Parsing the/proc virtual file system in a Linux system

Source: Internet
Author: User
Tags data structures file system readable root directory

The Linux kernel provides a mechanism for accessing kernel internal data structures and changing kernel settings through the/proc file system at run time. Although the basic concepts of the/proc file system for Linux systems on various hardware platforms are the same, this article only discusses Linux/proc file systems based on the Intel x86 architecture.

/proc---a virtual file system

The/proc file system is a mechanism that the kernel and kernel modules use to send information to processes (so called/proc). This pseudo file system allows you to interact with the internal data structure of the kernel, get useful information about the process, and change the settings (by changing the kernel parameters) in the runtime (on the fly). Unlike other file systems,/proc exists in memory rather than on the hard disk. If you look at the file/proc/mounts (listing all the loaded file systems like the Mount command), you'll see that one line is like this:

The code is as follows:

grep proc/proc/mounts

/PROC/PROC proc RW 0 0

/proc is controlled by the kernel and does not have a device that hosts/proc. Because/proc mainly holds state information controlled by the kernel, the logical location of most of this information is in the kernel-controlled memory. A ' ls-l ' for/proc can see that most of the files are 0 bytes large, but when you look at them, you can actually see some information. How is that possible? This is because the/proc file system registers itself with the virtual file system layer (VFS) Like other regular file systems. However, the/proc file system establishes the corresponding files and directories according to the information in the kernel, until the VFS invokes it and requests the i-node of the file and directory.

Loading the proc file system

If the proc file system is not yet loaded in the system, you can load the proc file system by using the following command:

The code is as follows:

MOUNT-T proc Proc/proc

The above command will successfully load your proc file system. For more details, read the Mount Command's man page.

View files in/proc

/proc files can be used to access information about the state of the kernel, the properties of the computer, the status of the running process, and so on. Most files and directories in/proc provide the most up-to-date information about the physical environment of the system. Although the files in/proc are virtual, they can still be viewed using any file editor or a program such as ' more ', ' less ' or ' cat '. When an editor tries to open a virtual file, the file is created out of thin air (on the fly) through the information in the kernel. This is some of the interesting results I got from my system:

The code is as follows:

$ ls-l/proc/cpuinfo

-r--r--r--1 root 0 Dec 11:01/proc/cpuinfo

$ file/proc/cpuinfo

/proc/cpuinfo:empty

$ cat/proc/cpuinfo

processor:0

Vendor_id:genuineintel

CPU Family:6

Model:8

Model Name:pentium III (Coppermine)

Stepping:6

CPU mhz:1000.119

Cache size:256 KB

Fdiv_bug:no

Hlt_bug:no

Sep_bug:no

F00f_bug:no

Coma_bug:no

Fpu:yes

Fpu_exception:yes

CPUID Level:2

Wp:yes

FLAGS:FPU VME de PSE TSC MSR PAE MCE cx8 APIC Sep MTRR PGE MCA

Cmov Pat Pse36 MMX FXSR XMM

bogomips:1998.85

Processor:3

Vendor_id:genuineintel

CPU Family:6

Model:8

Model Name:pentium III (Coppermine)

Stepping:6

CPU mhz:1000.119

Cache size:256 KB

Fdiv_bug:no

Hlt_bug:no

Sep_bug:no

F00f_bug:no

Coma_bug:no

Fpu:yes

Fpu_exception:yes

CPUID Level:2

Wp:yes

FLAGS:FPU VME de PSE TSC MSR PAE MCE cx8 APIC Sep MTRR PGE MCA

Cmov Pat Pse36 MMX FXSR XMM

bogomips:1992.29

This is a result from a dual-CPU system, and most of the information above gives a very clear picture of the useful hardware information for the system. Some files in/proc are encoded, and different tools can be used to interpret the encoded information and output it in a readable form. Such tools include: ' Top ', ' ps ', ' APM ' and so on.

Get useful system/kernel information

The proc file system can be used to collect useful information about the system and the running kernel. Here are some important documents:

/PROC/CPUINFO-CPU information (model, family, cache size, etc.)

/proc/meminfo-Information on physical memory, swap space, etc.

/proc/mounts-List of loaded file systems

/proc/devices-List of available devices

/proc/filesystems-Supported file systems

/proc/modules-Loaded Modules

/proc/version-Kernel version

/proc/cmdline-Kernel command line arguments entered at system startup

The files in the proc are much more than those listed above. Readers who want to know more about each of the files in/proc can be ' more ' or read the reference [1] For more information about the files in the/proc directory. I suggest using ' more ' instead of ' cat ' unless you know the file is small, because some files (such as Kcore) can be very long.

Information about a running process

The/proc file system can be used to obtain information about a running process. There are numbered subdirectories in/proc. Each numbered directory corresponds to a process ID (PID). In this way, each running process/proc has a directory named with its PID. These subdirectories contain files that can provide important details about the state and environment of the process. Let's try to find a running process.

The code is as follows:

$ PS-AEF | grep Mozilla

Root 32558 32425 8 22:53 pts/1 00:01:23/usr/bin/mozilla

The above command shows that there is a running Mozilla process PID is 32558. Accordingly, the/proc should have a directory called 32558

The code is as follows:

$ ls-l/proc/32558

Total 0

-r--r--r--1 root 0 Dec 22:59 cmdline

-r--r--r--1 root 0 Dec 22:59 CPU

lrwxrwxrwx 1 root 0 Dec 22:59 cwd->/proc/

-r--------1 root 0 Dec 22:59 environ

lrwxrwxrwx 1 root 0 Dec 22:59 exe->/usr/bin/mozilla*

Dr-x------2 Root 0 Dec 22:59 fd/

-r--r--r--1 Root 0 Dec 22:59 maps

-RW-------1 root 0 Dec 22:59 mem

-r--r--r--1 root 0 Dec 22:59 Mounts

lrwxrwxrwx 1 root 0 Dec 22:59 root->//

-r--r--r--1 root 0 Dec 22:59 stat

-r--r--r--1 root 0 Dec 22:59 Statm

-r--r--r--1 root 0 Dec 22:59 status

The file "CmdLine" contains the command line that was invoked when the process was started. The environment of the "envir" process changes to two. Status is the state information of the process, including the user ID (UID) and group ID (GID) of the user who started the process, the parent process ID (PPID), and the current state of the process, such as "sleelping" and "Running". Each process's directory has several symbolic links, "cwd" is a symbolic link to the current working directory of the process, "EXE" points to the executable program of the running process, and "root" points to the directory (usually "/") that the process considers to be the root directory. Directory "FD" contains a link to the file descriptor used by the process. CPU only appears when running the SMP kernel, which is the process time divided by CPU.

/proc/self is an interesting subdirectory that makes it easy for programs to use/proc to find information about this process. /proc/self is a symbolic link to a directory that is linked to the PID for a process that accesses/proc in/Proc.

Interacting with the kernel through/proc

Most of the files in/proc discussed above are read-only. In fact, the/proc file system provides a mechanism for interacting with the kernel through files that can be read and written in/Proc. Writing these files can change the state of the kernel, so be careful to change these files. The/proc/sys directory holds a directory of all readable and writable files that can be used to change kernel behavior.

/proc/sys/kernel-This directory contains information about the behavior of the anti-generic kernel. /proc/sys/kernel/{domainname, hostname} stores the domain name and hostname of the machine/network. These files can be used to modify these names.

The code is as follows:

$ hostname

Machinename.domainname.com

$ cat/proc/sys/kernel/domainname

Domainname.com

$ cat/proc/sys/kernel/hostname

MachineName

$ echo "New-machinename" >/proc/sys/kernel/hostname

$ hostname

New-machinename.domainname.com

In this way, we can modify the host name by modifying the files in the/proc file system. Many other configurable files exist in the/proc/sys/kernel/. It is not possible to list all these files, and readers can go to the directory to see for more details.

Another configurable directory is/proc/sys/net. The files in this directory can be used to modify the network properties of the machine/network. For example, simply modify a file that you can hide in a network addict computer.

The code is as follows:

$ echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

This will be addictive in the network to hide your machine because it does not respond to Icmp_echo. The host will not respond to ping queries issued by other hosts.

The code is as follows:

$ ping machinename.domainname.com

No answer from Machinename.domainname.com

To change back to the default settings, just

The code is as follows:

$ echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

There are many other/proc/sys that can be used to change the kernel properties. Readers can get more information by reference [1], [2].

Conclusion

The/proc file system provides a file-based Linux internal interface. It can be used to determine the state of a system's various devices and processes. Configure them. Therefore, understanding and applying knowledge about this file system is the key to understanding your Linux system.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.