インストール
# aptitude install squid設定
# vi /etc/squid/squid.conf
以下を追加
acl localnet src 192.168.1.0/24
http_access allow localnet
以下を変更
http_port 8080
cache_dir ufs /var/spool/squid 500 16 256
また今日もマニアックなことに挑戦。
CentOSでcrashコマンドを試してみることに。
詳細はこちら。
RHEL4系
例)
[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.9-78.0.1.EL #1 Tue Jul 22 17:50:01 EDT 2008 i686 i686 i386 GNU/Linux
[root@localhost rpm-work]# wget http://ftp.redhat.com/pub/redhat/linux/updates/enterprise/4AS/en/os/Debuginfo/i686/RPMS/kernel-debuginfo-2.6.9-78.0.1.EL.i686.rpm
[root@localhost rpm-work]# rpm -ivh kernel-debuginfo-2.6.9-78.0.1.EL.i686.rpm
履歴
2009年06月24日 RHEL4系記載追加
2009年03月05日 新規作成
coreファイル内のnoteセクションにどんな情報が含まれているのか調べてみた。
$ objdump -h core.3313 core.3313: file format elf32-i386 Sections: Idx Name Size VMA LMA File off Algn 0 note0 000001d8 00000000 00000000 000001d4 2**0 CONTENTS, READONLY ...
$ readelf -a core.3313 ... Notes at offset 0x000001d4 with length 0x000001d8: Owner Data size Description CORE 0x00000090 NT_PRSTATUS (prstatus structure) CORE 0x0000007c NT_PRPSINFO (prpsinfo structure) CORE 0x00000090 NT_AUXV (auxiliary vector)
出力の一番最後にnoteの情報が出ている。
$ objdump -s -j note0 core.3313 core.3313: file format elf32-i386 Contents of section note0: 0000 05000000 90000000 01000000 434f5245 ............CORE 0010 00000000 0b000000 00000000 00000000 ................ 0020 0b000000 00000000 00000000 f10c0000 ................ 0030 460c0000 f10c0000 460c0000 00000000 F.......F....... 0040 e7030000 00000000 87130000 00000000 ................ 0050 00000000 00000000 00000000 f43fa300 .............?.. 0060 b01db4bf 01000000 a04c8f00 00000000 .........L...... 0070 981db4bf 341eb4bf 7b000000 7b000000 ....4...{...{... 0080 00000000 33000000 ffffffff 79830408 ....3.......y... 0090 73000000 82020100 80150590 7b000000 s...........{... 00a0 00000000 05000000 7c000000 03000000 ........|....... 00b0 434f5245 00000000 00520000 00064000 CORE.....R....@. 00c0 f401f401 f10c0000 460c0000 f10c0000 ........F....... 00d0 460c0000 6269675f 61727261 79000000 F...big_array... 00e0 00000000 2e2f6269 675f6172 72617920 ...../big_array 00f0 00000000 00000000 00000000 00000000 ................ 0100 00000000 00000000 00000000 00000000 ................ 0110 00000000 00000000 00000000 00000000 ................ 0120 00000000 00000000 00000000 00000000 ................ 0130 00000000 05000000 90000000 06000000 ................ 0140 434f5245 00000000 20000000 00c43d00 CORE.... .....=. 0150 21000000 00c03d00 10000000 fffbeb0f !.....=......... 0160 06000000 00100000 11000000 64000000 ............d... 0170 03000000 34800408 04000000 20000000 ....4....... ... 0180 05000000 07000000 07000000 00000000 ................ 0190 08000000 00000000 09000000 80820408 ................ 01a0 0b000000 f4010000 0c000000 f4010000 ................ 01b0 0d000000 f4010000 0e000000 f4010000 ................ 01c0 17000000 00000000 0f000000 3b1fb4bf ............;... 01d0 00000000 00000000 ........
[ ][ ][ ][ ] namesz(4byte) ノート名の長さ [ ][ ][ ][ ] descsz(4byte) ノート本体の長さ [ ][ ][ ][ ] type(4byte) ノートのタイプ [ ][ ][ ]…[ ] name(Nbyte) ノート名(長さはnamesz) ※4バイト境界 [ ][ ][ ]…[ ] desc(Nbyte) ノート本体(長さはdescs) ※4バイト境界
次に、NT_PRSTATUS (prstatus structure)、NT_PRPSINFO (prpsinfo structure)、NT_AUXV (auxiliary vector)といったノートのタイプとノート本体。ノート名は只のテキスト情報なので、ダンプ結果を見れば一目瞭然と思う。
$ grep "define NT_" /usr/include/elf.h #define NT_PRSTATUS 1 /* Contains copy of prstatus struct */ #define NT_FPREGSET 2 /* Contains copy of fpregset struct */ #define NT_PRPSINFO 3 /* Contains copy of prpsinfo struct */ #define NT_PRXREG 4 /* Contains copy of prxregset struct */ #define NT_TASKSTRUCT 4 /* Contains copy of task structure */ #define NT_PLATFORM 5 /* String from sysinfo(SI_PLATFORM) */ #define NT_AUXV 6 /* Contains copy of auxv array */ #define NT_GWINDOWS 7 /* Contains copy of gwindows struct */ #define NT_ASRS 8 /* Contains copy of asrset struct */ #define NT_PSTATUS 10 /* Contains copy of pstatus struct */ #define NT_PSINFO 13 /* Contains copy of psinfo struct */ #define NT_PRCRED 14 /* Contains copy of prcred struct */ #define NT_UTSNAME 15 /* Contains copy of utsname struct */ #define NT_LWPSTATUS 16 /* Contains copy of lwpstatus struct */ #define NT_LWPSINFO 17 /* Contains copy of lwpinfo struct */ #define NT_PRFPXREG 20 /* Contains copy of fprxregset struct*/ #define NT_VERSION 1 /* Contains a version string. */
$ cat /usr/include/sys/procfs.h ... struct elf_prstatus { struct elf_siginfo pr_info; /* Info associated with signal. */ short int pr_cursig; /* Current signal. */ unsigned long int pr_sigpend; /* Set of pending signals. */ unsigned long int pr_sighold; /* Set of held signals. */ __pid_t pr_pid; __pid_t pr_ppid; __pid_t pr_pgrp; __pid_t pr_sid; struct timeval pr_utime; /* User time. */ struct timeval pr_stime; /* System time. */ struct timeval pr_cutime; /* Cumulative user time. */ struct timeval pr_cstime; /* Cumulative system time. */ elf_gregset_t pr_reg; /* GP registers. */ int pr_fpvalid; /* True if math copro being used. */ }; ... struct elf_prpsinfo { char pr_state; /* Numeric process state. */ char pr_sname; /* Char for pr_state. */ char pr_zomb; /* Zombie. */ char pr_nice; /* Nice val. */ unsigned long int pr_flag; /* Flags. */ unsigned short int pr_uid; unsigned short int pr_gid; int pr_pid, pr_ppid, pr_pgrp, pr_sid; /* Lots missing */ char pr_fname[16]; /* Filename of executable. */ char pr_psargs[ELF_PRARGSZ]; /* Initial part of arg list. */ }; ...
auxiliary vectorとは、id(4byte)とその値Val(4byte)が交互に並んだ構造をしており、id=0となったところが構造の終わりとなっている。
[id(4byte)][val(4byte)][id(4byte)][val(4byte)]...[id(4byte)][val(4byte)]
$ grep "define AT_" /usr/include/elf.h #define AT_NULL 0 /* End of vector */ #define AT_IGNORE 1 /* Entry should be ignored */ #define AT_EXECFD 2 /* File descriptor of program */ #define AT_PHDR 3 /* Program headers for program */ #define AT_PHENT 4 /* Size of program header entry */ #define AT_PHNUM 5 /* Number of program headers */ #define AT_PAGESZ 6 /* System page size */ #define AT_BASE 7 /* Base address of interpreter */ #define AT_FLAGS 8 /* Flags */ #define AT_ENTRY 9 /* Entry point of program */ #define AT_NOTELF 10 /* Program is not ELF */ #define AT_UID 11 /* Real uid */ #define AT_EUID 12 /* Effective uid */ #define AT_GID 13 /* Real gid */ #define AT_EGID 14 /* Effective gid */ #define AT_CLKTCK 17 /* Frequency of times() */ #define AT_PLATFORM 15 /* String identifying platform. */ #define AT_HWCAP 16 /* Machine dependent hints about #define AT_FPUCW 18 /* Used FPU control word. */ #define AT_DCACHEBSIZE 19 /* Data cache block size. */ #define AT_ICACHEBSIZE 20 /* Instruction cache block size. */ #define AT_UCACHEBSIZE 21 /* Unified cache block size. */ #define AT_IGNOREPPC 22 /* Entry should be ignored. */ #define AT_SYSINFO 32 #define AT_SYSINFO_EHDR 33 #define AT_L1I_CACHESHAPE 34 #define AT_L1D_CACHESHAPE 35 #define AT_L2_CACHESHAPE 36 #define AT_L3_CACHESHAPE 37