Linux

 Linux booting

The boot process -

   1. A boot loader finds the kernel image on the disk, loads it into memory, and starts it.

   2. The kernel initializes the devices and its drivers.

   3. The kernel mounts the root filesystem.

   4. The kernel starts a program called init.

   5. init sets the rest of the processes in motion.

   6. The last processes that init starts as part of the boot sequence allow you to log in.

Identifying each stage of the boot process is invaluable in fixing boot problems and understanding the system as a whole. To start, zero in on the boot loader, which is the initial screen or prompt you get after the computer does its power-on self-test, asking which operating system to run. After you make a choice, the boot loader runs the Linux kernel, handing control of the system to the kernel.

There is a detailed discussion of the kernel elsewhere in this book from which this article is excerpted. This article covers the kernel initialization stage, the stage when the kernel prints a bunch of messages about the hardware present on the system. The kernel starts init just after it displays a message proclaiming that the kernel has mounted the root filesystem:

VFS: Mounted root (ext2 filesystem) readonly.

Soon after, you will see a message about init starting, followed by system service startup messages, and finally you get a login prompt of some sort.

Note On Red Hat Linux, the init note is especially obvious, because it "welcomes" you to "Red Hat Linux." All messages thereafter show success or failure in brackets at the right-hand side of the screen.

Most of this chapter deals with init, because it is the part of the boot sequence where you have the most control.

init

There is nothing special about init. It is a program just like any other on the Linux system, and you'll find it in /sbin along with other system binaries. The main purpose of init is to start and stop other programs in a particular sequence. All you have to know is how this sequence works.

There are a few different variations, but most Linux distributions use the System V style discussed here. Some distributions use a simpler version that resembles the BSD init, but you are unlikely to encounter this.

Runlevels

At any given time on a Linux system, a certain base set of processes is running. This state of the machine is called its runlevel, and it is denoted with a number from 0 through 6. The system spends most of its time in a single runlevel. However, when you shut the machine down, init switches to a different runlevel in order to terminate the system services in an orderly fashion and to tell the kernel to stop. Yet another runlevel is for single-user mode, discussed later.

The easiest way to get a handle on runlevels is to examine the init configuration file, /etc/inittab. Look for a line like the following:

id:5:initdefault:

This line means that the default runlevel on the system is 5. All lines in the inittab file take this form, with four fields separated by colons occurring in the following order:

# A unique identifier (a short string, such as id in the preceding example)

# The applicable runlevel number(s)

# The action that init should take (in the preceding example, the action is to set the default runlevel to 5)

# A command to execute (optional)

There is no command to execute in the preceding initdefault example because a command doesn't make sense in the context of setting the default runlevel. Look a little further down in inittab, until you see a line like this:

l5:5:wait:/etc/rc.d/rc 5

This line triggers most of the system configuration and services through the rc*.d and init.d directories. You can see that init is set to execute a command called /etc/rc.d/rc 5 when in runlevel 5. The wait action tells when and how init runs the command: run rc 5 once when entering runlevel 5, and then wait for this command to finish before doing anything else.

There are several different actions in addition to initdefault and wait, especially pertaining to power management, and the inittab(5) manual page tells you all about them. The ones that you're most likely to encounter are explained in the following sections.

respawn

The respawn action causes init to run the command that follows, and if the command finishes executing, to run it again. You're likely to see something similar to this line in your inittab file:

1:2345:respawn:/sbin/mingetty tty1

The getty programs provide login prompts. The preceding line is for the first virtual console (/dev/tty1), the one you see when you press ALT-F1 or CONTROL-ALT-F1. The respawn action brings the login prompt back after you log out.

ctrlaltdel

The ctrlaltdel action controls what the system does when you press CONTROL-ALT-DELETE on a virtual console. On most systems, this is some sort of reboot command using the shutdown command.

sysinit

The sysinit action is the very first thing that init should run when it starts up, before entering any runlevels.

How processes in runlevels start

You are now ready to learn how init starts the system services, just before it lets you log in. Recall this inittab line from earlier:

l5:5:wait:/etc/rc.d/rc 5

This small line triggers many other programs. rc stands for run commands, and you will hear people refer to the commands as scripts, programs, or services. So, where are these commands, anyway?

For runlevel 5, in this example, the commands are probably either in /etc/rc.d/rc5.d or /etc/rc5.d. Runlevel 1 uses rc1.d, runlevel 2 uses rc2.d, and so on. You might find the following items in the rc5.d directory:

S10sysklogd       S20ppp          S99gpm

S12kerneld        S25netstd_nfs   S99httpd

S15netstd_init    S30netstd_misc  S99rmnologin

S18netbase        S45pcmcia       S99sshd

S20acct           S89atd

S20logoutd        S89cron

The rc 5 command starts programs in this runlevel directory by running the following commands:

S10sysklogd start

S12kerneld start

S15netstd_init start

S18netbase start

...

S99sshd start

Notice the start argument in each command. The S in a command name means that the command should run in start mode, and the number (00 through 99) determines where in the sequence rc starts the command.

The rc*.d commands are usually shell scripts that start programs in /sbin or /usr/sbin. Normally, you can figure out what one of the commands actually does by looking at the script with less or another pager program.

You can start one of these services by hand. For example, if you want to start the httpd Web server program manually, run S99httpd start. Similarly, if you ever need to kill one of the services when the machine is on, you can run the command in the rc*.d directory with the stop argument (S99httpd stop, for instance).

Some rc*.d directories contain commands that start with K (for "kill," or stop mode). In this case, rc runs the command with the stop argument instead of start. You are most likely to encounter K commands in runlevels that shut the system down.

Adding and removing services

If you want to add, delete, or modify services in the rc*.d directories, you need to take a closer look at the files inside. A long listing reveals a structure like this:

lrwxrwxrwx . . . S10sysklogd -> ../init.d/sysklogd

lrwxrwxrwx . . . S12kerneld -> ../init.d/kerneld

lrwxrwxrwx . . . S15netstd_init -> ../init.d/netstd_init

lrwxrwxrwx . . . S18netbase -> ../init.d/netbase

...

The commands in an rc*.d directory are actually symbolic links to files in an init.d directory, usually in /etc or /etc/rc.d. Linux distributions contain these links so that they can use the same startup scripts for all runlevels. This convention is by no means a requirement, but it often makes organization a little easier.

To prevent one of the commands in the init.d directory from running in a particular runlevel, you might think of removing the symbolic link in the appropriate rc*.d directory. This does work, but if you make a mistake and ever need to put the link back in place, you might have trouble remembering the exact name of the link. Therefore, you shouldn't remove links in the rc*.d directories, but rather, add an underscore (_) to the beginning of the link name like this:

mv S99httpd _S99httpd

At boot time, rc ignores _S99httpd because it doesn't start with S or K. Furthermore, the original name is still obvious, and you have quick access to the command if you're in a pinch and need to start it by hand.

To add a service, you must create a script like the others in the init.d directory and then make a symbolic link in the correct rc*.d directory. The easiest way to write a script is to examine the scripts already in init.d, make a copy of one that you understand, and modify the copy.

When adding a service, make sure that you choose an appropriate place in the boot sequence to start the service. If the service starts too soon, it may not work, due to a dependency on some other service. For non-essential services, most systems administrators prefer numbers in the 90s, after most of the services that came with the system.

Linux distributions usually come with a command to enable and disable services in the rc*.d directories. For example, in Debian, the command is update-rc.d, and in Red Hat Linux, the command is chkconfig. Graphical user interfaces are also available. Using these programs helps keep the startup directories consistent and helps with upgrades.

HINT: One of the most common Linux installation problems is an improperly configured XFree86 server that flicks on and off, making the system unusable on console. To stop this behavior, boot into single-user mode and alter your runlevel or runlevel services. Look for something containing xdm, gdm, or kdm in your rc*.d directories, or your /etc/inittab.

Controlling init

Occasionally, you need to give init a little kick to tell it to switch runlevels, to re-read the inittab file, or just to shut down the system. Because init is always the first process on a system, its process ID is always 1.

You can control init with telinit. For example, if you want to switch to runlevel 3, use this command:

telinit 3

When switching runlevels, init tries to kill off any processes that aren't in the inittab file for the new runlevel. Therefore, you should be careful about changing runlevels.

When you need to add or remove respawning jobs or make any other change to the inittab file, you must tell init about the change and cause it to re-read the file. Some people use kill -HUP 1 to tell init to do this. This traditional method works on most versions of Unix, as long as you type it correctly. However, you can also run this telinit command-

telinit q

You can also use telinit s to switch to single-user mode.

Shutting down

init also controls how the system shuts down and reboots. The proper way to shut down a Linux machine is to use the shutdown command.

There are two basic ways to use shutdown. If you halt the system, it shuts the machine down and keeps it down. To make the machine halt immediately, use this command:

shutdown -h now

On most modern machines with reasonably recent versions of Linux, a halt cuts the power to the machine. You can also reboot the machine. For a reboot, use -r instead of -h.

The shutdown process takes several seconds. You should never reset or power off a machine during this stage.

In the preceding example, now is the time to shut down. This argument is mandatory, but there are many ways of specifying it. If you want the machine to go down sometime in the future, one way is to use +n, where n is the number of minutes shutdown should wait before doing its work. For other options, look at the shutdown(8) manual page.

To make the system reboot in 10 minutes, run this command:

shutdown -r +10

On Linux, shutdown notifies anyone logged on that the machine is going down, but it does little real work. If you specify a time other than now, shutdown creates a file called /etc/nologin. When this file is present, the system prohibits logins by anyone except the superuser.

When system shutdown time finally arrives, shutdown tells init to switch to runlevel 0 for a halt and runlevel 6 for a reboot. When init enters runlevel 0 or 6, all of the following takes place, which you can verify by looking at the scripts inside rc0.d and rc6.d:

1. init kills every process that it can.

# The initial rc0.d/rc6.d commands run, locking system files into place and making other preparations for shutdown.

# The next rc0.d/rc6.d commands unmount all filesystems other than the root.

# Further rc0.d/rc6.d commands remount the root filesystem read-only.

# Still more rc0.d/rc6.d commands write all buffered data out to the filesystem with the sync program.

# The final rc0.d/rc6.d commands tell the kernel to reboot or stop with the reboot, halt, or poweroff program.

The reboot and halt programs behave differently for each runlevel, potentially causing confusion. By default, these programs call shutdown with the -r or -h options, but if the system is already at the halt or reboot runlevel, the programs tell the kernel to shut itself off immediately. If you really want to shut your machine down in a hurry (disregarding any possible damage from a disorderly shutdown), use the -f option.

TCP/IP Network Model

TCP/IP model

The TCP/IP Model separates networking functions into discrete layers. Each layer performs a specific function and is transparent to the layer above it and the layer below it. Network models are used to conceptualize how networks should work, so that hardware and network protocols can interoperate. The TCP/IP model is one of the two most common network models, the other being the OSI Model.

The TCP/IP Model of networking is a different way of looking at networking. Because the model was developed to describe TCP/IP, it is the closest model of the Internet, which uses TCP/IP.

The TCP/IP network model breaks down into four (4) layers:

• Application Layer

• Transport Layer

• Internet Layer

• Network Access Layer

 

 Comparison and Difference between TCP/IP and OSI models-

Like OSI network model, TCP/IP also has a network model. TCP/IP was on the path of development when the OSI standard was published and there was interaction between the designers of OSI and TCP/IP standards. The TCP/IP model is not same as OSI model. OSI is a seven-layered standard, but TCP/IP is a four layered standard. The OSI model has been very influential in the growth and development of TCP/IP standard, and that is why much OSI terminology is applied to TCP/IP. The following figure compares the TCP/IP and OSI network models.

As we can see from the above figure, presentation and session layers are not there in OSI model. Also note that the Network Access Layer combines the functions of Datalink Layer and Physical Layer.

TCP/IP Model Layers

 

Application Layer

The Application Layer provides the user with the interface to communication. This could be your web browser, e-mail client (Outlook, Eudora or Thunderbird), or a file transfer client.

The Application Layer is where your web browser, a telnet, ftp, e-mail or other client application runs. Basically, any application that rides on top of TCP and/or UDP that uses a pair of virtual network sockets and a pair of IP addresses.

The Application Layer sends to, and receives data from, the Transport Layer.

Transport Layer

The Transport Layer provides the means for the transport of data segments across the Internet Layer. The Transport Layer is concerned with end-to-end (host-to-host) communication.

Transmission Control Protocol provides reliable, connection-oriented transport of data between two endpoints (sockets) on two computers that use Internet Protocol to communicate.

User Datagram Protocol provides unreliable, connectionless transport of data between two endpoints (sockets) on two computers that use Internet Protocol to communicate.

The Transport Layer sends data to the Internet layer when transmitting and sends data to the Application Layer when receiving.

Internet Layer

The Internet Layer provides connectionless communication across one or more networks, a global logical addressing scheme and packetization of data. The Internet Layer is concerned with network to network communication.

The Internet Layer is responsible for packetization, addressing and routing of data on the network. Internet Protocol provides the packetization, logical addressing and routing functions that forward packets from one computer to another.

The Internet Layer communicates with the Transport Layer when receiving and sends data to the Network Access Layer when transmitting.

Network Access Layer

The Network Access Layer provides access to the physical network.

This is your network interface card. Ethernet, FDDI, Token Ring, ATM, OC, HSSI, or even Wi-Fi are all examples of network interfaces. The purpose of a network interface is to allow your computer to access the wire, wireless or fiber optic network infrastructure and send data to other computers.

The Network Access Layer transmits data on the physical network when sending and transmits data to the Internet Layer when receiving.

All Internet-based applications and their data, whether it is a web browser downloading a web page, Microsoft Outlook sending an e-mail, a file, an instant message, a Skype video or voice call; the data is chopped into data segments and encapsulated in Transport Layer Protocol Data Units or PDU's (TCP or UDP segments). The Transport Layer PDU's are then encapsulated in Internet Layer's Internet Protocol packets. The Internet Protocol packets are then chopped into frames at the Network Access layer and transmitted across the physial media (copper wires, fiber optic cables or the air) to the next station in the network.

OSI model

OSI Model

 

The ISO (International Organization for Standardization) decided to construct a framework of standards in which different vendors would be able to use in order to communicate over a network consisting of diverse equipment and applications.  This framework is now considered the standard for communication of networks.  The OSI is divided into 7 layers, which divides the task into smaller more manageable task groups.  Each task or group of tasks assigned to each layer can also be implemented independently.  This limits complications between layers because the solutions offered by one layer do not adversely affect the other layers.

The 7 layers can be split logically into two subgroups.  Layers 7 thru 4 focus on the end to end communication of data source and destinations.  Layers 3 thru 1 are provide consistent communication between the network devices.  An easier way of looking at the OSI model is dividing the upper layers (7, 6, 5) from the lower layers (4, 3, 2, 1).  The upper layers deal with application issues and are implemented only in software.  The highest layer, the application layer, is the closest to the end user.  The lower layers are responsible for the transportation of the data.  The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium.

The following is a top-down explanation of the OSI Model. It starts with the user's PC and it follows what happens to the user's file as it passes though the different OSI Model layers. The top-down approach was selected specifically (vs. starting at the Physical Layer and working up to the Application Layer) for ease of understanding. It is used here to show how the user's files are transformed (through the layers) into a bit stream for transmission on the network. 

Benefits of the OSI Model

By separating the network communications into logical smaller pieces, the OSI model simplifies how network protocols are designed. The OSI model was designed to ensure different types of equipment (such as network Adapters, hubs, and routers) would all be compatible even if built by different manufacturers. A product from one network equipment vendor that implements OSI Layer 2 functionality, for example, will be much more likely to interoperate with another vendor's OSI Layer 3 product because both vendors are following the same model.

The OSI model also makes network designs more extensible as new protocols and other network services are generally easier to add to a layered architecture than to a monolithic one.

Adapters, hubs, and routers

Physical Layer

At the base of the OSI model is the physical layer. This one is the easiest to understand - it encompasses most of the physical aspects of the network; for example, a repeater (a piece of equipment that amplifies signals) operates at the physical level because it is only concerned with transmitting the electric signal on the wire - it does not try to interfere with, encode/decode, or otherwise logically manipulate the signal. Think of the physical layer as the "electrical" layer of the model - the physical layer is the layer of low-level networking equipment, such as some hubs, cabling, and repeaters . The physical layer is never concerned with protocols or other such higher-layer items.
Examples of hardware in this layer:

• Network adapter
• Repeater
• Network hub
• Modem
• Fiber Media Converter 

 

Data Link Layer

The Data Link Layer transfers data between adjacent nodes in a Wide Area Network, or between nodes on any given Local Area Network. This layer also provides the procedural means to transfer data between network entities and sometimes to detect and correct errors that have occurred within the Physical Layer.
Since the Data Link layer is concerned primarily with local delivery within a LAN, data link frames do not cross the boundaries of a local network segment and instead focus on local delivery, addressing, and media arbitration.
Switches operate in the Data Link layer.

Sublayers

The Data Link Layer is often subdivided into two sublayers, the LLC Sublayer and the MAC Sublayer:

• The LLC (or Logical Link Control) Sublayer multiplexes protocols running atop the Data Link Layer, and provides flow control, acknowledgement, and error control. It also specifies the mechanisms to be used for addressing stations and for controlling the data exchanged between machines.
• The MAC (or Media Access Control) Sublayer determines who is allowed to access the media at any one time (as in CSMA/CD) and provides frame synchronization, which determines where one frame ends and the next begins.

 Protocols

Protocols in the Data Link Layer include:

• Ethernet for LANs
• PPP
• HDLC
• ADCCP for point-to-point connections
• PTPPD Point-to-Point Portal Device

Network Layer 

The Network layer is where the frames of the Data Link layer become packets. It can be described as the puberty of the OSI model. It is where the boys of the Data Link layer become men. The best way to think of the Network layer is as the mailroom clerk of the OSI model. The clerk receives mail and directs it to the appropriate couriers. In similar fashion, the Network layer translates the frames it receives from the Data Link layer into more logical packets which can be routed to other networks (like sending it to a courier). At the Network layer, you can begin to actually communicate across a Network, but the service is called "unreliable" because no connection can be established. Communication over the Network layer is something like throwing a message in a bottle into the sea or hollowing out the wall and writing cryptic references to the Companion Cube at the Aperture Science enrichment center- you cannot verify that the other person ever reads the message. The Network Layer is the layer that uses IP addresses. Most of what we call "routing" occurs at the network layer - that is,network traffic is routed from one network to another at this layer, allowing for inter-network (as opposed to intra-network) communication.

 Transport Layer 

At the Transport layer, the Network layer's packets are sorted and organized into "segments." This is different from the idea of packets in the Network layer in one fundamental way: the segments of data over the Transport layer contain information on the connection and the transmission of data. The Transport layer removes the uncertainty of "throwing the message in the bottle" that we experience over the Network layer by attaching to segments (which are basically continued packets) information about the state of a connection. Thus, the Transport layer uses the LLC sub-layer of the Data Link layer to establish connections between hosts. The protocols that are typically associated with the Transport layer are:

• TCP: Connection-Oriented, reliable - unlike the "message in the bottle," or "hidden Companion Cube reference," it can verify that a segment or packet reaches the location, or note failure
• UDP: Connectionless, unreliable - it is like a "smarter" message in the bottle service; it makes a best-effort delivery but does not establish a connection or verify receipt

Session Layer 

The Session layer is the layer that initiates and terminates the transport layer connection-oriented services . While the Session layer is not widely used by protocols, it is important in that it is responsible for managing the connections that we value and that the Transport layer provides. In other words, the Session layer is like the GLaDOS of the transport layer, just like GLaDOS tells the robots what to do and promises them eternal damnation in case of insubordination, the Session layer also bosses the Transport layer around.

Presentation Layer 

The Presentation layer translates the segments of information from the Transport layer into data that can be used at the Application layer. It is like the C3-PO of the OSI model. It is something of an intermediary between the network node's processing area and the network node's actual networking area - it can interpret the segments or packets it receives and change them into "data formats" that we all know and that the PC can recognize.

 Application Layer 

This is the top of our cake, utilizes the layers below it, and includes the functions that we are most familiar with - the end-user application protocols such as FTP and HTTP, the vital services like DHCP and DNS, and several obscure applications. This is where the sockets are defined. The Application layer does indeed cover a wide variety of protocols and services, but don't let this overwhelm you. In general, when trying to decide if a service or protocol is an application level one, ask: "Does this facilitate networking, or does networking facilitate the service?" If the answer is the latter, you know it is an Application layer service.