How to analysis coredump using GDB tool?

Hello,

Usually particular program or kernel creates core dump/vmcore file. You need to enable coredump on the linux machine. To collect the vmcore file(memory dump using crash kernel) you need to install kexec/kdump utils in the machine.

Once setup is done, you can install GDB like : #yum install gdb

1. Analysis coredump generated by process/binary :

a)Install the particular package which contains that binary. Check the version to make it similar if you want to analysis the coredump file on another system.
b) Install -debuginfo- on the machine of that same package.
c) start GDBing like : #gdb
d) type #bt at the gdb prompt to get the stack of the symbols. Now analyse these to get the clue.

2. To analysis the vmcore file you need to replace the with and with file

then type bt to get backstrace.

Example to gdb on a simple c program :

-----
1. Program :
hello.c

#include

char hello[] = { "Hello, World!" };

int
main()
{
fprintf (stdout, "%s\n", hello);
return (0);
}
-----

2. Compile the above program :

#gcc -g -o hello hello.c

3. Run gdb on the hello binary, i.e. gdb hello.
#gdb hello

4. Some things can be done even before execution is started. The variable hello is global, so it can be seen even before the main procedure starts:

gdb) p hello
$1 = "Hello, World!"
(gdb) p hello[0]
$2 = 72 'H'
(gdb) p *hello
$3 = 72 'H'
(gdb)

5.Next, list the source:

(gdb) l OR gdb list

1 #include
2
3 char hello[] = { "Hello, World!" };
4
5 int
6 main()
7 {
8 fprintf (stdout, "%s\n", hello);
9 return (0);
10 }

6. The list reveals that the fprintf call is on line 8. Apply a breakpoint on that line and resume the code:

(gdb) br 8
Breakpoint 1 at 0x80483ed: file hello.c, line 8.
(gdb) r
Starting program: /home/moller/tinkering/gdb-manual/hello

Breakpoint 1, main () at hello.c:8
8 fprintf (stdout, "%s\n", hello);

7. Finally, use the “next” command to step past the fprintf call, executing it:
gdb n
=======

Try :)

Read More

What is Proxy and Reverse Proxy?

Web Proxies :

A proxy server is a gateway for users to the Web at large. Users configure the proxy in their browser settings, and all HTTP requests are routed via the proxy. Proxies are typically operated by ISPs and network administrators, and serve several purposes: for example,

* to speed access to the Web by caching pages fetched, so that popular pages don't have to be re-fetched for every user who views them.
* to enable controlled access to the web for users behind a firewall.
* to filter or transform web content.

Reverse Proxies :

A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website. Loadbalancing a heavy-duty application, or protecting a vulnerable one, are other common usages. But the most common reason to run a reverse proxy is to enable controlled access from the Web at large to servers behind a firewall.

The proxied server may be a webserver itself, or it may be an application server using a different protocol, or an application server with just rudimentary HTTP that needs to be shielded from the web at large. Since 2004, reverse proxying has been the preferred method of deploying JAVA/Tomcat applications on the Web, replacing the old mod_jk (itself a special-purpose reverse proxy module).

A Reverse Proxy Scenario:

Company example.com has a website at www.example.com, which has a public IP address and DNS entry, and can be accessed from anywhere on the Internet.

The company also has a couple of application servers which have private IP addresses and unregistered DNS entries, and are inside the firewall. The application servers are visible within the network - including the webserver, as "internal1.example.com" and "internal2.example.com", But because they have no public DNS entries, anyone looking at internal1.example.com from outside the company network will get a "no such host" error.

A decision is taken to enable Web access to the application servers. But they should not be exposed to the Internet directly, instead they should be integrated with the webserver, so that http://www.example.com/app1/any-path-here is mapped internally to http://internal1.example.com/any-path-here and http://www.example.com/app2/other-path-here is mapped internally to http://internal2.example.com/other-path-here. This is a typical reverse-proxy situation.

Load following Apache Proxy Modules :

* mod_proxy: The core module deals with proxy infrastructure and configuration and managing a proxy request.
* mod_proxy_http: This handles fetching documents with HTTP and HTTPS.
* mod_proxy_ftp: This handles fetching documents with FTP.
* mod_proxy_connect: This handles the CONNECT method for secure (SSL) tunnelling.
* mod_proxy_ajp: This handles the AJP protocol for Tomcat and similar backend servers.
* mod_proxy_balancer implements clustering and load-balancing over multiple backends.
* mod_cache, mod_disk_cache, mod_mem_cache: These deal with managing a document cache. To enable caching requires mod_cache and one or both of disk_cache and mem_cache.
* mod_proxy_html: This rewrites HTML links into a proxy's address space.
* mod_xml2enc: This supports internationalisation (i18n) on behalf of mod_proxy_html and other markup-filtering modules. space.
* mod_headers: This modifies HTTP request and response headers.
* mod_deflate: Negotiates compression with clients and backends.

Most important are mod_proxy_balancer, mod_cache, mod_disk_cache, mod_mem_cache, mod_deflate

Building Apache for Proxying :
Use options during compiling apache using source code :

----
$ ./configure --enable-so --enable-mods-shared="proxy cache ssl all"
----

Using apxs tool on existing apache installation :

---
apxs -c -i [module-name].c
---

Configuring the Proxy :

Load following modules in http.conf :

----
oadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadFile /usr/lib/libxml2.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_html_module modules/mod_proxy_html.so
----

The fundamental configuration directive to set up a reverse proxy is ProxyPass. We use it to set up proxy rules for each of the application servers in the httpd.conf file on the webserver:

----
ProxyPass /app1/ http://internal1.example.com/
ProxyPass /app2/ http://internal2.example.com/
----

However, this is not the whole story. ProxyPass just sends traffic straight through. So when the application servers generate references to themselves (or to other internal addresses), they will be passed straight through to the outside world, where they won't work. The proxy needs to re-map the Location header to its own address space and return a valid URL. The command to enable such rewrites in the HTTP Headers is ProxyPassReverse. The Apache documentation suggests the form:

----
ProxyPassReverse /app1/ http://internal1.example.com/
ProxyPassReverse /app2/ http://internal2.example.com/
----

Note : just made it more available in net. ref : http://www.blogger.com/post-create.g?blogID=4333613427966952010

Read More

How to create bigger than 2TB partition table on linux?

Environment :
RHEL 5, RHEL 6
File system : ext3, ext4,xfs, gfs

Ans : Partition table msdos has limitation of partition table size and it is less than equal 2TB. Use parted command to change the partition table type to support more than 2TB size. Please do like :

---
#parted /dev/dev_name
#mklabel gpt
#quit
---

That's it.

Try :)

Read More

How to compress and uncompress image file on linux?

Use the following command :

1.UNCOMPRESS :


uncompress the image and extract the archive into /tmp/initrd

-----
#gzip -dc < /tmp/initrd.img | cpio -idv ----- or ---- zcat -d image|cpio -idv ---- 2COMPRESS :


a) Generate a list of files to be made into a new cpio archive.

-----
#find . -depth -print | cpio -ovc > ../custom-initrd.cpio
-----

b) gzip the cpio image:

-----
#gzip -9 ../custom-initrd.cpio
-----

tc..

Read More

worker(ie threaded) MPM vs pre-fork(non -threaded) MPM

Guys,

Apache comes in a few different flavours. The two most common are pre-forked (multi-process) and multi-threaded (worker).

If you're doing lots of little static connections, threads would be lighter and faster. If you just have few big apps constantly spawned, prefork might have an edge due it's maturity and stability.

The multi-threaded version often faster and takes less memory. Apache must fully support a multi-threaded environment. Modules that are not 100% thread-safe can cause Apache to crash or behave strangely. The pre-forked version takes more memory. In a VPS, like your Zerigo Server, memory’s usually a fairly important concern. However, the pre-forked version also alleviates the need for modules to be fully thread-safe.

In general, I recommend using the multi-threaded version of Apache only if you are confident that all of the rest of your software stack will support it. If it won’t, or you’re just unsure, then you should run the pre-forked version. Using more memory is definitely better than having things crash or be otherwise unstable.

One of the most common add-on modules, PHP, has some thread-safely problems. To be fair, the core of PHP is supposed to be fine in a multi-threaded Apache. However, some of the third-party libraries used by PHP are not thread-safe. This has the downside of needing to use the pre-forked version of Apache if you plan to use PHP running from inside Apache as a module (using mod_php, which is by far the most common way of running PHP).

When running PHP via mod_php, choose pre-forked. When running only static files (html, jpg, etc), choose multi-threaded. If passing on to a backend application server like Mongrel (for Ruby on Rails), the multi-threaded version works fine.

If you’re mixing and matching uses and even one use, in one virtual host, requires the pre-forked version, then pre-forked will need to be your choice.

If you want all the available server resource put to the best use and get the best performance out of your server, you could switch to worker from the default prefork.

If you would rate stability more, then you would rather prefer prefork to worker.

The decision actually is not that obvious. It warrants expertise, and in-depth analysis of your exact requirements.

tc. MIA..

Read More

RPC Programs and Procedures(NFS) details

RPC Programs and Procedures(RPC request Message) :

The RPC call message has three unsigned integer fields -- remote
program number, remote program version number, and remote procedure
number -- which uniquely identify the procedure to be called.
Program numbers are administered by a central authority
(rpc@sun.com). Once implementors have a program number, they can
implement their remote program; the first implementation would most
likely have the version number 1. Because most new protocols evolve,
a version field of the call message identifies which version of the
protocol the caller is using. Version numbers enable support of both
old and new protocols through the same server process.

The procedure number identifies the procedure to be called. These
numbers are documented in the specific program's protocol
specification. For example, a file service's protocol specification
may state that its procedure number 5 is "read" and procedure number
12 is "write".

Just as remote program protocols may change over several versions,
the actual RPC message protocol could also change. Therefore, the
call message also has in it the RPC version number, which is always
equal to two for the version of RPC described here.

check : http://kmaiti.blogspot.com/2011/03/how-rpc-works.html

RPC Reply Message :

The reply message to a request message has enough information to
distinguish the following error conditions:

(1) The remote implementation of RPC does not support protocol
version 2. The lowest and highest supported RPC version numbers
are returned.

(2) The remote program is not available on the remote system.

(3) The remote program does not support the requested version
number. The lowest and highest supported remote program version
numbers are returned.

(4) The requested procedure number does not exist. (This is
usually a client side protocol or programming error.)

(5) The parameters to the remote procedure appear to be garbage
from the server's point of view. (Again, this is usually caused
by a disagreement about the protocol between client and service.)

check : http://kmaiti.blogspot.com/2011/03/how-rpc-works.html

Program Number Assignment :

Program numbers are given out in groups of hexadecimal 20000000
(decimal 536870912) according to the following chart:

0 - 1fffffff defined by rpc@sun.com
20000000 - 3fffffff defined by user
40000000 - 5fffffff transient
60000000 - 7fffffff reserved
80000000 - 9fffffff reserved
a0000000 - bfffffff reserved
c0000000 - dfffffff reserved
e0000000 - ffffffff reserved

>> The first group is a range of numbers administered by rpc@sun.com and
should be identical for all sites.
>> The second range is for applications peculiar to a particular site. This range is intended
primarily for debugging new programs. When a site develops an
application that might be of general interest, that application
should be given an assigned number in the first range. Application
developers may apply for blocks of RPC program numbers in the first
range by sending electronic mail to "rpc@sun.com".
>>The third group is for applications that generate program numbers dynamically. The
final groups are reserved for future use, and should not be used.

You can capture the tcpdump and analysis it by wireshark.

-----------

nfs server daemons:

rpc.portmap
rpc.mountd, rpc.nfsd
rpc.statd, rpc.lockd (if necessary), and rpc.rquotad

nfs client daemons :

portmap, lockd, and statd

check : rpcinfo -p

URL : http://kmaiti.blogspot.com/2011/03/how-nfs-works.html
------------

Read More

How NFS works

Read More