範例: 如何使用指標指向指標陣列(Pointer Array)

array4.c

#include
#include
#include

struct abc {
int val;
char str[10];
};

void allocatemem(void*** a1) {
int amount;

printf("s1 - &a1: %10p, a1: %10p, *a1: %10p\n", a1, *a1, **a1);
amount = sizeof(struct abc)*16;
if ((*a1=(void**)malloc(amount))==NULL) {
printf("errno: %s, desc: %s\n", errno, strerror(errno));
}
printf("s2 - &a1: %10p, a1: %10p, *a1: %10p\n", a1, *a1, **a1);

memset(*a1, 0, amount);
//printf("memset ok\n");
printf("s4 - &a1: %10p, a1: %10p, *a1: %10p\n", a1, *a1, **a1);

}

int main(int argc, char** argv) {
struct abc *(*a1)[16];
printf("s0 - &a1: %10p, a1: %10p, &a1[0]: %10p, a1[0]: %10p, *a1: %10p , **a1: %10p, a1[1]: %10p\n", &a1, a1, &a1[0], a1[0], *a1, **a1, a1[1]);
allocatemem((void***)&a1);
printf("s5 - &a1: %10p, a1: %10p, &a1[0]: %10p, a1[0]: %10p, *a1: %10p , **a1: %10p, a1[1]: %10p\n", &a1, a1, &a1[0], a1[0], *a1, **a1, a1[1]);

return 0;
}

# gcc -g -o a4 ./array4.c

執行結果
# ./a4
s0 - &a1: 0xfeeac584, a1: 0x943c80, &a1[0]: 0x943c80, a1[0]: 0x943c80, *a1: 0x943c80 , **a1: (nil), a1[1]: 0x943cc0
s1 - &a1: 0xfeeac584, a1: 0x943c80, *a1: (nil)
s2 - &a1: 0xfeeac584, a1: 0x8aa5008, *a1: (nil)
s4 - &a1: 0xfeeac584, a1: 0x8aa5008, *a1: (nil)
s5 - &a1: 0xfeeac584, a1: 0x8aa5008, &a1[0]: 0x8aa5008, a1[0]: 0x8aa5008, *a1: 0x8aa5008 , **a1: (nil), a1[1]: 0x8aa5048

variable 在function 傳值的情形

m1.c show the memory usage status

#include
#include
#include

void allo(void** m1){
printf("s1 - &m1: %8p, m1: %8p\n", m1, *m1);
if ((*m1=(void*)malloc(sizeof(char)))==NULL) {
printf("errno: %s, desc: %s\n", errno, strerror(errno));
}
printf("s2 - &m1: %8p, m1: %8p\n", m1, *m1);
}

int main(int argc, char **argv) {
char *m1;
printf("s0 - &m1: %8p, m1: %8p\n", &m1, m1);
allo((void**)&m1);
printf("s3 - &m1: %8p, m1: %8p\n", &m1, m1);
return 0;
}


執行結果
# ./m1
s0 - &m1: 0xfee68534, m1: 0x943c80
s1 - &m1: 0xfee68534, m1: 0x943c80
s2 - &m1: 0xfee68534, m1: 0x9a07008
s3 - &m1: 0xfee68534, m1: 0x9a07008

SIP phone software

MyYahoo

Yahoo官方的Java
Web IM

http://my.yahoo.com/index.html

Gmail Chat

"POST /mail/channel/bind"

wengo

http://www.wengophone.com/

http://www.openwengo.com/

http://www.wengo.com/

xlite

http://www.counterpath.com/

download xlite

http://www.counterpath.com/index.php?menu=download

http://www.counterpath.com/index.php?menu=products&smenu=download

Express Talk

http://www.nch.com.au/index.html

download express talk

http://www.nch.com.au/talk/be.html

ㄧ堆sip phones

http://allvoipsearch.com/voipcheap.html

如何在 bash 中利用 array 來做array elements merging

#!/bin/sh

declare -a a
declare -a b
a=(1 2 3)
b=(4 5 6)
c="$a $b"
d="${a[@]} ${b[@]}"
e="${a[*]} ${b[*]}"
#echo ${a}
#echo ${a[0]}
#echo ${a[1]}
#echo ${a[2]}
#echo ${a[@]}
#echo ${a[*]}
#echo $b
echo $c
echo $d
echo $e

fork 出去的process 要和 parent process 溝通可以用下列方法

* pipe
* shared memory
* unix domain socket
* netlink socket

unix domain socket example
http://www.uwsg.iu.edu/hypermail/linux/kernel/0202.0/0515.html

#include
#include
#include
#include
#include
#include
#include
#include
#include

int main(int argc, char *argv[])
{
char buf[1];
int s;
int retval;
struct sockaddr_un server;

if (argc < 2)
printf("Usage : test socketname");

s = socket(PF_UNIX, SOCK_STREAM, 0);
if (s < 0)
perror("socket :");
else
{
server.sun_family = PF_LOCAL;
strncpy(server.sun_path, argv[1], sizeof(server.sun_path));

if (connect(s,(struct sockaddr *)&server,SUN_LEN(&server)) < 0)
perror("connect :");
else
{
retval = recv(s,buf,0, 0);
if (retval < 0)
perror("recv :");
else
printf("Received %u bytes.",retval);

close(s);
return 0;
}
}
}

Linux Command - lsof, ps

lsof
看linux opened socket, open fd 等resource 的conmmand

Use lsof command or /proc/PID file system to display fd lists:
# lsof -p 28290
OR
# cd /proc/28290/fd
# ls -l | less
You can count open file, enter:
# ls -l | wc -l
Show all connections with -i
# lsof -i
similar commands
# netstat -anp

Show threads in the current system
# ps -eLf




Show Your Network Connections

Show all connections with -i
lsof -i

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 6061 root 4u IPv4 4510 UDP *:bootpc
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)


Show only TCP (works the same for UDP)
lsof -iTCP

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)


-i :port shows all networking related to a given port
lsof -i :22

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)


To show connections to a specific host, use @host
lsof -i@192.168.1.5

sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)


Show connections based on the host and the port using @host:port
lsof -i@192.168.1.5:22

sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)


Grepping for "LISTEN" shows what ports your system is waiting for connections on
lsof -i| grep LISTEN

iTunes 400 daniel 16u IPv4 0x4575228 0t0 TCP *:daap (LISTEN)


Grepping for "ESTABLISHED" shows current active connections
lsof -i| grep ESTABLISHED

firefox-b 169 daniel 49u IPv4 0t0 TCP 1.2.3.3:1863->1.2.3.4:http (ESTABLISHED)



Working with Users, Processes, and Files

You can also get information on various users, processes, and files on your system using lsof:
Show what a given user has open using -u
lsof -u daniel

-- snipped --
Dock 155 daniel txt REG 14,2 2798436 823208 /usr/lib/libicucore.A.dylib
Dock 155 daniel txt REG 14,2 1580212 823126 /usr/lib/libobjc.A.dylib
Dock 155 daniel txt REG 14,2 2934184 823498 /usr/lib/libstdc++.6.0.4.dylib
Dock 155 daniel txt REG 14,2 132008 823505 /usr/lib/libgcc_s.1.dylib
Dock 155 daniel txt REG 14,2 212160 823214 /usr/lib/libauto.dylib
-- snipped --


See what files and network connections a command is using with -c
lsof -c syslog-ng

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
syslog-ng 7547 root cwd DIR 3,3 4096 2 /
syslog-ng 7547 root rtd DIR 3,3 4096 2 /
syslog-ng 7547 root txt REG 3,3 113524 1064970 /usr/sbin/syslog-ng
syslog-ng 7547 root mem REG 0,0 0 [heap]
syslog-ng 7547 root mem REG 3,3 105435 850412 /lib/libpthread-2.4.so
syslog-ng 7547 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
syslog-ng 7547 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
syslog-ng 7547 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
syslog-ng 7547 root mem REG 3,3 32040 850414 /lib/librt-2.4.so
syslog-ng 7547 root mem REG 3,3 126163 850385 /lib/ld-2.4.so
-- snipped --


Pointing to a file shows what's interacting with that file

lsof /var/log/messages

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
syslog-ng 7547 root 4w REG 3,3 217309 834024 /var/log/messages


The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes
lsof -p 10075

-- snipped --
sshd 10068 root mem REG 3,3 34808 850407 /lib/libnss_files-2.4.so
sshd 10068 root mem REG 3,3 34924 850409 /lib/libnss_nis-2.4.so
sshd 10068 root mem REG 3,3 26596 850405 /lib/libnss_compat-2.4.so
sshd 10068 root mem REG 3,3 200152 509940 /usr/lib/libssl.so.0.9.7
sshd 10068 root mem REG 3,3 46216 510014 /usr/lib/liblber-2.3
sshd 10068 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
sshd 10068 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
sshd 10068 root mem REG 3,3 22168 850398 /lib/libcrypt-2.4.so
sshd 10068 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
sshd 10068 root mem REG 3,3 70632 850417 /lib/libz.so.1.2.3
sshd 10068 root mem REG 3,3 9992 850416 /lib/libutil-2.4.so
-- snipped --

The -t option returns just a PID
lsof -t -c Mail

350

ps aux | grep Mail

daniel 350 0.0 1.5 405980 31452 ?? S Mon07PM 2:50.28 /Applications/Mail.app



time_t definition 尋根

user space 的 time_t 到底是如何定義的?

原來是定義在 kernel 當中


linux/include/asm-i386/posix_types.h:typedef long __kernel_time_t;
==> 先 define __kernel_time_t 為 long

linux/include/linux/types.h:typedef __kernel_time_t time_t;
==> 再 define time_t 為 __kernel_time_t

所以 time_t 就是 long (for i386 architecture) :)


[root@localhost linux]# grep -R -H "suseconds_t" ./*
./types.h:typedef __kernel_suseconds_t suseconds_t;
[root@localhost linux]# cd ../asm-i386/
[root@localhost asm-i386]# grep -R -H "__kernel_suseconds_t" ./*
./posix_types.h:typedef long __kernel_suseconds_t;

結論是
time_t
suseconds_t
都是 long 的型態

C Operator Precedence and Associativity

http://www.difranco.net/cop2220/op-prec.htm

Operator
Description Associativity

()
[]
.
-> Parentheses (grouping)
Brackets (array subscript)
Member selection via object name
Member selection via pointer left-to-right

++ --
+ -
! ~
(type)
*
&
sizeof Unary preincrement/predecrement
Unary plus/minus
Unary logical negation/bitwise complement
Unary cast (change type)
Dereference
Address
Determine size in bytes right-to-left
* / % Multiplication/division/modulus left-to-right
+ - Addition/subtraction left-to-right
<< >> Bitwise shift left, Bitwise shift right left-to-right
< <=
> >= Relational less than/less than or equal to
Relational greater than/greater than or equal to left-to-right
== != Relational is equal to/is not equal to left-to-right
& Bitwise AND left-to-right
^ Bitwise exclusive OR left-to-right
| Bitwise inclusive OR left-to-right
&& Logical AND left-to-right
|| Logical OR left-to-right
?: Ternary conditional right-to-left
=
+= -=
*= /=
%= &=
^= |=
<<= >>= Assignment
Addition/subtraction assignment
Multiplication/division assignment
Modulus/bitwise AND assignment
Bitwise exclusive/inclusive OR assignment
Bitwise shift left/right assignment right-to-left
,
Comma (separate expressions) left-to-right

Linux Debugging

All the tools is in the link
http://geek.vtnet.ca/doc/ols2005-notes/html/d2-10h00.html


* valgrind

Valgrind is an award-winning suite of tools for debugging and profiling Linux programs. With the tools that come with Valgrind, you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable. You can also perform detailed profiling, to speed up and reduce memory use of your programs.

The Valgrind distribution currently includes four tools: a memory error detector, a cache (time) profiler, a call-graph profiler, and a heap (space) profiler. It runs on the following platforms: X86/Linux, AMD64/Linux, PPC32/Linux, PPC64/Linux.

* talloc

* findstatic.pl

findstatic
Findstatic is a simple perl script for finding functions or variables in a project that might be able to be made static. Once you make them static then the compiler should tell you if they aren't called at all and can be removed completely.

Download and run findstatic.pl

Tridge's junk code
There are lots of resources in this web site

This is a collection of bits of code that I have written over the years but that hasn't ever been released as a full project. There are lots of bits and pieces in here that I'm sure will be useful to someone.

The reason I call this 'junkcode' is that I have no plans to properly document, package or support this code. If you find it useful then that's great, but I already have enough free software projects to keep me busy so I won't be spending a lot of time on this stuff.

*gcov
gcov is a tool you can use in conjunction with GCC to test code coverage in your programs.

* Gcov Intro: Introduction to gcov.
* Invoking Gcov: How to use gcov.
* Gcov and Optimization: Using gcov with GCC optimization.
* Gcov Data Files: The files used by gcov.
* Cross-profiling: Data file relocation.

container_of

container_of

透過structure 的 list_head 去算structure 的start pointer

include/linux/kernel.h
#define container_of(ptr, type, member) ({ \
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
(type *)( (char *)__mptr - offsetof(type,member) );})
ptr 為pointer 指向 linked-list
__mptr 為pointer 指向 linked list (和 ptr一樣, 有何差別?)

? 感覺上好像把第一行拿掉還是可以work , 然後把第二行__mptr改成 ptr, 因為第一行好像只有將 ptr assigned value 給__mptr, 其他的事情都沒有做, 另外宣告__mptr 是一個constant variable, 所已修改後的結果如下, 不過這樣改可能會出大問題, 有機會再來研究吧

#define container_of(ptr, type, member) ({ \
(type *)( (char *)ptr - offsetof(type,member) );})

其中第一行只是去做替換而已, 將 ptr 強制轉換為 __mptr variable,

1. 先把0(NULL) cast 為 (type *), 這時是一個structure pointer
2. 然後利用typeof 取其member (linked list)的type, 這時為linked list pointer
3. __mptr = (ptr) , __mptr assign value 為 ptr, 這時__mptr 還是一樣為指向 linked list pointer
4. offsetof(type,member) 會計算某一個 type (structure name) 的某一個 child member(structure field), 從structure head 到 特定的structure field (member) 之間的距離
5. (char *)__mptr, __mptr 先cast 成 char* pointer type
6. 利用__mptr 減掉 offsetof(type,member)的値, 也就是從member field 的address pointer (ex. list), 往前推(扣掉offset value), 來算出該structure (ex. struct _skypesn_) 的 address pointer value
7. 最後再把結果cast 成為 structure address pointer 即為這個list 的 "container" address, 也就是這一個macro 的名稱意義所在



const typeof( ((type *)0)->member ) *__mptr = (ptr);

Example.
net/ipv4/netfilter/ip_nat_core.c
void
ip_nat_reserved_unregister_all(struct ip_conntrack_expect *expect)
{
struct list_head *i;
struct ip_nat_reserved *res;
[omit]
i = expect->reserved_list.next;
if(i != NULL)
{
while (i != &expect->reserved_list) {
// 第一個參數 i 是指向linked_list pointer
// 第二個參數 struct ip_nat_reserved 是structure name
// 第三個參數 exp 是 structure 當中 linked list 的variable name
res = list_entry(i, struct ip_nat_reserved, exp);
[omit]

include/linux/netfilter_ipv4/ip_nat.h
/* Structure to store reserved manips */
struct ip_nat_reserved {
struct list_head hash; /* Hash chain */
struct list_head exp; /* Per-expectation list */
atomic_t use; /* Reference count */
struct ip_conntrack_manip manip; /* Reserved manip */
struct ip_conntrack_manip peer; /* Peer (optional) */
u_int16_t proto; /* Protocol number of reserved manip */
};




Reference.
include/linux/list.h
struct list_head {
struct list_head *next, *prev;
};

/**
* list_entry - get the struct for this entry
* @ptr: the &struct list_head pointer.
* @type: the type of the struct this is embedded in.
* @member: the name of the list_struct within the struct.
*/
#define list_entry(ptr, type, member) \
container_of(ptr, type, member)


/**
* list_for_each_entry - iterate over list of given type
* @pos: the type * to use as a loop counter.
* @head: the head for your list.
* @member: the name of the list_struct within the struct.
*/
//list_for_each_entry(tmp, &skypesns[i], list)
#define list_for_each_entry(pos, head, member) \
for (pos = list_entry((head)->next, typeof(*pos), member), \
prefetch(pos->member.next); \
&pos->member != (head); \
pos = list_entry(pos->member.next, typeof(*pos), member), \
prefetch(pos->member.next))

How to generate the kernel module

1. compile 獨立的個別的檔案

gcc -Wp,-MD,net/ipv4/netfilter/.ip_conntrack_standalone.o.d -nostdinc -iwithprefix include -D__KERNEL__ -Iinclude -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Os -fomit-frame-pointer -pipe -msoft-float -mpreferred-stack-boundary=2 -march=i386 -Iinclude/asm-i386/mach-default -DMODULE -DKBUILD_BASENAME=ip_conntrack_standalone -DKBUILD_MODNAME=ip_conntrack -c -o net/ipv4/netfilter/ip_conntrack_standalone.o net/ipv4/netfilter/ip_conntrack_standalone.c

定義了__KERNEL__ definition
-D__KERNEL__

notice:
這裡有做了三個額外定義
-DMODULE
這個 .c file 要compile 成一個module
-DKBUILD_BASENAME=ip_conntrack_standalone
這個檔案的base name 為 ip_conntrack_standalone (也就是 .c 的名稱)
-DKBUILD_MODNAME=ip_conntrack
這個檔案被 compile 成為 module 後, 是成為哪一個 module (module name 為何)


2. 將屬於同一個module 的 .c 利用 ld 統一 compile 成一個單獨的檔案
ld -m elf_i386 -r -o net/ipv4/netfilter/ip_conntrack.o net/ipv4/netfilter/ip_conntrack_standalone.o net/ipv4/netfilter/ip_conntrack_core.o net/ipv4/netfilter/ip_conntrack_proto_generic.o net/ipv4/netfilter/ip_conntrack_proto_tcp.o net/ipv4/netfilter/ip_conntrack_proto_udp.o net/ipv4/netfilter/ip_conntrack_proto_icmp.o net/ipv4/netfilter/L7SessionMoniter.o net/ipv4/netfilter/skypesn.o net/ipv4/netfilter/skypefilehost.o


ld -m elf_i386 -r -o net/ipv4/netfilter/iptable_nat.o net/ipv4/netfilter/ip_nat_standalone.o net/ipv4/netfilter/ip_nat_rule.o net/ipv4/netfilter/ip_nat_core.o net/ipv4/netfilter/ip_nat_helper.o net/ipv4/netfilter/ip_nat_proto_unknown.o net/ipv4/netfilter/ip_nat_proto_tcp.o net/ipv4/netfilter/ip_nat_proto_udp.o net/ipv4/netfilter/ip_nat_proto_icmp.o

3. 利用 scripts/mod/modpost 來產生 module symbol version of vmlinux

scripts/mod/modpost -o /home3/vincent/development/Texas/CMF/kernel/linux-2.6.10/Module.symvers vmlinux net/ipv4/netfilter/ip_conntrack.o net/ipv4/netfilter/ip_conntrack_amanda.o net/ipv4/netfilter/ip_conntrack_ftp.o net/ipv4/netfilter/ip_conntrack_irc.o net/ipv4/netfilter/ip_conntrack_proto_sctp.o net/ipv4/netfilter/ip_conntrack_tftp.o net/ipv4/netfilter/ip_nat_amanda.o net/ipv4/netfilter/ip_nat_ftp.o net/ipv4/netfilter/ip_nat_irc.o net/ipv4/netfilter/ip_nat_snmp_basic.o net/ipv4/netfilter/ip_nat_tftp.o net/ipv4/netfilter/ipt_L7TARGET.o net/ipv4/netfilter/ipt_MASQUERADE.o net/ipv4/netfilter/ipt_NETMAP.o net/ipv4/netfilter/ipt_NOTRACK.o net/ipv4/netfilter/ipt_REDIRECT.o net/ipv4/netfilter/ipt_SAME.o net/ipv4/netfilter/ipt_TPROXY.o net/ipv4/netfilter/ipt_ULOG.o net/ipv4/netfilter/ipt_condition.o net/ipv4/netfilter/ipt_connmark.o net/ipv4/netfilter/ipt_conntrack.o net/ipv4/netfilter/ipt_dsize.o net/ipv4/netfilter/ipt_helper.o net/ipv4/netfilter/ipt_ipgroup.o net/ipv4/netfilter/ipt_l7check.o net/ipv4/netfilter/ipt_l7length.o net/ipv4/netfilter/ipt_l7state.o net/ipv4/netfilter/ipt_layer7.o net/ipv4/netfilter/ipt_pktbox.o net/ipv4/netfilter/ipt_pktseq.o net/ipv4/netfilter/ipt_pktseries.o net/ipv4/netfilter/ipt_puredsize.o net/ipv4/netfilter/ipt_skypeack.o net/ipv4/netfilter/ipt_skypehost.o net/ipv4/netfilter/ipt_skypelogin.o net/ipv4/netfilter/ipt_skypemark.o net/ipv4/netfilter/ipt_skypetcpfile.o net/ipv4/netfilter/ipt_skypeudpfile.o net/ipv4/netfilter/ipt_state.o net/ipv4/netfilter/ipt_tproxy.o net/ipv4/netfilter/iptable_nat.o net/ipv4/netfilter/iptable_tproxy.o
*** Warning: "skypesn_default_timeout_value" [net/ipv4/netfilter/ip_conntrack.ko] undefined!
*** Warning: "skypefilehost_default_timeout_value" [net/ipv4/netfilter/ip_conntrack.ko] undefined!


4. compile ip_conntrack.mod.c 成為 ip_conntrack.mod.o object file
gcc -Wp,-MD,net/ipv4/netfilter/.ip_conntrack.mod.o.d -nostdinc -iwithprefix include -D__KERNEL__ -Iinclude -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Os -fomit-frame-pointer -pipe -msoft-float -mpreferred-stack-boundary=2 -march=i386 -Iinclude/asm-i386/mach-default -DKBUILD_BASENAME=ip_conntrack -DKBUILD_MODNAME=ip_conntrack -DMODULE -c -o net/ipv4/netfilter/ip_conntrack.mod.o net/ipv4/netfilter/ip_conntrack.mod.c
// 再將 ip_conntrack.o + ip_conntrack.mod.o merge 成為 ip_conntrack.ko
ld -m elf_i386 -r -o net/ipv4/netfilter/ip_conntrack.ko net/ipv4/netfilter/ip_conntrack.o net/ipv4/netfilter/ip_conntrack.mod.o



gcc -Wp,-MD,net/ipv4/netfilter/.ip_conntrack.mod.o.d -nostdinc -iwithprefix include -D__KERNEL__ -Iinclude -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Os -fomit-frame-pointer -pipe -msoft-float -mpreferred-stack-boundary=2 -march=i386 -Iinclude/asm-i386/mach-default -DKBUILD_BASENAME=ip_conntrack -DKBUILD_MODNAME=ip_conntrack -DMODULE -c -o net/ipv4/netfilter/ip_conntrack.mod.o net/ipv4/netfilter/ip_conntrack.mod.c


ld -m elf_i386 -r -o net/ipv4/netfilter/ip_conntrack.ko net/ipv4/netfilter/ip_conntrack.o net/ipv4/netfilter/ip_conntrack.mod.o


** build-in kernel binary, 產生 built-in.o

ld -m elf_i386 -r -o net/ipv4/netfilter/built-in.o net/ipv4/netfilter/ip_tables.o net/ipv4/netfilter/iptable_filter.o net/ipv4/netfilter/iptable_mangle.o net/ipv4/netfilter/iptable_raw.o net/ipv4/netfilter/ipt_limit.o net/ipv4/netfilter/ipt_hashlimit.o net/ipv4/netfilter/ipt_sctp.o net/ipv4/netfilter/ipt_mark.o net/ipv4/netfilter/ipt_mac.o net/ipv4/netfilter/ipt_iprange.o net/ipv4/netfilter/ipt_pkttype.o net/ipv4/netfilter/ipt_multiport.o net/ipv4/netfilter/ipt_owner.o net/ipv4/netfilter/ipt_tos.o net/ipv4/netfilter/ipt_recent.o net/ipv4/netfilter/ipt_ecn.o net/ipv4/netfilter/ipt_dscp.o net/ipv4/netfilter/ipt_ah.o net/ipv4/netfilter/ipt_esp.o net/ipv4/netfilter/ipt_length.o net/ipv4/netfilter/ipt_ttl.o net/ipv4/netfilter/ipt_tcpmss.o net/ipv4/netfilter/ipt_realm.o net/ipv4/netfilter/ipt_addrtype.o net/ipv4/netfilter/ipt_physdev.o net/ipv4/netfilter/ipt_comment.o net/ipv4/netfilter/ipt_REJECT.o net/ipv4/netfilter/ipt_TOS.o net/ipv4/netfilter/ipt_ECN.o net/ipv4/netfilter/ipt_DSCP.o net/ipv4/netfilter/ipt_MARK.o net/ipv4/netfilter/ipt_CLASSIFY.o net/ipv4/netfilter/ipt_DLOG.o net/ipv4/netfilter/ipt_LOG.o net/ipv4/netfilter/ipt_CONNMARK.o net/ipv4/netfilter/ipt_TCPRST.o net/ipv4/netfilter/ipt_TCPMSS.o net/ipv4/netfilter/ipt_CLUSTERIP.o net/ipv4/netfilter/arp_tables.o net/ipv4/netfilter/arpt_mangle.o net/ipv4/netfilter/arptable_filter.o net/ipv4/netfilter/ip_queue.o net/ipv4/netfilter/netreport.o


ip_conntrack_standalone.c
ip_conntrack_core.c
ip_conntrack_proto_generic.c
ip_conntrack_proto_tcp.c
ip_conntrack_proto_udp.c
ip_conntrack_proto_icmp.c
L7SessionMoniter.c
skypesn.c
skypefilehost.c

ip_nat_standalone.c
ip_nat_rule.c
ip_nat_core.c
ip_nat_helper.c
ip_nat_proto_unknown.c
ip_nat_proto_tcp.c
ip_nat_proto_udp.c
ip_nat_proto_icmp.c

ip_conntrack_proto_sctp.c
ip_conntrack_amanda.c
ip_conntrack_tftp.c
ip_conntrack_ftp.c
ip_conntrack_irc.c

ip_nat_amanda.c
ip_nat_tftp.c
ip_nat_ftp.c
ip_nat_irc.c



iptable_tproxy.c
ipt_helper.c
ipt_ipgroup.c
ipt_l7length.c
ipt_dsize.c

function flow of receiving packet in the kernel

net/ipv4/ip_input.c
ip_rcv_finish

/* ip_route_input function will find the destination cache in the routing cache or forwarding information base. And pointer

the destination cache in the skb->dst */
net/ipv4/route.c
ip_route_input

normally the packet will in this way
net/ipv4/route.c
ip_route_input_slow

/* If the packet is bound to received by the host itself. The input function of routing table will be set as ip_local_deliver

*/
rth->u.dst.input= ip_local_deliver

net/ipv4/ip_input.c
ip_local_deliver

NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, ip_local_deliver_finish); ==> iptables/MANGLE INPUT
NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, ip_local_deliver_finish); ==> iptables/FILTER INPUT
NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, ip_local_deliver_finish); ==> iptables/NAT INPUT
NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, ip_local_deliver_finish); ==> iptables/CONNTRACK_LAST INPUT


net/ipv4/ip_input.c
ip_local_deliver_finish

net/ipv4/ip_input.c
ipprot->handler(skb);

net/ipv4/tcp_ipv4.c
int tcp_v4_rcv(struct sk_buff *skb)

net/ipv4/tcp_ipv4.c
sk_add_backlog(sk, skb);

net/ipv4/tcp_ipv4.c
tcp_v4_do_rcv


/*
if (!sock_owned_by_user(sk)) {
if (!tcp_prequeue(sk, skb))
ret = tcp_v4_do_rcv(sk, skb);
} else
sk_add_backlog(sk, skb);
*/

linux kernel module

一篇關於Linux kenel module 及 Linux kernel 架構介紹的文章
Proceedings of the Linux Symposium
Kernel configuration and building in Linux 2.5
http://archive.linuxsymposium.or ... chewski-OLS2003.pdf


Linux Loadable Kernel Module HOWTO
http://www.tldp.org/HOWTO/Module-HOWTO/index.html

Video sharing web sites

無法查看此摘要。請 按這裡查看文章。

P2P tech documents

tutorials:
- http://p2p-mentor.berlios.de/

googleables:
- STUN ... UDP Traversal
- P2PNAT, STUNT ... TCP Traversal
- TURN ... Public Relay for Traversal
- ICE ... A way to stitch stun/turn/... together

results:
- draft-jennings-midcom-stun-results-02
- http://midcom-p2p.sourceforge.net/
- http://nutss.net/stunt-results.php

NUTSS Architecture

NUTSS stands for (NAT, URIs, Tunnel, SIP, STUNT)

NUTSS
NUTSS is a network architecture that uses signaling before establishing the data channel. The goal is to enable middle boxes like firewalls and NATs, which can intercept the signals to discover the intent of the connection. The middle boxes can then facilitate the connection setup, or enforce other policies. While the data channel is a direct TCP/IP connection between two IP addresses and ports, the signaling is through SIP, which uses stable endpoint identifiers for routing.

NUTSS stands for its constituent components -- NAT that effectively extends the IP address space, URIs that restore end-to-end stable addressing, Tunnels that allow protocols like IPsec and mobile IP to run through NATs, SIP that routes messages with URIs, end-to-end, and lets hosts signal their intentions to each other and to middle boxes in real time, and lastly STUNT that tells how to establish direct IP connectivity through NATs.

http://nutss.gforge.cis.cornell.edu/

Teredo 一項號稱可以和 NUTSS 並駕齊驅, 競爭的project, 都可能成為下一代 P2P 的直接連線運作技術

Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. This article provides an overview of Teredo—including Teredo addresses and packet structures—and detailed explanations of how communication is initiated between Teredo clients, Teredo host-specific relays, and IPv6-only hosts using the IPv4 Internet, the IPv6 Internet, Teredo servers, and Teredo relays.


Teredo tunneling
http://en.wikipedia.org/wiki/Teredo_tunneling

Source Forge development

NICI-Teredo
http://sourceforge.net/projects/nici-teredo/

Netfilter related research

NUFW:
http://www.nufw.org/-English-.html
可應用於Single Sign On(SSO), 的一種solution, 補足Netfilter 在authentication 部分的不足
認證的內容可以根據user的
* IP
* LDAP account
* OS
* Application
* User ID

nf-HiPAC:
http://www.hipac.org/
使用 HiPAC 的強大功能和彈性所設計出來的一套packet filter for linux

HIPAC 是一套新穎的 packet classification 架構, 它使用先進的演算法來降低 kernel 查詢每個packet 所需要花費的memory 數量, 特別是針對高network throughput 並且需要大量ruleset 的情況

使用nf-HIPAC 的優點如下

Performance:

iptables 使用的是線性rules traversal 比對 packet 的方式, 這種方式通常是比較沒有效率的, nf-HiPAC 在效能上是超越 iptables 並且對於 rules 的數量並沒有做限制. 簡單來說, HIPAC 的分類引擎, 即使在很大的 rule sets 之下也不會有很大的overhead.

測試數據
http://www.hipac.org/performance_tests/results.html

Scalability to large rulesets:

nf-HIPAC 的 performance是獨立於 rules 的數量, 即使 nf-HIPAC 有數千條的 rules 需要做 traversal, 它的效能仍然要比 iptables 20 條 rules 的performance 來的好。

Dynamic rulesets:

nf-HiPAC 允許 user 即時更新它的ruleset, 並且不用把 packet queue 起來, 讓 packet 停止做分類的動作, 而 iptables 在更新rules set 的時候, 需要把packet 分類的動作暫停, 亦即 packets 需要停止, 待更新iptables rules 的動作完成後, 才會恢復 packet 的繼續分類 (packet traversal the ruleset chain)

ipset

http://ipset.netfilter.org/

超棒的一個 project, 可以大量且快速的在iptables framework 當中比對ip, port 等資料,
是值得一試的一個計畫

IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.

If you want to

store multiple IP addresses or port numbers and match against the collection by iptables at one swoop;
dynamically update iptables rules against IP addresses or ports without performance penalty;
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.

tproxy
http://www.balabit.com/products/oss/tproxy/

SIP A: MAC a ---> (Bridged port): MAC m ---- Device ----- (Bridged port):MAC n -----> DIP W:MAC:w

the pair physical port of device was bridged, call br0, and have a IP (P)

Features
* Remember the original sourc ip (A), remember the original MAC (a)
* Send the packet from device to destination (Second segment), original ip:mac P:n
* Replace the P:n with A:a (this is the main task of tproxy

VLAN Tutor

VLAN (VLAN: Virtual Local Area Network and IEEE 802.1Q)
主要目的是讓不同的phisical port 互相 share 同一個 logical channel

Adv: Make MIS easy setup the same LAN ignore the phyisical device limitation
any others?

Disadv:
還沒想到 :)

設定VLAN 的policy

1. Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.
2. MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership.
3. Protocol-based VLAN: a switch is configured with a list of mapping layer 3 protocol types to VLAN membership - thereby filtering IP traffic from nearby end-stations using a particular protocol such as IPX.
4. ATM VLAN - using LAN Emulation (LANE) protocol to map Ethernet packets into ATM cells and deliver them to their destination by converting an Ethernet MAC address into an ATM address.

VLAN header protocol
http://www.javvin.com/protocolVLAN.html

VLAN header 內的欄位說明

• TPID- defined value of 8100 in hex. When a frame has the EtherType equal to 8100, this frame carries the tag IEEE 802.1Q / 802.1P.
• TCI - Tag Control Information field including user priority, Canonical format indicator and VLAN ID.
• User Priority- Defines user priority, giving eight (2^3) priority levels. IEEE 802.1P defines the operation for these 3 user priority bits.
• CFI- Canonical Format Indicator is always set to zero for Ethernet switches. CFI is used for compatibility reason between Ethernet type network and Token Ring type network. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port.
• VID- VLAN ID is the identification of the VLAN, which is basically used by the standard 802.1Q. It has 12 bits and allow the identification of 4096 (2^12) VLANs. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.