grep … matches..and that not matches..-l.. -L

$grep -r -l tcp_max *
sysctl_net_ipv4.c
tcp.c
tcp_cong.c
tcp_input.c
tcp_output.c
$

$grep -r -L tcp_max *
af_inet.c
ah4.c
arp.c
cipso_ipv4.c
datagram.c
devinet.c
esp4.c
fib_frontend.c
fib_hash.c
fib_lookup.h
fib_rules.c
fib_semantics.c
fib_trie.c
icmp.c
igmp.c
inet_connection_sock.c
inet_diag.c
inet_fragment.c
inet_hashtables.c
inet_lro.c
inetpeer.c
inet_timewait_sock.c
ipcomp.c
ipconfig.c
ip_forward.c
ip_fragment.c
ip_gre.c
ip_input.c
ipip.c
ipmr.c
ip_options.c
ip_output.c
ip_sockglue.c
Kconfig
Makefile
netfilter/ipt_ECN.c
netfilter/nf_nat_amanda.c
netfilter/nf_conntrack_l3proto_ipv4.c
netfilter/nf_nat_proto_dccp.c
netfilter/iptable_security.c
netfilter/ipt_ULOG.c
netfilter/ipt_ecn.c
netfilter/ip_tables.c
netfilter/ip_queue.c
netfilter/iptable_filter.c
netfilter/ipt_REJECT.c
netfilter/nf_nat_proto_tcp.c
netfilter/nf_nat_proto_unknown.c
netfilter/nf_defrag_ipv4.c
netfilter/ipt_CLUSTERIP.c
netfilter/nf_nat_ftp.c
netfilter/nf_nat_rule.c
netfilter/nf_nat_sip.c
netfilter/ipt_MASQUERADE.c
netfilter/Kconfig
netfilter/arpt_mangle.c
netfilter/nf_nat_proto_icmp.c
netfilter/nf_nat_snmp_basic.c
netfilter/nf_conntrack_proto_icmp.c
netfilter/nf_nat_standalone.c
netfilter/nf_nat_proto_sctp.c
netfilter/nf_conntrack_l3proto_ipv4_compat.c
netfilter/nf_nat_tftp.c
netfilter/ipt_LOG.c
netfilter/nf_nat_irc.c
netfilter/Makefile
netfilter/nf_nat_h323.c
netfilter/nf_nat_helper.c
netfilter/nf_nat_proto_udp.c
netfilter/ipt_REDIRECT.c
netfilter/arptable_filter.c
netfilter/nf_nat_core.c
netfilter/iptable_mangle.c
netfilter/nf_nat_proto_gre.c
netfilter/ipt_NETMAP.c
netfilter/nf_nat_proto_udplite.c
netfilter/iptable_raw.c
netfilter/ipt_addrtype.c
netfilter/nf_nat_pptp.c
netfilter/nf_nat_proto_common.c
netfilter/ipt_ah.c
netfilter/arp_tables.c
netfilter.c
proc.c
protocol.c
raw.c
route.c
syncookies.c
tcp_bic.c
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_ipv4.c
tcp_lp.c
tcp_minisocks.c
tcp_probe.c
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c
udp_impl.h
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c
$

“-L”

Suppress normal output; instead print the name of each input file from which no output would normally have been printed.
The scanning will stop on the first match.

“-l”

Suppress normal output; instead print the name of each input file from which output would normally have been printed.
The scanning will stop on the first match. (-l is specified by POSIX.)

source : debian manual for grep.


src/cmd/grep/main.c

     1: #define EXTERN
     2: #include        "grep.h"
     3:

     7: {
      8:         fprint(2, "usage: grep [-%s] [-f file] [-e expr] [file ...]\n", validflags);
      9:         exits("usage");

hg.pdos.csail.mit.edu/hg/plan9 - Lucent - C -



| Paper |

The key to problem-solving on the UNIX system
is to identify the right primitive operations and to
put them at the right place. UNIX programs tend
to solve general problems rather than special cas
es. In a very loose sense, the programs are orth
ogonal,spanning the space of jobs to be done (al
though with a fairamount of overlap for reasons
of history, convenience or efficiency). Functions a
re placed where they will do the most good: there
shouldn’t be a pager in every program that produ
ces output any more thanthere should be filename
pattern matching in every program that uses filenames.

One thing that UNIX does not need
is more features. It is successful in part because it has a
small number of good ideas that work well together.
Merely adding features does not make it easier for users
to do things — it just makes the manual thicker. The right
solution in the right place is always more effective than
haphazard hacking.

source :
Program design in the UNIX† environment
Rob Pike
Brian W. Kernighan

The tcp max orphans variable …

$cat /proc/sys/net/ipv4/tcp_max_orphans
8192
$

tcp_max_orphans

The tcp_max_orphans variable tells the kernel how many TCP sockets that
are not attached to any user file handle to maintain. In case this number is
exceeded, orphaned connections are immediately reset and a warning is printed.


The only reason for this limit to exist is to prevent some simple DoS attacks.
Generally you should not rely on this limit, nor should you lower it artificially.
If need be, you should instead increase this limit if your network environment
requires such an update. Increasing this limit may require that you get more
memory installed to your system. If you hit this limit, you may also tune your
network services a little bit to linger and kill sockets in this state more aggressively.

This variable takes an integer value and is per default set to 8192, but heavily depends
upon how much memory you have. Each orphan that currently lives eats up 64Kb of unswappable
memory, which means that one hell of a lot of data will be used up if problems arise.

Copyright © 2002 by Oskar Andreasson GNU FDL
source : http://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/tcpvariables.html


trunk/reborn.sh
   249: net.ipv4.tcp_synack_retries = 2
   250: net.ipv4.tcp_max_orphans = 262144
   251: net.core.somaxconn = 262144
reborn.googlecode.com/svn - Unknown - Shell



TODO -- Research Related Content

tcp latency….throughput..

$cat /proc/sys/net/ipv4/tcp_low_latency
0
$


tcp_low_latency - BOOLEAN
If set, the TCP stack makes decisions that prefer lower
latency as opposed to higher throughput.  By default, this
option is not set meaning that higher throughput is preferred.
An example of an application where this default should be
changed would be a Beowulf compute cluster.
Default: 0
source : linux kernel source Documentation.



/*
 * CONFIG_LATENCYTOP enables a kernel latency tracking infrastructure that is
 * used by the "latencytop" userspace tool. The latency that is tracked is not
 * the 'traditional' interrupt latency (which is primarily caused by something
 * else consuming CPU), but instead, it is the latency an application encounters
 * because the kernel sleeps on its behalf for various reasons.
 *
 * This code tracks 2 levels of statistics:
 * 1) System level latency
 * 2) Per process latency
 *
 * The latency is stored in fixed sized data structures in an accumulated form;
 * if the "same" latency cause is hit twice, this will be tracked as one entry
 * in the data structure. Both the count, total accumulated latency and maximum
 * latency are tracked in this data structure. When the fixed size structure is
 * full, no new causes are tracked until the buffer is flushed by writing to
 * the /proc file; the userspace tool does this on a regular basis.
* A latency cause is identified by a stringified backtrace at the point that
 * the scheduler gets invoked. The userland tool will use this string to
 * identify the cause of the latency in human readable form.
 *
 * The information is exported via /proc/latency_stats and /proc/<pid>/latency.
 * These files look like this:
 *
 * Latency Top version : v0.1
 * 70 59433 4897 i915_irq_wait drm_ioctl vfs_ioctl do_vfs_ioctl sys_ioctl
 * |    |    |    |
 * |    |    |    +----> the stringified backtrace
 * |    |    +---------> The maximum latency for this entry in microseconds
 * |    +--------------> The accumulated latency for this entry (microseconds)
 * +-------------------> The number of times this entry is hit
 *
 * (note: the average latency is the accumulated latency divided by the number
 * of times)
 */

source : linux kernel source 2.6.32  kernel/latencytop.c



The Hop Protocol
The Hop protocol operates over an unreliable datagram
service such as UDP/IP. The core goal of the Hop protocol
is to provide the lowest latency and highest throughput pos-
sible when transferring packets across wide-area networks.

The key elements of the Hop protocol are:
Non-Blocking: packets are forwarded despite the loss
of packets ordered earlier.

Lazy-Selective-Retransmits: nacks are sent for speci?c
lost packets after a short delay to avoid requesting data
which was not lost but merely arrived out of order or
is sequenced after lost data.

Rate-based flow control: a rate based flow regula-
tor provides explicit support for high delay-bandwidth
networks. In addition, the rate based regulator can uti-
lize bandwidth reservations services if such exist in the
physical network.

source :
A Low Latency, Loss Tolerant Architecture and Protocol for Wide Area Group
Communication
Yair Amir, Claudiu Danilov, Jonathan Stanton
Department of Computer Science
Johns Hopkins University
3400 North Charles St.
Baltimore, MD 21218 USA
yairamir, claudiu, jonathan @cs.jhu.edu
 


[audio:http://www.freeinfosociety.com/media/sounds/118.mp3]

the interval between the last data packet sent and…

$cat /proc/sys/net/ipv4/tcp_keepalive_time
7200
$

tcp_keepalive_time
the interval between the last data packet sent
 (simple ACKs are not considered data) and the first keepalive probe;
 after the connection is marked to need keepalive, this counter is not used any further

source :http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html

linux/net/ipv4/tcp.c - 8 identical
   365:   * TCP Keep-Alives (4.2.3.6)
   366:   *   MAY provide keep-alives. (does)
   367:   *   MUST make keep-alives configurable on a per-connection basis. (does)
  1863:   *      problem with TCP as specified in that the other end could
  1864:   *      keep a socket open forever with no application left this end.
  1865:   *      We use a 3 minute timeout (about the same as BSD) then kill
ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.0.tar.bz2 - GPL - C -

The TCP specification states that if keep-alive is provided, by default
keep-alivemust be turned off and the threshold time before which a
 keep-alive is sent must be 7200 seconds or more (inter keep-alive time
 should also be 7200 seconds).


source : Research Related Paper.
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.55.4690&rep=rep1&type=pdf

About software port and related to service type micromuse-lm

ABOUT SOFTWARE PORT

A Software Port (usually just called a 'port') is a virtual data connection that can be used by programs
to exchange data directly, instead of going through a file or other temporary storage location. The most
common of these are TCP and UDP ports which are used to exchange data between computers on the Internet.
Port 1534 uses the tcp/udp protocol for service type micromuse-lm.

[text]
Frame 74388 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Netgear_b4:91:1a (00:1f:33:b4:91:1a), Dst: Giga-Byt_f2:71:b6 (00:1a:4d:f2:71:b6)
Internet Protocol, Src: 209.85.231.100 (209.85.231.100), Dst: 10.0.0.2 (10.0.0.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: micromuse-lm (1534), Seq: 3405, Ack: 4005, Len: 0

Source port: http (80)

Destination port: micromuse-lm (1534)

Stream index: 222
Sequence number: 3405 (relative sequence number)
Acknowledgement number: 4005 (relative ack number)
Header length: 20 bytes
[/text]

[text]
paketto-1.10/src/d_services.h – 4 identical
797: "virtual-places", 1533, "tcp",
798: "micromuse-lm", 1534, "tcp",
799: "ampr-info", 1535, "tcp",
www.doxpara.com/paketto/paketto-1.10.tar.gz – Unknown – C

services.c
797: {"virtual-places", 1533, "Virtual Places Software"},
798: {"micromuse-lm", 1534, ""},
799: {"ampr-info", 1535, ""},
www.mirrorservice.org/…/security/network-mapping/gps/gps-0.5.0.tar.gz – Unknown – C
[/text]

LINKS
http://isc.sans.edu/port.html?port=1534
http://www.corrupteddatarecovery.com/Port/1534-Port-Type-tcpudp-micromuse-lm.asp

wireshark and micromuse-lm

Frame 74388 (60 bytes on wire, 60 bytes captured)


Ethernet II, Src: Netgear_b4:91:1a (00:1f:33:b4:91:1a), Dst: Giga-Byt_f2:71:b6 (00:1a:4d:f2:71:b6)

Internet Protocol, Src: 209.85.231.100 (209.85.231.100), Dst: 10.0.0.2 (10.0.0.2)

Transmission Control Protocol, Src Port: http (80), Dst Port: micromuse-lm (1534), Seq: 3405, Ack: 4005, Len: 0

Source port: http (80)


Destination port: micromuse-lm (1534)


Stream index: 222
Sequence number: 3405    (relative sequence number)
Acknowledgement number: 4005    (relative ack number)
Header length: 20 bytes



A Software Port (usually just called a 'port') is a virtual data connection
that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location. The most
common of these are TCP and UDP ports which are used to exchange
data between computers on the Internet. Port 1534 uses the tcp/udp
protocol for service type micromuse-lm.

source : http://www.corrupteddatarecovery.com/Port/1534-Port-Type-tcpudp-micromuse-lm.asp




paketto-1.10/src/d_services.h - 4 identical
   797:   "virtual-places", 1533, "tcp",
   798:   "micromuse-lm", 1534, "tcp",
   799:   "ampr-info", 1535, "tcp",
www.doxpara.com/paketto/paketto-1.10.tar.gz - Unknown - C

services.c
   797:   {"virtual-places", 1533, "Virtual Places Software"},\
   798:   {"micromuse-lm", 1534, ""},\
   799:   {"ampr-info", 1535, ""},\
www.mirrorservice.org/.../security/network-mapping/gps/gps-0.5.0.tar.gz - Unknown - C




Research related Link.
http://isc.sans.edu/port.html?port=1534

grep … -x .. exact line match only

$cat example.txt
A for Apple.
B for Baby.
C for Cat.
D for Donkey.
$grep  A example.txt
A for Apple.
$grep -x A example.txt
$grep -x A for Apple.  example.txt
grep: for: No such file or directory
grep: Apple.: No such file or directory
$grep -x "A for Apple."  example.txt
A for Apple.
$grep -x "A for Apple"  example.txt
$

grep -x option
Select only those matches that exactly match the whole line.  (-x is  specified  by POSIX.)

source : debian grep manual.


 case 'x':
        match_lines = 1;
        break;

source : debian GNU grep.

Research Related Paper.


http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.85.1663&rep=rep1&type=pdf

tcp keepalive interval

$cat /proc/sys/net/ipv4/tcp_keepalive_intvl
75
$

tcp_keepalive_intvl
the interval between subsequential keepalive probes,
regardless of what the connection has exchanged in the meantime

linux/net/ipv4/tcp.c - 8 identical
   368:   *   MUST default to no keep-alives. (does)
   369:   *   MUST make keep-alive interval configurable. (does)
   370:   *   MUST make default keep-alive interval > 2 hours. (does)

tcp_timer.c - 3 identical
    55: #include 
    56: #include 
    57: #include 
   307:   /*
   308:    * The keepalive packet must have nonzero length
   309:    * to get a 4.2 host to respond.
www.psc.edu/networking/ftp/tools/netbsd1.1_sackmods.tar - BSD - C


RFC related.

 TCP Keepalive Interval Option
This option specifies the interval (in seconds) that the client TCP
should wait before sending a keepalive message on a TCP connection.
The time is specified as a 32-bit unsigned integer. A value of zero
indicates that the client should not generate keepalive messages on
connections unless specifically requested by an application.
The code for this option is 38, and its length is 4.
Code Len  Time
+-----+-----+-----+-----+-----+-----+
| 38 | 4 | t1 | t2 | t3 | t4 |
+-----+-----+-----+-----+-----+-----+

source :

http://www.jeffrin.in/wp-content/uploads/2010/06/draft-ietf-dhc-options-1533update-00.pdf

What is tcp_keepalive_probes ?

tcp_keepalive_probes

the number of unacknowledged probes to send before considering the connection
dead and notifying the application layer

source : www.tldp.org

$cat /proc/sys/net/ipv4/tcp_keepalive_probes
9
$


trunk/os/ip/tcp.c - 7 identical
  2436:   /* Compute usable segment based on offered window and limit
  2437:    * window probes to one
  2438:    */
  3064:           return tcphangup(c);
  30100:   if(n >= 1 && strcmp(f[0], "keepalive") == 0)
  3066:           return tcpstartka(c, f, n);
inferno-os.googlecode.com/svn - MIT - C


Taken from Research Paper.

TCP Keep-alives

The TCP speci?cation does not include a mecha-
nism for probing idle connections. In theory, if a host
crashes after establishing a connection to another host,
the second machine will continue to hold the idle con-
nection forever. Some TCP implementations include a
mechanism that tests an idle connection and releases it
if the remote host has crashed. Called TCP keep-alive,
the mechanism periodically sends a probe segment to
elicit response from the peer. If the peer responds to
the probe by sending an ACK, the connection is alive.
If the peer TCP fails to respond to probe segments for
longer than a ?xed threshold,the connection is declared
down and the connection is closed.

Probing TCP Implementations

number of unacknowledged probes TCP

tcp_keepalive_probes

the number of unacknowledged probes to send before considering the connection
dead and notifying the application layer

source : www.tldp.org

$cat /proc/sys/net/ipv4/tcp_keepalive_probes
9
$


trunk/os/ip/tcp.c - 7 identical
  2436:   /* Compute usable segment based on offered window and limit
  2437:    * window probes to one
  2438:    */
  3064:           return tcphangup(c);
  3065:   if(n >= 1 && strcmp(f[0], "keepalive") == 0)
  3066:           return tcpstartka(c, f, n);
inferno-os.googlecode.com/svn - MIT - C


Taken from Research Paper.

TCP Keep-alives

The TCP speci?cation does not include a mecha-
nism for probing idle connections. In theory, if a host
crashes after establishing a connection to another host,
the second machine will continue to hold the idle con-
nection forever. Some TCP implementations include a
mechanism that tests an idle connection and releases it
if the remote host has crashed. Called TCP keep-alive,
the mechanism periodically sends a probe segment to
elicit response from the peer. If the peer responds to
the probe by sending an ACK, the connection is alive.
If the peer TCP fails to respond to probe segments for
longer than a ?xed threshold,the connection is declared
down and the connection is closed.

Probing TCP Implementations