Tải bản đầy đủ - 0 (trang)
10 Enabling File and Printer Sharing, and Multimedia in Nxclient

10 Enabling File and Printer Sharing, and Multimedia in Nxclient

Tải bản đầy đủ - 0trang


TCAM—Ternary Content Addressable Memory

Unlike normal RAM in a computer where data is stored in many addresses and

the RAM can only be queried for the contents at a given address, Content

Addressable Memory (CAM) works in the other direction. CAM is provided

with content, then searches its memory in order to return a list of addresses

where the content was found. With RAM, a search requires software to repeatedly read from a memory address, compare the contents of memory to the

content being searched for, then move on to the next address, repeating until the

area of RAM to be searched is exhausted. With CAM, content can be provided,

and the list of addresses containing that content is returned in one operation,

which provides a phenomenal speedup for searching the contents of memory.

Ternary Content Addressable Memory takes this a step further. With normal

CAM, the stored data is only in the form of bits—a word at an address may be

10011101, but TCAM may contain a third state of “don’t care” or “X” in memory—so a word at an address could be 10011X01, which would match the

search for 10011101 and 10011001. CAM and TCAM are often used in switches

and routers to store MAC lookup tables and routing tables, respectively. A

router may have a network address in memory, and when a packet arrives to be

routed, its destination IP address can be searched for in TCAM, which will

instantly return the address of a routing table entry for its destination address,

stored with only the network part of the destination network as 1 or 0, and host

part as X. CAM and TCAM are far more complex, expensive, and power-hungry

memory-wise than normal RAM, but are necessary for applications like routing

where a search through a routing table must be done thousands or millions of

times per second.

TCP—Transmission Control Protocol

One of the central protocols essential to the function of the Internet, TCP allows

applications to create connections that, once established, the applications can

stream data across. TCP stacks in an operating system do the hard work of splitting the stream of data into segments with a sequence number, and sending

them out over an IP-based network. At the remote end, the TCP stack acknowledges packets that have been received (so that missing packets can be resent)

and reassembles received packets in the correct order to provide an in-order data

stream to the remote application.

TLS/SSL—Transport Layer Security/Secure Sockets Layer


T |


TTL—Time To Live

A TTL is a limit on how long a piece of information can exist before it should be

discarded. One example is a DNS record. When first looked up by a caching

DNS server, a domain’s DNS records will be cached and the TTL will be

recorded in seconds. Before the number of seconds has passed, any subsequent

DNS lookups of that record will come from the cache. Once the TTL has passed,

the cached record expires, and should be looked up again from an authoritative

source. The time may also be a number of transmissions or hops on a network,

for example performing a traceroute depends on a TTL being reduced by 1 on

every hop. When a traceroute runs, a series of packets are sent towards a destination with increasing TTL values. With each hop, the TTL is reduced—when it

reaches 0, the packet is considered expired, and an ICMP Time Exceeded packet

is returned to the sender. The traceroute utility is able to record the origin of

each ICMP packet returned as each successive longer TTL allows the packet to

reach further through a network, then display the list of hosts a packet passes

through to reach the destination.


UART—Universal Asynchronous Receiver/Transmitter

A UART is a device that performs a conversion between data in parallel form,

such as bytes in memory, and a serial stream for transmission over a serial connection. Universal refers to the ability of the Asynchronous Receiver/Transmitter to operate at a number of different bit rates, depending on the need at the



VLAN—Virtual LAN

A method whereby multiple logical LAN segments are created on top of an existing

physical LAN. An existing LAN segment may consist of 10 computers physically

connected as a LAN. Along comes the concept of a VLAN, and it defines three of

those computers as belonging to VLAN1, with the remaining seven on VLAN2. To

software running on the machines in VLAN1, the entire LAN consists of just

three computers, and the other seven (although physically connected as if they

were part of the same LAN) are not seen. This logical subnetting reduces traffic

on the network by providing smaller (and more numerous) broadcast domains,

and subnets can be created without needing to rewire or relocate hardware physically. VLANs are implemented through the use of IEEE 802.1Q, which allows

the tagging of Ethernet frames with information that identifies which VLAN they

belong to.



Appendix B: Glossary of Networking Terms

VNC—Virtual Network Computing

VNC is a remote display system where a user can view or control the desktop

environment of a remote computer that may be across the room, or on the other

side of the world over the Internet. When controlling, communication goes both

ways—keyboard and mouse events are sent from the viewer (the client) to the

remote machine, and the remote (the server) provides updates of the screen display back to the client. VNC works on a framebuffer level, and does not require

higher-level protocols to display windows, text, animation and so on—all screen

updates are purely image based. A user may connect to a server, use its desktop

for a time, then disconnect and move to another location. Upon reconnecting to

the server, the user will see the exact desktop, down to the mouse pointer being

in the same place.

There are many VNC implementations; you can control two PCs from a single

keyboard and mouse, attach to an existing session, and mix-and-match operating systems.

VoIP—Voice over IP

Using packet-switched networks to transmit voice traffic instead of the traditional

circuit-switched networks. Packet-switching allows the physical circuits to carry

far more traffic.

VPN—Virtual Private Network

In its broadest sense, a network tunneled through another network. In the term’s

usage in this book, it is a tunnel used to connect trusted remote users (such as

those on laptops working from home), or other remote networks (such as a

branch office) into a LAN, so that the remote users may have full network access

as if their computer were connected directly to the LAN. The connection is tunneled over the Internet, and the two endpoints authenticate to one another and

encrypt communications. Think of it as a long, private Ethernet cable that

extends over the Internet to your users in the field.


WAN—Wide Area Network

A Wide Area Network is a network that spans a large geographic area relative to

a LAN. It will likely contain a paid network connection by a telecommunications provider, and cross legal (including national) boundaries. A school campus

may consider its entire on-campus network to be a LAN (even if that supplies

hundreds of buildings on the one site), and the connection to other campuses in

different cities to be part of the WAN. On a different scale, a community wireless network may consider home computer networks of one or two machines to

each be LANs, and the wireless network that connects them all across one part

of a city to be their WAN. The Internet can be considered the largest of all


W |


WAP—Wireless Access Point

The device that connects a wired LAN to a wireless network, and acts to move

data between wireless devices and the wired LAN, or directly to the Internet.

The WAP contains the antenna that transmits/receives wireless signals to/from

any wireless-connected devices such as laptops, and is the device that implements the encryption required for good wireless security.

WEP—Wired Equivalent Privacy (or Wireless Encryption Protocol)

An encryption scheme used to secure wireless networks, part of the 802.11 standard. WEP is particularly weak protection, and vulnerable to an attacker within

minutes using freely available tools such as AirSnort and WEPCrack. If your

hardware only supports WEP, upgrade to something supporting WPA/WPA2.

As of August 2003, Wi-Fi certification is not possible without WPA support.


Wi-Fi refers to standards (the 802.11 family) that define wireless networking

most commonly used on LANs. While IEEE formally defines the 802.11 standards, testing and certification of products following the standard is performed

by the Wi-Fi Alliance, an industry group formed to push the adoption of standard wireless networking. Only products tested by the Wi-Fi Alliance may carry

the Wi-Fi trademark. Wi-Fi certification is a moving target that involves not just

the wireless connection itself, but relevant technologies such as encryption, QoS,

and power saving. As new wireless developments are ratified, the requirements

for Wi-Fi certification change, too. One example is security; WPA2 certification

is compulsory in order to obtain Wi-Fi certification as of 2006.


A Name Service Switch (NSS) module that allows a Linux (and Unix/Unix-alike)

system to join a Windows domain and obtain login information from the

domain, instead of from the Linux system’s local user database. Essentially, this

means Windows domain users (NT or Active Directory) can appear and operate

as Linux users on the Linux machine, and gain access to Windows domain services. Winbind is part of the Samba suite.

WINS—Windows Internet Name Service

WINS is Microsoft’s name resolution service for NetBIOS computer names. A

WINS server allows computers to register their NetBIOS names and IP addresses

dynamically upon joining a network. A computer queries the WINS server by

providing the NetBIOS name of a machine it is interested in, and the WINS

server returns that machine’s IP address. WINS is essentially to NetBIOS names

as DNS is to domain names. Under Linux, Samba is perfectly capable of acting

as a WINS server.



Appendix B: Glossary of Networking Terms

WPA/WPA2—Wi-Fi Protected Access

Encryption schemes used to secure wireless networks. There are two flavors of

WPA: WPA and WPA2. WPA is an upgrade of WEP; both use RC4 stream

encryption. It was designed to be a transitional protocol between WEP and

WPA2. WPA is stronger than WEP, but not as strong as WPA2. WPA2 uses a

new strong encryption protocol called Counter Mode with CBC-MAC Protocol

(CCMP), which is based on Advanced Encryption Standard (AES).

W |





Linux Kernel Building


This is a quick guide to building a custom 2.6 kernel, patching the kernel, and adding loadable kernel modules. You’ll find detailed recipes in Linux Cookbook

(O’Reilly) in Chapter 10, “Patching, Customizing, and Upgrading Kernels,” and

Chapter 12, “Managing the Bootloader and Multi-Booting,” which tells how to

customize your GRUB or LILO boot menus for different kernels.

Why would you want to build a custom kernel? To add features or remove unnecessary features. On routers and firewalls, it adds a bit of security to use kernels that

have had all the unnecessary features removed, and you can reduce the size considerably to fit on devices with limited storage.

Building a Custom Kernel

Many distributions have their own distribution-specific tools for building kernels.

You don’t need these for building vanilla kernels from kernel.org. But, it’s a different

story when you’re using distribution-specific kernel sources. Red Hat and Fedora

package theirs as source RPMs, so you can’t just build the kernel, but must also

build an RPM. Fear not, for this appendix reveals how. Red Hat/Fedora kernels are

heavily patched, to the point that a vanilla kernel may not even work, so you need to

know the Red Hat Way of customizing kernels.

Debian, on the other hand, does very little modification to Linux kernels. They

remove any bits that don’t meet their policies, and that’s all. So, vanilla kernels work

fine on Debian systems.

You’ll need a build environment, kernel source code for your distribution, and at

least 2 GB of free disk space. You can build a kernel on any system, then copy it to

other systems. If you like to modify kernels a lot, you might set up an old PC as a

dedicated kernel-building station. Then, you’ll only have to maintain source trees

and utilities on a single box.


Most documentation tells you to unpack kernel sources into /usr/src/linux. Don’t do

this. As the kernel README says:

Do NOT use the /usr/src/linux area! This area has a (usually incomplete) set of kernel

headers that are used by the library header files. They should match the library, and

not get messed up by whatever the kernel-du-jour happens to be.

You may store binaries and source trees anywhere, and execute almost every step as

an unprivileged user. Only the final steps require superuser privileges.

You may install as many kernels as you like, selecting the one you want to use at



You need a build environment and some helpful utilities. You should have the lshw

and lspci commands installed in case you need to look up hardware information.

Run the update-pciids command first to bring them up-to-date. Run cat /proc/

cpuinfo to display your CPU specs.

Next, on Fedora, install these packages to get a basic build environment:

# yum groupinstall 'Development Tools'

# yum install qt-devel

On Debian, install these packages:

# aptitude install build-essential libqt3-mt-dev qt3-dev-tools

Building a Vanilla Kernel

Obtaining a kernel that has not been altered by distribution vendors is easy—go to

http://kernel.org/, the mothership of the Linux kernel. Download and unpack it into a

folder in your own home directory; for example ~/kernel:

[carla@windbag:~/kernel]$ wget http://kernel.org/pub/linux/kernel/v2.6/linux-

[carla@windbag:~/kernel]$ tar zxvf linux-

This is about a 40 MB download that will unpack to about 240 MB.

Change to the top-level directory of your new source tree. All of the following commands will be run from here:

$ cd linux-

Read the Documentation/Changes file to make sure you have the correct gcc version

and other necessary utilities. Read the README for installation tips and other useful information.

Edit the new kernel makefile (~/kernel/linux- to give a custom

value to EXTRAVERSION, such as EXTRAVERSION =-test. Or, in the kernel configuration,

enter your custom value in General Setup ➝ Local version ➝ append to kernel


Building a Custom Kernel |


Let’s see what options the make command has:

$ make help

Even though this is a brand-new source tree, run a cleanup first:

$ make mrproper

At this point, you may copy your own custom config file to this directory, or just let

make take care of it for you. If you don’t provide one, it will use your /boot/config-*

file. You can change everything anyway, so it doesn’t matter all that much.

Now, run these commands:








make xconfig



make modules_install

mkinitrd -o /boot/initrd-linux-

cp linux- /boot/vmlinuz-linux-

cp linux- /boot/System.map-linux-

Save a copy of your new config file in a directory outside of the build tree. Add the

new kernel to your GRUB bootloader menu:

# /boot/grub/menu.lst


new test kernel




/boot/vmlinuz- root=UUID=b099f554-db0b-45d4-843e-0d6a1c43ba44 ro



Where does the UUID come from? From running the blkid command:

$ blkid

/dev/sda1: UUID="b099f554-db0b-45d4-843e-0d6a1c43ba44" SEC_TYPE="ext2" TYPE="ext3"

/dev/hda1: UUID="1a5408ad-7d1d-4e24-b9db-d132d76e9e8e" SEC_TYPE="ext2" TYPE="ext3"

Remember that GRUB counts from zero, so hd0,0 means /dev/hda1, or the first partition of the first block device. In this era of mixed PATA and SATA drives, this

depends on the BIOS order of your hard drives, so you may need to dig around in

your BIOS settings to see which drive the BIOS recognizes as the first, second, and so


Reboot to your new kernel and enjoy. If it doesn’t work, simply reboot to your old

kernel, and try again.

You should use UUIDs to identify your block devices because /dev names are no

longer static, but at the mercy of udev. You need to create an initrd image because

the /dev directory is not populated until after boot, so there is no way to build the

boot device into the kernel anymore.



Appendix C: Linux Kernel Building Reference

Configuration Options

make xconfig is time-consuming, but very important. If you leave out anything important, some things won’t work, or it might not boot at all. Every configuration item

has a Help entry. The kernel source tree has reams of help in the Documentation/


You have three options for each configuration item: leave it out, build it into the

kernel, or build it as a loadable module. These things should be built-in to the kernel:

• Module support and kmod, for automatic module loading

• a.out binaries, ELF binaries, and MISC binaries

• VGA text console

• All filesystems you’ll be using, such as ext2/3, ReiserFS, JFS, XFS, loopback,


Any hardware support related to boot devices should be built into the kernel:

• IDE, ATA, and ATAPI block devices

• SCSI support (note that the 2.6 kernel does not need IDE-SCSI, so if you have no

SCSI devices, you can omit this)

• USB support

• Any on-board controllers

• ACPI power management

These are fine to have as loadable modules:

• NIC drivers

• Netfilter/iptables

• USB drivers

• Sound card drivers

• PCI hotplug

• Video drivers

It doesn’t matter if you prefer a large statically built kernel, or a lean kernel with lots

of loadable modules. Don’t obsess over building the leanest possible kernel because

it doesn’t matter—performance is the same either way. Just be sure to enable loadable module support so that you can add additional modules as needed; this is a lot

quicker and easier than rebuilding a kernel. Your best chance of improving performance is to select support for your particular CPU, rather than generic i386.

Building a Custom Kernel |


Adding New Loadable Kernel Modules

Change to the directory that contains the build tree, like ~/kernel/linux-

Then, you’ll need a good up-to-date config file. Copy it to the top level of your build

tree, then run:

$ make oldconfig

This takes your existing configuration, and lets you add new features. As you go

through the configuration, find the driver you need, and select it as a module. For

example, the tulip module is a common driver for many Ethernet cards. Then, run

these commands:





make dep

make modules

make modules_install

depmod -av

Load the module with modprobe:

# modprobe tulip

If you remembered to enable kmod in the kernel configuration, the kernel will try to

find and load all necessary modules at boot. If it doesn’t, add them to /etc/modules

(Debian) or /etc/modules.conf (most other Linux distributions).

Vendor-supplied modules come with their own installation instructions. For example, Nvidia provides a script that does everything for you. Others have different

methods, so it all depends on the vendor.

Patching a Kernel

If you wish to apply patches to your new kernel, this must be done before building it.

The patch must be in the next-highest directory upstream from your build tree; for


$ ls ~/kernel

linux- patch-

Now, change to the top level of your build tree, then unpack and apply the patch:

$ cd linux-

$ bzip2 -dc ../patch- | patch -s -p1

Or, you can do a test-drive first with the --dry-run option:

$ bzip2 -dc ../patch- | patch -s -p1 --dry-run

Now, configure and build your kernel, and away you go.

Your kernel build tree includes a script to handle applying patches for you, in scripts/

patch-kernel. This is a great little script when you have several patches to apply



Appendix C: Linux Kernel Building Reference

because it automatically applies them in the correct order. Have all of your patches

in the correct directory; then, from your top-level source directory, run this command:

[carla@windbag:~/kernel/linux-]$ scripts/patch-kernel

Patches must be applied in order, and you must have all of them. For example, to use

patch-, you also need the first two in the series, unless you downloaded a kernel that already includes the first set of patches.

Customizing Fedora Kernels

Fedora patches kernels heavily; a vanilla kernel from kernel.org may or may not

work. So, let’s do this the 100 percent Fedora way.

Fedora supplies only source RPMs, so you’ll have to customize your kernel and then

package it into an RPM. Download your kernel SRPM from your favorite Fedora

mirror, such as:

$ wget http://mirrors.kernel.org/fedora/core/development/source/SRPMS/kernel-

Then, make sure you have all the build tools you need:

# yum install rpmdevtools

Now, set up a build tree in your home directory, and make sure to do this as yourself and not as the root user:

$ fedora-buildrpmtree

This creates an rpmbuildtree directory populated with BUILD, RPMS, SOURCES,

SPECS, and SRPMS directories.

Now, install the source RPM. This will unpack files into your new rpmbuildtree


$ rpm -ivh 2.6.21-1.3194.fc7.src.rpm

Ignore any warnings about “group kojibuilder does not exist.”

Next, run the %prep stage of the RPM rebuild. Make the --target option match your

CPU type:

$ rpmbuild -bp --target=i686 ~/rpmbuild/SPECS/kernel-2.6.spec

The kernel tarball has been extracted, and all the Fedora patches applied. Change to

the source directory of your new build tree:

$ cd ~/rpmbuild/BUILD/kernel-2.6.21/linux-2.6.21-1.3194.i686/

Do housecleaning:

$ make mrproper

Now, let’s get started with configuring the new kernel:

$ make xconfig

Building a Custom Kernel |


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

10 Enabling File and Printer Sharing, and Multimedia in Nxclient

Tải bản đầy đủ ngay(0 tr)