Linux应用层Ring3数据结构学习总结

目录

1. 权限账户相关数据结构
2. 网络相关数据结构

 

1. 权限账户相关数据结构

0x1: struct utmp

The utmp file allows one to discover information about who is currently using the system.  There may be more users currently using the system, because not all programs use utmp 
logging.

The file is a sequence of utmp structures, declared as follows in <utmp.h>

struct utmp 
{
    short   ut_type;              /* Type of record */
    pid_t   ut_pid;               /* PID of login process */
    char    ut_line[UT_LINESIZE]; /* Device name of tty - "/dev/" */
    char    ut_id[4];             /* Terminal name suffix, or inittab(5) ID */
    char    ut_user[UT_NAMESIZE]; /* Username */
    char    ut_host[UT_HOSTSIZE]; /* Hostname for remote login, or kernel version for run-level messages */
    struct  exit_status ut_exit;  /* Exit status of a process marked as DEAD_PROCESS; not used by Linux init(8) */
               
    /* 
    The ut_session and ut_tv fields must be the same size when compiled 32- and 64-bit.  This allows data files and shared memory to be shared between 32- and 64-bit applications. 
    */
    #if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32
        int32_t ut_session;           /* Session ID (getsid(2)),
                                                used for windowing */
        struct 
        {
                   int32_t tv_sec;           /* Seconds */
                   int32_t tv_usec;          /* Microseconds */
               } ut_tv;                      /* Time entry was made */
    #else
        long   ut_session;           /* Session ID */
                struct timeval ut_tv;        /* Time entry was made */
    #endif

    int32_t ut_addr_v6[4];        /* Internet address of remote host; IPv4 address uses just ut_addr_v6[0] */
    char __unused[20];            /* Reserved for future use */
};

short   ut_type;              /* Type of record */

/* Values for ut_type field, below */

#define EMPTY         0 /* Record does not contain valid info (formerly known as UT_UNKNOWN on Linux) */
#define RUN_LVL       1 /* Change in system run-level (see init(8)) */
#define BOOT_TIME     2 /* Time of system boot (in ut_tv) */
#define NEW_TIME      3 /* Time after system clock change (in ut_tv) */
#define OLD_TIME      4 /* Time before system clock change (in ut_tv) */
#define INIT_PROCESS  5 /* Process spawned by init(8) */
#define LOGIN_PROCESS 6 /* Session leader process for user login */
#define USER_PROCESS  7 /* Normal process */
#define DEAD_PROCESS  8 /* Terminated process */
#define ACCOUNTING    9 /* Not implemented */

宏定义

#define UT_LINESIZE      32
#define UT_NAMESIZE      32
#define UT_HOSTSIZE     256

struct  exit_status ut_exit;  /* Exit status of a process marked as DEAD_PROCESS; not used by Linux init(8) */

struct exit_status 
{
    /* Type for ut_exit, below */
    short int e_termination;      /* Process termination status */
    short int e_exit;             /* Process exit status */
};

宏定义

/* Backward compatibility hacks */
#define ut_name ut_user
#ifndef _NO_UT_TIME
    #define ut_time ut_tv.tv_sec
#endif
#define ut_xtime ut_tv.tv_sec
#define ut_addr ut_addr_v6[0]

Relevant Link:

http://man7.org/linux/man-pages/man5/utmp.5.html

 

2. 网络相关数据结构

0x1: struct sockaddr

struct sockaddr 
{
    unsigned  short  sa_family;        /* address family, AF_xxx */
    char  sa_data[14];            /* 14 bytes of protocol address */
};

此数据结构用做bind、connect、recvfrom、sendto等函数的参数，指明地址信息

sa_family

1. AF_UNIX, AF_LOCAL：Local communication               
2. AF_INET：IPv4 Internet protocols        
3. AF_INET6：IPv6 Internet protocols       
4. AF_IPX：IPX - Novell protocols
5. AF_NETLINK：Kernel user interface device     
6. AF_X25：ITU-T X.25 / ISO-8208 protocol    
7. AF_AX25：Amateur radio AX.25 protocol
8. AF_ATMPVC：Access to raw ATM PVCs
9. AF_APPLETALK：AppleTalk                        
10. AF_PACKET：Low level packet interface        
11. SOCK_STREAM： Provides sequenced, reliable, two-way, connection-based byte streams.  An out-of-band data transmission mechanism may be supported.
12. SOCK_DGRAM：Supports datagrams (connectionless, unreliable messages of a fixed maximum length).
13. SOCK_SEQPACKET：Provides a sequenced, reliable, two-way connection-based data transmission path for datagrams of fixed maximum length; a consumer is required to read an entire packet with each input system call.
14. SOCK_RAW：Provides raw network protocol access.
15. SOCK_RDM：Provides a reliable datagram layer that does not guarantee ordering.
16. SOCK_PACKET：Obsolete and should not be used in new programs 
17. SOCK_NONBLOCK：Set the O_NONBLOCK file status flag on the new open file description.  Using this flag saves extra calls to fcntl(2) to achieve the same result.
18. SOCK_CLOEXEC：Set the close-on-exec (FD_CLOEXEC) flag on the new  file descriptor.  See the description of the O_CLOEXEC flag in open(2) for reasons why this may be useful.

0x2: struct sockaddr_in

struct sockaddr_in 
{
    short            sin_family;   // e.g. AF_INET, AF_INET6
    unsigned short   sin_port;     // e.g. htons(3490)
    struct in_addr   sin_addr;     // see struct in_addr, below
    char             sin_zero[8];  // zero this if you want to
};

struct in_addr 
{
    unsigned long s_addr;          // load with inet_pton()
};

0x3: struct sockaddr_in6

struct sockaddr_in6 {
    u_int16_t       sin6_family;   // address family, AF_INET6
    u_int16_t       sin6_port;     // port number, Network Byte Order
    u_int32_t       sin6_flowinfo; // IPv6 flow information
    struct in6_addr sin6_addr;     // IPv6 address
    u_int32_t       sin6_scope_id; // Scope ID
};

struct in6_addr {
    unsigned char   s6_addr[16];   // load with inet_pton()
};

Relevant Link:

http://beej.us/guide/bgnet/output/html/multipage/sockaddr_inman.html

 

Copyright (c) 2014 LittleHann All rights reserved