Ext2文件系统实例分析
/dev/sda1为ext3格式的分区,使用dumpe2fs /dev/sda1可查看文件系统的总体信息。
#dumpe2fs /dev/sda1
Filesystem OS type: Linux
Inode count: 491520
Block count: 1965402
Reserved block count: 98270
Free blocks: 1020744
Free inodes: 351513
First block: 0
Block size: 4096
Fragment size: 4096
Reserved GDT blocks: 479
Blocks per group: 32768
Fragments per group: 32768
Inodes per group: 8192
Inode blocks per group: 512
Filesystem created: Fri Jun 18 11:35:46 2010
Last mount time: Wed Nov 3 20:47:19 2010
Last write time: Wed Nov 3 20:47:19 2010
.....
Group 0: (Blocks 0-32767)
Primary superblock at 0, Group descriptors at 1-1
Reserved GDT blocks at 2-480
Block bitmap at 481 (+481), Inode bitmap at 482 (+482)
Inode table at 483-994 (+483)
31160 free blocks, 8103 free inodes, 2 directories
Free blocks: 1003-2047, 2651-26623, 26625-30719, 30721-32767
Free inodes: 90-8192
Group 1: (Blocks 32768-65535)
Backup superblock at 32768, Group descriptors at 32769-32769
Reserved GDT blocks at 32770-33248
Block bitmap at 33249 (+481), Inode bitmap at 33250 (+482)
Inode table at 33251-33762 (+483)
31469 free blocks, 8149 free inodes, 1 directories
Free blocks: 33763-34815, 35120-65535
Free inodes: 8236-16384
Group 2: (Blocks 65536-98303)
Block bitmap at 65536 (+0), Inode bitmap at 65537 (+1)
文件系统超级块位于第2,3扇区,可通过如下方式进行验证:
#hexdump /dev/sda1 –C –s 1024 | more
00000400 00 80 07 00 5a fd 1d 00 de 7f 01 00 48 93 0f 00 |....Z.......H...|
00000410 19 5d 05 00 00 00 00 00 02 00 00 00 02 00 00 00 |.]..............|
00000420 00 80 00 00 00 80 00 00 00 20 00 00 d7 59 d1 4c |......... ...Y.L|
根据ext2_super_block的定义,前面几项依次为文件系统的索引节点数、文件系统总块数、文件系统预保留的块数、空闲块数、空闲索引节点数,其值分别为(小尾端):
00078000(491520) 001dfd5a(1965402) 00017fde(98270)
000f9348(1020744)00055d19(351513)
以上各个值与通过dumpe2fs得到的值吻合。
组描述符位于超级块后的1号块,读取1号块的内容如下:
# hexdump /dev/sda1 -C -s 4096 -n 1024
00001000 e1 01 00 00 e2 01 00 00 e3 01 00 00 b8 79 a7 1f |.............y..|
00001010 02 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001020 e1 81 00 00 e2 81 00 00 e3 81 00 00 ed 7a d5 1f |.............z..|
00001030 01 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001040 00 00 01 00 01 00 01 00 02 00 01 00 eb 7d f9 1f |.............}..|
根据ext2_group_desc结构的定义,前两项分别为块位图和索引节点位图所在的块号。
块组1中的这两个值分别为:000001e1(481)、000001e2(482);
块组2(偏移32个字节)中为:000081e1(33249)、000081e2(33250);
以上的各个值与dumpe2fs的结果吻合。
访问文件数据的验证
1. 对于文件dnfs-server.conf,查看其信息如下(inode号为88)
88 -rwxr-xr-x. 1 root root 35 2010-09-16 13:52 /dnfs-server.conf
2. 根据每个块组8192个inode计算,该文件的inode为第0块组的第88个inode。
3. 查看第0个块组的块组描述信息:
hexdump /dev/sda1 –C –s 4096 –n 32
00001000 e1 01 00 00 e2 01 00 00 e3 01 00 00 b8 79 a7 1f |.............y..|
00001010 02 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
Inode table的位置为块组描述符的第三个字段(偏移8个字节),为000001e3(483)
4. 读取第483个块的偏移87个inode(128字节)的位置的数据。
hexdump /dev/sda1 -C -s 2000640 -n 256 (2000640 = 483*4096 + 256 * 87)
001e8700 ed 81 00 00 23 00 00 00 3b b5 91 4c 8a b0 91 4c |....#...;..L...L|
001e8710 8a b0 91 4c 00 00 00 00 00 00 01 00 08 00 00 00 |...L............|
001e8720 00 00 00 00 00 00 00 00 00 68 00 00 00 00 00 00 |.........h......|
001e8730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
根据ext2_inode的定义,前面三项分别为访问模式,uid(low 16),大小(low 32)。
(81 ed) = 1000000111101101 (正常文件,rwxr-xr-x的访问权限)
(00 00) = root (root用户号位0)
(0000000023) = 文件大小为35个字节
直接指针从第40个字节的位置开始,即第一个数据块的位置为00006800(26624)。
5. 读取第26624个数据块的内容,与dnfs-server.conf的内容一样。
hexdump /dev/sda1 -C -s 109051904 -n 4096
06800000 6d 65 74 61 5f 72 6f 6f 74 20 2f 6d 6e 74 2f 6d |meta_root /mnt/m|
06800010 65 74 61 0d 0a 66 69 6c 65 5f 63 6f 70 69 65 73 |eta..file_copies|
06800020 20 20 32 00 00 00 00 00 00 00 00 00 00 00 00 00 | 2.............|
06800030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
