Exploring procfs
By Awasthi Nirendra
Why this article
I am trying to collect some tips for getting userland information from procfs. Warning: Information may be specific to kernel version 2.6.
What is procfs all about?
Procfs is a virtual file system in linux mounted in /proc, and serves multiple purposes including access to kernel information in userland or for debugging. One of the features which makes Linux special to me is access to process information as a text stream. A lot of linux commands (ps, top, pstree, etc.) rely on this filesystem for information.
The virtual file system
The files and directories of the /proc filesystem are virtual because the data is not actually stored on any sort of permanent storage like a hard disk; instead, the directories, files, and data within them are created dynamically in memory from raw kernel data whenever you attempt to read them.
Mounting proc
Check if you already have procfs mounted on your system (grep proc /etc/mtab), otherwise mount it using the following command:
mount -t proc proc /proc
Process information
Each process has an entry in the /proc filesystem identified by its PID. The following are the important files in /proc directory:
* pid/cmdline contains the command that was used to start the process (using null characters to separate the arguments).
* /proc/pid/cwd contains a link to the current working directory of the process.
* /proc/pid/environ contains a list of the environment variables that the process has available.
* /proc/pid/exe contains a link to the program that is running in the process.
* /proc/pid/fd/ is a directory containing a link to each of the files that the process has open.
* /proc/pid/mem contains the memory contents of the process.
* /proc/pid/stat contains process status information.
* /proc/pid/statm contains process memory usage information.
Some examples of getting the process information are:
i) Some time back I got stuck in a tricky problem of determining whether any particular process is doing a core dump. After some research, I noticed that the per-process flag in /proc/pid/stat file (the 8th attribute) gives quite a lot of "personal" information about process. This information can be parsed by doing a logical AND of the per-process flag with the following values:
0x00000002 Process being created
0x00000004 Exiting
0x00000008 Dead
0x00000040 Process using superuser privilage
0x00000200 Process dumping core
0x00000400 Process received some signal
0x00000800 Process allocating memory
0x00001000 Killed due to out-of-memory condition
I picked up these flags from /usr/src/linux/include/linux/sched.h .
ii) /proc/[pid]/fd/ folder gives information about open files. To find the input files used by a process:
ls -l /proc/[pid]/fd/0
iii) To find the sockets being used by a process:
ls -l /proc/[pid]/fd|sed -n '/socket/{s/.*\[//;s/\]//p}'
Information about these sockets can be obtained from
netstat -ae
iv) To get command line arguments passed to any process:
cat /proc/[pid]/cmdline
v) Getting parent process ID of a process:
grep PPid /proc/[pid]/status
General system information
Procfs contains a lot of system information; this includes the CPU load, the file system, and the networking configuration. Following are some examples of viewing or changing the system information using procfs:
i) To find out the amount of free system memory:
grep Free /proc/meminfo
ii) System statistics since it was last started can be collected from /proc/stat file. To find out number of processes system had since last reboot:
grep processes /proc/stat
iii) To find out the one, five, and fifteen minute system load averages:
awk '{print "1 min:\t" $1 "\n5 min:\t" $2 "\n15 min:\t" $3 }' /proc/loadavg
iv) /proc/partitions can also be used for getting system partition information.
v) /proc/net and /proc/sys/net can be used to view or modify important network information. To disable ping, do the following as root:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
or to enable IP forwarding / IP Masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
vi) Mounted filesystem information can be retrieved from/proc/mounts
vii) To change hostname on the fly, do
echo > /proc/sys/kernel/hostname
viii) To get CPU information:
cat /proc/cpuinfo
ix) To get swap space utilization:
cat /proc/swaps
x) To get the system uptime:
cat /proc/uptime
xi) To list the file systems being shared by NFS:
cat /proc/fs/nfsd/exports
A bit of kernel information
Though I intend to cover it in another article, here are some kernel tidbits:
i) To get the version information for the currently-running kernel:
cat /proc/version
ii) The /proc/kmsg file is used by klogd as a source of kernel log information, as an alternative to the syslog system call interface.
iii) The /proc/kcore file provides access to the physical memory of the system in core file format, and can be used by gdb to examine the current state of any kernel data structures.
To get more information, have a look at/usr/src/linux/Documentation/filesystems/proc.txt if you have the kernel source installed.
I will try to look into this filesystem from the kernel perspective in a future article.
阅读(1198) | 评论(0) | 转发(0) |
