Tuesday, May 24, 2016

Linux Kernel

Linux Kernel
Microprocessors operate on binary data; that is data composed of ones and zeros.
The processor's execution is governed by an external clock. This clock, the system clock, generates regular clock pulses to the processor and, at each clock pulse, the processor does some work. For example, a processor could execute an instruction every clock pulse. A processor's speed is described in terms of the rate of the system clock ticks. A 100 MHz processor will receive 100,000,000 clock ticks every second. It is misleading to describe the power of a CPU by its clock rate as different processors perform different amounts of work per clock tick. However, all things being equal, a faster clock speed means a more powerful processor. The instructions executed by the processor are very simple; for example ``read the contents of memory at location X into register Y''. Registers are the microprocessor's internal storage, used for storing data and performing operations on it. The operations performed may cause the processor to stop what it is doing and jump to another instruction somewhere else in memory. These tiny building blocks give the modern microprocessor almost limitless power as it can execute millions or even billions of instructions a second.
The instructions have to be fetched from memory as they are executed. Instructions may themselves reference data within memory and that data must be fetched from memory and saved there when appropriate.
The size, number and type of register within a microprocessor is entirely dependent on its type. An Intel 4086 processor has a different register set to an Alpha AXP processor; for a start, the Intel's are 32 bits wide and the Alpha AXP's are 64 bits wide. In general, though, any given processor will have a number of general purpose registers and a smaller number of dedicated registers. Most processors have the following special purpose, dedicated, registers:
Program Counter (PC)
This register contains the address of the next instruction to be executed. The contents of the PC are automatically incremented each time an instruction is fetched,
Stack Pointer (SP)
Processors have to have access to large amounts of external read/write random access memory (RAM) which facilitates temporary storage of data. The stack is a way of easily saving and restoring temporary values in external memory. Usually, processors have special instructions which allow you to push values onto the stack and to pop them off again later. The stack works on a last in first out (LIFO) basis. In other words, if you push two values, x and y, onto a stack and then pop a value off of the stack then you will get back the value of y.
Some processor's stacks grow upwards towards the top of memory whilst others grow downwards towards the bottom, or base, of memory. Some processor's support both types, for example ARM.
Processor Status (PS)
Instructions may yield results; for example ``is the content of register X greater than the content of register Y?'' will yield true or false as a result. The PS register holds this and other information about the current state of the processor. For example, most processors have at least two modes of operation, kernel (or supervisor) and user. The PS register would hold information identifying the current mode

Memory

All systems have a memory hierarchy with memory at different speeds and sizes at different points in the hierarchy. The fastest memory is known as cache memory and is what it sounds like - memory that is used to temporarily hold, or cache, contents of the main memory. This sort of memory is very fast but expensive, therefore most processors have a small amount of on-chip cache memory and more system based (on-board) cache memory. Some processors have one cache to contain both instructions and data, but others have two, one for instructions and the other for data. The Alpha AXP processor has two internal memory caches; one for data (the D-Cache) and one for instructions (the I-Cache). The external cache (or B-Cache) mixes the two together. Finally there is the main memory which relative to the external cache memory is very slow. Relative to the on-CPU cache, main memory is positively crawling.
The cache and main memories must be kept in step (coherent). In other words, if a word of main memory is held in one or more locations in cache, then the system must make sure that the contents of cache and memory are the same. The job of cache coherency is done partially by the hardware and partially by the operating system. This is also true for a number of major system tasks where the hardware and software must cooperate closely to achieve their aims.

Buses

The individual components of the system board are interconnected by multiple connection systems known as buses. The system bus is divided into three logical functions; the address bus, the data bus and the control bus. The address bus specifies the memory locations (addresses) for the data transfers. The data bus holds the data transfered. The data bus is bidirectional; it allows data to be read into the CPU and written from the CPU. The control bus contains various lines used to route timing and control signals throughout the system. Many flavours of bus exist, for example ISA and PCI buses are popular ways of connecting peripherals to the system.

Controllers and Peripherals

Peripherals are real devices, such as graphics cards or disks controlled by controller chips on the system board or on cards plugged into it. The IDE disks are controlled by the IDE controller chip and the SCSI disks by the SCSI disk controller chips and so on. These controllers are connected to the CPU and to each other by a variety of buses. Most systems built now use PCI and ISA buses to connect together the main system components. The controllers are processors like the CPU itself, they can be viewed as intelligent helpers to the CPU. The CPU is in overall control of the system.
All controllers are different, but they usually have registers which control them. Software running on the CPU must be able to read and write those controlling registers. One register might contain status describing an error. Another might be used for control purposes; changing the mode of the controller. Each controller on a bus can be individually addressed by the CPU, this is so that the software device driver can write to its registers and thus control it. The IDE ribbon is a good example, as it gives you the ability to access each drive on the bus separately. Another good example is the PCI bus which allows each device (for example a graphics card) to be accessed independently.

Address Spaces

The system bus connects the CPU with the main memory and is separate from the buses connecting the CPU with the system's hardware peripherals. Collectively the memory space that the hardware peripherals exist in is known as I/O space. I/O space may itself be further subdivided, but we will not worry too much about that for the moment. The CPU can access both the system space memory and the I/O space memory, whereas the controllers themselves can only access system memory indirectly and then only with the help of the CPU. From the point of view of the device, says the floppy disk controller, it will see only the address space that its control registers are in (ISA), and not the system memory. Typically a CPU will have separate instructions for accessing the memory and I/O space. For example, there might be an instruction that means ``read a byte from I/O address 0x3f0 into register X''. This is exactly how the CPU controls the system's hardware peripherals, by reading and writing to their registers in I/O space. Where in I/O space the common peripherals (IDE controller, serial port, floppy disk controller and so on) have their registers has been set by convention over the years as the PC architecture has developed. The I/O space address 0x3f0 just happens to be the address of one of the serial port's (COM1) control registers.
There are times when controllers need to read or write large amounts of data directly to or from system memory. For example when user data is being written to the hard disk. In this case, Direct Memory Access (DMA) controllers are used to allow hardware peripherals to directly access system memory but this access is under strict control and supervision of the CPU.

Timers


All operating systems need to know the time and so the modern PC includes a special peripheral called the Real Time Clock (RTC). This provides two things: a reliable time of day and an accurate timing interval. The RTC has its own battery so that it continues to run even when the PC is not powered on, this is how your PC always ``knows'' the correct date and time. The interval timer allows the operating system to accurately schedule essential work.

Linux Password Trick With Immutable Bit Using chattr Command

                                                            Linux Cheat Sheat
Linux Password Trick With Immutable Bit Using chattr Command
What is an immutable attribute on a Linux?
A file with an immutable attribute cannot be:
Modified
Deleted
Renamed
No soft or hard link created by anyone including root user.
Only the root (superuser) or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute. Use the lsattr command to list file attributes on a Linux second extended file system that you set with the chattr command.
How to make a Linux File unchangeable ( unalterable ) so that no one can modify it
First, you need to login as root user. Only root user can set and remove immutable flag on a file. The syntax is:
chattr +i file
chattr +i /path/to/filename
Type the following command to write protect /etc/shadow file on a Linux: chattr +i /etc/shadow
Now, login as the normal user (say vivek) and type the passwd command to change password:
$ passwd
Changing password for user vivek.
Changing password for vivek
(current) UNIX password: OLDPASSWED
New password: NEWPASSWD
Retype new password: NEWPASSWD
passwd: all authentication tokens updated successfully.
Logout and try to login with the new password. However, system will not accept your new password. You still need to use the old password.
To get the list of Linux second extended file system using the lsatter command (run as the root user ):
# lsattr /etc/shadow
----i-------- /etc/shadow
Please note that even root user is not allowed to change the password. You can remove the attribute using the following command (again must be run as the root user):
chattr -i /etc/shadow
lsattr /etc/shadow
Sample outputs:
------------- /etc/shadow
  • Securing mount points on a Linux
Want to write protect the entire mount point so that no one can add or delete files including root user? Try:
# secure partition mounted at /securebackup location ##
chattr +i -R /securebackup
lsattr -d /securebackup
lsattr -l /securebackup
cd /securebackup
## Try to add or delete something ##
echo "test" > foo.txt
mkdir foo
ls -l
rm SeaToolsDOS223ALL.ISO
## Remove it again ##
cd /
chattr -i -R /securebackup
lsattr -d /securebackup

The -R  option recursively change attributes of directories and their contents. This is useful to protect web server DocumentRoot or other publicly accessible directory over sftp/ftp.

Integrate social media with access network to promote business


Integrate social media with access network to promote business
 Social networking platform rendering incredible features to all its users like sharing their views with one another and much more. It is not just a platform for sharing your ideas and thoughts but it is much more as it can be used as a platform for managing business activities. Blending the privileges of social media and free guest data access to largely increase efficiency, customer experience, and brand awareness, the social media has introduced this new social media integration with access network.

Integrate social media with access network - Best way to Enhance your Business

 Social media integration with access network router, provoking customers seeking for data to check in and like your social media page before utilizing the web for free. This unlocks the entrance to developing friendly relationships with your customers by sharing offers and announcements, building engagement on your social network page, and obtaining complete insights about your customer base.You might be wondering how this helps the users of the social media. One of the best highlights of this free data access is that with just two mouse clicks, you can create a splash page that allows users check-in to your business page in exchange for free data access, instantly providing access to your current news and deals. You can do a lot more using this integration.
  
Free data access provided by operator
 ·         You can offer exclusive deals to your trustworthy customers.
·         You can also learn more about the customers connecting to your network to generate a better user experience and promote engagement.
·         The customers can check in to your business’ social media page so that they can gain access to the internet.
·         Social media integration is a one less password to remember, one less hassle for your customers, and the obvious way to create a lasting connection.
·         It doesn’t require any expensive third-party services or Wi-Fi passwords.
·         All your customers need to do is just check in to your social media page on their laptop, tablet or smartphone and they can begin browsing the web. It’s a perfect data access solution for most businesses like restaurants, retailers, hotels, convention halls, and any other business wherein people may wish to surf the web during their visit.

Benefits of Social media integration

·         For business owners, this is an amazingly comfortable and hassle-free means to provide your customers free data access.
·         It enhances the visibility and activity of your social media page. As there would be more check-ins and engagement, it eventually boosts activity on your page which in turn increases your page ranks.
·         Extra check-ins can also drive to a new business. When people check-in to your social media page, it sends an automatic notification to their friends which includes your business name and address. This means that you are approaching new potential customers via the best possible avenue.
·         Consequently, these people will also be able to like and engage with your social media page before proceeding to browse the internet.

Friday, February 26, 2016

Traffic Detection function using Sd interface

Sd Interface Overview

The Sd reference point is located between the Policy and Charging Rules Function (PCRF) and the Traffic Detection Function (TDF).

The Sd interface is specified in 3GPP TS 29.212.

The Sd Interface application provides for:

  • Provisioning of Application Detection and Control (ADC) rules from the PCRF for the purpose of traffic detection and enforcement at the TDF
  • Usage monitoring control of TDF sessions and of detected applications;
  • Reporting the start/stop of a detected application’s traffic.

The Sd application implements the following procedures for the PCRF:

  • Installation of ADC rules on the TDF;
  • Removal of ADC rules on the TDF;
  • Provisioning of ADC event triggers on the TDF.

The Sd application implements the following procedures for the TDF:

  • Transfer of service data flow descriptions for detected applications from the TDF to the PCRF;
  • Transfer of application instance identifier from the TDF to the PCRF.

For the solicited application reporting, the Sd reference point is used for establishment and termination of TDF session between PCRF and TDF, provisioning of Application Detection and Control rules from the PCRF for the purpose of traffic detection and enforcement at the TDF, usage monitoring control of TDF session and of detected applications and reporting of the start and the stop of a detected applications"s traffic and transfer of service data flow descriptions for detected applications, if deducible, from the TDF to the PCRF.

For the unsolicited reporting, the Sd reference point is used for establishment and termination of TDF session between PCRF and TDF, reporting of the start and the stop of a detected application"s traffic and transfer of service data flow descriptions for detected applications, if deducible, and transfer of Application instance identifier, if service data flow descriptions are deducible, from the TDF to the PCRF.

Sd Reference model

The Sd reference point is defined between the PCRF and the TDF. The relationships between the different functional entities involved are depicted in attached figure:

NOTE: The PCEF may support Application Detection and Control feature.






Application Detection and Control Rules

Functional entities

The PCRF may provide ADC Rules to the TDF by using Sd interface.

Once the start or stop of the application"s traffic, matching one of those ADC Rules, is detected, if PCRF has previously subscribed to the APPLICATION_START/APPLICATION_STOP Event-Triggers, unless a request to mute such a notification (Mute-Notification AVP) is part of the corresponding ADC Rule, the TDF shall report the information regarding the detected application"s traffic to the PCRF and apply the enforcement actions, if defined within the corresponding ADC Rule.

Application Detection and Control Rule Definition

The purpose of the ADC rule is to provide and apply the detection, enforcement actions and applicable charging parameters for the specified application traffic.

There are two different types of ADC rules as defined in 3GPP TS 23.203 [7]:

- Dynamic ADC rules. The PCRF can however provide and modify some parameters via the Sd reference point,respectively. These ADC rules can be installed, modified and removed at any time. The dynamic ADC rules are applicable only in case of solicited application reporting.
- Predefined ADC rules. Preconfigured in the TDF. In the case of solicited reporting, the Predefined ADC rules can be activated or deactivated by the PCRF at any time. Predefined ADC rules within the TDF may be grouped allowing the PCRF to dynamically activate a set of ADC rules.

An ADC rule consists of:
- a rule identifier;
- TDF application identifier;
- precedence;
- charging key (i.e. rating group);
- other charging parameters;
- monitoring key;
- gate status;
- UL maximum bit rate;
- DL maximum bit rate;
- redirect.

  • The rule identifier shall be used to reference an ADC rule in the communication between the TDF and the PCRF.
NOTE 1: The PCRF has to ensure that there is no dynamically provided ADC rule that has the same rule identifier value as any of the predefined ADC rules.
  • The TDF application identifier shall be used to reference the corresponding application, for which the rule applies during reporting to the PCRF. The same application identifier value can occur in more than one ADC rule. If so, the PCRF shall ensure that there is at most one ADC rule active per application identifier value at any time.
NOTE 2: The same application identifier value could be used for a dynamic ADC rule and 
pre-defined ADC rule or for multiple pre-defined ADC rules.

  • The precedence defines, if multiple ADC rules overlap in the application traffic detection, the ADC Rule with the highest precedence will be applied for the purpose of enforcement, reporting of application starts and stops, usage monitoring, and charging. When a dynamic ADC rule and a predefined ADC rule have the same precedence, the dynamic ADC rule takes precedence. For dynamic ADC rules, the Precedence will be either pre-configured at the TDF or provided dynamically by the PCRF within the ADC Rules.
NOTE 3: The operator ensures that overlap between the predefined ADC rules can be resolved based on precedence of each predefined ADC rule in the TDF. For dynamic ADC rules, if precedence is not pre-configured in the TDF, the PCRF ensures that overlap between the dynamic ADC rules can be resolved based on precedence of each dynamic ADC rule.
NOTE 4: Whether precedence for dynamic ADC rules that contain an application identifier is pre-configured in TDF or provided in the ADC rule from the PCRF depends on network configuration.
  • The charging parameters define whether online and offline charging interfaces are used, what is to be metered in offline charging, on what level the TDF shall report the usage related to the rule, etc.
  • The monitoring key for an ADC rule identifies a monitoring control instance that shall be used for usage monitoring control of a particular application or a group of applications (as identified by the predefined or dynamic ADC rule(s)) or all detected traffic belonging to a specific TDF session.
  • The gate status indicates whether the application, identified by the TDF application identifier, may pass (gate is open) or shall be blocked (gate is closed) in up-link and/or in down-link direction.
  • The UL maximum bit rate indicates the authorized maximum bit-rate for the up-link component of the detected application traffic.
  • The DL maximum bit rate indicates the authorized maximum bit-rate for the down-link component of the detected application traffic. 
  • The Redirect indicates whether the up-link part of the detected application traffic should be redirected to another controlled address. The target redirect address may also be included.

One or more of the following parameters can be modified for a dynamic ADC rule:
- precedence;
- charging key (i.e. rating group);
- other charging parameters (with the exemption of charging method);
- monitoring key;
- gate status;
- UL maximum bit rate;
- DL maximum bit rate;
- redirect.



Operations on ADC Rules

For dynamic ADC rules, the following operations are available:
- Installation: to provision an ADC rules that has not been already provisioned.
- Modification: to modify an ADC rule already installed.
- Removal: to remove an ADC rule already installed.

For predefined ADC rules, the following operations are available:
- Activation: to allow the ADC rule being active.
- Deactivation: to disallow the ADC rule.

The procedures to perform these operations are further described

Functional elements

PCRF

The PCRF (Policy Control and Charging Rules Function) is a functional element that encompasses policy control decision. The PCRF provides network control regarding the application detection, gating, bandwidth limitation,redirection and application based charging (except credit management) towards the TDF.

The PCRF may provision ADC Rules to the TDF via the Sd reference point.

The PCRF ADC Rule decisions may be based on one or more of the following:
- Information obtained from the PCEF via the Gx reference point, e.g. request type, subscriber/device related information, location information.
- Information obtained from the SPR via the Sp reference point, e.g. subscriber related data. The subscription information may include user profile configuration indicating whether application detection and control should be enabled.
- Information obtained from the TDF via the Sd reference point, e.g. detected application, usage monitoring report.
- Information obtained from the BBERF via the Gxx reference point.
- Own PCRF pre-configured information.

The PCRF shall inform the TDF through the use of ADC rules, if applicable, on the treatment of applications, in accordance with the PCRF policy decisions.
It is PCRF"s responsibility to coordinate the PCC rules and QoS rules, if applicable, with ADC rules in order to ensure consistent service delivery.

TDF

The TDF (Traffic Detection Function) is a functional entity that performs application"s traffic detection and reporting of the detected application by using TDF application identifier and its TDF application instance identifier and its service data flow descriptions to the PCRF when service data flow descriptions are deducible. The TDF shall support solicited application reporting and/or unsolicited application reporting.
The TDF shall detect start and stop of the application traffic for the ADC rules that the PCRF has activated at the TDF (solicited application reporting) or which are pre-provisioned at the TDF (unsolicited application reporting). When the APPLICATION_START and APPLICATION_STOP event trigger are subscribed, the TDF shall report, unless the notification is muted for the specific ADC rule in case of solicited application reporting, to the PCRF:
- For the APPLICATION_START event trigger: the application identifier and, when service data flow descriptions are deducible, the application instance identifier and the service data flow descriptions to use for detecting that application traffic with a dynamic PCC rule.
- For the APPLICATION_STOP event trigger: the application identifier and if the application instance identifier was reported for the start, also the application instance identifier.

For the solicited application reporting, the TDF shall perform the following enforcement actions to the detected application traffic, if requested by PCRF:
- Gating;
- Redirection;
- Bandwidth limitation.

For the solicited application reporting, the TDF shall support application based charging by having online and offline charging interactions.
For an application that is under charging control the TDF shall allow the application"s traffic to pass through it if and only if, for online charging, the OCS has authorized the applicable credit with that Charging key. The TDF may let an application pass through it during the course of the credit re-authorization procedure.
A TDF shall ensure that a detected application"s traffic, which is discarded at the TDF as a result of ADC rule enforcement (e.g. gating), is neither reported for offline charging nor cause credit consumption for online charging.
For unsolicited application reporting, the TDF shall only perform application detection and reporting functionality.
NOTE: For unsolicited application reporting, the TDF does not perform enforcement actions, application based charging or usage monitoring.


Source(s):More about Sd interface can be found in 3GPP TS 29.212 version 12.11.0 Release 12