Difference between pages "Libdnet" and "Chrome Disk Cache Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
== Abstract ==
+
{{expand}}
  
* libdnet provides a simplified, portable interface to several low-level networking routines, including
+
== Cache files ==
* network address manipulation
+
The cache is stored in multiple:
* kernel arp(4) cache and route(4) table lookup and manipulation
+
{| class="wikitable"
* network firewalling (IP filter, ipfw, ipchains, pf, PktFilter, ...)
+
|-
* network interface lookup and manipulation
+
! Filename
* IP tunnelling (BSD/Linux tun, Universal TUN/TAP device)
+
! Description
* raw IP packet and Ethernet frame transmission
+
|-
 +
| index
 +
| The index file
 +
|-
 +
| data_#
 +
| Data block files
 +
|-
 +
| f_######
 +
| (Separate) data stream file
 +
|}
  
== Supported languages ==
+
== Cache address ==
 +
The cache address is 4 bytes in size and consists of:
 +
{| class="wikitable"
 +
|-
 +
! offset
 +
! size
 +
! value
 +
! description
 +
|-
 +
| <i>If file type is 0 (Separate file)</i>
 +
|
 +
|
 +
|
 +
|-
 +
| 0.0
 +
| 28 bits
 +
|
 +
| File number <br> The value represents the value of # in f_######
 +
|-
 +
| <i>Else</i>
 +
|
 +
|
 +
|
 +
|-
 +
| 0.0
 +
| 16 bits
 +
|
 +
| Block number
 +
|-
 +
| 2.0
 +
| 8 bits
 +
|
 +
| File number (or file selector) <br> The value represents the value of # in data_#
 +
|-
 +
| 3.0
 +
| 2 bits
 +
|
 +
| Block size <br> The number of contiguous blocks where 0 represents 1 block and 3 represents 4 blocks.
 +
|-
 +
| 3.2
 +
| 2 bits
 +
|
 +
| Reserved
 +
|-
 +
| <i>Common</i>
 +
|
 +
|
 +
|
 +
|-
 +
| 3.4
 +
| 3 bits
 +
|
 +
| File type
 +
|-
 +
| 3.7
 +
| 1 bit
 +
|
 +
| Initialized flag
 +
|}
  
* C, C++
+
=== File types ===
* Python
+
{| class="wikitable"
* Perl, Ruby (see below)
+
|-
 +
! Value
 +
! Description
 +
|-
 +
| 0
 +
| (Separate) data stream file
 +
|-
 +
| 1
 +
| (Rankings) block data file (36 byte block data file)
 +
|-
 +
| 2
 +
| 256 byte block data file
 +
|-
 +
| 3
 +
| 1024 byte block data file
 +
|-
 +
| 4
 +
| 4096 byte block data file
 +
|-
 +
|
 +
|
 +
|-
 +
| 6
 +
| Unknown; seen on Mac OS  X 0x6f430074
 +
|}
  
== Supported platforms ==
+
==== Examples ====
 +
{| class="wikitable"
 +
|-
 +
! Value
 +
! Description
 +
|-
 +
| 0x00000000
 +
| Not initialized
 +
|-
 +
| 0x8000002a
 +
| Data stream file: f_00002a
 +
|-
 +
| 0xa0010003
 +
| Block data file: data_1, block number 3, 1 block of size
 +
|}
  
* BSD (OpenBSD, FreeBSD, NetBSD, BSD/OS)
+
== Index file format (index) ==
* Linux (Redhat, Debian, Slackware, etc.)
+
Overview:
* MacOS X
+
* File header
* Windows (NT/2000/XP)
+
* least recently used (LRU) data (or eviction control data)
* Solaris
+
* index table
* IRIX
+
* HP-UX
+
* Tru64
+
  
== External Links ==
+
=== File header ===
* [http://search.cpan.org/~vman/Net-Libdnet-0.01/ Net::Libdnet] - Perl interface to libdnet
+
*TODO*
* [http://www.shmoo.com/~bmc/software/ruby/ruby-dnet/ dnet.rb] - Ruby interface to libdnet
+
* [http://www.tcpdump.org/ libpcap] - portable packet capture library
+
* [http://winpcap.polito.it/ winpcap] - libpcap for Windows
+
* [http://monkey.org/~dugsong/pypcap/ pypcap] - libpcap Python module
+
* [http://monkey.org/~dugsong/dpkt/ dpkt] - fast, simple packet creation and parsing in Python
+
* [http://www.packetfactory.net/projects/libnet/ libnet] - packet construction library
+
* [http://www.hsc.fr/ressources/outils/pktfilter/index.html.en PktFilter] - win32 service to configure the IPv4 filtering driver in Windows 2000/XP/Server 2003
+
* [http://vtun.sourceforge.net/tun/ Universal TUN/TAP driver] - virtual point-to-point network tunnel device
+
* [http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ TUN/TAP driver for MacOS X]
+
* [http://libdnet.sourceforge.net/tun-1.1-sol80.sparc64.gz Tunnel driver for Solaris 8 (sparc64)]
+
  
== References ==
+
== Data block file format (data_#) ==
 +
Overview:
 +
* File header
 +
* array of blocks
 +
 
 +
=== File header ===
 +
*TODO*
 +
 
 +
== Data stream ==
 +
See: [[gzip]]
 +
 
 +
== See Also ==
 +
* [[Google Chrome]]
 +
* [[gzip]]
 +
 
 +
== External Links ==
 +
* [http://www.chromium.org/developers/design-documents/network-stack/disk-cache Disk Cache], The Chromium Projects
  
All information obtained on this page can be found at [http://libdnet.sourceforge.net/}
+
[[Category:File Formats]]

Revision as of 03:43, 22 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Cache files

The cache is stored in multiple:

Filename Description
index The index file
data_# Data block files
f_###### (Separate) data stream file

Cache address

The cache address is 4 bytes in size and consists of:

offset size value description
If file type is 0 (Separate file)
0.0 28 bits File number
The value represents the value of # in f_######
Else
0.0 16 bits Block number
2.0 8 bits File number (or file selector)
The value represents the value of # in data_#
3.0 2 bits Block size
The number of contiguous blocks where 0 represents 1 block and 3 represents 4 blocks.
3.2 2 bits Reserved
Common
3.4 3 bits File type
3.7 1 bit Initialized flag

File types

Value Description
0 (Separate) data stream file
1 (Rankings) block data file (36 byte block data file)
2 256 byte block data file
3 1024 byte block data file
4 4096 byte block data file
6 Unknown; seen on Mac OS X 0x6f430074

Examples

Value Description
0x00000000 Not initialized
0x8000002a Data stream file: f_00002a
0xa0010003 Block data file: data_1, block number 3, 1 block of size

Index file format (index)

Overview:

  • File header
  • least recently used (LRU) data (or eviction control data)
  • index table

File header

  • TODO*

Data block file format (data_#)

Overview:

  • File header
  • array of blocks

File header

  • TODO*

Data stream

See: gzip

See Also

External Links