IT博客-darkstax-文章分类-linux技术

xorg.conf man page

darkstax — Mon, 13 Nov 2006 14:39:00 GMT

摘要: Table of Contents Name xorg.conf - Configuration File for Xorg IntroductionXorg supports several mechanisms for supplying/obtaining configuration and run-time parameters: command... 阅读全文

darkstax 2006-11-13 22:39 发表评论

Linux Network Performance

darkstax — Sat, 21 Oct 2006 17:58:00 GMT

Linux Network Performance

RAW ethernet vs. UDP

Andreas Schaufler

Abstract

This document describes how to do RAW ethernet programming on Linux and gives a comparison of Linux' networking performance on UDP and ethernet layer.

A visitor of my website has pointed out to me that there is a mistake in the performance measuring code. This means the figures presented are very likely wrong. Currently I do not have the time to rerun the tests. The value of this article is therefore reduced to that it is a tutorial for RAW Ethernet programming on Linux but nothing more.

Table of Contents

1. RAW ethernet programming

Networking layers

UDP

RAW ethernet

ethernet Frame Spec (IEEE 802.3)
Example Code

2. Testing Environment

Equipment
What was measured ?

3. Testing Results

Results in numbers
Comparison of UDP results
Comparison of RAW results
Comparison of UDP and RAW ethernet results

A.

Contact

B.

Source Code

List of Tables

3.1. Results

List of Examples

1.1. Create a UDP socket
1.2. Use a UDP socket to send a message
1.3. Use a UDP socket to receive a message
1.4. Create a RAW ethernet socket
1.5. Send a RAW ethernet frame
1.6. Receive a RAW ethernet frame

Chapter 1. RAW ethernet programming

Table of Contents

Networking layers

UDP

RAW ethernet

ethernet Frame Spec (IEEE 802.3)
Example Code

The first chapter gives a short overview of how to establish a RAW ethernet communication between two Linux hosts.

Networking layers

IP networking is using four layers:

Normaly applications are placed above the TCP/UDP layer. Thus, communication between two programs is going two times through all the layers. On the sender side from TCP/ UDP down to the physical layer, on the receiver side from the physical layer up to the TCP/ UDP layer. The actual data transmission is carried out by the physical layer.

However, it is also possible for two programs to communicate on the ethernet layer. In this case the IP and the TCP/UDP layer are not used and as a result an increased data transmission rate is to be expected. It is one purpose of this document to show exact performance figures.

UDP

First of all let us take a look at UDP. It is necessary to create a socket. This socket can later be used to send or receive a UDP message.

Example 1.1. Create a UDP socket

#include
#include
#include
						
int create_udp_socket(int port) {
	/*socketdescriptor*/
	int    s;				
	/*struct used for binding the socket to a local address*/
	struct sockaddr_in host_address;	
	
	/*create the socket*/
	s=socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
	if (s < 0) { /*errorhandling ....*/}
	
	/*init the host_address the socket is beeing bound to*/
	memset((void*)&host_address, 0, sizeof(host_address));
	/*set address family*/
	host_address.sin_family=PF_INET;
	/*accept any incoming messages:*/
	host_address.sin_addr.s_addr=INADDR_ANY;
	/*the port the socket i to be bound to:*/
	host_address.sin_port=htons(port);
	
	/*bind it...*/
	if (
	   bind(s, (struct sockaddr*)&host_address, sizeof(host_address)) < 0
	   ) {
		/*errorhandling...*/
	}
	return s;
}

Example 1.2. Use a UDP socket to send a message

#define BUF_SIZE 1000
#define LOCAL_PORT 5000
#define REMOTE_PORT 5000

...

int s; /*the socket descriptor*/
char buffer[BUF_SIZE]; 			/*the message to send*/
struct sockaddr_in target_host_address;	/*the receiver's address*/
unsigned char* target_address_holder;	/*a pointer to the ip address*/

...

/*create the socket*/
s = create_udp_socket(LOCAL_PORT);
if (s == -1) {errorhandling.....}

/*init target address structure*/
target_host_address.sin_family=PF_INET;
target_host_address.sin_port=htons(REMOTE_PORT);
target_address_holder=(unsigned char*)&target_host_address.sin_addr.s_addr;
target_address_holder[0]=10;
target_address_holder[1]=0;
target_address_holder[2]=0;
target_address_holder[3]=1;

/*fill message with random data....*/
for (j = 0; j < BUF_SIZE; j++) {
	buffer[j] = (unsigned char)((int) (255.0*rand()/(RAND_MAX+1.0)));
}

/*send it*/
sendto(s, buffer, BUF_SIZE, 0, 
	(struct sockaddr*)&target_host_address, sizeof(struct sockaddr));

Example 1.3. Use a UDP socket to receive a message

#define BUF_SIZE 1000
#define LOCAL_PORT 5000

...

char buffer[BUF_SIZE];

/*address of the sender will be stored here*/
struct sockaddr_in host_address;
int hst_addr_size = sizeof(host_address);

/*length of the incoming packet*/
int length = 0;					
/*socketdescriptor*/
int s;						

...

/*create the socket*/
s = create_udp_socket(LOCAL_PORT); 
if (s == -1) {errorhandling.....}

/*wait for incoming message*/
length = recvfrom(s, buffer, BUF_SIZE, 0, 
	(struct sockaddr*)&host_address, &hst_addr_size);

RAW ethernet

Now let us look at RAW ethernet communication. From the programmers' point of view it is quite similar to UDP. The differences are:

the parameters for the function used to create a socket
instead of IP addresses MAC addresses are used
an ethernet frame needs to be created manually

ethernet Frame Spec (IEEE 802.3)

Example Code

Example 1.4. Create a RAW ethernet socket

#include 
#include 
#include 
#include 

...

int s; /*socketdescriptor*/

s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (s == -1) { errorhandling ... }

Example 1.5. Send a RAW ethernet frame

#define ETH_FRAME_LEN 1518

...

/*target address*/
struct sockaddr_ll socket_address;

/*buffer for ethernet frame*/
void* buffer = (void*)malloc(ETH_FRAME_LEN);
 
/*pointer to ethenet header*/
unsigned char* etherhead = buffer;
	
/*userdata in ethernet frame*/
unsigned char* data = buffer + 14;
	
/*another pointer to ethernet header*/
struct ethhdr *eh = (struct ethhdr *)etherhead;
 
int send_result = 0;

/*our MAC address*/
unsigned char src_mac[6] = {0x00, 0x01, 0x02, 0xFA, 0x70, 0xAA};

/*other host MAC address*/
unsigned char dest_mac[6] = {0x00, 0x04, 0x75, 0xC8, 0x28, 0xE5};

/*prepare sockaddr_ll*/

/*RAW communication*/
socket_address.sll_family   = PF_PACKET;	
/*we don't use a protocoll above ethernet layer
  ->just use anything here*/
socket_address.sll_protocol = htons(ETH_P_IP);	

/*index of the network device
see full code later how to retrieve it*/
socket_address.sll_ifindex  = 2;

/*ARP hardware identifier is ethernet*/
socket_address.sll_hatype   = ARPHRD_ETHER;
	
/*target is another host*/
socket_address.sll_pkttype  = PACKET_OTHERHOST;

/*address length*/
socket_address.sll_halen    = ETH_ALEN;		
/*MAC - begin*/
socket_address.sll_addr[0]  = 0x00;		
socket_address.sll_addr[1]  = 0x04;		
socket_address.sll_addr[2]  = 0x75;
socket_address.sll_addr[3]  = 0xC8;
socket_address.sll_addr[4]  = 0x28;
socket_address.sll_addr[5]  = 0xE5;
/*MAC - end*/
socket_address.sll_addr[6]  = 0x00;/*not used*/
socket_address.sll_addr[7]  = 0x00;/*not used*/


/*set the frame header*/
memcpy((void*)buffer, (void*)dest_mac, ETH_ALEN);
memcpy((void*)(buffer+ETH_ALEN), (void*)src_mac, ETH_ALEN);
eh->h_proto = 0x00;
/*fill the frame with some data*/
for (j = 0; j < 1500; j++) {
	data[j] = (unsigned char)((int) (255.0*rand()/(RAND_MAX+1.0)));
}

/*send the packet*/
send_result = sendto(s, buffer, ETH_FRAME_LEN, 0, 
	      (struct sockaddr*)&socket_address, sizeof(socket_address));
if (send_result == -1) { errorhandling... }

Example 1.6. Receive a RAW ethernet frame

void* buffer = (void*)malloc(ETH_FRAME_LEN); /*Buffer for ethernet frame*/
int length = 0; /*length of the received frame*/ 
...
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1) { errorhandling .... }

Chapter 2. Testing Environment

Table of Contents

Equipment
What was measured ?

In this chapter the testing environment is described.

Equipment

The following hardware equipment was used:

Netgear Fast ethernet Switch FS516 16-Port
Host 1:
- Intel Pentium IV 2.0 GHz
- Intel Corp. 82801BD PRO/100 VE (LOM)
- Linux 2.4.18
Host 2:
- Intel Celeron 533 MHz
- 3Com Corporation 3c905C-TX [Fast Etherlink]
- Linux 2.4.20
Host 3:
- Intel Pentium III M 500 MHz
- SMC8035TX CardBus 10M/100M (PCMCIA)
- Linux 2.4.20
Host 4:
- AMD Athlon 1200 MHz
- 3Com Corporation 3c905C-TX/TX-M [Tornado]
- Linux 2.4.18

What was measured ?

two hosts were communicating with each other
amount of user data in the packets was varying from 50 octets up to 1500 octets. (step: 50 octets)
each measurement was carried out for UDP and RAW ethernet
the value taken as result is the average of 100.000 measurements for one roundtrip (back and forth both hosts, as shown below)

way of a packet

Chapter 3. Testing Results

Table of Contents

Results in numbers
Comparison of UDP results
Comparison of RAW results
Comparison of UDP and RAW ethernet results

This chapter shows the testing results.

Results in numbers

Table 3.1. Results

*	Host3 / Host 4 (SMC/ 3Com)		Host1 / Host 4 (Intel/ 3Com)		Host2 / Host 4 (3Com/ 3Com)
#octets	RAW (us)	UDP (us)	RAW (us)	UDP (us)	RAW (us)	UDP (us)

50	29	227	116	100	14	208
100	19	290	104	119	13	227
150	13	296	124	137	14	232
200	21	360	142	154	26	285
250	22	361	159	173	27	300
300	22	418	177	192	27	306
350	20	442	196	209	28	355
400	18	478	214	226	30	366
450	23	511	232	244	30	371
500	17	523	251	263	31	384
550	19	590	116	263	32	426
600	18	601	124	330	33	447
650	18	651	50	317	34	453
700	17	682	10	335	35	467
750	17	708	10	394	35	505
800	17	751	10	372	36	520
850	17	765	10	388	36	524
900	17	816	10	406	37	557
950	17	823	10	424	38	593
1000	17	874	10	443	38	595
1050	17	906	10	461	39	611
1100	18	901	10	478	40	641
1150	21	915	11	496	41	664
1200	21	952	11	558	41	671
1250	21	965	11	532	42	697
1300	19	973	11	550	43	742
1350	17	976	11	568	44	739
1400	17	1000	11	586	44	745
1450	22	1142	12	605	45	781
1500	19	1155	12	633	46	767

Comparison of UDP results

The following graph is showing the results of the UDP measurements for each of the different hardware configurations.

comparison of UDP performance

These results are not surprising. The more user data a packet contains the more time is taken for one roundtrip (linear growing). It is also possible to see that the performance is different for different hardware configurations.

Comparison of RAW results

The following graph is showing the results of the RAW ethernet measurements for each of the different hardware configurations.

comparison of RAW ethernet performance

Looking at SMC/ 3com and 3com/ 3com performance the results are as expected. The time required for one roundtrip is increasing almost linearly, when the amount of user data is increasing. However, the results which were produced by the Intel NIC were unexpected. Although the Intel NIC was very slow when it came to sending packets containing 50 up tp 600 octets of user data, it was outperforming the other two, when the amount of data in a packet is increasing. A possible explanation might be that the driver or the hardware is somehow optimized for larger packages. However this behaviour is not reflected in the UDP comparison graph above.

Comparison of UDP and RAW ethernet results

Finally both graphs are merged into one diagram, in order to compare the performance of UDP and RAW ethernet.

The results show that RAW ethernet in general is much faster than UDP. Looking at the features that are offered by UDP and RAW ethernet it becomes visible that those two are quite similiar. Both are not connection oriented, both are packet based and both do not give any guarantee for success of transmission. Thus, in the view of real world systems which are currently using UDP running over ethernet or systems which require very high network performance, RAW ethernet could offer a very good solution.

Table of Contents

Contact

Contact

Email address: andreas.schaufler@gmx.de

WWW: http://www.landshut.org/bnla01/members/Faustus

darkstax 2006-10-22 01:58 发表评论

Packet Sniffer Construction

darkstax — Sat, 21 Oct 2006 02:47:00 GMT

                     Packet Sniffer Construction 

                               Part II

                                 by

                             Chad Renfro
                           raw_sock@usa.net

   In the previous paper we discussed the use of the SOCK_RAW device 
for accessing packets  from the network layer, and how to interpret 
packets in a logical manor. This will serve as the basis for the 
next set of topics for constructing a more complete packet sniffer. 
The first topic will be error checking the socket function calls. 
Error checking will become invaluable as the code evolves into a more 
complete application. The second topic that this paper will concentrate 
on is the use of the  "ioctl" function for selecting and manipulating the
network interface. 

By looking at the code below you will notice that it has grown 
substantially since the last issue.  First the use of functions to has been
implemented to modularize the code, due to the fact that one of the main 
topics of this issue error checking. Modular coding is very helpful in 
quickly tracking down the problem in evolving code. This also helps the 
growing pains of adding new functions without backtracking and debugging 
the code base. Second all of the socket call have been "wrapped". Also 
remember in the first article the code was not really a true packet sniffer. 
This was due to the fact that the sniffer did not set the interface into 
promiscuous "PROMISC" mode. Promiscuous mode on a network interface 
enables an interface that is intended to look at traffic addressed only to its 6 
byte mac address to look at ALL traffic on the broadcast medium. This sniffer 
will utilize the Set_Promisc function to set the promiscuous flag on the 
network interface. In the original sniffer,the sniffer would get packets from 
the first non-loopback interface. All of the manipulation to the interface in 
this project will be done via the ioctl function call. The ioctl function call is 
"used to manipulate the underlying device parameters for special files", as 
stated by the BSD man pages. These special file are usually terminals, sockets 
and interfaces. Our concern is using ioctl to manipulate socket and the network 
interface. The interface in this project will be chosen by hard coding 
it in the "headers.h" file.

The ioctl function is the all in one function for ansii c when it comes to 
gathering and manipulating interface attributes. Although the following 
example shows how to retrieve and set certain flags on a given interface 
ioctl has many other uses that should be looked at as well. For a better
understanding of ioctl other features look at the ioctls.h and 
ioctl-types.h files.

/************************Tcp_sniff_2.c********************/
1.#include <stdio.h>
2.#include <sys/socket.h>
3.#include <socketbits.h>
4.#include <sys/ioctl.h>
5.#include <net/if.h>
6.#include <netinet/in.h>
7.#include <arpa/inet.h>
8.#include <unistd.h>
9.#include "headers.h"

/*Prototype area*/

10.int Open_Raw_Socket(void);
11.int Set_Promisc(char *interface, int sock);

12.int main() {
13.    int sock, bytes_recieved, fromlen;
14.    char buffer[65535];
15.    struct sockaddr_in from;
16.    struct ip  *ip;
17.    struct tcp *tcp;

18.  sock = Open_Raw_Socket();

    /*now since the socket has been created,
      set the interface into promiscuous mode*/

19.  Set_Promisc(INTERFACE, sock);


20.        while(1)
22.        {
23.               fromlen = sizeof from;
24.               bytes_recieved = recvfrom(sock, buffer, sizeof buffer,
                                 0, (struct sockaddr *)&from, &fromlen);
25.               printf("\nBytes received ::: %5d\n",bytes_recieved);
26.               printf("Source address ::: %s\n",inet_ntoa(from.sin_addr));
27.               ip = (struct ip *)buffer;
                /*See if this is a TCP packet*/
28.               if(ip->ip_protocol == 6) {
                    /*This is a TCP packet*/
29.                     printf("IP header length ::: %d\n",ip->ip_length);
30.                     printf("Protocol ::: %d\n",ip->ip_protocol);
31.                     tcp = (struct tcp *)(buffer + (4*ip->ip_length));
32.                     printf("Source port ::: %d\n",ntohs(tcp->tcp_source_port));
33.                     printf("Dest port  ::: %d\n",ntohs(tcp->tcp_dest_port));
34.               }

35.        }
36.}

37.int Open_Raw_Socket() {
38. int sock;
39.   if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
        /*Then the socket was not created properly and must die*/
40.        perror("The raw socket was not created");
41.        exit(0);
42.   };
43.       return(sock);
44. }

45.int Set_Promisc(char *interface, int sock ) {
46.       struct ifreq ifr;
47.       strncpy(ifr.ifr_name, interface,strnlen(interface)+1);
48.       if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)) {
                /*Could not retrieve flags for the interface*/
49.               perror("Could not retrive flags for the interface");
50.               exit(0);
51.       }
52.       printf("The interface is ::: %s\n", interface);
53.       perror("Retrieved flags from interface successfully");

        /*now that the flags have been retrieved*/
        /* set the flags to PROMISC */
54.       ifr.ifr_flags |= IFF_PROMISC;
55.       if (ioctl (sock, SIOCSIFFLAGS, &ifr) == -1 ) {
                /*Could not set the flags on the interface */
56.               perror("Could not set the PROMISC flag:");
57.               exit(0);
58.       }
59.       printf("Setting interface ::: %s ::: to promisc", interface);

60.       return(0);
61. }


/***********************EOF**********************************/

Now we will examine the code line by line. Most of the code base
has not changed and therefore we will not spend time going over the 
original code. Lets get started.



18.  sock = Open_Raw_Socket();
	Here is the call to open the raw socket. Now 
	jump down and look at the Open_Raw_Socket 
	function.

	37.int Open_Raw_Socket() {
	38. int sock;
	39.   if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
	        /*Then the socket was not created properly and must die*/
	40.        perror("The raw socket was not created");
	41.        exit(0);
	42.   };
	43.       return(sock);
	44. }

	
	Allot of this function should look familiar from the first paper.
	The socket call is the same only this time the socket function
	is wrapped in an if statement to test for an error return. Remember
	all the socket call does is create an endpoint for communication
	if successful it will return a socket descriptor ( an integer )
	and if the call fails it will return a "-1". This is what line
	39 is testing for, if the socket returns a value less
	than 0 it must have failed. If it fails two other tasks must
	take place. First report the error using perror, this will 
	print the error to std_out and will also print the "errno" 
	value that will describe where the last call failed. Second the 
	exit call is used to halt the execution of the program. Now
	most good programs will also close any open file/socket descriptors
	before the exit is called. This is not really necessary due to
	the fact that the exit call will close all open descriptors 
	before it closes. 
	
	Hopefully the socket will succeed and return an open descriptor
	If it does the function will perform the return(sock) call and send
	back an open descriptor to the call on line 18 and store the 
	descriptor in "sock". If the socket call fails this could be caused
	by a defective interface or the user running the program not having
	the correct permissions. Remember to open a socket the user must
	have root access.
	

19.  Set_Promisc(INTERFACE, sock);
	Now that the socket has been successfully created the interface 
	can be chosen and manipulated. For this example the interface has
	been preselected and hard coded into "headers.h" it reads,
			
		#define INTERFACE "eth0"

	This is not the optimal way to choose an interface due to the 
	fact that there are calls to query for all network interfaces
	using ioctl. Given that this is our first exercise using ioctl
	the emphasis will be placed on the use of ioctl to manipulate
	the flags for a predefined interface. 
	
	45.int Set_Promisc(char *interface, int sock ) {
	46.       struct ifreq ifr;
	47.       strncpy(ifr.ifr_name, interface,strnlen(interface)+1);
	48.       if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)) {
	                /*Could not retrieve flags for the interface*/
	49.               perror("Could not retrive flags for the interface");
	50.               exit(0);
	51.       }
	52.       printf("The interface is ::: %s\n", interface);
	53.       perror("Retrieved flags from interface successfully");
	          /*now that the flags have been retrieved*/
	          /* set the flags to PROMISC */
	54.       ifr.ifr_flags |= IFF_PROMISC;
	55.       if (ioctl (sock, SIOCSIFFLAGS, &ifr) == -1 ) {
	                /*Could not set the flags on the interface */
	56.               perror("Could not set the PROMISC flag:");
	57.               exit(0);
	58.       }
	59.       printf("Setting interface ::: %s ::: to promisc", interface);
	60.       return(0);
	61. } 
	
  Starting at line 45, look at the beginning of the Set_Promisc function. As the 
  name implies the sole purpose of this function is to set a network
  interface into promiscuous mode. The function takes two parameters, the
  a char pointer to the interface and the integer that references the 
  open raw socket. Now starting with line 46 we will introduce ioctl.

46.       struct ifreq ifr;
	This is an interface request structure used for socket ioctl.
	The ifreq structure is a rather large structure the main members
	that will be used in this structure are the members that hold the 
	interface name and the interface flags.

47.       strncpy(ifr.ifr_name, interface,strnlen(interface)+1);
	     	Earlier we addressed the fact that we had the interface
		predetermined and hard coded in "headers.h". Here the 
		value held in interface must be copied into the ifr structure
		into the ifr.ifr_name member. This is due to the fact that
		the ioctl call will require an address to a interface request
		structure with the name of the interface in the structure.

48.       if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1))
		Here is the first ioctl call that will get the flags of
		the interface name that was placed in the ifr struct earlier
		look at the internal ioctl call :

		  ioctl(sock, SIOCGIFFLAGS, &ifr)
		
		the first parameter is an open socket descriptor "sock"
		the second is the request that is to be performed. In 
		this case the call is requesting "SOCGIFFLAGS" which 
		will get the flags of the "eth0" interface. The third
		parameter is an address of an interface request structure
		ifr which hold the name of the interface that will be 
		queried.   This step must be performed before the promisc 
                flag can be set. Now look at the entire line, the ioctl 
                call is all being tested for its return. On success the 
                call will return "0" and if the call fails a "-1" will 
                be returned.

54.       ifr.ifr_flags |= IFF_PROMISC;
		This is where the interface flags are changed. Here
		the promiscuous flag is being applied to the interface
		structure ifr. Notice the notation "|=" this is what 
		applies the promiscuous flag to the ifr structure. 
		Although the promisc flag is applied here this is not 
		the final step there is still one final call to set 
		the new flags into place. This is what is called bit 
		testing, to see if a certain bit is set. There is a 
		very special notation for altering and testing bits.
			To set a specific bit use a binary "or"  "|" to combine
			the bit var with the needed bit mask:
			  x = x|mask;
			
			To unset a specific bit use the binary "and" "&" with
			the complement sign "~" of the mask :
			  x= x & ~mask;

			To just test if a bit is on, use the "&" sign and 
			evaluate the result for a non zero value : 
			
			 result=x & mask; 
 

55.       if (ioctl (sock, SIOCSIFFLAGS, &ifr) == -1 )
		This is the final ioctl call to put the device into
		promiscuous mode. Just as the first call retrieved the 
		flags of the interface, this call sets the new revised
		flags that were set in the ifr struct to the physical 
		interface. Also notice that just as in the first ioctl
		call that the return value here is being tested for 
		success.

59.       printf("Setting interface ::: %s ::: to promisc", interface);
		If all goes well this message should be sent to 
		std_out letting the end_user know that the socket 
		was created and that the interface was set into    
		promiscuous mode properly.

60.       return(0);
		Finally the value of "0" is sent back to the original
		call to signify that the function completed successfully.



There is still allot of functionally that could be added to the 
sniffer to make it more complete but most of that is parsing the raw packets
into some desired output form. 

The next step in constructing a more complete sniffer would be to be able to
capture not just a single protocol but all packets. This is the major drawback
to this project is the fact that only Tcp based packets can be viewed. To work
around that the SOCK_RAW device should be replaced with SOCK_PACKET.

However this is only for linux based operating systems. A better solution 
wouldbe to use a preconstructed API like libpcap written by Lawrence 
Berkeley National Laboratory. The use of libpcap was designed to make the 
sniffer code more portable across different operating systems. Now guess 
what the next issue will deal with.
 


This is the end of part two 

	1. Beej's Guide to Network Programming
	     This is an awesome paper that really helps 
	     clear up any misconceptions about network programming.
                             [http://www.ecst.csuchico.edu/~beej/guide/net

       2. TCP/IP Illustrated Vol 1,2,3, Unix Network Programing
          W.Richard Stevens


/*************************headers.h**************************/
/*structure of an ip header*/
struct ip {
	unsigned int        ip_length:4;    /*little-endian*/
	unsigned int         ip_version:4;
	unsigned char       ip_tos;
	unsigned short      ip_total_length;
	unsigned short      ip_id;
	unsigned short      ip_flags;
	unsigned char       ip_ttl;
	unsigned char       ip_protocol;
	unsigned short      ip_cksum;
	unsigned int          ip_source;
	unsigned int          ip_dest;
};

/* Structure of a TCP header */
struct tcp {
	unsigned short      tcp_source_port;
	unsigned short      tcp_dest_port;
	unsigned int         tcp_seqno;
	unsigned int         tcp_ackno;
	unsigned int         tcp_res1:4,     /*little-endian*/
	tcp_hlen:4,
	tcp_fin:1,
 	tcp_syn:1,
	tcp_rst:1,
	tcp_psh:1,
	tcp_ack:1,
	tcp_urg:1,
	tcp_res2:2;
	unsigned short      tcp_winsize;
	unsigned short      tcp_cksum;
	unsigned short      tcp_urgent;
};
/*********************EOF***********************************/

darkstax 2006-10-21 10:47 发表评论

Basic Packet-Sniffer Construction from the Ground Up

darkstax — Fri, 20 Oct 2006 10:01:00 GMT

                           Basic Packet-Sniffer Construction
			          from the Ground Up

                                       Part 1
                                         by

                                     Chad Renfro
				 raw_sock@hotmail.com


   Packet sniffers are applications used by network administrators to monitor and
validate network traffic. Sniffers are programs used to read packets that travel across 
the network at various levels of the OSI layer. And like most security tools sniffers too
can be used for both good and destructive purposes. On the light-side of network
administration sniffers help quickly track down problems such as bottlenecks and
misplaced filters. However on the dark-side sniffers can be used to reap tremendous
amounts of havoc by gathering legitimate user names and passwords so that other
machines can be quickly compromised. Hopefully this paper will be used to help
administrators gain control of their networks by being able to analyze network traffic 
not only by using preconstructed  sniffers but by being able to create their own. This
paper will look at the packet sniffer from the bottem up, looking in depth at the sniffer
core and then gradualy adding functionality to the application. The example included
here will help illustrate some rather cumbersome issues when dealing with network
programing. In no way will this single paper teach a person to write a complete sniffing
application like tcpdump or sniffit. It will however teach some very fundamental issues
that are inherent to all packet sniffers. Like how the packets are accessed on the network
and how to work with the packets at different layers.








The most basic sniffer...

Sniffer #1.

   This sniffer will illustrate the use of the  SOCK_RAW device and show how to gather
packets from the network and print out some simple header  information to std_out.
Although the basic premise is that packet sniffers operate  in a promiscuous mode which
listens to all packets weather or not the packet is destined  for the machines mac address,
this example will collect packets in a non-promiscuous mode . This will let usconcentrate
on the SOCK_RAW device for the first example. To operate this same  code  in a
promiscous mode  the network card may be put in a promiscous mode manually. To do
this type this in after the log in :


   > su -
   Password : ********
   # ifconfig eth0 promisc

   This will now set the network interface eth0 in promiscous mode. 


/************************simple_Tcp_sniff.c********************/

1.    #include <stdio.h>
2.    #include <sys/socket.h>
3.    #include <netinet/in.h>
4.    #include <arpa/inet.h>

5.    #include "headers.h"

6.    int main()
7.    {
8.        int sock, bytes_recieved, fromlen;
9.        char buffer[65535];
10.        struct sockaddr_in from;
11.        struct ip  *ip;
12.        struct tcp *tcp;
13.

14.        sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);

15.    while(1)
16.     {
17.        fromlen = sizeof from;
18.        bytes_recieved = recvfrom(sock, buffer, sizeof buffer, 0,
                                             (struct sockaddr *)&from, &fromlen);
19.        printf("\nBytes received ::: %5d\n",bytes_recieved);
20.        printf("Source address ::: %s\n",inet_ntoa(from.sin_addr));
21.        ip = (struct ip *)buffer;
22.        printf("IP header length ::: %d\n",ip->ip_length);
23.        printf("Protocol ::: %d\n",ip->ip_protocol);
24.        tcp = (struct tcp *)(buffer + (4*ip->ip_length));
25.        printf("Source port ::: %d\n",ntohs(tcp->tcp_source_port);
26.        printf("Dest port  ::: %d\n",ntohs(tcp->tcp_dest_port));

27.             }
28. }
/***********************EOF**********************************/

What this means :

Line 1-4 :
   These are the header files required to use some needed c functions we will use later

	      =     functions like printf and std_out
	 =     this will give access to the SOCK_RAW and the 
	                     IPPROTO_TCP defines 	
	 =     structs like the sockaddr_in 
	  =     lets us use the functions to do network to host byte 
	                     order conversions
line 5 :
   This is the header file headers.h that is also included with this program to give standard
   structures to access the ip and tcp fields. The structures identify each field in the ip and
   tcp header for instance :
 
	struct ip {
	       unsigned int        ip_length:4;         /* length of ip-header in 32-bit
                                                           words*/
 	       unsigned int        ip_version:4;        /* set to "4", for Ipv4 */
	       unsigned char       ip_tos;              /* type of service*/
	       unsigned short      ip_total_length;     /* Total length of ip datagram in
                                                           bytes */
	       unsigned short      ip_id;               /*identification field*/
	       unsigned short      ip_flags;
	       unsigned char       ip_ttl;              /*time-to-live, sets upper limit
                                                          for max number of routers to 
                                                          go through before the packet is
                                                          discarded*/

	       unsigned char       ip_protocol;         /*identifies the correct transport
			                                  protocol */
	       unsigned short      ip_cksum;            /*calculated for the ip header ONLY*/
               unsigned int        ip_source;           /*source ip */
               unsigned int        ip_dest;             /*dest ip*/
	};



	struct tcp {
                 unsigned short     tcp_source_port; /*tcp source port*/
	         unsigned short     tcp_dest_port;   /*tcp dest port*/
	         unsigned int       tcp_seqno;       /*tcp sequence number,
                                                       identifies the byte in the 
                                                       stream of data*/
	         unsigned int       tcp_ackno;       /*contains the next seq num that
                                                       the sender expects to recieve*/
	         unsigned int       tcp_res1:4,      /*little-endian*/
                                    tcp_hlen:4,      /*length of tcp header in 32-bit
                                                       words*/ 
	                            tcp_fin:1,       /*Finish flag "fin"*/
                                    tcp_syn:1,       /*Synchronize sequence
                                                       numbers to start a connection
		                    tcp_rst:1,       /*Reset flag */
                                    tcp_psh:1,       /*Push, sends data to the
                                                       application*/
                                    tcp_ack:1,       /*acknowledge*/
                                    tcp_urg:1,       /*urgent pointer*/
                                    tcp_res2:2;
                 unsigned short     tcp_winsize;     /*maxinum number of bytes able
		                                       to recieve*/
	         unsigned short     tcp_cksum;       /*checksum to cover the tcp
                                                       header and data portion of the
                                                       packet*/

	         unsigned short     tcp_urgent;     /*vaild only if the urgent flag is
			                              set, used to transmit
                                                      emergency data */
	};


line 8-13 :
   This is the variable declaration section
      
	integers :
	     sock                 = socket file descriptor 
	     bytes_recieved       = bytes read from the open socket "sock" 
	     fromlen              = the size of the from structure char :
             buffer               = where the ip packet that is read off the 
		                    wire will be held buffer will hold a datagram 
		                    of 65535 bytes which is the maximum length 
		                    of an ip datagram.

       Struct sockaddr_in :

	   struct sockaddr_in {
		short int          sin_family;  /* Address family   */
		unsigned short int sin_port;    /* Port number      */
		struct in_addr     sin_addr;    /* Internet address */
		unsigned char      sin_zero[8]; /* Same size as struct sockaddr */
	    };

      Before we go any further two topics should be covered,byte-ordering and sockaddr
   structures.  Byte-ordering,is the way that the operating system stores bytes in memory.
   There are two ways that this is done first with the low-order byte at the starting address
   this is known as "little-endian" or host-byte order. Next bytes can be stored with the
   high order byte at the starting address, this is called "big-endian" or network byte order.
   The Internet protocol uses >>>>>> network byte order.
    
       This is important because if you are working on an intel based linux box you will be
   programming on a little-endian machine and to send data via ip you must convert the
   bytes to network-byte order. For examle lets say we are going to store a 2-byte number
   in memory say the value is (in hex) 0x0203


   First this is how the value is stored on a big-endian machine:

                    ___________
                   | 02  | 03  |
                   |_____|_____| 
        address:    0       1


   And here is the same value on a little-endian machine:

                   ___________
                  |03   | 02  |
                  |_____|_____|
       address:    1       0



   The same value is being represented in both examples it is just how we order the bytes
   that changes.

   The next topic that you must understand is the sockaddr vs. the sockaddr_in structures.
   The struct sockaddr is used to hold information about the socket such as the family type
   and other address information it looks like :

	struct sockaddr {
	          unsigned short sa_family;         /*address family*/ 
                  char           sa_data[14];       /*address data*/
	};
	 
	
      The first element in the structure "sa_family" will be used to reference what the family
   type is for the socket, in our sniffer it will be AF_INET. Next the "sa_data" element
   holds the destination port and address for the socket. To make it easier to deal with the
   sockaddr struct the use of the sockaddr_in structure is commonly used. Sockaddr_in 
   makes it easier to reference all of the elements that are contained by sockaddr.


   Sockaddr_in looks like:



   struct sockaddr_in {
             short int          sin_family;    /* Address family               */
             unsigned short int sin_port;      /* Port number                  */
             struct in_addr     sin_addr;      /* Internet address             */
             unsigned char      sin_zero[8];   /* Same size as struct sockaddr */
   };







      We will use this struct and declare a variable "from" which will give us the information
   on the packet that we will collect from the raw socket. For instance the var
   "from.sin_addr" will give access to the packets source address (in 
   network byte order). The thing to mention here is that all items in the sockaddr_in
   structure must be in network-byte order. When we receive the data in the sockaddr_in
   struct we must then convert it back to Host-byte order. To do this we can use some
   predefined functions to convert back and forth between  host and network byteorder.

   Here are the functions we will use:

	ntohs       : this function converts  network byte order to host byte order
                      for a 16-bit short

	ntohl       : same as above but for a 32-bit long

	inet_ntoa   : this function converts a 32-bit network binary value to a
                      dotted decimal ip address

	inet_aton   : converts a character string  address to the 32-bit network
                      binary value

	inet_addr   : takes a char string dotted decimal addr and returns a 32-bit
                      network binary value

   To further illustrate ,say I want to know the port number that this packet originated from:

	int packet_port; packet_port	=ntohs(from.sin_port);
		                         ^^^^^	

   If I want the source IP address of the packet we will use a special function to get it to the
   123.123.123.123 format:

	char *ip_addr; ip_addr	=inet_ntoa(from.sin_addr)
		                 ^^^^^^^^^

line 11-12:

   struct ip *ip :
   struct tcp *tcp :
	
      This is a structure that we defined in our header file "headers.h". This structure is
   declared so that we can access individual fields of the ip/tcp header. The structure is like
   a transparent slide with predefined fields drawn on it. When a packet is taken off 
   the wire it is a stream of bits, to make sense of it the "transparency" (or cast) is laid on
   top of or over the bits so the individual fields can be referenced.

Line 14 :

   sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);

   This is the most important line in the entire program. Socket() takes three arguments in
   this form:

	sockfd = socket(int family, int type, int protocol);



	
    The first argument is the family. This could be either AF_UNIX which is used so a process
   can communicate with another process on the same host or AF_INET which is used for
   internet communication between remote hosts. In this case it will be  AF_INET . Next  
   is the type, the type is usually between 1 of 4 choices (there are others that we will not
   discuss here) the main four are :

   1.	SOCK_DRAM      : used for udp datagrams
   2.	SOCK_STREAM    : used for tcp packets
   3.	SOCK_RAW       : used to bypass the transport layer
	                 and directly access the IP layer

   4.	SOCK_PACKET    : this is linux specific, it is similuar to
                         SOCK_RAW except it accesses the DATA LINK Layer

      For our needs we will use the SOCK_RAW type. You must have root acces to open a
    raw socket. The last parameter  is the protocol,the protocol value specifies what type of
    traffic the socket should receive , for normal sockets this value is usally set to "0"
    because the socket can figure out if for instance the "type" of SOCK_DGRAM is
    specified then the protocol should be UDP.In our case we just want to look at tcp 
    traffic so we will specify IPPROTO_TCP.

	
line 15 :
   while (1)

  The while (1) puts the program into an infinite loop this is necessary so that after the
 first packet is processed we will loop around and grab the next. 


Line 18:
   bytes_recieved = recvfrom(sock, buffer, sizeof buffer, 0, (struct sockaddr *)&from, &fromlen);
	
   Now here is where we are actually reading data from the open socket "sock".The from
   struct is also filled in but notice that we are casting "from" from a "sockaddr_in" struct
   to a "sockaddr" struct. We do this because the recvfrom() requires a sockaddr type but
   to access the separate fields we will continue to use the sockaddr_in structure. The 
   length of the "from" struct must also be present and passed by address. The recvfrom()
   call will return the number of bytes on success and a -1 on error and fill the global var
   errno.

   This is what we call "blocking-I/O" the recvfrom() will wait here forever until a
   datagram on the open socket is ready to be processed. This is opposed to 
   Non-blocking I/O which is like running a process in the background and move on to
   other tasks.


Line 20:
   printf("Source address ::: %s\n",inet_ntoa(from.sin_addr));

   This printf uses the special function inet_ntoa() to take the value of "from.sin_addr"
   which is stored in Network-byte order and outputs a value in a readable ip form such
   as 192.168.1.XXX.

Line 21:
   ip = (struct ip *)buffer;

   This is where we will overlay a predefined structure that will help us to individually
   identify the fields in the packet that we pick up from the open socket.


Line 22:
   printf("IP header length ::: %d\n",ip->ip_length);

   The thing to notice on this line is the "ip->ip_length" this will access a pointer in
   memory to the ip header length the important thing to remember is that the length 
   will be represented in 4-byte words this will be more important later when trying to
   access items past the ip header such as the tcp header or the data portion of the packet.



Line 23:
   printf("Protocol ::: %d\n",ip->ip_protocol);
	
   This gives access to the type of protocol such as 6 for tcp or 17 for udp.

Line 24:
   tcp = (struct tcp *)(buffer + (4*ip->ip_length));

       Remember earlier it was mentioned that the ip header length is stored in 4 byte words,
   this is where that bit of information becomes important. Here we are trying to get access
   to the tcp header fields, to do this we must overlay a structure that has the fields
   predefined just as we did with ip. There is one key difference here the ip header fields
   were easy to access due to the fact that the beginning of the buffer was also the beginning
   of the ip header as so :

	
	|----------------- buffer ----------------|
	 _________________________________________
	| ip header          |                    |
       	|____________________|____________________|
                             ^
                             *ip
                             ^
                             *buffer

      So to get access to the ip header we just set a pointer casted as an ip structure to the
   beginning of the buffer like "ip = (struct ip *)buffer;". To get access to the tcp header 
   is a little more difficult due to the fact that we must set a pointer and cast it as a tcp
   structure at the beginning of the tcp header which follows the ip header in the buffer 
   as so :

	
	 |----------------- buffer ---------------|
          ________________________________________
         | ip header | tcp header |               |
         |___________|____________|_______________|
                     ^
                     *tcp
                    	
This is why we use 4*ip->ip_length to find the start of the tcp header.

Line 25-26:
    printf("Source port ::: %d\n",ntohs(tcp->tcp_source_port);
    printf("Dest port  ::: %d\n",ntohs(tcp->tcp_dest_port));

   We can now access the source and dest ports which are located in the tcp header via 
   the structure as defined above.




     This will conclude  our  first very simple tcp sniffer. This was a very basic application
   that should help define how  to access packets passing on the network and how  to use
   sockets to access the packets. Hopefully this will be the first of many papers to come,
   which each proceeding paper we will add a new or more complex feature to the sniffer. I
   should also mention that there a number of great resources on the net that should aid you
   in further research in this area :

	1. Beej's Guide to Network Programming
	     This is an awesome paper that really helps 
	     clear up any misconceptions about network programming.
                [http://www.ecst.csuchico.edu/~beej/guide/net]

        2. TCP/IP Illustrated Vol 1,2,3
           W.Richard Stevens

To use the above program, cut out the above code and strip off all 
of the line numbers. Save the edited file as sniff.c. Next cut 
out the header file headers.h (below) and save it to a file headers.h
in the same directory. Now just compile: gcc -o sniff sniff.c
You should now have the executable "sniff", to run it type
#./sniff

/*************************headers.h**************************/
/*structure of an ip header             */
struct ip {
	unsigned int        ip_length:4;    /*little-endian*/
	unsigned int        ip_version:4;
	unsigned char       ip_tos;
	unsigned short      ip_total_length;
	unsigned short      ip_id;
	unsigned short      ip_flags;
	unsigned char       ip_ttl;
	unsigned char       ip_protocol;
	unsigned short      ip_cksum;
	unsigned int        ip_source;
	unsigned int        ip_dest;
};

/* Structure of a TCP header */
struct tcp {
	unsigned short      tcp_source_port;
	unsigned short      tcp_dest_port;
	unsigned int        tcp_seqno;
	unsigned int        tcp_ackno;
	unsigned int        tcp_res1:4,     /*little-endian*/
	tcp_hlen:4,
	tcp_fin:1,
 	tcp_syn:1,
	tcp_rst:1,
	tcp_psh:1,
	tcp_ack:1,
	tcp_urg:1,
	tcp_res2:2;
	unsigned short      tcp_winsize;
	unsigned short      tcp_cksum;
	unsigned short      tcp_urgent;
};
/*********************EOF***********************************/

darkstax 2006-10-20 18:01 发表评论

md5校验

darkstax — Sun, 08 Oct 2006 13:13:00 GMT

Verify md5sum using linux
md5sum -c linux.iso.md5

Create an md5sum using linux
md5sum linux.iso > linux.iso.md5

NAME

md5sum - compute and check MD5 message digest

SYNOPSIS

md5sum [OPTION] [FILE]...
md5sum [OPTION] --check [FILE]

DESCRIPTION

Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is -, read standard input.

-b, --binary: read files in binary mode (default on DOS/Windows)
-c, --check: check MD5 sums against given list
-t, --text: read files in text mode (default)

The following two options are useful only when verifying checksums:

--status: don't output anything, status code shows success
-w, --warn: warn about improperly formated checksum lines
--help: display this help and exit
--version: output version information and exit

The sums are computed as described in RFC 1321. When checking, the input should be a former output of this program. The default mode is to print a line with checksum, a character indicating type (`*' for binary, ` ' for text), and name for each FILE.

Iptables Tutorial 1.2.1

darkstax — Sun, 08 Oct 2006 13:00:00 GMT

darkstax 2006-10-08 21:00 发表评论

Iptables 指南

darkstax — Sun, 08 Oct 2006 12:45:00 GMT

darkstax 2006-10-08 20:45 发表评论

Slackware的启动(init)过程

darkstax — Tue, 08 Aug 2006 08:20:00 GMT

作者：Peter Kaagman
原文：http://www.slackfiles.org/documentation/en/articles/init.html
翻译：windrose

导言

在一次IBM于阿姆斯特丹举办的Linux研讨会上，一位老师提出以下说法：“启动是Linux最难的部分。但是，一旦内核已经载入，并由init接管之后，你就畅行无阻了。从那个时刻起，所有发生的事情你都可以在脚本和文档(man page)里面读到。”

他当然是对的。在启动Linux机器的过程中没有什么秘密。你能在ASCII文件中读到所有东西。但是，在跟踪这些脚本的过程中也很容易迷路。Slackware与别的发行版不同之处在于它坚持用BSD风格的启动过程，而不是像它们那样用Sys V的启动过程。

在Sys V的启动系统中，所有起动/停止的脚本都放在 /etc/rc.d目录中。在每一个运行级(runlevel)都有一个目录(即 /etc/rc.1, /etc/rc.2 等等)，其中全是该运行级所需运行脚本的链接。当进入一个运行级时，有一个大的脚本来处理这些链接以起动(或停止)该运行级的服务。

Sys V启动过程用在Redhat、Suse中，我将把解释它的事留给用这类系统的人。没有实际使用它的机器，我恐怕很快会在细节上晕头转向。

Slackware的用户(Slackers)多数认为Sys V启动过程既复杂又难于维护。老实说，Redhat和Suse用户的想法正好相反。不过，先跟着我，然后你自己作出判断。

在本文档中，我将试着证明IBM的老师是正确的。我将循着Slackware(8.1)的启动过程，用脚本和man page作为指导。会引用很多，而较少(我自己的)文字。

又及：你可能注意到，英语不是我的母语。我会尽量经常地用拼写检查程序，但它在语法方面的用处不大。无论在内容或语法方面的错误，请不吝赐教。此外，我非常喜欢大家对我写的东西提出看法。

运行级(runlevel)

我们会很多次谈到运行级，所以现在是个好机会来解释一下运行级。运行级是决定某机器的服务等级的*nix方式。在每个运行级中，人们可以定义哪些服务要激活、哪些不用。原则上，可以有很多运行级。实际上，只有5个：

单用户运行级，只有最少的服务在运行。这个运行级经常用于系统维护。
多用户运行级，所有提供的服务都在运行。这些服务可能是诸如HTTP服务器、电子邮件服务器、SQL服务器之类。正是系统管理员(你)所需要的。
多用户运行级，和前面一样，但这次有个图形界面的登陆管理器。
多用户运行级之一就是机器正常的运行状态。你可以决定另外的运行级。例如，用于远程维护的有网络支持的单用户运行级。

上述运行级之外，还有两个特殊的运行级：

停止系统(halt)的运行级。
重新启动(reboot)的运行级。

Init

假如我想用树状图表示我机器上所有的进程，我可能会得到这样的结果：

																		
bilbo@bilbo:~$ pstree
init-+-4*[agetty]
     |-atd
     |-bash
     |-bash---startx---xinit-+-X
     | `-xinitrc-+-bbmail
     | `-blackbox-+-mozilla-bin---mozilla-bin---4+
     | `-rxvt---bash---pstree
     |-crond
     |-dhcpcd
     |-fetchmail
     |-gpm
     |-gvim
     |-httpd---7*[httpd]
     |-inetd---in.identd---in.identd---5*[in.identd]
     |-keventd
     |-khubd
     |-klogd
     |-kreiserfsd
     |-loop0
     |-loop1
     |-lpd
     |-mdrecoveryd
     |-named
     |-2*[sendmail]
     `-syslogd
bilbo@bilbo:~$

																

pstree命令显示我机器上运行的进程的树状图，看起来有点像目录结构。最引人注目(至少在我看来)的是，树状图的“根”是“init”。从init派生出所有其他进程。这并非偶然。

来自manpage文档：

INIT(8) Linux System Administrator's Manual INIT(8)
NAME
       init, telinit - process control initialization
SYNOPSIS
       /sbin/init [ -a ] [ -s ] [ -b ] [ -z xxx ] [ 0123456Ss ]
       /sbin/telinit [ -t sec ] [ 0123456sSQqabcUu ]
DESCRIPTION
   Init
       Init is the parent of all processes. Its primary role is
       to create processes from a script stored in the file
       /etc/inittab (see inittab(5)). This file usually has
       entries which cause init to spawn gettys on each line that
       users can log in. It also controls autonomous processes
       required by any particular system.

有几个值得注意的要点：

init派生所有进程(Init is the parent of all processes.)
init从文件 /etc/inittab中启动进程
init控制所有独立的进程

在上面的树状图中，你能看到那些独立的进程。它们都是init的直系后代，举几个例子：agetty(4个)、sendmail(2个)、lpd和syslogd。

但为什么init是“所有进程之母”，看看manpage：

BOOTING
       After init is invoked as the last step of the kernel boot
       sequence, it looks for the file /etc/inittab to see if there is an
       entry of the type initdefault (see inittab(5)). The initdefault
       entry determines the initial runlevel of the system. If there is
       no such entry (or no /etc/inittab at all), a runlevel must be
       entered at the system console.

可见内核(kernel)启动时所做的最后一件事就是启动init。init接着按 /etc/inittab的规定做事。

init的manpage给出了更多的信息，但对我们来说也许该看看/etc/inittab了。它似乎是个非常重要的文件。
来自manpage：

INITTAB(5) Linux System Administrator's Manual INITTAB(5)
NAME
       inittab - format of the inittab file used by the sysv-compatible
       init process
DESCRIPTION
       The inittab file describes which processes are started at bootup
       and during normal operation (e.g. /etc/init.d/boot,
       /etc/init.d/rc, gettys...). Init(8) distinguishes multiple run-
       levels, each of which can have its own set of processes that are
       started. Valid runlevels are 0-6 plus A, B, and C for ondemand
       entries. An entry in the inittab file has the following format:
              id:runlevels:action:process

啊哈，令人吃惊！它说：“用于与sysv兼容的init进程”。这是Slackware吗？没错，Slackware确实是用Sys V的init。纯粹为了开心，我们看看Slackware的软件包说明：

bilbo@bilbo:~$ head -n 14 /var/log/packages/sysvinit-2.84-i386-18
PACKAGE NAME: sysvinit-2.84-i386-18
COMPRESSED PACKAGE SIZE: 232 K
UNCOMPRESSED PACKAGE SIZE: 560 K
PACKAGE LOCATION: /var/log/mount/slackware/a/sysvinit-2.84-i386-18.tgz
PACKAGE DESCRIPTION:
sysvinit: sysvinit (init, the parent of all processes)
sysvinit:
sysvinit: System V style init programs by Miquel van Smoorenburg that control
sysvinit: the booting and shutdown of your system. These support a number of
sysvinit: system runlevels, each with a specific set of utilities spawned.
sysvinit: For example, the normal system runlevel is 3, which starts agetty
sysvinit: on virtual consoles tty1 - tty6. Runlevel 4 starts xdm.
sysvinit: Runlevel 0 shuts the system down.
sysvinit:
bilbo@bilbo:~$

所以不要听信别人说Slackware不用Sys V的init，不过它是按BSD风格来用。

inittab

玩够了......让我们看看 /etc/inittab 的格式。同样来自manpage：

              id:runlevels:action:process
Lines beginning with `#' are ignored.
id is a unique sequence of 1-4 characters which iden-
tifies an entry in inittab (for versions of
sysvinit compiled with libraries < 5.2.18 or a.out
libraries the limit is 2 characters).
Note: For gettys or other login processes, the id
field should be the tty suffix of the corresponding
tty, e.g. 1 for tty1. Otherwise, the login
accounting might not work correctly.
runlevels
lists the runlevels for which the specified action
should be taken.
action describes which action should be taken.
process
specifies the process to be executed. If the pro-
cess field starts with a `+' character, init will
not do utmp and wtmp accounting for that process.
This is needed for gettys that insist on doing
their own utmp/wtmp housekeeping. This is also a
historic bug.

组成这个文件的每行都有4个部分，用“:”分隔开

id - 该行的标识
runlevels - 该行为应该发生的运行级的列表
action - 应发生的行为，你能在inittab的manpage里面发现对它们的概述。我将在适当的时候引用。
process - 应由init启动的进程。

复杂吗？还不是那么坏吧，这是我的 /etc/inittab：

bilbo@bilbo:~$ cat /etc/inittab
#
# inittab This file describes how the INIT process should set up
# the system in a certain run-level.
#
# Version: @(#)inittab 2.04 17/05/93 MvS
# 2.10 02/10/95 PV
# 3.00 02/06/1999 PV
# 4.00 04/10/2002 PV
#
# Author: Miquel van Smoorenburg, 
# Modified by: Patrick J. Volkerding, 
#
# These are the default runlevels in Slackware:
# 0 = halt
# 1 = single user mode
# 2 = unused (but configured the same as runlevel 3)
# 3 = multiuser mode (default Slackware runlevel)
# 4 = X11 with KDM/GDM/XDM (session managers)
# 5 = unused (but configured the same as runlevel 3)
# 6 = reboot
# Default runlevel. (Do not set to 0 or 6)
id:3:initdefault:
# System initialization (runs when system boots).
si:S:sysinit:/etc/rc.d/rc.S
# Script to run when going single user (runlevel 1).
su:1S:wait:/etc/rc.d/rc.K
# Script to run when going multi user.
rc:2345:wait:/etc/rc.d/rc.M
# What to do at the "Three Finger Salute".
ca::ctrlaltdel:/sbin/shutdown -t5 -r now
# Runlevel 0 halts the system.
l0:0:wait:/etc/rc.d/rc.0
# Runlevel 6 reboots the system.
l6:6:wait:/etc/rc.d/rc.6
# What to do when power fails.
pf::powerfail:/sbin/genpowerfail start
# If power is back, cancel the running shutdown.
pg::powerokwait:/sbin/genpowerfail stop
# These are the standard console login getties in multiuser mode:
c1:1235:respawn:/sbin/agetty 38400 tty1 linux
c2:1235:respawn:/sbin/agetty 38400 tty2 linux
c3:1235:respawn:/sbin/agetty 38400 tty3 linux
c4:1235:respawn:/sbin/agetty 38400 tty4 linux
c5:1235:respawn:/sbin/agetty 38400 tty5 linux
c6:12345:respawn:/sbin/agetty 38400 tty6 linux
# Local serial lines:
#s1:12345:respawn:/sbin/agetty -L ttyS0 9600 vt100
#s2:12345:respawn:/sbin/agetty -L ttyS1 9600 vt100
# Dialup lines:
#d1:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS0 vt100
#d2:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1 vt100
# Runlevel 4 used to be for an X window only system, until we discovered
# that it throws init into a loop that keeps your load avg at least 1 all
# the time. Thus, there is now one getty opened on tty6. Hopefully no one
# will notice. ;^)
# It might not be bad to have one text console anyway, in case something
# happens to X.
x1:4:wait:/etc/rc.d/rc.4
# End of /etc/inittab
bilbo@bilbo:~$

只有74行文字(仅约一张A4纸的篇幅)，如果你把那些注释去掉，将只剩下16行。但你将学到那些注释很值得读一读。
让我们开始把/etc/inittab拆开：

# Author: Miquel van Smoorenburg, 
# Modified by: Patrick J. Volkerding, 

这个文件的最后版本是由Miquel van Smoorenburg(听起来像德国人)制作的，然后由Patrick J. Volkerding(Slackware的维护者，对，Slackware是一个人的工作)为了用于Slackware而作了修改。这个注释没有太大作用，但它确实在那里。我们把它当作GPL的实例好了。

# These are the default runlevels in Slackware:
# 0 = halt
# 1 = single user mode
# 2 = unused (but configured the same as runlevel 3)
# 3 = multiuser mode (default Slackware runlevel)
# 4 = X11 with KDM/GDM/XDM (session managers)
# 5 = unused (but configured the same as runlevel 3)
# 6 = reboot

又是一些注释，当然它什么事都不做，但它让接下来的事情清晰了很多。你看到的是对Slackware用到的7个运行级的描述。运行级2和5都没有用到，往后你会看到它们和运行级3用同样的脚本。

# Default runlevel. (Do not set to 0 or 6)
id:3:initdefault:

终于要做些事情了。它是一个正常的inittab行，4个部分用“:”隔开。在这里的行为是“initdefault”，按照manpage的说法：

       initdefault
              An initdefault entry specifies the runlevel which should
be entered after system boot.
If none exists, init will ask for a runlevel on the console.
The process field is ignored.

在这里定义了缺省的运行级，当然注释就是这么说的。因此，Slackware缺省的运行级是3，用控制台/文本登录的多用户运行级。

假如系统启动时，Slackware没有接到进入其他运行级的信号(例如"telinit 1"这类命令)，它就会进入这个运行级。

# System initialization (runs when system boots).
si:S:sysinit:/etc/rc.d/rc.S

这里的行为是“sysinit”(系统初始化)，意思很明显，但我们还是看看manpage：

       sysinit
             The process will be executed during system boot.
It will be executed before any boot or bootwait
entries. The runlevels field is ignored.

虽然这里指明了运行级S，但实际上被忽略了。将执行的程序是/etc/rc.d/rc.S，是个脚本。你会看到Slackware所有的启动脚本都在/etc/rc.d。在/etc/rc.d/rc.S里，系统将被初始化，我们接下来讨论这个脚本时就会看到。

# Script to run when going single user (runlevel 1).
su:1S:wait:/etc/rc.d/rc.K

这里的行为是wait：

       wait The process will be started once when the specified
                runlevel is entered and init will wait for its
                termination.

其中定义的脚本将在进入运行级1和S(意思是single)时被调用。“wait”行为将使init保留所有其他的动作直至/etc/rc.d/rc.K执行完毕。/etc/rc.d/rc.K启动了单用户运行级所需的服务，迟一点你会看到那不算很多。

# Script to run when going multi user.
rc:2345:wait:/etc/rc.d/rc.M

在这里的行为还是wait。这里定义了运行级2、3、4、5都调用/etc/rc.d/rc.M，基本上是除了运行级1之外的所有“常规”的运行级。一会儿我们会看到那是个怎样的脚本。

目前为止我们所看到的行是用来定义系统启动之后所发生的事。在所有情况下，init都会等到它启动的进程(脚本)终止。下面的几行是init在特殊情况下应做的事，而且不属于任何特定的运行级。

# What to do at the "Three Finger Salute".
ca::ctrlaltdel:/sbin/shutdown -t5 -r now

不单微软知道所谓的“三指礼”(译注：ctrl-alt-del)，在Linux中你也能决定它出现时该做什么。下面是init的manpage中关于这个行为的条目：

       ctrlaltdel
              The process will be executed when init receives the SIGINT
signal. This means that someone on the system console has
pressed the CTRL-ALT-DEL key combination. Typically one wants
to execute some sort of shutdown either to get into
single-user level or to reboot the machine.

在Slackware的系统上，将会执行 /sbin/shutdown -t5 -r now 。

SHUTDOWN(8) Linux System Administrator's Manual SHUTDOWN(8)
NAME
       shutdown - bring the system down
SYNOPSIS
       /sbin/shutdown [-t sec] [-arkhncfF] time [warning-message]
DESCRIPTION
       shutdown brings the system down in a secure way. All
       logged-in users are notified that the system is going
       down, and login(1) is blocked. It is possible to shut the
       system down immediately or after a specified delay. All
       processes are first notified that the system is going down
       by the signal SIGTERM. This gives programs like vi(1) the
       time to save the file being edited, mail and news process-
       ing programs a chance to exit cleanly, etc. shutdown does
       its job by signalling the init process, asking it to
       change the runlevel. Runlevel 0 is used to halt the sys-
       tem, runlevel 6 is used to reboot the system, and runlevel
       1 is used to put to system into a state where administra-
       tive tasks can be performed; this is the default if nei-
       ther the -h or -r flag is given to shutdown. To see which
       actions are taken on halt or reboot see the appropriate
       entries for these runlevels in the file /etc/inittab.

参数 -r 的意思是重新启动(reboot)，做法是给init进入运行级6的信号。延迟时间是从现在开始5秒。如果你有保持运行时间的癖好(uptime junkie)，你可以让“三指礼”做完全不同的事情，并有效地迫使用户明确给出shutdown命令。(假如你有个NT类系统和Linux共存的服务器群，取消ctrl-alt-del的功能并不是一件坏事。)

当然第2部分(译注：指定运行级)就不必要了，init是对外界信号作出反应。

# Runlevel 0 halts the system.
l0:0:wait:/etc/rc.d/rc.0

这里的行为又是wait，因此init又会等待脚本执行完毕。进入运行级0后，init将执行 /etc/rc.d/rc.0 (最后是零)。这个脚本所做的是让所有启动了的进程安全地停止。不是所有的程序都喜欢你直接拔出插头的。作为最后的行动，它将调用poweroff来关闭系统或通知用户可以拔插头了。

# Runlevel 6 reboots the system.
l6:6:wait:/etc/rc.d/rc.6

这一行与上面那行非常像，事实上 /etc/rc.d/rc.0 是指向 /etc/rc.d/rc.6的符号链接，两个脚本其实是同一个。脚本的调用方式决定了最后一步会怎么做。在运行级6中，最后的命令将是reboot。

# What to do when power fails.
pf::powerfail:/sbin/genpowerfail start
# If power is back, cancel the running shutdown.
pg::powerokwait:/sbin/genpowerfail stop

这两行的命令要合在一起说，因为它们有很多相关性。它们的行为是：

       powerwait
                     The process will be executed when the power goes
down. Init is usually informed about this by a pro-
cess talking to a UPS connected to the computer.
Init will wait for the process to finish before
continuing.
       powerfail
                     As for powerwait, except that init does not wait
for the process's completion.
       powerokwait
                     This process will be executed as soon as init is
                     informormed that the power has been restored.

这两行都是电力中断(或实际上是UPS电量耗尽)时该做的事情。

/sbin/genpowerfail start由关闭系统开始，/sbin/genpowerfail stop则试图在电力恢复时中断关机的行为。你可能注意到用start参数时并不会等脚本执行完毕，假如等了，就不可能中断关机的过程。 /sbin/genpowerfail是个使用shutdown命令的脚本，假如你有UPS你应该读一读这个脚本。

我们现在已经到了系统将要运行的关头。系统初始化的脚本已经执行了，缺省运行级的脚本也已经执行了- 单用户运行级是/etc/rc.d/rc.K，多用户运行级2、3、4、5执行的是/etc/rc.d/rc.M；所有需要的后台服务也在运行。在多用户运行级中，假如在/etc/rc.d/rc.M中启动了telnet和ssh服务，用户已经可以用这些方式登录系统了。假如你的系统是一个没有显示器和键盘的服务器，你让它这么待着就行了。

目前还不可能做到的是从控制台登录，有时能从控制台登录是会很方便的。init的下一个任务就是控制台登录。

# These are the standard console login getties in multiuser mode:
c1:1235:respawn:/sbin/agetty 38400 tty1 linux
c2:1235:respawn:/sbin/agetty 38400 tty2 linux
c3:1235:respawn:/sbin/agetty 38400 tty3 linux
c4:1235:respawn:/sbin/agetty 38400 tty4 linux
c5:1235:respawn:/sbin/agetty 38400 tty5 linux
c6:12345:respawn:/sbin/agetty 38400 tty6 linux

马上我们有了个新的行为，在inittab的manpage里：

       respawn
                     The process will be restarted whenever it termi-
nates (e.g. getty).

因此，已经启动的进程/sbin/agetty若被终止了，会重新运行。很明显，为运行级1、2、3和5启动了tty1至tty6的虚拟控制台。这些都是没有X的运行级。例外的是tty6上运行的agetty也将在运行级4(有X的运行级)启动。

agetty的manpage让我们了解到agetty的实际行为：

AGETTY(8) AGETTY(8)
NAME
       agetty - alternative Linux getty
       SYNOPSIS
              agetty [-ihLmnw] [-f issue_file] [-l login_program] [-I
init] [-t timeout] [-H login_host] port baud_rate,...
[term]
agetty [-ihLmnw] [-f issue_file] [-l login_program] [-I
init] [-t timeout] [-H login_host] baud_rate,... port
[term]
       DESCRIPTION
              agetty opens a tty port, prompts for a login name and
              invokes the /bin/login command. It is normally invoked by
              init(8).

可见，agetty在一个tty的端口等待用户登录，然后将运行/bin/login。

LOGIN(1) LOGIN(1)
NAME
       login - begin session on the system
       SYNOPSIS
              login [-p] [username] [ENV=VAR ...]
login [-p] [-h host] [-f username]
login [-p] -r host
       DESCRIPTION
              login is used to establish a new session with the system.
              It is normally invoked automatically by responding to the
              login: prompt on the user's terminal. login may be spe-
              cial to the shell and may not be invoked as a sub-process.
              Typically, login is treated by the shell as exec login
              which causes the user to exit from the current shell.
              Attempting to execute login from any shell but the login
              shell will produce an error message.

login在系统上启动了一个新的会话。让我们回头看看pstree的输出：

bilbo@bilbo:~$ pstree
init-+-4*[agetty]
     |-atd
     |-bash
     |-bash---startx---xinit-+-X
     | `-xinitrc-+-bbmail
     | `-blackbox-+-mozilla-bin---mozilla-bin---4+
     | `-rxvt---bash---pstree

该死！不是应该有6个agetty吗？呃，对，曾经确实是有6个。但很显然，我从虚拟控制台登录了两次，有一次没有运行其他的程序，另一次运行了startx，变成了X会话。

当我logout的时候agetty会重新运行，还记得respawn吗？有趣的是，假如agetty启动得更早，会不会多个用户通过同一个虚拟控制台登录呢？

*nix总是提供了与系统联系的多种途径，我们已经知道了其中的2种：

通过网络，用telnet、ssh之类工具
通过直接连接到系统的键盘、显示器和鼠标

但是，*nix还有其他途径与系统联系：

# Local serial lines:
#s1:12345:respawn:/sbin/agetty -L ttyS0 9600 vt100
#s2:12345:respawn:/sbin/agetty -L ttyS1 9600 vt100
# Dialup lines:
#d1:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS0 vt100
#d2:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1 vt100

上面两段为串行线路启动agetty，用于串口连接的终端或者用modem拨号进入。

你可以看到，它们缺省情况是被注释掉的。但一旦你需要使用古老的VT类终端或拨号进入系统，你就要用到这些代码。

在最后，要由X来给我们提供一个图形界面的运行级：

# Runlevel 4 used to be for an X window only system, until we discovered
# that it throws init into a loop that keeps your load avg at least 1 all
# the time. Thus, there is now one getty opened on tty6. Hopefully no one
# will notice. ;^)
# It might not be bad to have one text console anyway, in case something
# happens to X.
x1:4:wait:/etc/rc.d/rc.4

注释首先解释了为运行级4在tty6留下一个getty的原因。行为是wait，执行/etc/rc.d/rc.4。这个脚本将依次搜索kdm(kde的登录管理器)、gdm(gnome的登录管理器)，最后是xdm(缺省的X登录管理器)。它会运行它所找到的第一个。这些登录管理器可以和agetty类比，它们会等着用户登录，当用户退出后自己重新运行。

bilbo@bilbo:~$ man kdm
No manual entry for kdm
bilbo@bilbo:~$

显然，目前为止没有kdm的manpage。

bilbo@bilbo:~$ man gdm
No manual entry for gdm
bilbo@bilbo:~$

目前为止，gnome的用户也不关心gdm的manpage。(译注：Slackware 9.1中已经有了)

XDM(1) XDM(1)
NAME
       xdm - X Display Manager with support for XDMCP, host
       chooser
 SYNOPSIS
       xdm [ -config configuration_file ] [ -nodaemon ] [ -debug
       debug_level ] [ -error error_log_file ] [ -resources
       resource_file ] [ -server server_entry ] [ -session ses-
       sion_program ]
DESCRIPTION
       Xdm manages a collection of X displays, which may be on
       the local host or remote servers. The design of xdm was
       guided by the needs of X terminals as well as The Open
       Group standard XDMCP, the X Display Manager Control Proto-
       col. Xdm provides services similar to those provided by
       init, getty and login on character terminals: prompting
       for login name and password, authenticating the user, and
       running a ``session.''

最后我们终于找到了，这是xdm的manpage的片段。由于我总是在运行级3，我没法告诉你很多有关它的事。

我们已经看到，init - 所有进程之母 - 从内核那里接管了系统，然后init将处理/etc/inittab文件，根据inittab的输入，init将依次：

设置缺省的运行级
运行系统初始化脚本 /etc/rc.d/rc.S 并等待它结束
运行指定运行级的脚本并等待它结束
- 运行级1是/etc/rc.d/rc.K
- 运行级2、3、4、5是/etc/rc.d/rc.M
- 运行级0(关机)是/etc/rc.d/rc.0
- 运行级6(重新启动)是/etc/rc.d/rc.6
决定在特殊情况，例如ctrl-alt-del或停电时应采取的行动
为运行级1、2、3和5启动agetty(还有运行级4时启动6号终端，但有其特殊原因)
为串口连接启动终端，尽管这不是缺省的行为
为运行级4启动图形界面的登录管理器

结论

事实上这些就是init做的全部事情。剩下的“只不过是脚本”了。但是，仔细读它们也是很有趣的，否则你不会知道在哪里加载模块以及启动网络。

darkstax 2006-08-08 16:20 发表评论

Linux的启动过程

darkstax — Tue, 08 Aug 2006 07:45:00 GMT

Linux's boot process explained

Short history of the UNIX operating system

Linux is an implementation of the UNIX operating system concept. UNIX was derived from AT&T's "Sys V" (System 5). The initialization process is meant to control the starting and ending of services and/or daemons in a system, and permits different start-up configurations on different execution levels ("run levels").
Some Linux distribution, like SlackWare, use the BSD init system, developed at the University of California, Berkeley.
Sys V uses a much more complex set of command files and directives to determine which services are available at different levels of execution, than the BSD's do.

Booting the Linux operating system

The first thing a computer does on start-up is a primer test (POST - Power On Self Test). This way several devices are tested, including the processor, memory, graphics card and the keyboard. Here is tested the boot medium (hard disk, floppy unit, CD-ROMs). After POST, the loader from a ROM loads the boot sector, which in turn loads the operating system from the active partition.
The boot blocks is always at the same place: track 0, cylinder 0, head 0 of the device from which we're booting. This block contains a program called loader, which in Linux's case is LiLo (Linux Loader), or Grub (GNU Grub Unified Boot Loader), which actually boots the operating system. These loaders in Linux , in case of a multi-boot configuration (more operating systems on a computer), permit the selection of the operating system to be booted. Lilo and Grub are installed or at the MBR (Master Boot Record), or at the first sector of the active partition.
In the following we will refer to LiLO as boot loader. This is usually installed in the boot sector, also known as MBR. If the user decides to boot Linux, LiLo will try to load the kernel. Now I will present step-by-step LiLo's attempt to load the operating system.

1. In case of a multi-boot config, LiLo permits the user two choose an operating system from the menu. The LiLo settings are stored at /etc/lilo.conf. System administrators use this file for a very detailed finement of the loader. Here can be manually set what operating systems are installed, as well as the method for loading any of them. If on the computer there is only Linux, LiLo can be set to load directly the kernel, and skip the selection menu.

2. The Linux kernel is compressed, and contains a small bit, which will decompress it. Immediately after the first step begins the decompression and the loading of the kernel.

3. If the kernel detects that your graphics card supports more complex text modes, Linux allows the usage of them - this can be specified or during the recompilation of the kernel, or right inside Lilo, or other program, like rdev.

4. The kernel verifies hardware configuration (floppy drive, hard disk, network adapters, etc) and configures the drivers for the system. During this operation, several informative messages are shown to the user.

5. The kernel tries to mount the file system and the system files. The location of system files is configurable during recompilation, or with other programs - LiLo and rdev. The file system type is automatically detected. The most used file systems on Linux are ext2 and ext3. If the mount fails, a so-called kernel panic will occur, and the system will "freeze".
System files are usually mounted in read-only mode, to permit a verification of them during the mount. This verification isn't indicated if the files were mounted in read-write mode.

6. After these steps, the kernel will start init, which will become process number 1, and will start the rest of the system.

The init process

It's Linux's first process, and parent of all the other processes. This process is the first running process on any Linux/UNIX system, and is started directly by the kernel. It is what loads the rest of the system, and always has a PID of 1.

The initialization files in /etc/inittab

First time the initialization process (init) examines the file /etc/inittab to determine what processes have to be launched after. This file provides init information on runlevels, and on what process should be launched on each runlevel.
After that, init looks up the first line with a sysinit (system initialization) action and executes the specified command file, in this case /etc/rc.d/rc.sysinit. After the execution of the scripts in /etc/rc.d/rc.sysinit, init starts to launch the processes associated with the initial runlevel.
The next few lines in /etc/inittab are specific to the different execution (run-) levels. Every line runs as a single script (/etc/rc.d/rc), which has a number from 1 to 6 as argument to specify the runlevel.
The most used action in /etc/inittab is wait, which means init executes the command file for a specified runlevel, and then waits until that level is terminated.

The files in /etc/rc.d/rc.sysinit

The commands defined in /etc/inittab are executed only once, by the init process, every time when the operating system boots. Usually these scripts are running as a succession of commands, and usually realise the following:

1. Determine whether the system takes part of a network, depending on the content of /etc/sysconfig/network

2. Mount /proc, the file system used in Linux to determine the state of the diverse processes.

3. Set the system time in fuction to the BIOS settings, as well as realises other settings (setting of time zone, etc), stabilized and configured during the installation of the system.

4. Enables virtual memory, activating and mounting the swap partition, specified in /etc/fstab (File System Table)

5. Sets the host name for the network and system wide authentication, like NIS (Network Information Service), NIS+ (an improved version of NIS), and so on.

6. Verifies the root fily system, and if no problems, mounts it.

7. Verifies the other file systems specified in /etc/fstab.

8. Identifies, if case of, special routines used by the operating system to recognize installed hardware to configure Plug'n'Play devices, and to activate other prime devices, like the sound card, for example.

9. Verifies the state of special disk devices, like RAID (Redundant Array of Inexpensive Disks)

10. Mounts all the specified file systems in /etc/fstab.

11. Executes other system-specific tasks.

The /etc/rc.d/init.d directory

The directory /etc/rc.d/init.d contains all the commands which start or stop services which are associated with all the execution levels.
All the files in /etc/rc.d/init.d have a short name which describes the services to which they're associated. For example, /etc/rc.d/init.d/amd starts and stops the auto mount daemon, which mounts the NFS host and devices anytime when needed.

The login process

After the init process executes all the commands, files and scripts, the last few processes are the /sbin/mingetty ones, which shows the banner and log-in message of the distribution you have installed. The system is loaded and prepared so the user could log in.

Linux's execution levels

The execution levels represent the mode in which the computer operates. They are defined by a set of available services at any time they are started. The execution levels represent different ways Linux uses to be available to you, the user, or eventually the administrator.
As daily user you don't have to bother with the execution levels, although the multi-user level makes the services which you need while using Linux in a network (though in a transparent mode) available.
In the next few sentences I'll present the execution levels, one by one:

0: Halt (stops all running processes and executes shutdown)

1: Known under the name "Single-user mode". In this case the system runs with a reduced set of services and daemons. The root file system is mounted read-only. This runlevel is used when the others fail while booting.

2: On this level run the most of the services, with the exception of network services (httpd, named, nfs, etc). This execution level is ideal for the debug of network services, keeping the file system shared.

3: Complete multi-user mode, with network support enabled.

4: Unused, in most of the distributions. In Slackware this level is equivalent with 3, the only difference is that this has graphic login enabled.

5: Complete multi-user mode, with network and graphic subsystem support enabled.

6: Reboot. Stops all running processes and reboots the system to the initial execution level.

Modification of execution levels

The most used facility of init, and maybe the most confusing one, is the ability to move from an execution level to an other.
The system boots into a runlevel specified in /etc/inittab, or to a level specified at the LiLo prompt. To change the execution level, use the command init. For example, to change the execution level to 3, type

init 3

This stops most of the processes and takes the system into a multi-user mode with networking enabled. Attention, changing the init level might force several daemons used at the moment to stop!

The directories of execution levels

Every execution level has a directory with a symbolic links (symlinks) pointing to the corresponding scripts in /etc/rc.d/init.d. These directories are:

/etc/rc.d/rc0.d
/etc/rc.d/rc1.d
/etc/rc.d/rc2.d
/etc/rc.d/rc3.d
/etc/rc.d/rc4.d
/etc/rc.d/rc5.d
/etc/rc.d/rc6.d

The name of the symlinks are semnificative. It specifies which service has to be stopped, started and when. The links starting with an "S" are programmed to start in various execution levels. The links also have a number in their name (01-99). Now some examples of symlinks in the directory /etc/rc.d/rc2.d:

K20nfs -> ../init.d/nfs
K50inet -> ../init.d/inet
S60lpd -> ../init.d/lpd
S80sendmail -> ../init.d/sendmail

When operating systems change the execution level, init compares the list of the terminated processes (links which start with "K") from the directory of the current execution level with the list of processes which have to be started (starting with "S"), found in the destination directory.

Example:

When the system boots into runlevel 3, will execute all the corresponding links starting with "S", in an order accorind to their number:

/etc/rc.d/rc3.d/S60lpd start
/etc/rc.d/rc3.d/S80sendmail start
(and so on)

If the system now changes to runlevel 1, will execute:

/etc/rc.d/rc3.d/K20nfs stop
/etc/rc.d/rc3.d/K50inet stop
(presuming that nfs and inet are NOT in /etc/rc.d/rc1.d)

After that it will start all the processes mentioned in /etc/rc.d/rc1.d except which are already running. In this example there's a single one only:

/etc/rc.d/rc1.d/S00single

Changing the current execution level

To change the current execution level for example to level 3, edit /etc/inittab in a text editor, and edit the following line:

id:3:initdefault:

(do not change the initial runlevel to 0 or 6!)

Booting into an alternative execution level

At the LiLo prompt you have to write the number of the wanted execution level, before booting the operating system. This way to boot into the third level, type for example:

linux 3

Eliminating a service from an execution level

To disable a service from a runlevel, you might simply delete or modify the corresponding symlink.
For example, to disable pcmcia, and don't start in the future, type:

rm /etc/rc.d/rc3.d/S45pcmcia

Adding a service to an execution level

To add a service, it is needed to create a symlink pointing to the corresponding scripts in /etc/rc.d/init.d. After the symlink is created, be sure to assign it a number, so it would be started in the right time:

To add "lpd" to runlevel 3, type:

ln -s /etc/rc.d/init.d/lpd /etc/rc.d/rc3.d/S64lpd

darkstax 2006-08-08 15:45 发表评论

IT博客-darkstax-文章分类-linux技术

xorg.conf man page

Linux Network Performance

Linux Network Performance

RAW ethernet vs. UDP

Andreas Schaufler

Chapter 1. RAW ethernet programming

Networking layers

UDP

RAW ethernet

ethernet Frame Spec (IEEE 802.3)

Example Code

Chapter 2. Testing Environment

Equipment

What was measured ?

Chapter 3. Testing Results

Results in numbers

Comparison of UDP results

Comparison of RAW results

Comparison of UDP and RAW ethernet results

Contact

Packet Sniffer Construction

Basic Packet-Sniffer Construction from the Ground Up

md5校验

NAME

SYNOPSIS

DESCRIPTION

The following two options are useful only when verifying checksums:

SEE ALSO

Iptables Tutorial 1.2.1

Iptables 指南

Slackware的启动(init)过程

导言

运行级(runlevel)

Init

inittab

结论

Linux的启动过程

Linux's boot process explained