Home » blogs » nirendra's blog

Exploring procfs

Why this article
I am trying to collect some tips for getting userland information from procfs.
Warning: Information may be specific to kernel version 2.6

What is this procfs all about
Procfs is a virtual file system in linux, mounted in /proc and serves multiple purposes including access to kernel information in userland or for debuggging purpose.
One of the feature which makes Linux special to me is access to process information in text stream. Lot of linux commands(ps, top, pstree etc) rely on this filesystem for information.

The virtual file system...
The files and directories of /proc filesystems are virtual because the data is not actually stored on any sort of permanent storage like a hard disk; instead, the directories, files, and data within them are created dynamically in memory from raw kernel data whenever you attempt to read from them.

Mounting proc
Check if you already have procfs mounted on your system(cat /etc/mtab|grep proc), otherwise mount it using the following command:
mount -t proc proc /proc

Process information
Lot of commands including ps, top etc. retreive process information from this filesystem. Each process has an entry in /proc/ filesystem identified by it's pid.
Following are the important files in /proc/ folder:

pid/cmdline contains the command that was used to start the process (using null characters to separate arguments).

/proc/pid/cwd contains a link to the current working directory of the process.

/proc/pid/environ contains a list of the environment variables that the process has available.

/proc/pid/exe contains a link to the program that is running in the process.

/proc/pid/fd/ is a directory containing a link to each of the files that the process has open.

/proc/pid/mem contains the memory contents of the process.

/proc/pid/stat contains process status information.

/proc/pid/statm contains process memory usage information

Examples of getting process information are:

  • Some time back I got stucked in a tricky problem of determining whether any particular process is doing a core dump. After some research I noticed that per process flag in /proc/pid/stat file(8th attribute) gives quite a lot of "personal" information about process. This information can be parsed by doing a logical AND of per process flag with the following values:

    0x00000002 Process being created
    0x00000004 Exiting
    0x00000008 Dead
    0x00000040 Process using super user privilage
    0x00000200 Process dumping core
    0x00000400 Process received some signal
    0x00000800 Process allocating memory
    0x00001000 Killed for out-of-memory
    I picked up these flags from /usr/src/linux/include/linux/sched.h

  • /proc/[pid]/fd/ folder gives information about open files.
    To find out input files used by a process:
    ls -l /proc/[pid]/fd/0

    To find out socket used by a process:
    ls -l /proc/[pid]/fd|grep socket|cut -d: -f3|sed 's/\[//;s/\]//'

    Information about these sockets can be obtained from
    netstat -ae

  • To get command line arguments passed to any process:
    cat /proc/[pid]/cmdline

  • Getting parent process id of a process:
    grep PPid /proc/[pid]/status

  • General system information..
    Procfs is used to get lot of system information. This includes information on cpu load, file system information and networking configuration.
    Following are some examples of viewing or changing the system information using procfs:

  • To find out free system memory:
    grep Free /proc/meminfo

  • System statistics since it was last started can be collected from /proc/stat file. To find out number of processes system had since last reboot:
    grep processes /proc/stat

  • To find out one, five and fifteen minute system load average:
    awk '{"1 min:"$1"/n5 min:"$2"\n15 min:"$3}' /proc/loadavg

  • /proc/partitions can be used for getting system partition information.

  • /proc/net and /proc/sys/net can be used to view or modify important network information.
    To disable ping, As root do the following:
    echo 1> /proc/sys/net/ipv4/icmp_echo_ignore_all

    or to enable IP forwarding, IP Masquerade:
    echo 1 > /proc/sys/net/ipv4/ip_forward

  • Mounted filesystem information can be retreived from /proc/mounts

  • To change hostname on the fly do
    echo www.abc.com > /proc/sys/kernel/hostname

  • For getting CPU information:
    cat /proc/cpuinfo

  • To get swap space utilization
    cat /proc/swaps

  • To get System uptime
    cat /proc/uptime

  • To get File system being shared by NFS:
    cat /proc/fs/nfsd/exports

    • A bit of kernel information..
    Though I intend to cover it in some other article, here are some kernel titbits:

  • To get Version information of kernel
    cat /proc/version

  • The /proc/kmsg file is used by klogd as a source of kernel log information as an alternative to the syslog system call interface.

  • The /proc/kcore file provides access to the physical memory of the system in core file format, and can be used by gdb to examine the current state of any kernel data structures.

    • To get more information have a look at: /usr/src/linux/Documentation/filesystems/proc.txt

    I will try to look at this filesystem from kernel level in some future article.

    Posted in Technology | nirendra's blog »

    Post new comment


    *

    • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
    • Lines and paragraphs break automatically.
    More information about formatting options