previous-> Ext2Internals.htm, Home
Inside Ext2/3 File System
In the MBR/EBR the value for the Ext2/Ext3 partition is ‘0x83’. The Ext2/Ext3 file system contains several data structures for keeping the file system information. These data structures are also known as metadata structures. The important data structures contained in the Ext2/Ext3 File System are boot block, super block, descriptor table and inode table.
The Boot Block
The boot block of the Ext2/Ext3 filesystem is 1024 bytes long and does not contain any useful information (as far as I know. I would like to know if it contains any.).
The Super Block
The Super Block contains the information of the whole file system. It contains and the metadata like size, total inodes e.t.c. The Ext2/Ext3 super block has the following components.
struct EXT2_SUPER_BLOCK
{
DWORD s_inodes_count;
DWORD s_blocks_count;
DWORD s_r_blocks_count;
DWORD s_free_blocks_count;
DWORD s_free_inodes_count;
DWORD s_first_data_block;
DWORD s_log_block_size;
DWORD s_log_frag_size;
DWORD s_blocks_per_group;
DWORD s_frags_per_group;
DWORD s_inodes_per_group;
DWORD s_mtime;
WORD s_wtime;
WORD s_mnt_count;
WORD s_max_mnt_count;
WORD s_magic;
WORD s_state;
WORD s_pad;
WORD s_minor_rev_level;
DWORD s_lastcheck;
DWORD s_checkinterval;
DWORD s_creator_os;
DWORD s_rev_level;
WORD s_def_resuid;
WORD s_def_regid;
/* for EXT2_DYNAMIC_REV superblocks only */
DWORD s_first_ino;
WORD s_inode_size;
WORD s_block_group_nr;
DWORD s_feature_compat;
DWORD s_feature_incompat;
DWORD s_feature_ro_compat;
BYTE s_uuid[16];
char s_volume_name[16];
char s_last_mounted[64];
DWORD s_algorithm_usage_bitmap;
BYTE s_prealloc_blocks;
BYTE s_prealloc_dir_blocks;
WORD s_padding1;
DWORD s_reserved[204];
};
s_inodes_count :- Stores the total no of inodes.
s_blocks_count:- Stores the total no of blocks.
s_r_blocks_count:- Stores the total no of blocks reserved for exclusive use of superuser.
s_free_blocks_count:- Stores the total no of free blocks.
s_free_inodes_count:- Stores the total no of free inodes in the file System.
s_first_data_block:- Position of the first data block.
s_log_block_size:- used to compute logical block size in bytes. E.g if it is 1, block size is 1024. if it is 2, block size is 2048.
s_log_frag_size:- used to compute logical fragment size.
s_blocks_per_group:- Total number of blocks contained in the group.(see groups later.).
s_frags_per_group:- Total number of fragments in a group.
s_inodes_per_group:- Total number of inodes in a group.
s_mtime:- Time at which the last mount was performed. The time is stored in UNIX format as defined by posix.
s_wtime:- Time at which the last write was performed. The time is stored in UNIX format as defined by posix.
s_mnt_count:- The total number of time the fs system has been mounted in r/w mode without having checked. The Linux OS uses this value to automatically check the file system when the specified time reaches. The Specified time is s_max_mnt_count.
s_max_mnt_count:- The max no of times the fs can be mounted in r/w mode before a check must be done.
s_magic:- A number that identifies the file System. (eg. 0xef53 for ext2).
s_state; Gives the state of fs (eg. 0x001 is Unmounted cleanly). The Linux OS uses this value to determine.
s_pad:- Unused.
s_minor_rev_level:- Contains the minor number for the revision level.
s_lastcheck; The time of last File System check performed.
s_checkinterval; The max possible time between checks on the file system.
s_creator_os:- Owner Operating System of the file system. (linux=0, hurd=1, masix=2, FreeBSD=3, Lites=4 etc.).
s_rev_level:- Revision level of the file system. (0 -> original format, 1 -> v2 format with dynamic inode sizes.).
s_def_resuid:- Default uid for reserved blocks.
s_def_regid:- Default gid for reserved blocks.
s_first_ino:- First non-reserved inode.
s_inode_size:- Size of inode structure.
s_block_group_nr:- Block group no of this super block. There is another Super Block in File System for the rescue of damaged file system.
s_feature_compat:- Compatible feature set.
s_feature_incompat:- Incompatible feature set.
s_feature_ro_compat:- Read only compatible feature set.
s_uuid:- 128-bit uuid for volume.
s_volume_name:- volume name (e.g. /, /boot etc.).
s_last_mounted:- Directory where last mounted.
Reading the super block is pretty easy. Just read the starting sector +2 of the filesystem.
Group Descriptor
The ext2/ext3 file system is divided into groups called block group. The number of groups can be derived from the formula, block_group = s_blocks_count/s_blocks_per_group.
The attributes of the group is identified by group descriptor. There is an array of group descriptors describing each group. The group descriptor table can be found at the first block (block-1) following the superblock structure of the file system (block no starts from 0.). The structure of the group descriptor is as follows.
struct EXT2_GROUP_DESC
{
DWORD bg_block_bitmap;
DWORD bg_inode_bitmap;
DWORD bg_inode_table;
WORD bg_free_blocks_count;
WORD bg_free_inodes_count;
WORD bg_used_dirs_count;
WORD bg_pad;
DWORD bg_reserved[3];
};
bg_block_bitmap:- The block which contains the block bitmap for the group.
bg_inode_bitmap:- The block contains the inode bitmap for the group.
bg_inode_table:- The block contains the inode table first block (the starting block of the inode table.).
bg_free_blocks_count:- Number of free blocks in the group.
bg_free_inodes_count:- Number of free inodes in the group.
bg_used_dirs_count:- Number of inodes allocated to the directories.
bg_pad:- Padding (reserved).
bg_reserved:- Reserved.
Block Bitmap
The block bitmap represents the status of each block. It shows that the block is used (1) or free (0). E.g. 1001… show block 1 is used, block 2 is free, block 3 is free etc. Its correct location can be found by looking at bg_block_bitmap.
It is used to determine which block is free and which is used. It is used when making or copying files (Ext2read does not currently support writing to file system.).
Inode Bitmap
The Inode Bitmap works in the similar way as the block bitmap. The inode bitmap represents the status of each inode. It determines whether the inode is used (1) or free (0). E.g. 1001… show inode 0 is used, inode 1 is free, inode 2 is free etc. Its correct location can be found by looking at bg_inode_bitmap.
Inode Table
In Ext2/Ext3 file system, each file is identified by an inode. Each file has its own inode entry. The File Systems a table of all the inodes in the file system called the inode table. Furthermore, each block group has its own inode table. The starting location for the inode table can be identified by looking at bg_inode_table.
The inode gives the attributes like mode, size, uid, creation time etc. of the file.
The structure of the inode is as follows.
struct EXT2_INODE
{
WORD i_mode; /* File mode */
WORD i_uid; /* Low 16 bits of Owner Uid */
DWORD i_size; /* Size in bytes */
DWORD i_atime; /* Access time */
DWORD i_ctime; /* Creation time */
DWORD i_mtime; /* Modification time */
DWORD i_dtime; /* Deletion Time */
WORD i_gid; /* Low 16 bits of Group Id */
WORD i_links_count; /* Links count */
DWORD i_blocks; /* Blocks count */
DWORD i_flags; /* File flags */
DWORD osd1; /* OS dependent 1 */
DWORD i_block[EXT2_N_BLOCKS];/* Pointers to blocks */
DWORD i_generation; /* File version (for NFS) */
DWORD i_file_acl; /* File ACL */
DWORD i_dir_acl; /* Directory ACL */
DWORD i_faddr; /* Fragment address */
BYTE l_i_frag; /* Fragment number */
BYTE l_i_fsize; /* Fragment size */
WORD i_pad1;
WORD l_i_uid_high; /* these 2 fields */
WORD l_i_gid_high; /* were reserved2[0] */
DWORD l_i_reserved2;
};
i_mode:- It describes the format and the access rights of the file. The result obtained by masking the value with EXT2_S_IFMT(0xF000) gives the file type. When it is masked with EXT2_IRWXU(0x01c0) gives the user access, when it is masked with EXT2_IRWX(0x0038) gives group access and when masked with EXT2_IRWXO(0x0007) gives others rights.
i_uid:- The id of the owner.
i_size:- The size of the file in bytes.
i_atime:- The last access time of the file. The time is number of seconds since 1st january 1970.
i_ctime:- The creation time of the file. The time is number of seconds since 1st january 1970.
i_mtime:- The last modification time of the file. The time is number of seconds since 1st january 1970.
i_dtime:- deletion time of the file. The time is number of seconds since 1st january 1970.
i_gid:- The group associated with this file.
i_links_count:- The number of times the inode is refered to.
i_blocks:- The number of blocks reserved for the file. The block is not the size of the block but the sector size ie. 512 bytes.
i_flags:- The behaviour flags of the file system.
osd1:- The OS dependent value.
i_block:- This array is used to locate the data of the file. The first twelve entries are the direct data blocks ie, they point directly to the data.
The 13th field is the indirect block. It points to the block which has the address of data blocks. The block holds 1 block of entries.
The 14th field is the bi- indirect block. It points to the block holding indirect entries.
The 15th field is the triple indirect block. It points to the block holding bi- indirect entries.
i_generation:- defines the file version. It is used by NFS.
i_file_acl:- The access control flags associated with the file.
i_dir_acl:- The access control flags associated with the directory.
The directory structure
The data blocks of the directory points to the directory structure. The directory structure of Ext2 is:
struct EXT2_DIR_ENTRY {
DWORD inode;
/* Inode number */
WORD rec_len;
/* Directory entry length */
WORD name_len;
/* Name length */
char name[EXT2_NAME_LEN]; /* File
name */
};
The directory entries are the array of struct EXT2_DIR_ENTRY. The size of the each structure is given by the rec_len.
inode:- The inode number of the entry.
rec_len:- The length of the record.
name_len:- The length of the name of the file.
name:- The name of the file. The string is not NULL terminated.
previous-> Ext2Internals.htm, Home