Exploring procfs

Why this article
I am trying to collect some tips for getting userland information from procfs.
Warning: Information may be specific to kernel version 2.6

What is this procfs all about
Procfs is a virtual file system in linux, mounted in /proc and serves multiple purposes including access to kernel information in userland or for debuggging purpose.
One of the feature which makes Linux special to me is access to process information in text stream. Lot of linux commands(ps, top, pstree etc) rely on this filesystem for information.

The virtual file system...
The files and directories of /proc filesystems are virtual because the data is not actually stored on any sort of permanent storage like a hard disk; instead, the directories, files, and data within them are created dynamically in memory from raw kernel data whenever you attempt to read from them.

Mounting proc
Check if you already have procfs mounted on your system(cat /etc/mtab|grep proc), otherwise mount it using the following command:
mount -t proc proc /proc

Process information
Lot of commands including ps, top etc. retreive process information from this filesystem. Each process has an entry in /proc/ filesystem identified by it's pid.
Following are the important files in /proc/ folder:

pid/cmdline contains the command that was used to start the process (using null characters to separate arguments).

/proc/pid/cwd contains a link to the current working directory of the process.

/proc/pid/environ contains a list of the environment variables that the process has available.

/proc/pid/exe contains a link to the program that is running in the process.

/proc/pid/fd/ is a directory containing a link to each of the files that the process has open.

/proc/pid/mem contains the memory contents of the process.

/proc/pid/stat contains process status information.

/proc/pid/statm contains process memory usage information

Examples of getting process information are:

  • Some time back I got stucked in a tricky problem of determining whether any particular process is doing a core dump. After some research I noticed that per process flag in /proc/pid/stat file(8th attribute) gives quite a lot of "personal" information about process. This information can be parsed by doing a logical AND of per process flag with the following values:

    0x00000002 Process being created
    0x00000004 Exiting
    0x00000008 Dead
    0x00000040 Process using super user privilage
    0x00000200 Process dumping core
    0x00000400 Process received some signal
    0x00000800 Process allocating memory
    0x00001000 Killed for out-of-memory
    I picked up these flags from /usr/src/linux/include/linux/sched.h

  • /proc/[pid]/fd/ folder gives information about open files.
    To find out input files used by a process:
    ls -l /proc/[pid]/fd/0

    To find out socket used by a process:
    ls -l /proc/[pid]/fd|grep socket|cut -d: -f3|sed 's/\[//;s/\]//'

    Information about these sockets can be obtained from
    netstat -ae

  • To get command line arguments passed to any process:
    cat /proc/[pid]/cmdline
  • Getting parent process id of a process:
    grep PPid /proc/[pid]/status
  • General system information..
    Procfs is used to get lot of system information. This includes information on cpu load, file system information and networking configuration.
    Following are some examples of viewing or changing the system information using procfs:

  • To find out free system memory:
    grep Free /proc/meminfo
  • System statistics since it was last started can be collected from /proc/stat file. To find out number of processes system had since last reboot:
    grep processes /proc/stat
  • To find out one, five and fifteen minute system load average:
    awk '{"1 min:"$1"/n5 min:"$2"\n15 min:"$3}' /proc/loadavg
  • /proc/partitions can be used for getting system partition information.
  • /proc/net and /proc/sys/net can be used to view or modify important network information.
    To disable ping, As root do the following:
    echo 1> /proc/sys/net/ipv4/icmp_echo_ignore_all

    or to enable IP forwarding, IP Masquerade:
    echo 1 > /proc/sys/net/ipv4/ip_forward

  • Mounted filesystem information can be retreived from /proc/mounts
  • To change hostname on the fly do
    echo www.abc.com > /proc/sys/kernel/hostname
  • For getting CPU information:
    cat /proc/cpuinfo
  • To get swap space utilization
    cat /proc/swaps
  • To get System uptime
    cat /proc/uptime
  • To get File system being shared by NFS:
    cat /proc/fs/nfsd/exports
  • A bit of kernel information..
    Though I intend to cover it in some other article, here are some kernel titbits:

  • To get Version information of kernel
    cat /proc/version
  • The /proc/kmsg file is used by klogd as a source of kernel log information as an alternative to the syslog system call interface.
  • The /proc/kcore file provides access to the physical memory of the system in core file format, and can be used by gdb to examine the current state of any kernel data structures.
  • To get more information have a look at: /usr/src/linux/Documentation/filesystems/proc.txt

    I will try to look at this filesystem from kernel level in some future article.

    Current Indian population

    Mail storage provided by Gmail is growing.

    Inspired by the counter in their website, I was trying out some javascript to count current population of India.

    So, click on "read more" to find out current Indian population.

    Pedestrian push button

    As we do not have these in India, Pedestrian push buttons on roads for stopping traffic were a new thing. It looked like a way to give more power to people waiting to cross the road.

    Though, I was wondering as to how they work. Time it takes for lights to turn red after pressing push-button is always different.

    Few observations I made were:

  • There is no effect of pressing the button more than once
  • Time it takes for lights to turn red varies with time of the day.
  • Looking at the web it seems I was not the only one curious to find this out.
    According to Cecil Adams, push-to-walk buttons only work when there is nobody around to push them. To put it more charitably, the buttons generally are wired to insert a "walk" phase into an otherwise walkless signal cycle, not speed an existing "walk" phase up.

    But do they really work at all? The New York Times archives claim that New York city deactivated most of the pedestrian buttons long ago with the emergence of computer-controlled traffic signals, even as an unwitting public continued to push on, according to city Department of Transportation officials. More than 2,500 of the 3,250 walk buttons that still exist
    function essentially as mechanical placebos. Any benefit from them is only imagined.

    Sometimes, it is interesting to watch people getting impatient and pushing these
    buttons again and again, in the hope of getting the "walk" sign. According to a random sample collected in a road, 35.7% of walk light users pushed the button more than once. 26.2% pushed it more than twice. The average number of pushes was 2.2.