zdb命令本身是可以查阅man zdb或zdb –help提供帮助的,无奈帮助太过简洁,而且省略了很多非常重要、有用的参数,正巧这几天研究,就记录一下。
以下假设pool的名称为case2.2:
zdb –uuu case2.2
作用:显示case2.2的活动uberblock,并显示其DVA,结果如下图所示:
zdb –ddddd case2.2
作用:显示所有文件系统集合上的对象的详细摘要信息,导出后有用信息太多了。足够看N久的了。
zdb –ddddd case2.2/ 4
作用:显示case2.2用户文件系统下第4号节点文件的摘要信息,包括dva信息等,如果是zdb –ddddd case2.2 4,则表示是meta集合的第4号节点的摘要信息。
#!/bin/bash
echo "readzfsobj.sh <poolname> <objectid> <outfile>"
touch $3
zdb -ddddd $1/ $2 |sed -n "/^ *[0123456789abcdef]* *L0 * /p" |awk ‘{print $3}‘|while read line
do
#echo "zy:$line"
zdb -R $1 $line:r >>$3
done作用:使用此shell脚本,配合zdb命令,即可导出指定对象,主要用于研究目录等非文件集合数据。如通过ls -i 命令知道某个目录的节点号,执行
readzfsobj.sh case2.2 4 root.img
即可将文件系统根目录块导出成一个普通文件,再用二进制工具查看则较容易读懂mzap,fatzap的结构。
大致原理:假设有一大目录id是13,因执行zdb -ddddd case2.2 13时,会列出如下图所示目录的地址索引信息,通过sed命令过滤出这些行,再通过awk打印其中的DVA。最后,通过一行一行地执行zdb -R 命令把块导出后输入到目标文件中(本示例为去掉压缩选项后的处理方案,如果有压缩,需做针对性处置)。
引用:http://cuddletech.com/?p=407 中的一段zdb命令的说明
There are 3 arguments that are really the core ones of interest, but fefore we get to them, you absolutely must understand something unique about zdb. ZDB is like a magnifying glass, at default magnification you can see that its tissue, turn up the magnification and you see that it has veins, turn it up again and you see how intricate the system is, crank it up one more time and you can see blood cells themselves. With zdb, each time we repeat an argument we increase the verbosity and thus dig deeper. For instance, zdb -d will list the datasets of a pool, but zdb -dd will output the list of objects within the pool. Thus, when you really zoom in you’ll see commands that look really odd like zdb -ddddddddd. This takes a little practice to get the hang of, so please toy around on a small test pool to get the hang of it.
Now, here are summaries of the 3 primary arguments you’ll use and how things change as you crank up the verbosity:
zdb -b pool: This will traverse blocks looking for leaks like the default form.
-bb: Outputs a breakdown of space (block) usage for various ZFS object types.
-bbb: Same as above, but includes breakdown by DMU/SPA level (L0-L6).
-bbbb: Same as above, but includes line line per object with details about it, including compression, checksum, DVA, object ID, etc.
-bbbbb…: Same as above.
zdb -d dataset: This will output a list of objects within a dataset. More d’s means more verbosity:
-d: Output list of datasets, including ID, cr_txg, size, and number of objects.
–dd: Output concise list of objects within the dataset, with object id, lsize, asize, type, etc.
-ddd: Same as dd.
-dddd: Outputs list of datasets and objects in detail, including objects path (filename), a/c/r/mtime, mode, etc.
-ddddd: Same as previous, but includes indirect block addresses (DVAs) as well.
-dddddd….: Same as above.
zdb -R pool:vdev_specifier:offset:size[:flags]: Given a DVA, outputs object contents in hex display format. If given the :r flag it will output in raw binary format. This can be used for manual recovery of files.
本文出自 “张宇(数据恢复)” 博客,请务必保留此出处http://zhangyu.blog.51cto.com/197148/1857185
原文地址:http://zhangyu.blog.51cto.com/197148/1857185
