Category Archives: V —:::— Hunter

maps Memory maps to executables and library files

Leave a reply

UNIX Parameter 

$sudo cat /proc/1/maps 
[sudo] password for jeffrin: 
00400000-00409000 r-xp 00000000 08:01 6070276                            /sbin/init
00608000-00609000 r--p 00008000 08:01 6070276                            /sbin/init
00609000-0060a000 rw-p 00009000 08:01 6070276                            /sbin/init
01c21000-01c42000 rw-p 00000000 00:00 0                                  [heap]
7f641ff63000-7f641ff65000 r-xp 00000000 08:01 14532647                   /lib/x86_64-linux-gnu/libdl-2.13.so
7f641ff65000-7f6420165000 ---p 00002000 08:01 14532647                   /lib/x86_64-linux-gnu/libdl-2.13.so
7f6420165000-7f6420166000 r--p 00002000 08:01 14532647                   /lib/x86_64-linux-gnu/libdl-2.13.so
7f6420166000-7f6420167000 rw-p 00003000 08:01 14532647                   /lib/x86_64-linux-gnu/libdl-2.13.so
7f6420167000-7f64202e4000 r-xp 00000000 08:01 14532633                   /lib/x86_64-linux-gnu/libc-2.13.so
7f64202e4000-7f64204e4000 ---p 0017d000 08:01 14532633                   /lib/x86_64-linux-gnu/libc-2.13.so
7f64204e4000-7f64204e8000 r--p 0017d000 08:01 14532633                   /lib/x86_64-linux-gnu/libc-2.13.so
7f64204e8000-7f64204e9000 rw-p 00181000 08:01 14532633                   /lib/x86_64-linux-gnu/libc-2.13.so
7f64204e9000-7f64204ee000 rw-p 00000000 00:00 0 
7f64204ee000-7f642050b000 r-xp 00000000 08:01 9576465                    /lib/x86_64-linux-gnu/libselinux.so.1
7f642050b000-7f642070b000 ---p 0001d000 08:01 9576465                    /lib/x86_64-linux-gnu/libselinux.so.1
7f642070b000-7f642070c000 r--p 0001d000 08:01 9576465                    /lib/x86_64-linux-gnu/libselinux.so.1
7f642070c000-7f642070d000 rw-p 0001e000 08:01 9576465                    /lib/x86_64-linux-gnu/libselinux.so.1
7f642070d000-7f642070e000 rw-p 00000000 00:00 0 
7f642070e000-7f642074c000 r-xp 00000000 08:01 14401899                   /lib/x86_64-linux-gnu/libsepol.so.1
7f642074c000-7f642094c000 ---p 0003e000 08:01 14401899                   /lib/x86_64-linux-gnu/libsepol.so.1
7f642094c000-7f642094d000 rw-p 0003e000 08:01 14401899                   /lib/x86_64-linux-gnu/libsepol.so.1
7f642094d000-7f642096c000 r-xp 00000000 08:01 14532660                   /lib/x86_64-linux-gnu/ld-2.13.so
7f6420b44000-7f6420b48000 rw-p 00000000 00:00 0 
7f6420b6a000-7f6420b6c000 rw-p 00000000 00:00 0 
7f6420b6c000-7f6420b6d000 r--p 0001f000 08:01 14532660                   /lib/x86_64-linux-gnu/ld-2.13.so
7f6420b6d000-7f6420b6e000 rw-p 00020000 08:01 14532660                   /lib/x86_64-linux-gnu/ld-2.13.so
7f6420b6e000-7f6420b6f000 rw-p 00000000 00:00 0 
7fffa543c000-7fffa545d000 rw-p 00000000 00:00 0                          [stack]
7fffa55ff000-7fffa5600000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Parameter Definition

The /proc/PID/maps file containing the currently mapped memory regions and
their access permissions.


where "address" is the address space in the process that it occupies, "perms"
is a set of permissions:

 r = read
 w = write
 x = execute
 s = shared
 p = private (copy on write)

"offset" is the offset into the mapping, "dev" is the device (major:minor), and
"inode" is the inode  on that device.  0 indicates that  no inode is associated
with the memory region, as the case would be with BSS (uninitialized data).
The "pathname" shows the name associated file for this mapping.  If the mapping
is not associated with a file:

 [heap]                   = the heap of the program
 [stack]                  = the stack of the main process
 [vdso]                   = the "virtual dynamic shared object",
                            the kernel system call handler

 or if empty, the mapping is anonymous.

Parameter Code Related Internals

struct proc_dir_entry *my_proc_file = NULL;
 /* Create a proc file */
my_proc_file = create_proc_entry("rt-embedded", S_IRUSR |S_IWUSR | S_IRGRP | S_IROTH, NULL); 

if (my_proc_file)
{
  /* Setup the Read and Write functions */
  my_proc_file->read_proc  = my_proc_read;
  my_proc_file->write_proc = my_proc_write;
}

Related From a Paper

The full address space of a process is rarely used, only sparse regions are. Each
region is represented by a vm_area_struct which never overlap and represent a set
of addresses with the same protection and purpose. Examples of a region include
a read-only shared library loaded into the address space or the process heap. A
full list of mapped regions a process has may be viewed via the proc interface at
/proc/PID/maps where PID is the process ID of the process that is to be examined.
The region may have a number of di?erent structures associated with it as illus-
trated in Figure 5.2. At the top, there is the vm_area_struct which on its own is
enough to represent anonymous memory.
If a ?le is memory mapped, the struct ?le is available through the vm_file ?eld
which has a pointer to the struct inode. The inode is used to get the struct
address_space which has all the private information about the ?le including a set
of pointers to ?lesystem functions which perform the ?lesystem speci?c operations
such as reading and writing pages to disk

source : 
Understanding The
Linux Virtual Memory Manager
Mel Gorman
15th February 2004

http://www.cs.miami.edu/~burt/learning/Csc521.071/notes/understand.pdf

Theory Drop

In  computer  science, a  heap  is  a  specialized tree-based  data
structure that satisfies the heap property
Heaps

A binary tree has the heap property iff
it is empty or
the key in the root is larger than that in either child and both subtrees have the heap property.

source:http://en.wikipedia.org/wiki/Heap_(data_structure)

http://www.cs.auckland.ac.nz/~jmor159/PLDS210/heaps.html

Fix Required

Related from Paper section has junk charecters
which should be replaced by proper letters.

tcp_sack – BOOLEAN

Leave a reply

A UNIX Parameter

$cat tcp_sack 
1
$

Parameter Definition

tcp_sack - BOOLEAN
 Enable select acknowledgments (SACKS).

SACK is  defined by  RFCs 2018, 2883,  and 3517 (see  Resources for
links  to  these  RFCs).  Plain  TCP  (in  other  words,  non-SACK)
acknowledgments  are  strictly  cumulative-an acknowledgment  of  N
means that  byte N and all  previous bytes have  been received. The
problem SACK is meant to address is this "all or nothing" nature of
the plain cumulative acknowledgment.   For instance, even if packet
2 (in  a sequence 0  to 9,  say) is the  only packet lost  during a
transfer, the  receiver can  issue a plain  ACK only for  packet 1,
because that  is the  highest packet it  received without a  gap. A
SACK receiver,  on the other  hand, can issue  an ACK for 1  plus a
SACK option for  packets 3 through 9. This  extra information helps
the sender determine that the losses are fairly minimal and that it
only needs to  retransmit a little bit of  data. Without this extra
information, it  would need to  retransmit much more data  and slow
down its  sending rate to  accommodate what looks like  a high-loss
network.

source: http://www.ibm.com/developerworks/linux/library/l-tcp-sack/index.html

Parameter Code Internals

/* If data was SACKed, tag it and see if we should send more data.
         * If data was DSACKed, see if we can undo a cwnd reduction.
         */
        if (TCP_SKB_CB(skb)->sacked) {
                flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una);
                newly_acked_sacked = tp->sacked_out - prior_sacked;
                tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked,
                                      is_dupack, flag);
        }

Related From Research Paper

Abstract—The standard transmission control protocol(TCP) 
can not distinguish between the random packet losses due to 
high bit error rate(BER) and the packet losses due to network 
congestion. TCP responds to all losses by invoking congestion 
control and avoidance algorithms, resulting in degraded 
end-to-end performance in wireless and lossy systems. 
Meanwhile, the performance of TCP would be deteriorated 
very much when it suffered from multi-packets losses in a 
single transmission window. This paper propose a 
modification over TCP_SACK version,we called it MSACK. 
When MSACK cooperates with the router configured with 
explicit congestion notification(ECN), it is capable of 
distinguishing the wireless packet losses from the congestion 
packet losses, and reacting accordingly. At the same time, 
MSACK adopts available bandwidth algorithm at data sender 
to optimize cwnd and ssthresh in order to avoiding lower slow 
start threshold when packet losses occured. On the other hand, 
the performance of MSACK in wireless environment can be 
improved by taking  advantage of retransmission and 
restoration in SACK version when TCP encountered 
multi-packets losses in a single transmission window. The 
simulations in this paper show that the modification of TCP is 
feasible, and the performance of TCP is improved actually.

source :
Performance Research and Improvement of TCP_SACK in Wireless Environment 
Hu Han 
Physics & Electronics Information Technology Department 
Xiangfan University 
Xiangfan?China 
xfhuhan@163.com