XFS Hex Offset Map/Values

* XFS Hex Offset Map/Values
@ 2011-10-12  6:59 Peter McManus
  2011-10-12 22:33 ` Dave Chinner
  0 siblings, 1 reply; 2+ messages in thread
From: Peter McManus @ 2011-10-12  6:59 UTC (permalink / raw)
  To: xfs

[-- Attachment #1.1: Type: text/plain, Size: 3454 bytes --]

Hi,

I'm fairly new to XFS and am preparing a report (for both my own and my
team's education) on the low-level partition structure of an XFS primary
superblock. This is from a computer forensic perspective.

I'm currently trying to determine the actual hexidecimal offset structure
for all the fields within a primary superblock of an XFS partition.

For example, I know that the value for the field XFS_SB_MAGIC is 0x58465342
as this is readily available in XFS documentation, however I need to know
the hex offsets, byte lengths, and method of interpretation for all of the
following fields as defined within xfs_sb:

__uint32_t          sb_magicnum;         /* magic number == XFS_SB_MAGIC */
__uint32_t          sb_blocksize;           /* logical block size, bytes */
xfs_drfsbno_t      sb_dblocks;            /* number of data blocks */
xfs_drfsbno_t      sb_rblocks;             /* number of realtime blocks */
xfs_drtbno_t        sb_rextents;           /* number of realtime extents */
uuid_t                  sb_uuid;                 /* file system unique id */
xfs_dfsbno_t       sb_logstart;            /* starting block of log if
internal */
xfs_ino_t             sb_rootino;             /* root inode number */
xfs_ino_t             sb_rbmino;             /* bitmap inode for realtime
extents */
xfs_ino_t             sb_rsumino;           /* summary inode for rt bitmap
*/
xfs_agblock_t      sb_rextsize;           /* realtime extent size, blocks */
xfs_agblock_t       sb_agblocks;        /* size of an allocation group */
xfs_agnumber_t   sb_agcount;         /* number of allocation groups */
xfs_extlen_t         sb_rbmblocks;      /* number of rt bitmap blocks */
xfs_extlen_t        sb_logblocks;        /* number of log blocks */
__uint16_t           sb_versionnum;    /* header version == XFS_SB_VERSION
*/
__uint16_t           sb_sectsize;         /* volume sector size, bytes */
__uint16_t           sb_inodesize;       /* inode size, bytes */
__uint16_t           sb_inopblock;      /* inodes per block */
char                     sb_fname[12];     /* file system name */
__uint8_t             sb_blocklog;        /* log2 of sb_blocksize */
__uint8_t             sb_sectlog;          /* log2 of sb_sectsize */
__uint8_t             sb_inodelog;        /* log2 of sb_inodesize */
__uint8_t             sb_inopblog;        /* log2 of sb_inopblock */
__uint8_t             sb_agblklog;        /* log2 of sb_agblocks (rounded
up) */
__uint8_t             sb_rextslog;         /* log2 of sb_rextents */
__uint8_t             sb_inprogress;     /* mkfs is in progress, don't mount
*/
__uint8_t             sb_imax_pct;       /* max % of fs for inode space */

At http://kerneldox.net/dir_73a2d815072069310dd9b6b9499ac462.html I was able
to look through the code of the "alloc" files for further info however was
not able to find a full or definitive list. I understand that it may be
possible that the field values are contiguous but I still require a byte
length description for each field.

Can someone please let me know if/where I can find documentation for this
kind of very low level partition structure analysis?

Also, can you please tell me if the values are all in little or big endian?
Some file systems, particularly those of mobile phones, use both little and
big though I can't see a reason for the use of alternating values within XFS
(but then again I'm relatively novice to this).

Thank you for your time.

P. McManus

[-- Attachment #1.2: Type: text/html, Size: 4013 bytes --]

[-- Attachment #2: Type: text/plain, Size: 121 bytes --]

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 2+ messages in thread