Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
I'm trying to access physical memory directly for an embedded Linux project, but I'm not sure how I can best designate memory for my use.
If I boot my device regularly, and access /dev/mem, I can easily read and write to just about anywhere I want. However, in this, I'm accessing memory that can easily be allo which I don't want to do
My code for /dev/mem is (all error checking, etc. removed):
mem_fd = open("/dev/mem", O_RDWR));
mem_p = malloc(SIZE + (PAGE_SIZE - 1));
if ((unsigned long) mem_p % PAGE_SIZE) {
mem_p += PAGE_SIZE - ((unsigned long) mem_p % PAGE_SIZE);
mem_p = (unsigned char *) mmap(mem_p, SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, mem_fd, BASE_ADDRESS);
And this works. However, I'd like to be using memory that no one else will touch. I've tried limiting the amount of memory that the kernel sees by booting with mem=XXXm, and then setting BASE_ADDRESS to something above that (but below the physical memory), but it doesn't seem to be accessing the same memory consistently.
Based on what I've seen online, I suspect I may need a kernel module (which is OK) which uses either ioremap() or remap_pfn_range() (or both???), but I have ab can anyone help?
What I want is a way to always access the same physical memory (say, 1.5MB worth), and set that memory aside so that the kernel will not allocate it to any other process.
I'm trying to reproduce a system we had in other OSes (with no memory management) whereby I could allocate a space in memory via the linker, and access it using something like
*(unsigned char *)0x
I guess I should provide some more detail. This memory space will be used for a RAM buffer for a high performance logging solution for an embedded application. In the systems we have, there's nothing that clears or scrambles physical memory during a soft reboot. Thus, if I write a bit to a physical address X, and reboot the system, the same bit will still be set after the reboot. This has been tested on the exact same hardware running VxWorks (this logic also works nicely in Nucleus RTOS and OS20 on different platforms, FWIW). My idea was to try the same thing in Linux by addressing phys therefore, it's essential that I get the same addresses each boot.
I should probably clarify that this is for kernel 2.6.12 and newer.
Here's my code, first for the kernel module, then for the userspace application.
To use it, I boot with mem=95m, then insmod foo-module.ko, then mknod mknod /dev/foo c 32 0, then run foo-user , where it dies. Running under gdb shows that it dies at the assignment, although within gdb, I cannot dereference the address I get from mmap (although printf can)
foo-module.c
#include &linux/module.h&
#include &linux/config.h&
#include &linux/init.h&
#include &linux/fs.h&
#include &linux/mm.h&
#include &asm/io.h&
#define VERSION_STR "1.0.0"
#define FOO_BUFFER_SIZE (1u*u)
#define FOO_BUFFER_OFFSET (95u*u)
#define FOO_MAJOR 32
#define FOO_NAME "foo"
static const char *foo_version = "@(#) foo Support version " VERSION_STR " " __DATE__ " " __TIME__;
static void
*pt = NULL;
static int
foo_release(struct inode *inode, struct file *file);
static int
foo_open(struct inode *inode, struct file *file);
static int
foo_mmap(struct file *filp, struct vm_area_struct *vma);
struct file_operations foo_fops = {
.owner = THIS_MODULE,
.llseek = NULL,
.read = NULL,
.write = NULL,
.readdir = NULL,
.poll = NULL,
.ioctl = NULL,
.mmap = foo_mmap,
.open = foo_open,
.flush = NULL,
.release = foo_release,
.fsync = NULL,
.fasync = NULL,
.lock = NULL,
.readv = NULL,
.writev = NULL,
static int __init foo_init(void)
printk(KERN_NOTICE "Loading foo support module\n");
printk(KERN_INFO "Version %s\n", foo_version);
printk(KERN_INFO "Preparing device /dev/foo\n");
i = register_chrdev(FOO_MAJOR, FOO_NAME, &foo_fops);
if (i != 0) {
return -EIO;
printk(KERN_ERR "Device couldn't be registered!");
printk(KERN_NOTICE "Device ready.\n");
printk(KERN_NOTICE "Make sure to run mknod /dev/foo c %d 0\n", FOO_MAJOR);
printk(KERN_INFO "Allocating memory\n");
pt = ioremap(FOO_BUFFER_OFFSET, FOO_BUFFER_SIZE);
if (pt == NULL) {
printk(KERN_ERR "Unable to remap memory\n");
printk(KERN_INFO "ioremap returned %p\n", pt);
static void __exit foo_exit(void)
printk(KERN_NOTICE "Unloading foo support module\n");
unregister_chrdev(FOO_MAJOR, FOO_NAME);
if (pt != NULL) {
printk(KERN_INFO "Unmapping memory at %p\n", pt);
iounmap(pt);
printk(KERN_WARNING "No memory to unmap!\n");
static int foo_open(struct inode *inode, struct file *file)
printk("foo_open\n");
static int foo_release(struct inode *inode, struct file *file)
printk("foo_release\n");
static int foo_mmap(struct file *filp, struct vm_area_struct *vma)
if (pt == NULL) {
printk(KERN_ERR "Memory not mapped!\n");
return -EAGAIN;
if ((vma-&vm_end - vma-&vm_start) != FOO_BUFFER_SIZE) {
printk(KERN_ERR "Error: sizes don't match (buffer size = %d, requested size = %lu)\n", FOO_BUFFER_SIZE, vma-&vm_end - vma-&vm_start);
return -EAGAIN;
ret = remap_pfn_range(vma, vma-&vm_start, (unsigned long) pt, vma-&vm_end - vma-&vm_start, PAGE_SHARED);
if (ret != 0) {
printk(KERN_ERR "Error in calling remap_pfn_range: returned %d\n", ret);
return -EAGAIN;
module_init(foo_init);
module_exit(foo_exit);
MODULE_AUTHOR("Mike Miller");
MODULE_LICENSE("NONE");
MODULE_VERSION(VERSION_STR);
MODULE_DESCRIPTION("Provides support for foo to access direct memory");
foo-user.c
#include &sys/stat.h&
#include &fcntl.h&
#include &unistd.h&
#include &stdio.h&
#include &sys/mman.h&
int main(void)
fd = open("/dev/foo", O_RDWR | O_SYNC);
if (fd == -1) {
printf("open error...\n");
mptr = mmap(0, 1 * 1024 * 1024, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, fd, 4096);
printf("On start, mptr points to 0x%lX.\n",(unsigned long) mptr);
printf("mptr points to 0x%lX. *mptr = 0x%X\n", (unsigned long) mptr, *mptr);
mptr[0] = 'a';
mptr[1] = 'b';
printf("mptr points to 0x%lX. *mptr = 0x%X\n", (unsigned long) mptr, *mptr);
close(fd);
3,89111943
I think you can find a lot of documentation about the kmalloc + mmap part.
However, I am not sure that you can kmalloc so much memory in a contiguous way, and have it always at the same place. Sure, if everything is always the same, then you might get a constant address. However, each time you change the kernel code, you will get a different address, so I would not go with the kmalloc solution.
I think you should reserve some memory at boot time, ie reserve some physical memory so that is is not touched by the kernel. Then you can ioremap this memory which will give you
a kernel virtual address, and then you can mmap it and write a nice device driver.
This take us back to
in PDF format. Have a look at chapter 15, it is describing this technique on page 443
Edit : ioremap and mmap.
I think this might be easier to debug doing things in two step : first get the ioremap
right, and test it using a character device operation, ie read/write. Once you know you can safely have access to the whole ioremapped memory using read / write, then you try to mmap the whole ioremapped range.
And if you get in trouble may be post another question about mmaping
Edit : remap_pfn_range
ioremap returns a virtual_adress, which you must convert to a pfn for remap_pfn_ranges.
Now, I don't understand exactly what a pfn (Page Frame Number) is, but I think you can get one calling
virt_to_phys(pt) && PAGE_SHIFT
This probably is not the Right Way (tm) to do it, but you should try it
You should also check that FOO_MEM_OFFSET is the physical address of your RAM block. Ie before anything happens with the mmu, your memory is available at 0 in the memory map of your processor.
7,62952764
Sorry to answer but not quite answer, I noticed that you have already edited the question. Please note that SO does not notify us when you edit the question. I'm giving a generic answer here, when you update the question please leave a comment, then I'll edit my answer.
Yes, you're going to need to write a module. What it comes down to is the use of kmalloc() (allocating a region in kernel space) or vmalloc() (allocating a region in userspace).
Exposing the prior is easy, exposing the latter can be a pain in the rear with the kind of interface that you are describing as needed. You noted 1.5 MB is a rough estimate of how much you actually need to reserve, is that iron clad? I.e are you comfortable taking that from kernel space? Can you adequately deal with ENOMEM or EIO from userspace (or even disk sleep)? IOW, what's going into this region?
Also, is concurrency going to be an issue with this? If so, are you going to be using a futex? If the answer to either is 'yes' (especially the latter), its likely that you'll have to bite the bullet and go with vmalloc() (or risk kernel rot from within). Also, if you are even THINKING about an ioctl() interface to the char device (especially for some ad-hoc locking idea), you really want to go with vmalloc().
Also, have you read ? Plus we aren't even touching on what grsec / selinux is going to think of this (if in use).
1,70451734
22.3k971129
/dev/mem is okay for simple register peeks and pokes, but once you cross into interrupts and DMA territory, you really should write a kernel-mode driver.
What you did for your previous memory-management-less OSes simply doesn't graft well to an General Purpose OS like Linux.
You've already thought about the DMA buffer allocation issue.
Now, think about the "DMA done" interrupt from your device.
How are you going to install an Interrupt Service Routine?
Besides, /dev/mem is typically locked out for non-root users, so it's not very practical for general use.
Sure, you could chmod it, but then you've opened a big security hole in the system.
If you are trying to keep the driver code base similar between the OSes, you should consider refactoring it into separate user & kernel mode layers with an IOCTL-like interface in-between.
If you write the user-mode portion as a generic library of C code, it should be easy to port between Linux and other OSes.
The OS-specific part is the kernel-mode code.
(We use this kind of approach for our drivers.)
It seems like you have already concluded that it's time to write a kernel-driver, so you're on the right track.
The only advice I can add is to read these books cover-to-cover.
(Keep in mind that these books are circa-2005, so the information is a bit dated.)
I am by far no expert on these matters, so this will be a question to you rather than an answer. Is there any reason you can't just make a small ram disk partition and use it only for your application? Would that not give you guaranteed access to the same chunk of memory? I'm not sure of there would be any I/O performance issues, or additional overhead associated with doing that. This also assumes that you can tell the kernel to partition a specific address range in memory, not sure if that is possible.
I apologize for the newb question, but I found your question interesting, and am curious if ram disk could be used in such a way.
Have you looked at the 'memmap' kernel parameter?
On i386 and X64_64, you can use the memmap parameter to define how the kernel will hand very specific blocks of memory (see the
documentation).
In your case, you'd want to mark memory as 'reserved' so that Linux doesn't touch it at all.
Then you can write your code to use that absolute address and size (woe be unto you if you step outside that space).
9,26431839
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Stack Exchange
Post as a guest
required, but not shown
Post as a guest
required, but not shown
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabled翻译：怎样理解C++ 11中的trivial和standard-layout---An answer from stackoverflow - 落叶的思维 - 博客园
上一篇中，我们了解到C++中的Aggregates和POD类型，那么在C++ 11中这些定义会有怎样的改变呢，什么是trivial和standard-layout类型呢？相信在这篇译文中，可以找到你想要的答案
-------------------------------------------------------------------------译文
C++ 11 做了哪些改变?
Aggregates
C++标准中Aggregate的定义稍微有所改变，但是之前的定义基本相同：
一个Aggregate是一个数组或者一个没有用户声明构造函数，没有{ }和=直接初始化(brace-or-equal-initializers)的非静态类型成员，没有私有或保护类型的非静态数据成员，没有父类和虚函数的类型
OK,做了哪些改变？
之前，aggregate类型不能拥有用户声明的构造函数，现在，不能拥有用户提供的构造函数，有什么区别呢？因为现在你可以声明构造函数并设置为default。这依然是Aggregate类型，因为在声明时任何使用默认实现的构造函数（或者其他特殊成员函数）都不是用户提供的。
1 struct Aggregate {
Aggregate() = default; // asks the compiler to generate the default implementation
现在，Aggregate类型不能拥有任何{ }和=直接初始化(brace-or-equal-initializers)的非静态类型成员，什么意思呢？就是因为在新的标准下，我们可以像这样直接声明成员变量：
1 struct NotAggregate {
int x = 5; // valid in C++11
std::vector&int& s{1,2,3}; // also valid
Aggregate类型不允许使用这种特性，因为这相当于提供了用户自定义的默认构造函数，所以，什么是Aggregate类型，在新标准中并没有做太多改变，基本概念还是一样的，只不过适用于C++的新特性而已。
PODs类型有了很多改动。很多之前POD类型的限制在新标准中被放开了，而且，定义的方式也被彻底的改变了。&
POD的含义可以从两个显著的特性说明：
它支持静态初始化，而且
在C++中编译POD类型会和C中编译的struct类型得到相同的内存布局
正是因为这个，这个定义被划分为两个不同的概念：trivial 类型和standard-layout 类型，因为这比POD类型更有用。新标准中已经很少使用POD这个术语了，而是更多的在使用更精确的概念：trival和stand-layout。
新的定义基本说明了POD类型既是trivial类型有事stand-layout，而且，这个特性递归地适用于每个非静态数据成员：
POD struct类型是既为trivial类型又为standard-layout类型，而且还没有非静态类型的non-POD struct和non-POD union（或者这些类型的数组）数据成员的non-union类型。相似地，POD union类型是极为trivial类型尤为standard-layout类型，而且还没有非静态类型的non-POD struct和non-POD union（或者这些类型的数组）数据成员的union类型。POD 类型包含POD struct和POD union这两种类型。
我们来分开、详细说明这两个特性。
Trivial 类型
上面提到的第一个特性Trivial：trivial类型支持静态初始化。如果一个类型是拷贝不变的（trivially copyable），使用memcpy这种方式把它的数据从一个地方拷贝出来会得到相同的结果。&
C++标准把trivial类型定义如下：
一个拷贝不变（trivially copyable）类型是指：
没有non-trivial 的复制构造函数
没有non-trivial的转移构造函数
没有non-trivial的赋值操作符
没有non-trivial的转移赋值操作符
有一个trivial的析构函数
一个trivial class类型是指有一个trivial类型的默认构造函数，而且是拷贝不变的（trivially copyable）的class。（特别注意，拷贝不变类型和trivial类型都不能有虚函数和虚基类）。
那么，这么trivial和non-trivial类型到底是什么呢？
Class X复制或转移构造函数是trivial类型的，如果他不是用户提供的，而且
Class X没有任何虚函数和虚基类，而且
用于复制或转移直接基类的构造函数是trivial类型的，而且
复制或转移构造函数选择复制或转移的X内部的每一个非静态数据成员（或数组）必须是trivial类型的
否则，复制或转移构造函数就是non-trivial类型的
从根本上也就是说复制或转移构造函数是trivial类型的只要他不是用户提供的、类内部没有虚函数，而且这个规则要递归地适用于所有数据成员类型和基类。
Trivial类型赋值或转移操作符的定义类似，把构造函数替换为赋值操作符就可以了。
Trivial类型的析构函数也有类似的定义，不过要加一条限制，就是不能为虚函数。
Trivial类型的默认构造函数也需要加一条限制：上面我们已经看到了，不能拥有{ }或=初始化的（brace-or-equal-initializers）非静态数据成员。
&这里有个几个例子能让你彻底明白每个类型：
1 // empty classes are trivial
2 struct Trivial1 {};
4 // all special members are implicit
5 struct Trivial2 {
9 struct Trivial3 : Trivial2 { // base class is trivial
Trivial3() = default; // not a user-provided ctor
14 struct Trivial4 {
15 public:
17 private: // no restrictions on access modifiers
21 struct Trivial5 {
28 struct Trivial6 {
Trivial2 a[23];
32 struct Trivial7 {
void f(); // it's okay to have non-virtual functions
37 struct Trivial8 {
static NonTrivial1 // no restrictions on static members
42 struct Trivial9 {
Trivial9() = default; // not user-provided
// a regular constructor is okay because we still have default ctor
Trivial9(int x) : x(x) {};
49 struct NonTrivial1 : Trivial 3 {
virtual f(); // virtual members make non-trivial ctors
53 struct NonTrivial2 {
NonTrivial2() : z(42) {} // user-provided ctor
58 struct NonTrivial3 {
NonTrivial3(); // user-provided ctor
62 NonTrivial3::NonTrivial3() = default; // defaulted but not on first declaration
// still counts as user-provided
64 struct NonTrivial5 {
virtual ~NonTrivial5(); // virtual destructors are not trivial
Standard-layout
Standard-layout是第二个特性，C++标准中说它对语言间交互很有用，这是因为C++ standard-layout类型和C中struct或union类型有相同的内存布局。&
这是另一个需要所有成员和基类递归遵循的特性。而且，虚函数和虚基类也是不允许的，这会让内存布局与C不兼容。&
这里有一个规定放开了，那就是standard-layout类型的非静态数据成员必须是相同的访问控制，之前他们都必须是public类型的，但是现在他们可以是private或protected类型的了，只要他们都属于同一种。&
当使用继承时，在整个继承体系中，只允许一个类拥有非静态数据成员，而且第一个非静态数据成员不能是基类的（这可能打乱量化规则），否则，就不是standard-layout类型。&
C++标准中的是这样定义的：
standard-layout&类型的类是指：
没有&non-standard-layout类型（或这些类型的数组）和引用的非静态数据成员
没有虚函数和虚基类
非静态数据成员的访问控制必须是相同的
没有non-standard-layout的基类
在最底层的派生类中没有非静态数据成员，而且在最多有一个基类拥有非静态数据成员，或者没有拥有非静态数据成员
相同基类类型的非静态数据成员不能作为第一个成员
standard-layout类型struct就是以struct或class为关键字定义的standard-layout&类型。
standard-layout类型union就是以union为关键字定义的standard-layout&类型。
[注意：standard-layout类型在C++与其他语言交互时非常重要]
现在我们来看几个例子：
1 // empty classes have standard-layout
2 struct StandardLayout1 {};
4 struct StandardLayout2 {
8 struct StandardLayout3 {
9 private: // both are private, so it's ok
14 struct StandardLayout4 : StandardLayout1 {
void f(); // perfectly fine to have non-virtual functions
21 struct StandardLayout5 : StandardLayout1 {
StandardLayout1 // can have members of base type if they're not the first
26 struct StandardLayout6 : StandardLayout1, StandardLayout5 {
// can use multiple inheritance as long only
// one class in the hierarchy has non-static data members
31 struct StandardLayout7 {
StandardLayout7(int x, int y) : x(x), y(y) {} // user-provided ctors are ok
37 struct StandardLayout8 {
38 public:
StandardLayout8(int x) : x(x) {} // user-provided ctors are ok
40 // ok to have non-static data members and other members with different access
41 private:
45 struct StandardLayout9 {
static NonStandardLayout1 // no restrictions on static members
50 struct NonStandardLayout1 {
virtual f(); // cannot have virtual functions
54 struct NonStandardLayout2 {
NonStandardLayout1 X; // has non-standard-layout member
58 struct NonStandardLayout3 : StandardLayout1 {
StandardLayout1 // first member cannot be of the same type as base
62 struct NonStandardLayout4 : StandardLayout3 {
int // more than one class has non-static data members
66 struct NonStandardLayout5 : NonStandardLayout3 {}; // has a non-standard-layout base class
在新的标准下，很多新类型成为POD类型，而且，就算一个类型不是POD类型，我们也可以分别利用POD类型的特性（只要这个类型是trivial或者standard-layout）。
标准模板块（STL）在头文件&type_traits&中定义了对这些类型的检测：
1 template &typename T&
2 struct std::is_
3 template &typename T&
4 struct std::is_
5 template &typename T&
6 struct std::is_trivially_
7 template &typename T&
8 struct std::is_standard_Cisco 2811 碎片攻击错误
*Dec 26 13:44:12.927: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16 解决方案：在出现最片数超过最大碎片数的接口上，配置如下命令： Route2811#config ter Enter configuration commands, one per line. End with CNTL/Z. Route281
*Dec 26 13:44:12.927: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table
&has reached its maximum threshold 16
解决方案：在出现最片数超过最大碎片数的接口上，配置如下命令：
Route2811#config ter
Enter configuration commands, one per line.& End with CNTL/Z.
Route2811(config)# interface Dialer1
Route2811(config-if)#
virtual-reassembly max-reassemblies 1024（回车）
Route2811#write （保存当前的配置到启动设置中）
附：（Cisco 2811路由器配置）
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Route2811
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$cV4G$J2L0barooD4OmvsIv7Mk10
enable password ******
no aaa new-model
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp pool sdm-pool1
&& network 192.168.0.0 255.255.255.0
&& dns-server 218.2.135.1 61.147.37.1
&& default-router 192.168.0.1
no ip domain lookup
ip name-server 218.2.135.1
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
&request-dialin
&protocol pppoe
&l2tp tunnel receive-window 1024
&log config
class-map match-all bt
&match protocol bittorrent
class-map match-all 101
&match access-group 101
class-map match-all 100
&match access-group 100
class-map match-all 102
&match access-group 102
policy-map speed
&class 100
&& police cir 960000 bc 96000
&class 101
&& police cir 960000 bc 96000
&class 102
&& police cir 1280000 bc 128000
interface FastEthernet0/0
&description $ETH-WAN$
&no ip address
&ip virtual-reassembly
&no ip route-cache cef
&no ip route-cache
&duplex auto
&speed auto
&pppoe-client dial-pool-number 1
interface FastEthernet0/1
&description $ETH-LAN$
&ip address 192.168.1.1 255.255.255.0
&ip access-group internet_limit in
&ip nat inside
&ip virtual-reassembly
&ip tcp adjust-mss 1412
&duplex auto
&speed auto
&service-policy input speed
&service-policy output speed
interface Dialer1
&ip address negotiated
&ip mtu 1492
&ip nat outside
&ip virtual-reassembly max-reassemblies 1024
&encapsulation ppp
&no ip route-cache cef
&no ip route-cache
&ip tcp adjust-mss 1024
&dialer pool 1
&dialer-group 1
&ppp authentication pap callin
&ppp chap hostname
&ppp chap password 0
&ppp pap sent-username
password 0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.0.0 FastEthernet0/1
ip http server
ip nat translation timeout 300
ip nat translation tcp-timeout 500
ip nat translation udp-timeout 30
ip nat translation finrst-timeout 30
ip nat translation syn-timeout 30
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 30
ip nat translation max-entries 12000
ip nat translation max-entries host 192.168.0.72 100
ip nat translation max-entries host 192.168.0.73 100
ip nat translation max-entries host 192.168.0.74 100
ip nat translation max-entries host 192.168.0.75 100
ip nat translation max-entries host 192.168.0.76 100
ip nat translation max-entries host 192.168.0.77 100
ip nat translation max-entries host 192.168.0.78 100
ip nat translation max-entries host 192.168.0.79 100
ip nat translation max-entries host 192.168.0.64 100
ip nat translation max-entries host 192.168.0.65 100
ip nat translation max-entries host 192.168.0.66 100
ip nat translation max-entries host 192.168.0.67 100
ip nat translation max-entries host 192.168.0.68 100
ip nat translation max-entries host 192.168.0.69 100
ip nat translation max-entries host 192.168.0.70 100
ip nat translation max-entries host 192.168.0.71 100
ip nat translation max-entries host 192.168.0.88 100
ip nat translation max-entries host 192.168.0.89 2000
ip nat translation max-entries host 192.168.0.90 2000
ip nat translation max-entries host 192.168.0.80 100
ip nat translation max-entries host 192.168.0.81 100
ip nat translation max-entries host 192.168.0.82 100
ip nat translation max-entries host 192.168.0.83 100
ip nat translation max-entries host 192.168.0.84 100
ip nat translation max-entries host 192.168.0.85 100
ip nat translation max-entries host 192.168.0.86 100
ip nat translation max-entries host 192.168.0.87 100
ip nat translation max-entries host 192.168.0.40 100
ip nat translation max-entries host 192.168.0.41 100
ip nat translation max-entries host 192.168.0.42 100
ip nat translation max-entries host 192.168.0.43 100
ip nat translation max-entries host 192.168.0.44 300
ip nat translation max-entries host 192.168.0.45 300
ip nat translation max-entries host 192.168.0.46 100
ip nat translation max-entries host 192.168.0.47 100
ip nat translation max-entries host 192.168.0.32 100
ip nat translation max-entries host 192.168.0.33 100
ip nat translation max-entries host 192.168.0.34 100
ip nat translation max-entries host 192.168.0.35 100
ip nat translation max-entries host 192.168.0.36 100
ip nat translation max-entries host 192.168.0.37 100
ip nat translation max-entries host 192.168.0.38 100
ip nat translation max-entries host 192.168.0.39 100
ip nat translation max-entries host 192.168.0.56 300
ip nat translation max-entries host 192.168.0.57 100
ip nat translation max-entries host 192.168.0.58 100
ip nat translation max-entries host 192.168.0.59 100
ip nat translation max-entries host 192.168.0.60 100
ip nat translation max-entries host 192.168.0.61 100
ip nat translation max-entries host 192.168.0.62 100
ip nat translation max-entries host 192.168.0.63 100
ip nat translation max-entries host 192.168.0.48 100
ip nat translation max-entries host 192.168.0.49 100
ip nat translation max-entries host 192.168.0.50 100
ip nat translation max-entries host 192.168.0.51 100
ip nat translation max-entries host 192.168.0.52 100
ip nat translation max-entries host 192.168.0.53 100
ip nat translation max-entries host 192.168.0.54 100
ip nat translation max-entries host 192.168.0.55 100
ip nat translation max-entries host 192.168.0.11 300
ip nat translation max-entries host 192.168.0.12 100
ip nat translation max-entries host 192.168.0.13 100
ip nat translation max-entries host 192.168.0.14 100
ip nat translation max-entries host 192.168.0.15 100
ip nat translation max-entries host 192.168.4.0 100
ip nat translation max-entries host 192.168.0.24 100
ip nat translation max-entries host 192.168.0.25 300
ip nat translation max-entries host 192.168.0.26 100
ip nat translation max-entries host 192.168.0.27 100
ip nat translation max-entries host 192.168.0.28 100
ip nat translation max-entries host 192.168.0.29 100
ip nat translation max-entries host 192.168.0.30 300
ip nat translation max-entries host 192.168.0.31 100
ip nat translation max-entries host 192.168.0.16 100
ip nat translation max-entries host 192.168.0.17 300
ip nat translation max-entries host 192.168.0.18 100
ip nat translation max-entries host 192.168.0.19 100
ip nat translation max-entries host 192.168.0.20 100
ip nat translation max-entries host 192.168.0.21 100
ip nat translation max-entries host 192.168.0.22 100
ip nat translation max-entries host 192.168.0.23 100
ip nat translation max-entries host 192.168.0.200 100
ip nat inside source list 1 interface Dialer1 overload
ip access-list extended internet_limit
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.26 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.150 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.151 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.152 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.153 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.154 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 any eq smtp
&permit tcp 192.168.0.0 0.0.0.255 any eq pop3
&permit ip host 192.168.0.1 any
&permit ip host 192.168.0.2 any
&permit ip host 192.168.0.3 any
&permit ip host 192.168.0.4 any
&permit ip host 192.168.0.5 any
&permit ip host 192.168.0.89 any
&permit ip host 192.168.0.90 any
&permit ip host 192.168.0.91 any
&permit ip host 192.168.0.210 any
&permit ip host 192.168.0.211 any
&permit ip host 192.168.0.198 any
&permit ip host 192.168.0.224 any
&permit ip host 192.168.0.219 any
&permit ip host 192.168.0.200 any
&permit ip host 192.168.0.188 any
&permit ip host 192.168.0.10 any
&permit ip host 192.168.0.25 any
&permit ip host 192.168.0.30 any
&permit ip host 192.168.0.42 any
&permit ip host 192.168.0.44 any
&permit ip host 192.168.0.45 any
&permit ip host 192.168.0.46 any
&permit ip host 192.168.0.56 any
&permit ip 192.168.0.0 0.0.0.255 host 218.2.135.1
&permit ip 192.168.0.0 0.0.0.255 host 61.147.37.1
&permit ip host 192.168.0.14 any
&permit ip host 192.168.0.23 any
&permit ip host 192.168.0.39 any
&permit ip host 192.168.0.22 any
&permit ip host 192.168.0.43 any
&permit ip host 192.168.0.47 any
&permit ip host 192.168.0.27 any
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.13
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.14
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.15
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.16
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.17
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.21
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.22
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.23
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.24
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.25
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.26
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.64.49
&permit ip host 192.168.0.18 any
&permit ip host 192.168.0.13 any
&permit ip host 192.168.0.11 any
&permit ip host 192.168.0.48 any
&permit ip host 192.168.0.51 any
&permit ip host 192.168.0.52 any
&permit ip host 192.168.0.53 any
&permit ip host 192.168.0.54 any
&permit ip host 192.168.0.17 any
&permit ip host 192.168.0.29 any
&permit ip host 192.168.0.40 any
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.26 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.150 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.151 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.152 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.153 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.154 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.120 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.121 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.122 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.123 eq 5222
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.120 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.121 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.122 eq www
&permit tcp 192.168.0.0 0.0.0.255 host 211.150.66.123 eq www
&permit ip host 192.168.0.57 any
&permit ip host 192.168.0.58 any
&permit ip host 192.168.0.63 any
&permit ip host 192.168.0.19 any
&permit ip host 192.168.0.36 any
&permit ip host 192.168.0.65 any
&permit ip host 192.168.0.64 any
&permit ip host 192.168.0.31 any
&permit ip host 192.168.0.16 any
&permit ip 192.168.4.0 0.0.0.255 any
&permit ip host 192.168.0.15 any
&deny&& ip any any time-range TR2
&permit ip any any
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 101 permit ip any 192.168.4.0 0.0.0.255
access-list 102 permit ip host 192.168.0.56 any
access-list 102 permit ip any host 192.168.0.56
access-list 102 permit ip host 192.168.0.11 any
access-list 102 permit ip any host 192.168.0.11
access-list 102 permit ip host 192.168.0.17 any
access-list 102 permit ip any host 192.168.0.17
access-list 102 permit ip host 192.168.0.25 any
access-list 102 permit ip any host 192.168.0.25
access-list 102 permit ip host 192.168.0.30 any
access-list 102 permit ip any host 192.168.0.30
access-list 102 permit ip host 192.168.0.44 any
access-list 102 permit ip any host 192.168.0.44
access-list 102 permit ip host 192.168.0.45 any
access-list 102 permit ip any host 192.168.0.45
access-list 102 permit ip host 192.168.0.46 any
access-list 102 permit ip any host 192.168.0.46
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
&exec-timeout 0 0
&privilege level 15
&password&123456
&transport input telnet
scheduler allocate
time-range TR1
&absolute start 04:00 07 September 2010 end 00:00 01 January 2035
&periodic weekdays 0:00 to 4:00
&periodic weekdays 5:30 to 9:30
&periodic Saturday 0:00 to 4:00
&periodic Saturday 5:30 to 9:30
time-range TR2
&absolute start 04:00 01 November 2010 end 00:00 01 January 2035
&periodic weekdays 0:06 to 4:00
&periodic weekdays 5:06 to 9:00
&periodic Saturday 0:06 to 4:00
&periodic Saturday 5:06 to 9:00
end(责任编辑：admin)
------分隔线----------------------------
d.jpg (110.27 KB)
11:17 ddsg.jpg (95.81 KB)
11:17 http_imddd...
Cisco Secure ACS(Access Control Server)是一种多功能AAA 认证服务器 。 所谓AAA服务...
8mb Flash for 2500 Series - MT Stock - Available MT AMD Cisco Approved 8MB Flash...
在广域网络互联中,经常遇到物理线路有问题的情况,或者物理线路虽然连通,但上层网络协...
一 请简述网络定义，并谈谈自己对网络的理解 二 请描述osi七层模型，并简要概括各层功...
650)height=484 this.width=650; 650) this.width=650; height=724 中型企业网络构建...