rx_EndCall(rxCallP, code);
return(code); . . .
\endcode
\subsubsection sec5-1-5-3 Section 5.1.5.3: Discussion and Analysis
\par
The opening assumption in this discussion is that all the information required
to do the fetch has already been set up. These mandatory variables are the
client-side connection information for the File Server hosting the desired
file, the corresponding AFS file identifier, the byte offset into the file, the
number of bytes to fetch, and the identifier for the local file serving as a
cached copy.
\par
Given the Rx connection information stored in the client's connP record, rx
NewCall() is used to create a new Rx call to handle this fetch operation. The
structure containing this call handle is placed into rxCallP. This call handle
is used immediately in the invocation of StartRXAFS FetchData(). If this setup
call fails, the fragment exits. Upon success, though, the File Server will
commence writing the desired data into the Rx data stream. The File Server
first writes a single longword onto the stream announcing to the client how
many bytes of data will actually follow. The fragment reads this number with
its first rx Read() call. Since all Rx stream data is written in network byte
order, the fragment translates the byte count to its own host byte order first
to properly interpret it. Once the number of bytes to appear on the stream is
known, the client code proceeds to open the appropriate cache file on its own
local disk and seeks to the appropriate spot within it. A buffer into which the
stream data will be placed is also created at this time.
\par
The example code then falls into a loop where it reads all of the data from the
File Server and stores it in the corresponding place in the local cache file.
For each iteration, the code decides whether to read a full buffer's worth or
the remaining number of bytes, whichever is smaller. After all the data is
pulled off the Rx stream, the local cache file is closed. At this point, the
example finishes off the RPC by calling EndRXAFS FetchData(). This gathers in
the required set of OUT parameters, namely the status fields for the file just
fetched, callback and volume synchronization information, and the overall error
code for the streamed routine. The Rx call created to perform the fetch is then
terminated and cleaned up by invoking rx EndCall().
\subsection sec5-1-6 Section 5.1.6: Required Caller Functionality
\par
The AFS File Server RPC interface was originally designed to interact only with
Cache Manager agents, and thus made some assumptions about its callers. In
particular, the File Server expected that the agents calling it would
potentially have stored callback state on file system objects, and would have
to be periodically pinged in order to garbage-collect its records, removing
information on dead client machines. Thus, any entity making direct calls to
this interface must mimic certain Cache Manager actions, and respond to certain
Cache Manager RPC interface calls.
\par
To be safe, any application calling the File Server RPC interface directly
should export the entire Cache Manager RPC interface. Realistically, though, it
will only need to provide stubs for the three calls from this interface that
File Servers know how to make: RXAFSCB InitCallBackState(), RXAFSCB Probe() and
RXAFSCB CallBack(). The very first File Server call made by this application
will prompt the given File Server to call RXAFSCB InitCallBackState(). This
informs the application that the File Server has no record of its existence and
hence this "Cache Manager" should clear all callback information for that
server. Once the application responds positively to the inital RXAFSCB
InitCallBackState(), the File Server will treat it as a bona fide,
fully-fledged Cache Manager, and probe it every so often with RXAFSCB Probe()
calls to make sure it is still alive.
\section sec5-2 Section 5.2: Signal Interface
\par
While the majority of communication with AFS File Servers occurs over the RPC
interface, some important operations are invoked by sending unix signals to the
process. This section describes the set of signals recognized by the File
Server and the actions they trigger upon receipt, as summarized below:
\li SIGQUIT: Shut down a File Server.
\li SIGTSTP: Upgrade debugging output level.
\li SIGHUP: Reset debugging output level.
\li SIGTERM: Generate debugging output specifically concerning open files
within the File Server process.
\subsection sec5-2-1 Section 5.2.1: SIGQUIT: Server Shutdown
\par
Upon receipt of this signal, the File Server shuts itself down in an orderly
fashion. It first writes a message to the console and to its log file
(/usr/afs/logs/FileLog) stating that a shutdown has commenced. The File Server
then flushes all modified buffers and prints out a set of internal statistics,
including cache and disk numbers. Finally, each attached volume is taken
offline, which means the volume header is written to disk with the appropriate
bits set.
\par
In typical usage, human operators do not send the SIGQUIT signal directly to
the File Server in order to affect an orderly shutdown. Rather, the BOS Server
managing the server processes on that machine issues the signal upon receipt of
a properly-authorized shutdown RPC request.
\subsection sec5-2-2 Section 5.2.2: SIGTSTP: Upgrade Debugging Level
\par
Arrival of a SIGTSTP signal results in an increase of the debugging level used
by the File Server. The routines used for writing to log files are sensitive to
this debugging level, as recorded in the global LogLevel variable.
Specifically, these routines will only generate output if the value of LogLevel
is greater than or equal to the value of its threshold parameter. By default,
the File Server sets LogLevel to zero upon startup. If a SIGTSTP signal is
received when the debugging level is zero, it will be bumped to 1. If the
signal arrives when the debugging level is positive, its value will be
multiplied by 5. Thus, as more SIGTSTPs are received, the set of debugging
messages eligible to be delivered to log files grows.
\par
Since the SIGTSTP signal is not supported under IBM's AIX 2.2.1 operating
system, this form of debugging output manipulation is not possible on those
platforms.
\subsection sec5-2-3 Section 5.2.3: SIGHUP: Reset Debugging Level
\par
Receiving a SIGHUP signal causes a File Server to reset its debugging level to
zero. This effectively reduces the set of debugging messages eligible for
delivery to log files to a bare minimum. This signal is used in conjunction
with SIGTSTP to manage the verbosity of log information.
\par
Since the SIGHUP signal is not supported under IBM's AIX 2.2.1 operating
system, this form of debugging output manipulation is not possible on those
platforms.
\subsection sec5-2-4 Section 5.2.4: SIGTERM: File Descriptor Check
\par
Receipt of a SIGTERM signal triggers a routine which sweeps through the given
File Server's unix file descriptors. For each possible unix fid slot, an
fstat() is performed on that descriptor, and the particulars of each open file
are printed out. This action is designed solely for debugging purposes.
\section sec5-3 Section 5.3: Command Line Interface
\par
Another interface exported by the File Server is the set of command line
switches it accepts. Using these switches, many server parameters and actions
can be set. Under normal conditions, the File Server process is started up by
the BOS Server on that machine, as described in AFS-3 Programmer's Reference:
BOS Server Interface. So, in order to utilize any combination of these
command-line options, the system administrator must define the File Server
bnode in such a way that these parameters are properly included. Note that the
switch names must be typed exactly as listed, and that abbreviations are not
allowed. Thus, specifying -b 300 on the command line is unambiguous, directing
that 300 buffers are to be allocated. It is not an abbreviation for the -banner
switch, asking that a message is to be printed to the console periodically.
\par
A description of the set of currently-supported command line switches follows.
\li -b <# buffers> Choose the number of 2,048-byte data buffers to allocate at
system startup. If this switch is not provided, the File Server will operate
with 70 such buffers by default.
\li -banner This switch instructs the File Server to print messages to the
console every 10 minutes to demonstrate it is still running correctly. The text
of the printed message is: File Server is running at <time>.
\li -cb <# callbacks stored> Specify the maximum number of callback records
stored simultaneously by the File Server. The default pool size is 20,000
records.
\li -d <debug level> Set the debugging output level at which File Server runs
to the value provided. Specifically, the LogLevel global variable is set to the
given value (See Section 5.2.2). If this switch is not provided, the default
initial File Server debugging level is set to zero, producing the minimal
debugging output to the log files.
\li -k <stack size> Set the stack size to provide server LWPs upon creation,
measured in 1,024-byte blocks. The default LWP stack size is 24 blocks, or
24,576 bytes.
\li -l <large (directory) vnodes> Select the number of "large" vnodes the File
Server will cache. These vnodes are suitable for recording information about
AFS directories. The extra space in the vnode allows ACL information to be
stored along with the directory. The default allocation value is 200 directory
vnodes.
\li -pctspare <percent overrun blocks past quota> Similar to the -spare switch,
except that the number of allowable overrun blocks is expressed as a percentage
of the given volume's quota. Note: this switch cannot be used in combination
with the -spare switch.
\li -rxdbg Instruct the File Server to open a file named rx dbg in the current
directory, into which the Rx package will write general debugging information.
If the file is already open (due to the appearance of the -rxdbge switch
earlier in the command line), this results in a no-op.
\li -rxdbge Instruct the File Server to open a file named rx dbg in the current
directory, into which the Rx package will write debugging information related
to its event-scheduling activities. If the file is already open (due to the
appearance of the -rxdbg switch earlier in the command line), this results in a
no-op.
\li -rxpck <# packets> Set the number of extra Rx packet buffers to hold in
reserve. These pre-allocated buffers assist in responding to spikes in network
traffic demands. By default, 100 such packet buffers are maintained.
\li -s <small (file) vnodes> Select the number of "small" vnodes the File
Server will cache. These vnodes are suitable for recording information about
non-directory files. As with directory vnodes, the File Server will allocate
200 small vnodes by default.
\li -spare <# overrun blocks to allow> Tell the File Server to allow users
performing a store operation to overrun the host volume's disk quota by a
certain number of (1,024-byte) blocks. In other words, the first store
resulting in a quota overrun will be allowed to succeed if and only if it uses
no more than these many blocks beyond the quota. Further store operations will
be rejected until the volume's storage is once again reduced below quota. By
default, overruns of 1,024 blocks of 1,024 bytes each (1 megabyte total) are
tolerated. Note: this switch cannot be used in combination with the -pctspare
switch.
\li -w <callback wait interval in seconds> This switch determines how often the
File Server periodic daemon lightweight processes run. Among other things,
these daemon LWPs check on the validity of callback records, keep disk usage
statistics up to date, and check the health of the various client machines that
have previously interacted with the File Server. For a full description of
these daemon LWPs, consult Section 2.3. The associated argument specifies the
number of seconds to sleep between daemon invocations. By default, these
periodic daemons run every 300 seconds (5 minutes).
\page chap6 Chapter 6: Cache Manager Interfaces
\section sec6-1 Section 6.1: Overview
\par
There are several interfaces offered by the Cache Manager, allowing clients to
access the files stored by the community of AFS File Servers, to configure the
Cache Manager's behavior and resources, to store and retrieve authentication
information, to specify the location of community Authentication Server and
Volume Location Server services, and to observe and debug the Cache Manager's
state and actions. This chapter will cover the following five interfaces to the
Cache Manager:
\li ioctl(): The standard unix ioctl() system call has been extended to
include more operations, namely waiting until data stores to a File Server
complete before returning to the caller (VIOCCLOSEWAIT) and getting the name of
the cell in which an open file resides (VIOCIGETCELL).
\li pioctl(): An additional system call is provided through which
applications can access operations specific to AFS, which are often tied to a
particular pathname. These operations include Access Control List (ACL) and
mount point management, Kerberos ticket management, cache configuration, cell
configuration, and status of File Servers.
\li RPC: Interface by which outside servers and investigators can
manipulate the Cache Manager. There are two main categories of routines:
callback management, typically called by the File Server, and
debugging/statistics, called by programs such as cmdebug and via the xstat
user-level library for collection of extended statistics.
\li Files: Much of the Cache Manager's configuration information, as well
as its view of the AFS services available from the outside world, is obtained
from parsing various files. One set of these files is typically located in
/usr/vice/etc, and includes CellServDB, ThisCell, and cacheinfo. Another set is
usually found in /usr/vice/cache, namely CacheItems, VolumeItems, and AFSLog.
\li Mariner: This is the interface by which file transfer activity between
the Cache Manager and File Servers may be monitored. Specifically, it is used
to monitor the names of the files and directories being fetched and/or stored
over the network.
\par
Another important component not described in this document is the afsd program.
It is afsd's job to initialize the Cache Manager on a given machine and to
start up its related daemon threads. It accepts a host of configuration
decisions via its command-line interface. In addition, it parses some of the
information kept in the configuration files mentioned above and passes that
information to the Cache Manager. The reader may find a full description of
afsd in the AFS 3.0 Command Reference Manual[2].
\section sec6-2 Section 6.2: Definitions
\par
This section defines data structures that are used by the pioctl() calls.
\subsection sec6-2-1 Section 6.2.1: struct VenusFid
\par
The Cache Manager is the sole active AFS agent aware of the cellular
architecture of the system. Since AFS file identifiers are not guaranteed to be
unique across cell boundaries, it must further qualify them for its own
internal bookkeeping. The struct VenusFid provides just such additional
qualification, attaching the Cache Manager's internal cell identifier to the
standard AFS fid.
\n \b Fields
\li long Cell - The internal identifier for the cell in which the file resides.
\li struct ViceFid Fid - The AFS file identifier within the above cell.
\subsection sec6-2-2 Section 6.2.2: struct ClearToken
\par
This is the clear-text version of an AFS token of identity. Its fields are
encrypted into the secret token format, and are made easily available to the
Cache Manager in this structure.
\n \b Fields
\li long AuthHandle - Key version number.
\li char HandShakeKey[8] - Session key.
\li long ViceId - Identifier for the AFS principal represented by this token.
\li long BeginTimestamp - Timestamp of when this token was minted, and hence
came into effect.
\li long EndTimestamp - Timestamp of when this token is considered to be
expired, and thus disregarded.
\section sec6-3 Section 6.3: ioctl() Interface
\par
The standard unix ioctl() system call performs operations on file system
objects referenced with an open file descriptor. AFS has augmented this system
call with two additional operations, one to perform "safe stores", and one to
get the name of the cell in which a file resides. A third ioctl() extension is
now obsolete, namely aborting a store operation currently in progress.
\subsection sec6-3-1 Section 6.3.1: VIOCCLOSEWAIT
\par
[Opcode 1] Normally, a client performing a unix close() call on an AFS file
resumes once the store operation on the given file data to the host File Server
has commenced but before it has completed. Thus, it is possible that the store
could actually fail (say, because of network partition or server crashes)
without the client's knowledge. This new ioctl opcode specifies to the Cache
Manager that all future close() operations will wait until the associated store
operation to the File Server has completed fully before returning.
\subsection sec6-3-2 Section 6.3.2: VIOCABORT
\par
[Opcode 2] This ioctl() extension is now obsolete. This call results in a noop.
The original intention of this call was to allow a store operation currently in
progress to a File Server on the named fid to be aborted.
\subsection sec6-3-3 Section 6.3.3: VIOIGETCELL
\par
[Opcode 3] Get the name of the cell in which the given fid resides. If the file
is not an AFS file, then ENOTTY is returned. The output buffer specified in the
data area must be large enough to hold the null-terminated string representing
the file's cell, otherwise EFAULT is returned. However, an out size value of
zero specifies that the cell name is not to be copied into the output buffer.
In this case, the caller is simply interested in whether the file is in AFS,
and not its exact cell of residence.
\section sec6-4 Section 6.4: pioctl() Interface
\subsection sec6-4-1 Section 6.4.1: Introduction
\par
There is a new unix system call, pioctl(), which has been defined especially to
support the AFS Cache Manager. Its functional definition is as follows:
\code
int afs syscall pioctl(IN char *a pathP,
IN int a opcode,
IN struct ViceIoctl *a paramsP,
IN int a followSymLinks)
\endcode
\par
This new call is much like the standard ioctl() call, but differs in that the
affected file (when applicable) is specified by its path, not by a file
descriptor. Another difference is the fourth parameter, a followSymLinks,
determines which file should be used should a pathP be a symbolic link. If a
followSymLinks be set to 1, then the symbolic link is followed to its target,
and the pioctl() is applied to that resulting file. If a followSymLinks is set
to 0, then the pioctl() applies to the symbolic link itself.
\par
Not all pioctl() calls affect files. In those cases, the a pathP parameter
should be set to a null pointer. The second parameter to pioctl(), a opcode,
specifies which operation is to be performed. The opcode for each of these
operations is included in the text of the description. Note that not all
pioctl() opcodes are in use. These unused values correspond to obsolete
operations.
\par
The descriptions that follow identify some of the possible error codes for each
pioctl() opcode, but do not offer a comprehensive lists. All pioctl() calls
return 0 upon success.
\par
The rest of this section proceeds to describe the individual opcodes available.
First, though, one asymmetry in this opcode set is pointed out, namely that
while various operations are defined on AFS mount points, there is no direct
way to create a mount point.
\par
This documentation partitions the pioctl() into several groups:
\li Volume operations
\li File Server operations
\li Cell Operations
\li Authentication Operations
\li ACL Operations
\li Cache operations
\li Miscellaneous operations
\par
For all pioctl()s, the fields within the a paramsP parameter will be referred
to directly. Thus, the values of in, in size, out, and out size are discussed,
rather than the settings for a paramsP->in, a paramsP->in size, a paramsP->out,
and a paramsP->out size.
\par
For convenience of reference, a list of the actively-supported pioctl()s, their
opcodes, and brief description appears (in opcode order) below.
\li [1] VIOCSETAL : Set the ACL on a directory
\li [2] VIOCGETAL : Get the ACL for a directory
\li [3] VIOCSETTOK : Set the caller's token for a cell
\li [4] VIOCGETVOLSTAT : Get volume status
\li [5] VIOCSETVOLSTAT : Set volume status
\li [6] VIOCFLUSH : Flush an object from the cache
\li [8] VIOCGETTOK : Get the caller's token for a cell
\li [9] VIOCUNLOG : Discard authentication information
\li [10] VIOCCKSERV : Check the status of one or more File Servers
\li [11] VIOCCKBACK : Mark cached volume info as stale
\li [12] VIOCCKCONN : Check caller's tokens/connections
\li [14] VIOCWHEREIS : Find host(s) for a volume
\li [20] VIOCACCESS : Check caller's access on object
\li [21] VIOCUNPAG : See [9] VIOCUNLOG
\li [22] VIOCGETFID : Get fid for named object
\li [24] VIOCSETCACHESIZE : Set maximum cache size in blocks
\li [25] VIOCFLUSHCB : Unilaterally drop a callback
\li [26] VIOCNEWCELL : Set cell service information
\li [27] VIOCGETCELL : Get cell configuration entry
\li [28] VIOCAFS DELETE MT PT : Delete a mount point
\li [29] VIOC AFS STAT MT PT : Get the contents of a mount point
\li [30] VIOC FILE CELL NAME : Get cell hosting a given object
\li [31] VIOC GET WS CELL : Get caller's home cell name
\li [32] VIOC AFS MARINER HOST : Get/set file transfer monitoring output
\li [33] VIOC GET PRIMARY CELL : Get the caller's primary cell
\li [34] VIOC VENUSLOG : Enable/disable Cache Manager logging
\li [35] VIOC GETCELLSTATUS : Get status info for a cell entry
\li [36] VIOC SETCELLSTATUS : Set status info for a cell entry
\li [37] VIOC FLUSHVOLUME : Flush cached data from a volume
\li [38] VIOC AFS SYSNAME : Get/set the @sys mapping
\li [39] VIOC EXPORTAFS : Enable/disable NFS/AFS translation
\li [40] VIOCGETCACHEPARAMS : Get current cache parameter values
\subsection sec6-4-2 Section 6.4.2: Mount Point Asymmetry
\par
There is an irregularity which deserves to be mentioned regarding the pioctl()
interface. There are pioctl() operations for getting information about a mount
point (VIOC AFS STAT MT PT) and for deleting a mount point (VIOC AFS DELETE MT
PT), but no operation for creating mount points. To create a mount point, a
symbolic link obeying a particular format must be created. The first character
must be either a "%" or a "#", depending on the type of mount point being
created (see the discussion in Section 6.4.4.4). If the mount point carries the
name of the cell explicitly, the full cell name will appear next, followed by a
colon. In all cases, the next portion of the mount point is the volume name. By
convention, the last character of a mount point must always be a period (".").
This trailing period is not visible in the output from fs lsmount.
\subsection sec6-4-3 Section 6.4.3: Volume Operations
\par
There are several pioctl() opcodes dealing with AFS volumes. It is possible to
get and set volume information (VIOCGETVOLSTAT, VIOCSETVOLSTAT), discover which
volume hosts a particular file system object (VIOCWHEREIS), remove all objects
cached from a given volume (VIOC FLUSHVOLUME), and revalidate cached volume
information (VIOCCKBACK).
\subsubsection sec6-4-3-1 Section 6.4.3.1: VIOCGETVOLSTAT: Get volume
status for pathname
\par
[Opcode 4] Fetch information concerning the volume that contains the file
system object named by a pathP. There is no other input for this call, so in
size should be set to zero. The status information is placed into the buffer
named by out, if out size is set to a value of sizeof(struct VolumeStatus) or
larger. Included in the volume information are the volume's ID, quota, and
number of blocks used in the volume as well as the disk partition on which it
resides. Internally, the Cache Manager calls the RXAFS GetVolumeInfo() RPC (See
Section 5.1.3.14) to fetch the volume status.
\par
Among the possible error returns, EINVAL indicates that the object named by a
pathP could not be found.
\subsubsection sec6-4-3-2 Section 6.4.3.2: VIOCSETVOLSTAT: Set volume
status for pathname
\par
[Opcode 5] Set the status fields for the volume hosting the file system object
named by a pathP. The first object placed into the input buffer in is the new
status image. Only those fields that may change, namely MinQuota and MaxQuota
fields, are interpreted upon receipt by the File Server, and are set to the
desired values. Immediately after the struct VolumeStatus image, the caller
must place the null-terminated string name of the volume involved in the input
buffer. New settings for the offline message and MOTD (Message of the Day)
strings may appear after the volume name. If there are no changes in the
offline and/or MOTD messages, a null string must appear for that item. The in
size parameter must be set to the total number of bytes so inserted, including
the nulls after each string. Internally, the Cache Manager calls the RXAFS
SetVolumeStatus() RPC (See Section 5.1.3.16) to store the new volume status.
\par
Among the possible error returns, EINVAL indicates that the object named by a
pathP could not be found.
\subsubsection sec6-4-3-3 Section 6.4.3.3: VIOCWHEREIS: Find the
server(s) hosting the pathname's volume
\par
[Opcode 14] Find the set of machines that host the volume in which the file
system object named by a pathP resides. The input buffer in is not used by this
call, so in size should be set to zero. The output buffer indicated by out is
filled with up to 8 IP addresses, one for each File Server hosting the
indicated volume. Thus, out size should be set to at least (8*sizeof(long)).
This group of hosts is terminated by the first zeroed IP address that appears
in the list, but under no circumstances are more than 8 host IP addresses
returned.
\par
Among the possible error returns is EINVAL, indicating that the pathname is not
in AFS, hence is not contained within a volume. If ENODEV is returned, the
associated volume information could not be obtained.
\subsubsection sec6-4-3-4 Section 6.4.3.4: VIOC FLUSHVOLUME: Flush all
data cached from the pathname's volume
\par
[Opcode 37] Determine the volume in which the file system object named by a
pathP resides, and then throw away all currently cached copies of files that
the Cache Manager has obtained from that volume. This call is typically used
should a user suspect there is some cache corruption associated with the files
from a given volume.
\subsubsection sec6-4-3-5 Section 6.4.3.5: VIOCCKBACK: Check validity
of all cached volume information
\par
[Opcode 11] Ask the Cache Manager to check the validity of all cached volume
information. None of the call's parameters are referenced in this call, so a
pathP and in should be set to the null pointer, and in size and out size should
be set to zero.
\par
This operation is performed in two steps:
\li 1 The Cache Manager first refreshes its knowledge of the root volume,
usually named root.afs. On success, it wakes up any of its own threads waiting
on the arrival of this information, should it have been previously unreachable.
This typically happens should the Cache Manager discover in its startup
sequence that information on the root volume is unavailable. Lacking this
knowledge at startup time, the Cache Manager settles into a semi-quiescent
state, checking every so often to see if volume service is available and thus
may complete its own initialization.
\li 2 Each cached volume record is flagged as being stale. Any future attempt
to access information from these volumes will result in the volume record's
data first being refreshed from the Volume Location Server.
\subsection sec6-4-4 Section 6.4.4: File Server Operations
\par
One group of pioctl() opcodes is aimed at performing operations against one or
more File Servers directly. Specifically, a caller may translate a pathname
into the corresponding AFS fid (VIOCGETFID), unilaterally discard a set of
callback promises (VIOCFLUSHCB), get status on mount points (VIOC AFS STAT MT
PT), delete unwanted mount points (VIOC AFS DELETE MT PT), and check the health
of a group of File Servers(VIOCCKSERV).
\subsubsection sec6-4-4-1 Section 6.4.4.1: VIOCGETFID: Get augmented
fid for named file system object
\par
[Opcode 22] Return the augmented file identifier for the file system object
named by a pathP. The desired struct VenusFid is placed in the output buffer
specified by out. The output buffer size, as indicated by the out size
parameter, must be set to the value of sizeof(struct VenusFid) or greater. The
input buffer is not referenced in this call, so in should be set to the null
pointer and in size set to zero.
\par
Among the possible error returns, EINVAL indicates that the object named by a
pathP was not found.
\subsubsection sec6-4-4-2 Section 6.4.4.2: VIOCFLUSHCB: Unilaterally
drop a callback
\par
[Opcode 25] Remove any callback information kept by the Cache Manager on the
file system object named by a pathP. Internally, the Cache Manager executes a
call to the RXAFS GiveUpCallBacks() RPC (See Section 5.1.3.13) to inform the
appropriate File Server that it is being released from its particular callback
promise. Note that if the named file resides on a read-only volume, then the
above call is not made, and success is returned immediately. This optimization
is possible because AFS File Servers do not grant callbacks on files from
read-only volumes.
\par
Among the possible error returns is EINVAL, which indicates that the object
named by a pathP was not found.
\subsubsection sec6-4-4-3 Section 6.4.4.3: VIOC AFS DELETE MT PT:
Delete a mount point
\par
[Opcode 28] Remove an AFS mount point. The name of the directory in which the
mount point exists is specified by a pathP, and the string name of the mount
point within this directory is provided through the in parameter. The input
buffer length, in size, is set to the length of the mount point name itself,
including the trailing null. The output buffer is not accessed by this call, so
out should be set to the null pointer and out size to zero.
\par
One important note is that the a followSymLinks argument must be set to zero
for correct operation. This is counter-intuitive, since at first glance it
seems that a symbolic link that resolves to a directory should be a valid
pathname parameter. However, recall that mount points are implemented as
symbolic links that do not actually point to another file system object, but
rather simply contain cell and volume information (see the description in
Section 6.4.2). This "special" symbolic link must not be resolved by the
pioctl(), but rather presented as-is to the Cache Manager, which then properly
interprets it and generates a reference to the given volume's root directory.
As an unfortunate side-effect, a perfectly valid symbolic link referring to a
directory will be rejected out of hand by this operation as a value for the a
pathP parameter.
\par
Among the possible error returns, EINVAL reports that the named directory was
not found, and ENOTDIR indicates that the pathname contained within a pathP is
not a directory.
\subsubsection sec6-4-4-4 Section 6.4.4.4: VIOC AFS STAT MT PT: Get the
contents of a mount point
\par
[Opcode 29] Return the contents of the given mount point. The directory in
which the mount point in question resides is provided via the a pathP argument,
and the in buffer contains the name of the mount point object within this
directory. As usual, in size is set to the length of the input buffer,
including the trailing null. If the given object is truly a mount point and the
out buffer is large enough (its length appears in out size), the mount point's
contents are stored into out.
\par
The mount point string returned obeys a stylized format, as fully described in
Section 5.6.2 of the AFS 3.0 System Administrator's Guide[1]. Briefly, a
leading pound sign ("#") indicates a standard mount point, inheriting the
read-only or read-write preferences of the mount point's containing volume. On
the other hand, a leading percent sign ("%") advises the Cache Manager to cross
into the read-write version of the volume, regardless of the existence of
read-only clones. If a colon (":") separator occurs, the portion up to the
colon itself denotes the fully-qualified cell name hosting the volume. The rest
of the string is the volume name itself.
\par
Among the possible error codes is EINVAL, indicating that the named object is
not an AFS mount point. Should the name passed in a pathP be something other
than a directory, then ENOTDIR is returned.
\subsubsection sec6-4-4-5 Section 6.4.4.5: VIOCCKSERV: Check the status
of one or more File Servers
\par
[Opcode 10] Check the status of the File Servers that have been contacted over
the lifetime of the Cache Manager. The a pathP parameter is ignored by this
call, so it should be set to the null pointer. The input parameters as
specified by in are completely optional. If something is placed in the input
buffer, namely in size is not zero, then the first item stored there is a
longword used as a bit array of flags. These flags carry instructions as to the
domain and the "thoroughness" of this check.
\par
Only the settings of the least-significant two bits are recognized. Enabling
the lowest bit tells the Cache Manager not to ping its list of servers, but
simply report their status as contained in the internal server records.
Enabling the next-higher bit limits the search to only those File Servers in a
given cell. If in size is greater than sizeof(long),a null-terminated cell name
string follows the initial flag array, specifying the cell to check. If this
search bit is set but no cell name string follows the longword of flags, then
the search is restricted to those servers contacted from the same cell as the
caller.
\par
This call returns at least one longword into the output buffer out, specifying
the number of hosts it discovered to be down. If this number is not zero, then
the longword IP address for each dead (or unreachable) host follows in the
output buffer. At most 16 server addresses will be returned, as this is the
maximum number of servers for which the Cache Manager keeps information.
\par
Among the possible error returns is ENOENT, indicating that the optional cell
name string input value is not known to the Cache Manager.
\subsection sec6-4-5 Section 6.4.5: Cell Operations
\par
The Cache Manager is the only active AFS agent that understands the system's
cellular architecture. Thus, it keeps important information concerning the
identities of the cells in the community, which cell is in direct
administrative control of the machine upon which it is running, status and
configuration of its own cell, and what cell-specific operations may be legally
executed. The following pioctl()s allow client processes to access and update
this cellular information. Supported operations include adding or updating
knowledge of a cell, including the cell overseeing the caller's machine
(VIOCNEWCELL), fetching the contents of a cell configuration entry
(VIOCGETCELL), finding out which cell hosts a given file system object (VIOC
FILE CELL NAME), discovering the cell to which the machine belongs (VIOC GET WS
CELL), finding out the caller's "primary" cell (VIOC GET PRIMARY CELL), and
getting/setting certain other per-cell system parameters (VIOC GETCELLSTATUS,
VIOC SETCELLSTATUS).
\subsubsection sec6-4-5-1 Section 6.4.5.1: VIOCNEWCELL: Set cell
service information
\par
[Opcode 26] Give the Cache Manager all the information it needs to access an
AFS cell. Exactly eight longwords are placed at the beginning of the in input
buffer. These specify the IP addresses for the machine providing AFS
authentication and volume location authentication services. The first such
longword set to zero will signal the end of the list of server IP addresses.
After these addresses, the input buffer hosts the null-terminated name of the
cell to which the above servers belong. The a pathP parameter is not used, and
so should be set to the null pointer.
\par
Among the possible error returns is EACCES, indicating that the caller does not
have the necessary rights to perform the operation. Only root is allowed to set
cell server information. If either the IP address array or the server name is
unacceptable, EINVAL will be returned.
\subsubsection sec6-4-5-2 Section 6.4.5.2: VIOCGETCELL: Get cell
configuration entry
\par
[Opcode 27] Get the i'th cell configuration entry known to the Cache Manager.
The index of the desired entry is placed into the in input buffer as a
longword, with the first legal value being zero. If there is a cell associated
with the given index, the output buffer will be filled with an array of 8
longwords, followed by a null-terminated string.
\par
The longwords correspond to the list of IP addresses of the machines providing
AFS authentication and volume location services. The string reflects the name
of the cell for which the given machines are operating. There is no explicit
count returned of the number of valid IP addresses in the longword array.
Rather, the list is terminated by the first zero value encountered, or when the
eighth slot is filled.
\par
This routine is intended to be called repeatedly, with the index starting at
zero and increasing each time. The array of cell information records is kept
compactly, without holes. A return value of EDOM indicates that the given index
does not map to a valid entry, and thus may be used as the terminating
condition for the iteration.
\subsubsection sec6-4-5-3 Section 6.4.5.3: VIOC FILE CELL NAME: Get
cell hosting a given object
\par
[Opcode 30] Ask the Cache Manager to return the name of the cell in which the
file system object named by a pathP resides. The input arguments are not used,
so in should be set to the null pointer and in size should be set to zero. The
null-terminated cell name string is returned in the out output buffer.
\par
Among the possible error values, EINVAL indicates that the pathname provided in
a pathP is illegal. If there is no cell information associated with the given
object, ESRCH is returned.
\subsubsection sec6-4-5-4 Section 6.4.5.4: VIOC GET WS CELL: Get
caller's home cell name
\par
[Opcode 31] Return the name of the cell to which the caller's machine belongs.
This cell name is returned as a null-terminated string in the output buffer.
The input arguments are not used, so in should be set to the null pointer and
in size should be set to zero.
\par
Among the possible error returns is ESRCH, stating that the caller's home cell
information was not available.
\subsubsection sec6-4-5-5 Section 6.4.5.5: VIOC GET PRIMARY CELL: Get
the caller's primary cell
\par
[Opcode 33] Ask the Cache Manager to return the name of the caller's primary
cell. Internally, the Cache Manager scans its user records, and the cell
information referenced by that record is used to extract the cell's string
name. The input arguments are not used, so in should be set to the null pointer
and in size should be set to zero. The a pathP pathname argument is not used
either, and should similarly be set to the null pointer. The null-terminated
cell name string is placed into the output buffer pointed to by out if it has
suffcient room.
\par
Among the possible error returns is ESRCH, stating that the caller's primary
cell information was not available.
\subsubsection sec6-4-5-6 Section 6.4.5.6: VIOC GETCELLSTATUS: Get
status info for a cell entry
\par
[Opcode 35] Given a cell name, return a single longword of status flags from
the Cache Manager's entry for that cell. The null-terminated cell name string
is expected to be in the in parameter, with in size set to its length plus one
for the trailing null. The status flags are returned in the out buffer, which
must have out size set to sizeof(long) or larger.
\par
The Cache Manager defines the following output flag values for this operation:
\li 0x1 This entry is considered the caller's primary cell.
\li 0x2 The unix setuid() operation is not honored.
\li 0x4 An obsolete version of the Volume Location Server's database is being
used. While defined, this flag should no longer be set in modern systems.
\par
Among the possible error returns is ENOENT, informing the caller that the Cache
Manager has no knowledge of the given cell name.
\subsubsection sec6-4-5-7 Section 6.4.5.7: VIOC SETCELLSTATUS: Set
status info for a cell entry
\par
[Opcode 36] Given a cell name and an image of the cell status bits that should
be set, record the association in the Cache Manager. The input buffer in must
be set up as follows. The first entry is the longword containing the cell
status bits to be set (see the VIOC GETCELLSTATUS description above for valid
flag definitions). The next entry is another longword, ignored by the Cache
Manager. The third and final entry in the input buffer is a null-terminated
string containing the name of the cell for which the status flags are to be
applied.
\par
Among the possible error returns is ENOENT, reflecting the Cache Manager's
inability to locate its record for the given cell. Only root is allowed to
execute this operation, and an EACCES return indicates the caller was not
effectively root when the call took place.
\subsection sec6-4-6 Section 6.4.6: Authentication Operations
\par
The Cache Manager serves as the repository for authentication information for
AFS clients. Each client process belongs to a single Process Authentication
Group (PAG). Each process in a given PAG shares authentication information with
the other members, and thus has the identical rights with respect to AFS Access
Control Lists (ACLs) as all other processes in the PAG. As the Cache Manager
interacts with File Servers as a client process' agent, it automatically and
transparently presents the appropriate authentication information as required
in order to gain the access to which the caller is entitled. Each PAG can host
exactly one token per cell. These tokens are objects that unequivocally codify
the principal's identity, and are encrypted for security. Token operations
between a Cache Manager and File Server are also encrypted, as are the
interchanges between clients and the Authentication Servers that generate these
tokens.
\par
There are actually two different flavors of tokens, namely clear and secret.
The data structure representing clear tokens is described in Section 6.2.2, and
the secret token appears as an undifferentiated byte stream.
\par
This section describes the operations involving these tokens, namely getting
and setting the caller's token for a particular cell (VIOCGETTOK, VIOCSETTOK),
checking a caller's access on a specified file system object (VIOCACCESS),
checking the status of caller's tokens associated with the set of File Server
connections maintained on its behalf (VIOCCKCONN), and discarding tokens
entirely (VIOCUNLOG, VIOCUNPAG). These abilities are used by such programs as
login, klog, unlog, and tokens, which must generate, manipulate, and/or destroy
AFS tokens.
\subsubsection sec6-4-6-1 Section 6.4.6.1: VIOCSETTOK: Set the caller's
token for a cell
\par
[Opcode 3] Store the caller's secret and clear tokens within the Cache Manager.
The input buffer is used to hold the following quantities, laid out end to end.
The first item placed in the buffer is a longword, specifying the length in
bytes of the secret token, followed by the body of the secret token itself. The
next field is another longword, this time describing the length in bytes of the
struct ClearToken, followed by the structure. These are all required fields.
The caller may optionally include two additional fields, following directly
after the required ones. The first optional field is a longword which is set to
a non-zero value if the cell in which these tokens were generated is to be
marked as the caller's primary cell. The second optional argument is a
null-terminated string specifying the cell in which these tokens apply. If
these two optional arguments do not appear, the Cache Manager will default to
using its home cell and marking the entry as non-primary. The a pathP pathname
parameter is not used, and thus should be set to the null pointer.
\par
If the caller does not have any tokens registered for the cell, the Cache
Manager will store them. If the caller already has tokens for the cell, the new
values will overwrite their old values. Because these are stored per PAG, the
new tokens will thus determine the access rights of all other processes
belonging to the PAG.
\par
Among the possible error returns is ESRCH, indicating the named cell is not
recognized, and EIO, if information on the local cell is not available.
\subsubsection sec6-4-6-2 Section 6.4.6.2: VIOCGETTOK: Get the caller's
token for a cell
\par
[Opcode 8] Get the specified authentication tokens associated with the caller.
The a pathP parameter is not used, so it should be set to the null pointer.
Should the input parameter in be set to a null pointer, then this call will
place the user's tokens for the machine's home cell in the out output buffer,
if such tokens exist. In this case, the following objects are placed in the
output buffer. First, a longword specifying the number of bytes in the body of
the secret token is delivered, followed immediately by the secret token itself.
Next is a longword indicating the length in bytes of the clear token, followed
by the clear token. The input parameter may also consist of a single longword,
indicating the index of the token desired. Since the Cache Manager is capable
of storing multiple tokens per principal, this allows the caller to iteratively
extract the full set of tokens stored for the PAG. The first valid index value
is zero. The list of tokens is kept compactly, without holes. A return value of
EDOM indicates that the given index does not map to a valid token entry, and
thus may be used as the terminating condition for the iteration.
\par
Other than EDOM, another possible error return is ENOTCONN, specifying that the
caller does not have any AFS tokens whatsoever.
\subsubsection sec6-4-6-3 Section 6.4.6.3: VIOCACCESS: Check caller's
access on object
\par
[Opcode 20] This operation is used to determine whether the caller has specific
access rights on a particular file system object. A single longword is placed
into the input buffer, in, representing the set of rights in question. The
acceptable values for these access rights are listen in Section 6.4.5. The
object to check is named by the a pathP parameter. The output parameters are
not accessed, so out should be set to the null pointer, and out size set to
zero.
If the call returns successfully, the caller has at least the set of rights
denoted by the bits set in the input buffer. Otherwise, EACCESS is returned.
\subsubsection sec6-4-6-4 Section 6.4.6.4: VIOCCKCONN: Check status of
caller's tokens/connections
\par
[Opcode 12] Check whether the suite of File Server connections maintained on
behalf of the caller by the Cache Manager has valid authentication tokens. This
function always returns successfully, communicating the health of said
connections by writing a single longword value to the specified output buffer
in out. If zero is returned to the output buffer, then two things are true.
First, the caller has tokens for at least one cell. Second, all tokens
encountered upon a review of the caller's connections have been properly minted
(i.e., have not been generated fraudulently), and, in addition, have not yet
expired. If these conditions do not currently hold for the caller, then the
output buffer value will be set to EACCES. Neither the a pathP nor input
parameters are used by this call.
\subsubsection sec6-4-6-5 Section 6.4.6.5: VIOCUNLOG: Discard
authentication information
\par
[Opcode 9] Discard all authentication information held in trust for the caller.
The Cache Manager sweeps through its user records, destroying all of the
caller's associated token information. This results in reducing the rights of
all processes within the caller's PAG to the level of file system access
granted to the special system:anyuser group.
\par
This operation always returns successfully. None of the parameters are
referenced, so they should all be set to null pointers and zeroes as
appropriate.
\subsubsection sec6-4-6-6 Section 6.4.6.6: VIOCUNPAG: Discard
authentication information
\par
[Opcode 21] This call is essentially identical to the VIOCUNLOG operation, and
is in fact implemented internally by the same code for VIOCUNLOG.
\subsection sec6-4-7 Section 6.4.7: ACL Operations
\par
This set of opcodes allows manipulation of AFS Access Control Lists (ACLs).
Callers are allowed to fetch the ACL on a given directory, or to set the ACL on
a directory. In AFS-3, ACLs are only maintained on directories, not on
individual files. Thus, a directory ACL determines the allowable accesses on
all objects within that directory in conjunction with their normal unix mode
(owner) bits. Should the a pathP parameter specify a file instead of a
directory, the ACL operation will be performed on the directory in which the
given file resides.
\par
These pioctl() opcodes deal only in external formats for ACLs, namely the
actual text stored in an AFS ACL container. This external format is a character
string, composed of a descriptive header followed by some number of individual
principal-rights pairs. AFS ACLs actually specify two sublists, namely the
positive and negative rights lists. The positive list catalogues the set of
rights that certain principals (individual users or groups of users) have,
while the negative list contains the set of rights specifically denied to the
named parties.
\par
These external ACL representations differ from the internal format generated by
the Cache Manager after a parsing pass. The external format may be easily
generated from the internal format as follows. The header format is expressed
with the following printf() statement:
\code
printf("%d\n%d\n", NumPositiveEntries, NumNegativeEntries);
\endcode
\par
The header first specifies the number of entries on the positive rights list,
which appear first in the ACL body. The number of entries on the negative list
is the second item in the header. The negative entries appear after the last
positive entry.
\par
Each entry in the ACL proper obeys the format imposed by the following printf()
statement:
\code
printf("%s\t%d\n", UserOrGroupName, RightsMask);
\endcode
\par
Note that the string name for the user or group is stored in an externalized
ACL entry. The Protection Server stores the mappings between the numerical
identifiers for AFS principals and their character string representations.
There are cases where there is no mapping from the numerical identifier to a
string name. For example, a user or group may have been deleted sometime after
they were added to the ACL and before the Cache Manager externalized the ACL
for storage. In this case, the Cache Manager sets UserOrGroupName to the string
version of the principal's integer identifier. Should the erz principal be
deleted from the Protection Server's database in the above scenario, then the
string '1019' will be stored, since it corresponded to erz's former numerical
identifier.
\par
The RightsMask parameter to the above call represents the set of rights the
named principal may exercise on the objects covered by the ACL. The following
flags may be OR'ed together to construct the desired access rights placed in
RightsMask:
\code
#define PRSFS_READ 1 /*Read files*/
#define PRSFS_WRITE 2 /*Write & write-lock existing files*/
#define PRSFS_INSERT 4 /*Insert & write-lock new files*/
#define PRSFS_LOOKUP 8 /*Enumerate files and examine ACL*/
#define PRSFS_DELETE 16 /*Remove files*/
#define PRSFS_LOCK 32 /*Read-lock files*/
#define PRSFS_ADMINISTER 64 /*Set access list of directory*/
\endcode
\subsubsection sec6-4-7-1 Section 6.4.7.1: VIOCSETAL: Set the ACL on a
directory
\par
[Opcode 1] Set the contents of the ACL associated with the file system object
named by a pathP. Should this pathname indicate a file and not a directory, the
Cache Manager will apply this operation to the file's parent directory. The new
ACL contents, expressed in their externalized form, are made available in in,
with in size set to its length in characters, including the trailing null.
There is no output from this call, so out size should be set to zero.
Internally, the Cache Manager will call the RXAFS StoreACL() RPC (see Section
5.1.3.3 to store the new ACL on the proper File Server.
\par
Possible error codes include EINVAL, indicating that one of three things may be
true: the named path is not in AFS, there are too many entries in the specified
ACL, or a non-existent user or group appears on the ACL.
\subsubsection sec6-4-7-2 Section 6.4.7.2: VIOCGETAL: Get the ACL for a
directory
\par
[Opcode 2] Get the contents of the ACL associated with the file system object
named by a pathP. Should this pathname indicate a file and not a directory, the
Cache Manager will apply this operation to the file's parent directory. The ACL
contents, expressed in their externalized form, are delivered into the out
buffer if out size has been set to a value which indicates that there is enough
room for the specified ACL. This ACL string will be null-terminated. There is
no input to this call, so in size should be set to zero. Internally, the Cache
Manager will call the RXAFS FetchACL() RPC (see Section 5.1.3.1) to fetch the
ACL from the proper File Server.
\par
Possible error codes include EINVAL, indicating that the named path is not in
AFS.
\subsection sec6-4-8 Section 6.4.8: Cache Operations
\par
It is possible to inquire about and affect various aspects of the cache
maintained locally by the Cache Manager through the group of pioctl()s
described below. Specifically, one may force certain file system objects to be
removed from the cache (VIOCFLUSH), set the maximum number of blocks usable by
the cache (VIOCSETCACHESIZE), and ask for information about the cache's current
state (VIOCGETCACHEPARAMS).
\subsubsection sec6-4-8-1 Section 6.4.8.1: VIOCFLUSH: Flush an object
from the cache
\par
[Opcode 6] Flush the file system object specified by a pathP out of the local
cache. The other parameters are not referenced, so they should be set to the
proper combination of null pointers and zeroes.
\par
Among the possible error returns is EINVAL, indicating that the value supplied
in the a pathP parameter is not acceptable.
\subsubsection sec6-4-8-2 Section 6.4.8.2: VIOCSETCACHESIZE: Set
maximum cache size in blocks
\par
[Opcode 24] Instructs the Cache Manager to set a new maximum size (in 1 Kbyte
blocks) for its local cache. The input buffer located at in contains the new
maximum block count. If zero is supplied for this value, the Cache Manager will
revert its cache limit to its value at startup time. Neither the a pathP nor
output buffer parameters is referenced by this operation. The Cache Manager
recomputes its other cache parameters based on this new value, including the
number of cache files allowed to be dirty at once and the total amount of space
filled with dirty chunks. Should the new setting be smaller than the number of
blocks currently being used, the Cache Manager will throw things out of the
cache until it obeys the new limit.
\par
The caller is required to be effectively running as root, or this call will
fail, returning EACCES. If the Cache Manager is configured to run with a memory
cache instead of a disk cache, this operation will also fail, returning EROF.
\subsubsection sec6-4-8-3 Section 6.4.8.3: VIOCGETCACHEPARAMS: Get
current cache parameter values
\par
[Opcode 40] Fetch the current values being used for the cache parameters. The
output buffer is filled with MAXGCSTATS (16) longwords, describing these
parameters. Only the first two longwords in this array are currently set. The
first contains the value of afs cacheBlocks, or the maximum number of 1 Kbyte
blocks which may be used in the cache (see Section 6.4.8.2 for how this value
may be set). The second longword contains the value of the Cache Manager's
internal afs blocksUsed variable, or the number of these cache blocks currently
in use. All other longwords in the array are set to zero. Neither the a pathP
nor input buffer arguments are referenced by this call.
\par
This routine always returns successfully.
\subsection sec6-4-9 Section 6.4.9: Miscellaneous Operations
\par
There are several other AFS-specific operations accessible via the pioctl()
interface that don't fit cleanly into the above categories. They are described
in this section, and include manipulation of the socket-based Mariner file
trace interface (VIOC AFS MARINER HOST), enabling and disabling of the
file-based AFSLog output interface for debugging (VIOC VENUSLOG), getting and
setting the value of the special @sys pathname component mapping (VIOC AFS
SYSNAME), and turning the NFS-AFS translator service on and off (VIOC
EXPORTAFS).
\subsubsection sec6-4-9-1 Section 6.4.9.1: VIOC AFS MARINER HOST:
Get/set file transfer monitoring output
\par
[Opcode 32] This operation is used to get or set the IP address of the host
destined to receive Mariner output. A detailed description of the Cache Manager
Mariner interface may be found in Section 6.7.
\par
The input buffer located at in is used to pass a single longword containing the
IP address of the machine to receive output regarding file transfers between
the Cache Manager and any File Server. If the chosen host IP address is
0xffffffff, the Cache Manager is prompted to turn off generation of Mariner
output entirely. If the chosen host IP address is zero, then the Cache Manager
will not set the Mariner host, but rather return the current Mariner host as a
single longword written to the out output buffer. Any other value chosen for
the host IP address enables Mariner output (if it was not already enabled) and
causes all further traffic to be directed to the given machine.
\par
This function always returns successfully.
\subsubsection sec6-4-9-2 Section 6.4.9.2: VIOC VENUSLOG:
Enable/disable Cache Manager logging
\par
[Opcode 34] Tell the Cache Manager whether to generate debugging information,
and what kind of debugging output to enable. The input buffer located at in is
used to transmit a single longword to the Cache Manager, expressing the
caller's wishes. Of the four bytes making up the longword, the highest byte
indicates the desired value for the internal afsDebug variable, enabling or
disabling general trace output. The next highest byte indicates the desired
value for the internal netDebug variable, enabling or disabling network-level
debugging traces. The third byte is unused, and the low-order byte represents
an overall on/off value for the functionality. There is a special value for the
low-order byte, 99, which instructs the Cache Manager to return the current
debugging setting as a single longword placed into the output buffer pointed to
by out. The a pathP parameter is not referenced by this routine.
\par
Trace output is delivered to the AFSLog file, typically located in the
/usr/vice/etc directory. When this form of debugging output is enabled, the
existing AFSLog file is truncated, and its file descriptor is stored for future
use. When this debugging is disabled, a close() is done on the file, forcing
all its data to disk. For additional information on the AFSLog file for
collecting Cache Manager traces, please see the description in Section 6.6.2.1.
\par
This call will only succeed if the caller is effectively running as root. If
this is not the case, an error code of EACCES is returned.
\subsubsection sec6-4-9-3 Section 6.4.9.3: VIOC AFS SYSNAME: Get/set
the @sys mapping
\par
[Opcode 38] Get or set the value of the special @sys pathname component
understood by the Cache Manager. The input buffer pointed to by in is used to
house a longword whose value determines whether the @sys value is being set (1)
or whether the current value is being fetched (0). If it is being set, then a
null-terminated string is expected to follow in the input buffer, specifying
the new value of @sys. Otherwise, if we are asking the Cache Manager for the
current @sys setting, a null-terminated string bearing that value will be
placed in the out output buffer. The a pathP parameter is not used by this
call, and thus should be set to a null pointer.
\par
There are no special privileges required of the caller to fetch the value of
the current @sys mapping. However, a native caller must be running effectively
as root in order to successfully alter the mapping. An unauthorized attempt to
change the @sys setting will be ignored, and cause this routine to return
EACCES. This requirement is relaxed for VIOC AFS SYSNAME pioctl() calls
emanating from foreign file systems such as NFS and accessing AFS files through
the NFS-AFS translator. Each such remote caller may set its own notion of what
the @sys mapping is without affecting native AFS clients. Since the uid values
received in calls from NFS machines are inherently insecure, it is impossible
to enforce the fact that the caller is truly root on the NFS machine. This,
while any principal running on an NFS machine may change that foreign machine's
perception of @sys, it does not impact native AFS users in any way.
\subsubsection sec6-4-9-4 Section 6.4.9.4: VIOC EXPORTAFS:
Enable/disable NFS/AFS translation
\par
[Opcode 39] Enable or disable the ability of an AFS-capable machine to export
AFS access to NFS clients. Actually, this is a general facility allowing
exportation of AFS service to any number of other file systems, but the only
support currently in place is for NFS client machines. A single longword is
expected in the input buffer in. This input longword is partitioned into
individual bytes, organized as follows. The high-order byte communicates the
type of foreign client to receive AFS file services. There are currently two
legal values for this field, namely 0 for the null foreign file system and 1
for NFS. The next byte determines whether the Cache Manager is being asked to
get or set this information. A non-zero value here is interpreted as a command
to set the export information according to what's in the input longword, and a
zero-valued byte in this position instructs the Cache Manager to place a
longword in the output buffer out, which contains the current export settings
for the foreign system type specified in the high-order byte. The third input
byte is not used, and the lowest-order input buffer byte determines whether
export services for the specified system are being enabled or disabled. A
non-zero value will turn on the services, and a zero value will shut them down.
The a pathP pathname parameter is not used by this call, and the routine
generates output only if the export information is being requested instead of
being set.
\par
The caller must be effectively running as root in order for this operation to
succeed. The call returns EACCES if the caller is not so authorized. If the
caller specifies an illegal foreign system type in the high-order byte of the
input longword, then ENODEV is returned. Again, NFS is the only foreign file
system currently supported.
\par
Practically speaking, the machine providing NFS-AFS translation services must
enable this service with this pioctl() before any NFS client machines may begin
accessing AFS files. Conversely, if an administrator turns off this export
facility, the export code on the translator machine will immediately stop
responding to traffic from its active NFS clients.
\section sec6-5 Section 6.5: RPC Interface
\subsection sec6-5-1 Section 6.5.1: Introduction
\par
This section covers the structure and workings of the Cache Manager's RPC
interface. Typically, these calls are made by File Server processes. However,
some of the calls are designed specifically for debugging programs (e.g., the
cmdebug facility) and for collection of statistical and performance information
from the Cache Manager. Any client application that makes direct calls on the
File Server RPC interface must be prepared to export a subset of the Cache
Manager RPC interface, as discussed in Section 5.1.6.
\par
This section will first examine the Cache Manager's use of locks, whose
settings may be observed via one of the RPC interface calls. Next, it will
present some definitions and data structures used in the RPC interface, and
finally document the individual calls available through this interface.
\subsection sec6-5-2 Section 6.5.2: Locks
\par
The Cache Manager makes use of locking to insure its internal integrity in the
face of its multi-threaded design. A total of 11 locks are maintained for this
purpose, one of which is now obsolete and no longer used (see below). These
locks are strictly internal, and the Cache Manager itself is the only one able
to manipulate them. The current settings for these system locks are externally
accessible for debugging purposes via the AFSRXCB GetLock() RPC interface call,
as described in Section 6.5.5.4. For each lock, its index in the locking table
is given in the following text.
\li afs xvcache [Index 0]: This lock controls access to the status cache
entries maintained by the Cache Manager. This stat cache keeps stat()-related
information for AFS files it has dealt with. The stat information is kept
separate from actual data contents of the related file, since this information
may change independently (say, as a result of a unix chown() call.
\li afs xdcache [Index 1]: This lock moderates access to the Cache Manager's
data cache, namely the contents of the file system objects it has cached
locally. As stated above, this data cache is separate from the associated
stat() information.
\li afs xserver [Index 2]: This lock controls access to the File Server machine
description table, which keeps tabs on all File Servers contacted in recent
history. This lock thus indirectly controls access to the set of per-server RPC
connection descriptors the File Server table makes visible.
\li afs xvcb [Index 3]: This lock supervises access to the volume callback
information kept by the Cache Manager. This table is referenced, for example,
when a client decides to remove one or more callbacks on files from a given
volume (see the RXAFS GiveUpCallBacks() description on Section 5.1.3.13).
\li afs xbrs [Index 4]: This lock serializes the actions of the Cache Manager's
background daemons, which perform prefetching and background file storage
duties.
\li afs xcell [Index 5]: This lock controls the addition, deletion, and update
of items on the linked list housing information on cells known to the Cache
Manager.
\li afs xconn [Index 6]: This lock supervises operations concerning the set of
RPC connection structures kept by the system. This lock is used in combination
with the
\li afs xserver lock described above. In some internal Cache Manager code
paths, the File Server description records are first locked, and then the afs
xconn lock is used to access the associated Rx connection records. afs xuser
[Index 7]: This lock serializes access to the per-user structures maintained by
the Cache Manager.
\li afs xvolume [Index 8]: This lock is used to control access to the Cache
Manager's volume information cache, namely the set of entries currently in
memory, a subset of those stably housed in the VolumeItems disk file (see
Section 6.6.2.3).
\li afs puttofileLock [Index 9]: This lock is obsolete, and while still defined
by the system is no longer used. It formerly serialized writes to a debugging
output interface buffer, but the internal mechanism has since been updated and
improved.
\li afs ftf [Index 10]: This lock is used when flushing cache text pages from
the machine's virtual memory tables. For each specific machine architecture on
which the Cache Manager runs, there is a set of virtual memory operations which
must be invoked to perform this operation. The result of such activities is to
make sure that the latest contents of new incarnations of binaries are used,
instead of outdated copies of previous versions still resident in the virtual
memory system.
\subsection sec6-5-3 Section 6.5.3: Definitions and Typedefs
\par
This section documents some macro definitions and typedefs referenced by the
Cache Manager's RPC interface. Specifically, these definitions and typedefs are
used in the RXAFSCB GetXStats() and RXAFSCB XStatsVersion calls as described in
Sections 6.5.5.6 and 6.5.5.7.
\code
/*
* Define the version of CacheManager and FileServer extended
* statistics being implemented.
*/
const AFSCB_XSTAT_VERSION = 1;
/*
* Define the maximum arrays for passing extended statistics
* info for the CacheManager and FileServer back to our caller.
*/
const AFSCB_MAX_XSTAT_LONGS = 2048;
typedef long AFSCB_CollData<AFSCB_MAX_XSTAT_LONGS>;
/*
* Define the identifiers for the accessible extended stats data
* collections.
*/
const AFSCB_XSTATSCOLL_CALL_INFO = 0; /*CM call counting & info*/
const AFSCB_XSTATSCOLL_PERF_INFO = 1; /*CM performance info*/
\endcode
\subsection sec6-5-4 Section 6.5.4: Structures
\par
This section documents some structures used in the Cache Manager RPC interface.
As with the constants and typedefs in the previous section, these items are
used in the RXAFSCB GetXStats() and RXAFSCB XStatsVersion calls as described in
Sections 6.5.5.6 and 6.5.5.7.
\subsubsection sec6-5-4-1 Section 6.5.4.1: struct afs MeanStats
\par
This structure may be used to collect a running average figure. It is included
in some of the statistics structures described below.
\n \b Fields
\li long average - The computed average.
\li long elements - The number of elements sampled for the above aveage.
\subsubsection sec6-5-4-2 Section 6.5.4.2: struct afs CMCallStats
\par
This structure maintains profiling information, communicating the number of
times internal Cache Manager functions are invoked. Each field name has a "C "
prefix, followed by the name of the function being watched. As this structure
has entries for over 500 functions, it will not be described further here.
Those readers who wish to see the full layout of this structure are referred to
Appendix A.
\par
The AFSCB XSTATSCOLL CALL INFO data collection includes the information in this
structure.
\subsubsection sec6-5-4-3 Section 6.5.4.3: struct afs CMMeanStats
\par
This is the other part of the information (along with the struct afs
CMCallStats construct described above) returned by the AFSCB XSTATSCOLL CALL
INFO data collection defined by the Cache Manager (see Section 6.5.3). It is
accessible via the RXAFSCB GetXStats() interface routine, as defined in Section
6.5.5.7.
\par
This structure represents the beginning of work to compute average values for
some of the extended statistics collected by the Cache Manager.
\n \b Fields
\li struct afs MeanStats something - Intended to collect averages for some of
the Cache Manager extended statistics; not yet implemented.
\subsubsection sec6-5-4-4 Section 6.5.4.4: struct afs CMStats
\par
This structure defines the information returned by the AFSCB XSTATSCOLL CALL
INFO data collection defined by the Cache Manager (see Section 6.5.3). It is
accessible via the RXAFSCB GetXStats() interface routine, as defined in Section
6.5.5.7.
\n \b Fields
\li struct afs CallStats callInfo - Contains the counts on the number of times
each internal Cache Manager function has been called.
\li struct afs MeanStats something - Intended to collect averages for some of
the Cache Manager extended statistics; not yet implemented.
\subsubsection sec6-5-4-5 Section 6.5.4.5: struct afs CMPerfStats
\par
This is the information returned by the AFSCB XSTATSCOLL PERF INFO data
collection defined by the Cache Manager (see Section 6.5.3). It is accessible
via the RXAFSCB GetXStats() interface routine, as defined in Section 6.5.5.7.
\n \b Fields
\li long numPerfCalls - Number of performance calls received.
\li long epoch - Cache Manager epoch time.
\li long numCellsContacted - Number of cells contacted.
\li long dlocalAccesses - Number of data accesses to files within the local
cell.
\li long vlocalAccesses - Number of stat accesses to files within the local
cell.
\li long dremoteAccesses - Number of data accesses to files outside of the
local cell.
\li long vremoteAccesses - Number of stat accesses to files outside of the
local cell.
\li long cacheNumEntries - Number of cache entries.
\li long cacheBlocksTotal - Number of (1K) blocks configured for the AFS cache.
\li long cacheBlocksInUse - Number of cache blocks actively in use.
\li long cacheBlocksOrig - Number of cache blocks configured at bootup.
\li long cacheMaxDirtyChunks - Maximum number of dirty cache chunks tolerated.
\li long cacheCurrDirtyChunks - Current count of dirty cache chunks.
\li long dcacheHits - Number of data file requests satisfied by the local
cache.
\li long vcacheHits - Number of stat entry requests satisfied by the local
cache.
\li long dcacheMisses - Number of data file requests not satisfied by the local
cache.
\li long vcacheMisses - Number of stat entry requests not satisfied by the
local cache.
\li long cacheFlushes - Number of files flushed from the cache.
\li long cacheFilesReused - Number of cache files reused.
\li long numServerRecords - Number of records used for storing information
concerning File Servers.
\li long ProtServerAddr - IP addres of the Protection Server used (not
implemented).
\li long spare[32] - A set of longword spares reserved for future use.
\subsection sec6-5-5 Section 6.5.5: Function Calls
\par
This section discusses the Cache Manager interface calls. No special
permissions are required of the caller for any of these operations. A summary
of the calls making up the interface appears below:
\li RXAFSCB Probe() "Are-you-alive" call.
\li RXAFSCB CallBack() Report callbacks dropped by a File Server.
\li RXAFSCB InitCallBackState() Purge callback state from a File Server.
\li RXAFSCB GetLock() Get contents of Cache Manager lock table.
\li RXAFSCB GetCE() Get cache file description.
\li RXAFSCB XStatsVersion() Get version of extended statistics package.
\li RXAFSCB GetXStats() Get contents of extended statistics data collection.
\subsubsection sec6-5-5-1 Section 6.5.5.1: RXAFSCB Probe - Acknowledge
that the underlying callback service is still operational
\code
int RXAFSCB Probe(IN struct rx call *a rxCallP)
\endcode
\par Description
[Opcode 206] This call simply implements an "are-you-alive" operation, used to
determine if the given Cache Manager is still running. Any File Server will
probe each of the Cache Managers with which it has interacted on a regular
basis, keeping track of their health. This information serves an important
purpose for a File Server. In particular, it is used to trigger purging of
deceased Cache Managers from the File Server's callback records, and also to
instruct a new or "resurrected" Cache Manager to purge its own callback state
for the invoking File Server.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
---No error codes are generated.
\subsubsection sec6-5-5-2 Section 6.5.5.2: RXAFSCB CallBack - Report
callbacks dropped by a File Server
\code
int RXAFSCB CallBack(IN struct rx call *a rxCallP,
IN AFSCBFids *a fidArrayP,
IN AFSCBs *a callBackArrayP)
\endcode
\par Description
[Opcode 204] Provide information on dropped callbacks to the Cache Manager for
the calling File Server. The number of fids involved appears in a
fidArrayP->AFSCBFids len, with the fids themselves located at a
fidArrayP->AFSCBFids val. Similarly, the number of associated callbacks is
placed in a callBackArrayP->AFSCBs len, with the callbacks themselves located
at a callBackArrayP->AFSCBs val.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
---No error codes are generated.
\subsubsection sec6-5-5-3 Section 6.5.5.3: RXAFSCB InitCallBackState -
Purge callback state from a File Server
\code
int RXAFSCB InitCallBackState(IN struct rx call *a rxCallP)
\endcode
\par Description
[Opcode 205] This routine instructs the Cache Manager to purge its callback
state for all files and directories that live on the calling host. This
function is typically called by a File Server when it gets a request from a
Cache Manager that does not appear in its internal records. This handles
situations where Cache Managers survive a File Server, or get separated from it
via a temporary network partition. This also happens upon bootup, or whenever
the File Server must throw away its record of a Cache Manager because its
tables have been filled.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
---No error codes are generated.
\subsubsection sec6-5-5-4 Section 6.5.5.4: RXAFSCB GetLock - Get
contents of Cache Manager lock table
\code
int RXAFSCB GetLock(IN struct rx call *a rxCall,
IN long a index,
OUT AFSDBLock *a lockP)
\endcode
\par Description
[Opcode 207] Fetch the contents of entry a index in the Cache Manager lock
table. There are 11 locks in the table, as described in Section 6.5.2. The
contents of the desired lock, including a string name representing the lock,
are returned in a lockP.
\par
This call is not used by File Servers, but rather by debugging tools such as
cmdebug.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
The index value supplied in a index is out of range; it must be between 0 and
10.
\subsubsection sec6-5-5-5 Section 6.5.5.5: RXAFSCB GetCE - Get cache
file description
\code
int RXAFSCB GetCE(IN struct rx call *a rxCall,
IN long a index,
OUT AFSDBCacheEntry *a ceP)
\endcode
\par Description
[Opcode 208] Fetch the description for entry a index in the Cache Manager file
cache, storing it into the buffer to which a ceP points. The structure returned
into this pointer variable is described in Section 4.3.2.
\par
This call is not used by File Servers, but rather by debugging tools such as
cmdebug.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
The index value supplied in a index is out of range.
\subsubsection sec6-5-5-6 Section 6.5.5.6: RXAFSCB XStatsVersion - Get
version of extended statistics package
\code
int RXAFSCB XStatsVersion(IN struct rx call *a rxCall,
OUT long *a versionNumberP)
\endcode
\par Description
[Opcode 209] This call asks the Cache Manager for the current version number of
the extended statistics structures it exports (see RXAFSCB GetXStats(), Section
6.5.5.7). The version number is placed in a versionNumberP.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
---No error codes are generated.
\subsubsection sec6-5-5-7 Section 6.5.5.7: RXAFSCB GetXStats - Get
contents of extended statistics data collection
\code
int RXAFSCB GetXStats(IN struct rx call *a rxCall,
IN long a clientVersionNumber,
IN long a collectionNumber,
OUT long *a srvVersionNumberP,
OUT long *a timeP,
OUT AFSCB CollData *a dataP)
\endcode
\par Description
[Opcode 210] This function fetches the contents of the specified Cache Manager
extended statistics structure. The caller provides the version number of the
data it expects to receive in a clientVersionNumber. Also provided in a
collectionNumber is the numerical identifier for the desired data collection.
There are currently two of these data collections defined: AFSCB XSTATSCOLL
CALL INFO, which is the list of tallies of the number of invocations of
internal Cache Manager procedure calls, and AFSCB XSTATSCOLL PERF INFO, which
is a list of performance-related numbers. The precise contents of these
collections are described in Section 6.5.4. The current version number of the
Cache Manager collections is returned in a srvVersionNumberP, and is always set
upon return, even if the caller has asked for a different version. If the
correct version number has been specified, and a supported collection number
given, then the collection data is returned in a dataP. The time of collection
is also returned, being placed in a timeP.
\par
Rx call information for the related Cache Manager is contained in a rxCallP.
\par Error Codes
The collection number supplied in a collectionNumber is out of range.
\section sec6-6 Section 6.6: Files
\par
The Cache Manager gets some of its start-up configuration information from
files located on the client machine's hard disk. Each client is required to
supply a /usr/vice/etc directory in which this configuration data is kept.
Section 6.6.1 describes the format and purpose of the three files contributing
this setup information: ThisCell, CellServDB, and cacheinfo.
\subsection sec6-6-1 Section 6.6.1: Configuration Files
\subsubsection sec6-6-1-1 Section 6.6.1.1: ThisCell
\par
The Cache Manager, along with various applications, needs to be able to
determine the cell to which its client machine belongs. This information is
provided by the ThisCell file. It contains a single line stating the machine's
fully-qualified cell name.
\par
As with the CellServDB configuration file, the Cache Manager reads the contents
of ThisCell exactly once, at start-up time. Thus, an incarnation of the Cache
Manager will maintain precisely one notion of its home cell for its entire
lifetime. Thus, changes to the text of the ThisCell file will be invisible to
the running Cache Manager. However, these changes will affect such application
programs as klog, which allows a user to generate new authentication tickets.
In this example, klog reads ThisCell every time it is invoked, and then
interacts with the set of Authentication Servers running in the given home
cell, unless the caller specifies the desired cell on the command line.
\par
The ThisCell file is not expected to be changed on a regular basis. Client
machines are not imagined to be frequently traded between different
administrative organizations. The Unix mode bits are set to specify that while
everyone is allowed to read the file, only root is allowed to modify it.
\subsubsection sec6-6-1-2 Section 6.6.1.2: CellServDB
\par
To conduct business with a given AFS cell, a Cache Manager must be informed of
the cell's name and the set of machines running AFS database servers within
that cell. Such servers include the Volume Location Server, Authentication
Server, and Protection Server. This particular cell information is obtained
upon startup by reading the CellServDB file. Thus, when the Cache Manager
initialization is complete, it will be able to communicate with the cells
covered by CellServDB.
\par
The following is an excerpt from a valid CellServDB file, demonstrating the
format used.
\code
...
>transarc.com #Transarc Corporation
192.55.207.7 #henson.transarc.com
192.55.207.13 #bigbird.transarc.com
192.55.207.22 #ernie.transarc.com
>andrew.cmu.edu #Carnegie Mellon University
128.2.10.2 #vice2.fs.andrew.cmu.edu
128.2.10.7 #vice7.fs.andrew.cmu.edu
128.2.10.10 #vice10.fs.andrew.cmu.edu
...
\endcode
\par
There are four rules describing the legal CellServDB file format:
\li 1. Each cell has a separate entry. The entries may appear in any order. It
may be convenient, however, to have the workstation's local cell be the first
to appear.
\li 2. No blank lines should appear in the file, even at the end of the last
entry.
\li 3. The first line of each cell's entry begins with the '>' character, and
specifies the cell's human-readable, Internet Domain-style name. Optionally,
some white space and a comment (preceded by a '#') may follow, briefly
describing the specified cell.
\li 4. Each subsequent line in a cell's entry names one of the cell's database
server machines. The following must appear on the line, in the order given:
\li The Internet address of the server, in the standard 4-component dot
notation.
\li Some amount of whitespace.
\li A '#', followed by the machine's complete Internet host name. In this
instance, the '#' sign and the text beyond it specifying the machine name are
NOT treated as a comment. This is required information.
\par
The Cache Manager will use the given host name to determine its current address
via an Internet Domain lookup. If and only if this lookup fails does the Cache
Manager fall back to using the dotted Internet address on the first part of the
line. This dotted address thus appears simply as a hint in case of Domain
database downtime.
\par
The CellServDB file is only parsed once, when the Cache Manager first starts.
It is possible, however, to amend existing cell information records or add
completely new ones at any time after Cache Manager initialization completes.
This is accomplished via the VIOCNEWCELL pioctl() (see Section 6.4.5.1.
\subsubsection sec6-6-1-3 Section 6.6.1.3: cacheinfo
\par
This one-line file contains three fields separated by colons:
\li AFS Root Directory: This is the directory where the Cache Manager mounts
the AFS root volume. Typically, this is specified to be /afs.
\li Cache Directory: This field names the directory where the Cache Manager is
to create its local cache files. This is typically set to /usr/vice/cache.
\li Cache Blocks: The final field states the upper limit on the number of
1,024-byte blocks that the Cache Manager is allowed to use in the partition
hosting the named cache directory.
\par
Thus, the following cacheinfo file would instruct the Cache Manager to mount
the AFS filespace at /afs, and inform it that it may expect to be able to use
up to 25,000 blocks for the files in its cache directory, /usr/vice/cache.
\code
/afs:/usr/vice/cache:25000
\endcode
\subsection sec6-6-2 Section 6.6.2: Cache Information Files
\subsubsection sec6-6-2-1 Section 6.6.2.1: AFSLog
\par
This is the AFS log file used to hold Cache Manager debugging output. The file
is set up when the Cache Manager first starts. If it already exists, it is
truncated. If it doesn't, it is created. Output to this file is enabled and
disabled via the the VIOC VENUSLOG pioctl() (see Section 6.4.9.2). Normal text
messages are written to this file by the Cache Manager when output is enabled.
Each time logging to this file is enabled, the AFSLog file is truncated. Only
root can read and write this file.
\subsubsection sec6-6-2-2 Section 6.6.2.2: CacheItems
\par
The Cache Manager only keeps a subset of its data cache entry descriptors in
memory at once. The number of these in-memory descriptors is determined by
afsd. All of the data cache entry descriptors are kept on disk, in the
CacheItems file. The file begins with a header region, taking up four
longwords:
\code
struct fheader { long magic AFS_FHMAGIC 0x7635fab8 long firstCSize: First chunk
size long otherCSize: Next chunk sizes long spare }
\endcode
\par
The header is followed by one entry for each cache file. Each is:
\code
struct fcache {
short hvNextp; /* Next in vnode hash table, or freeDCList */
short hcNextp; /* Next index in [fid, chunk] hash table */
short chunkNextp; /* File queue of all chunks for a single vnode */
struct VenusFid fid; /* Fid for this file */
long modTime; /* last time this entry was modified */
long versionNo; /* Associated data version number */
long chunk; /* Relative chunk number */
long inode; /* Unix inode for this chunk */
long chunkBytes; /* Num bytes in this chunk */
char states; /* Has this chunk been modified? */
};
\endcode
\subsubsection sec6-6-2-3 Section 6.6.2.3: VolumeItems
\par
The Cache Manager only keeps at most MAXVOLS (50) in-memory volume
descriptions. However, it records all volume information it has obtained in the
VolumeItems file in the chosen AFS cache directory. This file is truncated when
the Cache Manager starts. Each volume record placed into this file has the
following struct fvolume layout:
\code
struct fvolume {
long cell; /*Cell for this entry*/
long volume; /*Numerical volume ID */
long next; /*Hash index*/
struct VenusFid dotdot; /*Full fid for .. dir */
struct VenusFid mtpoint; /*Full fid for mount point*/
};
\endcode
\section sec6-7 Section 6.7: Mariner Interface
\par
The Cache Manager Mariner interface allows interested parties to be advised in
real time as to which files and/or directories are being actively transferred
between the client machine and one or more File Servers. If enabled, this
service delivers messages of two different types, as exemplified below:
\code
Fetching myDataDirectory
Fetching myDataFile.c
Storing myDataObj.o
\endcode
\par
In the first message, the myDataDirectory directory is shown to have just been
fetched from a File Server. Similarly, the second message indicates that the C
program myDataFile.c had just been fetched from its File Server of residence.
Finally, the third message reveals that the myDataObj.o object file has just
been written out over the network to its respective server.
\par
In actuality, the text of the messages carries a string prefix to indicate
whether a Fetch or Store operation had been performed. So, the full contents of
the above messages are as follows:
\code
fetch$Fetching myDataDirectory
fetch$Fetching myDataFile.c
store$Storing myDataObj.o
\endcode
The Mariner service may be enabled or disabled for a particular machine by
using the VIOC AFS MARINER HOST pioctl() (see Section 6.4.9.1). This operation
allows any host to be specified as the recipient of these messages. A potential
recipient must have its host be declared the target of such messages, then
listen to a socket on port 2106.
\par
Internally, the Cache Manager maintains a cache of NMAR (10) vnode structure
pointers and the string name (up to 19 characters) of the associated file or
directory. This cache is implemented as an array serving as a circular buffer.
Each time a file is involved in a create or lookup operation on a File Server,
the current slot in this circular buffer is filled with the relevant vnode and
string name information, and the current position is advanced. If Mariner
output is enabled, then an actual network fetch or store operation will trigger
messages of the kind shown above. Since a fetch or store operation normally
occurs shortly after the create or lookup, the mapping of vnode to name is
likely to still be in the Mariner cache when it comes time to generate the
appropriate message. However, since an unbounded number of other lookups or
creates could have been performed in the interim, there is no guarantee that
the mapping entry will not have been overrun. In these instances, the Mariner
message will be a bit vaguer. Going back to our original example,
\code
Fetching myDataDirectory
Fetching a file
Storing myDataObj.o
\endcode
In this case, the cached association between the vnode containing myDataFile.c
and its string name was thrown out of the Mariner cache before the network
fetch operation could be performed. Unable to find the mapping, the generic
phrase "a file" was used to identify the object involved.
\par
Mariner messages only get generated when RPC traffic for fetching or storing a
file system object occurs between the Cache Manager and a File Server. Thus,
file accesses that are handled by the Cache Manager's on-board data cache do
not trigger such announcements.
\page biblio Bibliography
\li [1] Transarc Corporation. AFS 3.0 System Administrator's Guide,
F-30-0-D102, Pittsburgh, PA, April 1990.
\li [2] Transarc Corporation. AFS 3.0 Command Reference Manual, F-30-0-D103,
Pittsburgh, PA, April 1990.
\li [3] CMU Information Technology Center. Synchronization and Caching Issues
in the Andrew File System, USENIX Proceedings, Dallas, TX, Winter 1988.
\li [4] Sun Microsystems, Inc. NFS: Network File System Protocol Specification,
RFC 1094, March 1989.
\li [5] Sun Microsystems, Inc. Design and Implementation of the Sun Network
File System, USENIX Summer Conference Proceedings, June 1985.
\li [6] S.P. Miller, B.C. Neuman, J.I. Schiller, J.H. Saltzer. Kerberos
Authentication and Authorization System, Project Athena Technical Plan, Section
E.2.1, M.I.T., December 1987.
\li [7] Bill Bryant. Designing an Authentication System: a Dialogue in Four
Scenes, Project Athena internal document, M.I.T, draft of 8 February 1988.
*/
Reference in New Issue View Git Blame Copy Permalink