Purpose of RxRPC?


#1

Having read this post What is running on udp/7001? and subsequent
https://www.kernel.org/doc/Documentation/networking/rxrpc.txt

The RxRPC protocol driver provides a reliable two-phase transport on top of UDP
that can be used to perform RxRPC remote operations.

it is still not clear to me what purpose of RxRPC remote operations is served in TOS?


#2

would appreciate someone (perhaps from the TO team) explaining what this all about since this RPC socket is active with the wildcard ip 0.0.0.0 on upd port 7001 and without a traceable PID.

As far I was able to gather it is related to the Andrew File System (AFS)?


VPNFilter: Are we lucky we are not affected?
#3

Curious that there is no answer forthcoming about the purpose of this RPC socket running on the router. That raises certainly concerns, at least for me, about security and backdoors.


Probably related the following packages are installed on router (by default?)

kmod-rxrpc Kernel support for AF_RXRPC; required for AFS client
kmod-fs-afs Kernel module for Andrew FileSystem client support


removed kmod-rxrpc via pkgupdate which in turn also removed kmod-fs-afs and kmod-crypto-fcrypt
after a reboot this ominous RPC socket is not showing anymore.


#4

I have none of those packages installed in my enviroment (both router and repeater are from initial indiegogo-campagn).


#5

not sure that such would be a hardware dependency, but then it may from Turris to Omnia, or rather be some app/package dependency. I missed to check this when a vanilla TOS 3.10 installation was made, or which other package may have installed those evenutally.

Apprently though at least someone else (mentioned on the initial post) has been wondering about this udp socket.


#6

And with the vanilla medkit reset 3.11 returns the mysterious remote socket

udp 0 0 0.0.0.0:7001 0.0.0.0:*

I would wish that the developers could be bothered to explain the purpose of the remote socket listening on the global ip. Removing it does not appear to have a inclement impact on the system and can only help to mitigate a potential attack surface.


#7

It is likely a dependant of kmod-fs-afs, considering the design of AFS, which ships in the TO nas.lua package. Not sure which SOHO NAS app is deploying it or whether it is even commonly used in a SOHO environment since it would apparently require the client running AFS app.

AFS: The Andrew Filesystem

AFS is a distributed filesystem. This means that the files stored using AFS are located on a remote server, so you can access them from any workstation. The owner can make the files available from any computer running AFS in the whole world.

You don’t have to attach AFS filesystems they are always available from the workstation under the directory /afs. Another major difference between AFS and other distributed filesystems is that groups of AFS files can be replicated onto multiple servers in such a way that makes the failure of one server unnoticeable to a user. In addition, files and directory structures are cached locally to minimize network traffic to the server.