Pxe2 writes 'proc file system as a pseudo file system, which only exists in the memory without occupying the external storage space. It provides interfaces for accessing system kernel data in the form of a file system. Users and applications can obtain system information through proc ......
The proc file system is a pseudo-file system that only exists in the memory and does not occupy the external storage space. It provides interfaces for accessing system kernel data in the form of a file system. Users and applications can obtain system information through proc and change certain kernel parameters. Because system information, such as processes, is dynamically changed, when a user or application reads the proc file, the proc file system dynamically reads the required information from the system kernel and submits it. Its directory structure is as follows:
Directory Name directory content
APM Advanced Power Management Information
Cmdline kernel command line
Cpuinfo CPU Information
Devices available for devices (Block devices/character devices)
DMA channels used by DMA
File systems supported by filesystems
Interrupts interruption
Ioports I/O port usage
Core impressions of kcore
Kmsg kernel message
Ksyms kernel symbol table
Loadavg Load Balancing
Locks kernel lock
Meminfo memory information
Misc Miscellaneous
List of modules loaded by modules
File System loaded by mounts
Partition tables recognized by the partitions System
RTC real-time clock
Slabinfo slab pool information
Stat comprehensive statistics Status table
SWAps space utilization
Version kernel version
Uptime system normal running time
Not all of these directories are available in your system, depending on your Kernel configuration and loaded modules. In addition, there are three important directories in/proc: net, SCSI, and SYS. The sys directory is writable and can be used to access or modify kernel parameters (see the following section). Net and SCSI depend on Kernel configurations. For example, if the system does not support SCSI, the SCSI directory does not exist.
In addition to the above descriptions, there are also some directories named by numbers, which are process directories. Each process currently running in the system has a corresponding directory under/proc, with the process PID as the directory name. They are interfaces for reading process information. The self directory is an interface for reading information about the process itself and a link. The name of the proc file system starts from. The process directory structure is as follows:
Directory Name directory content
Cmdline command line parameters
Environ environment variable value
Fd a directory containing all file descriptors
Memory utilization of MEM Process
Stat Process status
The current status of the status process, which is displayed as readable.
CWD current working directory Link
EXE points to the execution command file of the process
Maps memory image
Statm process memory status information
Root link to the root directory of the process
To view system information, run the cat command. For example:
# Cat/proc/interrupts
Cpu0
0: 8728810 XT-PIC Timer
1: 895 XT-PIC keyboard
2: 0 XT-PIC Cascade
3: 531695 XT-PIC aha152x
4: 2014133 XT-PIC serial
5: 44401 XT-PIC pcnet_cs
8: 2 XT-PIC rtc
XT-PIC i82365
XT-PIC mouse 12: 182918
13: 1 XT-PIC fpu ps/2
14: 1232265 XT-PIC ide0
15: 7 XT-PIC ide1
NMI: 0
You can also modify kernel parameters. There is an interesting directory in the/proc file system:/proc/sys. It not only provides kernel information, but also allows you to modify kernel parameters to optimize your system. But you must be very careful because it may cause system crashes. It is best to first find an irrelevant machine and apply it to your system after successful debugging.
To change the kernel parameters, you only need to use the VI editing or ECHO parameter to redirect to the file. The following is an example:
# Cat/proc/sys/fs/file-max
4096
# Echo 8192>/proc/sys/fs/file-max
# Cat/proc/sys/fs/file-max
8192
If you have optimized the parameters, you can add them to the RC. Local file so that they are automatically modified when the system starts.
/Proc file system network parameters
Under the/proc/sys/NET/IPv4/directory, various parameters related to the TCP/IP protocol are included. The network parameters are described in detail below.
Ip_forward parameter type: Boolean
0-close (default)
Not 0-enable IP Forwarding
Forward data packets between local network interfaces. This parameter is very special. modifications to this parameter will cause all other related configuration parameters to restore their default values (for host refer to rfc1122, for router refer to rfc1812)
Ip_default_ttl parameter type: integer
The default value is 64. The time to live value of the IP datagram.
Ip_no_pmtu_disc parameter type: Boolean
Disable path MTU detection. The default value is false.
Ipfrag_high_thresh parameter type: integer
The maximum memory size of the IP package used to assemble segments. When the amount of memory in ipfrag_high_thresh is allocated to assemble an IP packet, the IP sharding processor discards the datagram until the amount of memory in ipfrag_low_thresh is used to assemble an IP packet.
Ipfrag_low_thresh parameter type: integer
See ipfrag_high_thresh.
Ipfrag_time parameter type: integer
The time when an IP slice is saved in the memory.
Inet_peer_threshold parameter type: integer
An appropriate value of Inet peer memory will be discarded when the threshold value is exceeded. The threshold value also determines the survival time and the interval of waste collection. The more entries, the lower the survival period, and the shorter the GC Interval
Inet_peer_minttl parameter type: integer
The minimum survival period of the entry. At the reorganization end, sufficient fragment is required. The minimum storage period must ensure that the buffer pool volume is less than inet_peer_threshold. This value is measured in jiffies.
Inet_peer_maxttl parameter type: integer
Maximum Retention Period of the entry. After the expiration time, if the buffer pool does not exhaust pressure (for example, the number of entries in the buffer pool is very small), unused entries will time out. This value is measured in jiffies.
Inet_peer_gc_mintime parameter type: integer
The shortest interval at which garbage collection (GC) passes. This interval will affect the high memory pressure in the buffer pool. This value is measured in jiffies.
Inet_peer_gc_maxtime parameter type: integer
The maximum interval at which garbage collection (GC) passes. This interval affects the low memory pressure in the buffer pool. This value is measured in jiffies.
Tcp_syn_retries parameter type: integer
For a new connection, the kernel determines how many syn connection requests are sent before giving up. It should not be greater than 255. The default value is 5, corresponding to about 180 seconds.
Tcp_synack_retries parameter type: integer
For the remote connection request SYN, the kernel sends the SYN + ACK datagram to confirm receipt of the previous SYN connection request packet. This is the second step of the so-called threeway handshake mechanism. The number of SYN + ACK sent by the kernel before the connection is abandoned.
Tcp_keepalive_time parameter type: integer
When keepalive is enabled, TCP sends the keepalive message frequently. The default value is 2 hours.
Tcp_keepalive_probes parameter type: integer
TCP sends a keepalive test to determine the number of times the connection has been disconnected. The default value is 9.
Tcp_keepalive_interval parameter type: integer
The frequency of probe message sending. Multiply by tcp_keepalive_probes to get the time for the connection that has not responded since the start of the probe. The default value is 75 seconds, indicating that connections without activity will be dropped after about 11 minutes.
Tcp_retries1 parameter type: integer
How many retries are required before a suspicious situation is reported to the network layer. The minimum RFC value is 3, which is also the default value. The RTO value is about 3-8 minutes.
Tcp_retries2 parameter type: integer
The number of retries required before discarding the activated TCP connection. Rfc1122 requires that the value must be greater than 100 seconds. The default value is 15, which is determined by the RTO value, which is equivalent to 13-30 minutes,
Tcp_orphan_retries parameter type: integer
How many retries are required before the TCP connection is discarded in the near-end. The default value is 7, which is equivalent to 50 seconds to 16 minutes, depending on RTO. If your system is a web server with a large load, you may need to reduce this value. Such sockets may consume a lot of resources. In addition, tcp_max_orphans.
Tcp_fin_timeout parameter type: integer
For local-end closed socket connections, TCP stays in the fin-wait-2 state. The other party may disconnect or never end the connection or unexpected process will die. The default value is 60 seconds. In the past, the kernel of Version 2.2 was 180 seconds. You can set this value, but note that if your machine is a web server with heavy load, you may be at risk of memory being filled with a large number of invalid data packets, fin-wait-2 sockets the risk is lower than fin-wait-1, because they only eat 1.5 kb of memory at most, but they have a longer time. For more information, see tcp_max_orphans.
Tcp_max_tw_buckets parameter type: integer
The maximum number of timewait sockets simultaneously processed by the system. If this number is exceeded, the time-Wait socket is immediately cut down and a warning message is displayed. To defend against simple DoS attacks, do not manually reduce the limit. However, if the network conditions need more than the default values, you can increase the limit (or also increase the memory ).
Tcp_tw_recycle parameter type: Boolean
Enable quick time-Wait sockets recycle. The default value is 1. Do not modify this value unless you are advised or requested by a technical expert.
Tcp_max_orphans parameter type: integer
The maximum number of TCP sockets that the system can process for any process. If this number is exceeded, connections that do not belong to any process will be immediately reset and a warning will be displayed. To defend against simple DoS attacks, do not rely on this restriction or manually reduce it.
Tcp_abort_on_overflow parameter type: Boolean
When the daemon is too busy to accept new connections, it is like the other party sending a reset message. The default value is false. This means that when the cause of overflow is an accidental burst, the connection will be restored. This option is enabled only when you are sure that the daemon cannot complete the connection request. This option affects your use.
Tcp_syncookies parameter type: integer
Only config_syncookies are selected during kernel compilation. Syncookies are sent when the SYN wait queue overflows. The objective is to prevent SYN flood attacks. The default value is false.
Note: This option cannot be used on high-load servers that do not receive attacks. If a synflood message appears in the log, but the investigation finds that the synflood attack is not received, the reason is that the connection load of legal users is too high. You should adjust other parameters to improve server performance. Refer to: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
Syncookie seriously violates the TCP protocol and does not allow the use of TCP extensions, which may cause serious performance impact on some services (such as SMTP forwarding ).
Tcp_stdurg parameter type: integer
Use the host request interpretation function in the tcp urg pointer field. Most hosts use old BSD interpretations, So if you open it in Linux, it may lead to a failure to communicate with them correctly. The default value is false.
Tcp_max_syn_backlog parameter type: integer
The maximum number of connection requests that are still not confirmed by the client must be saved in the queue. For systems with over 128 MB of memory, the default value is 1024. For systems with less than 128 MB of memory, the default value is 128. If the server is overloaded frequently, add this number. Warning if you set this value to greater than 1024, it is best to modify include/NET/TCP. the tcp_synq_hsize in H to keep tcp_synq_hsize * 16 0) or bytes-Bytes/2 ^ (-tcp_adv_win_scale) (if tcp_adv_win_scale 128 MB 32768-61000)
0) The system ignores all ICMP echo requests sent to itself or those broadcast addresses.
Icmp_destunreach_rate-integer
Icmp_paramprob_rate-integer
Icmp_timeexceed_rate-integer
Icmp_echoreply_rate-INTEGER (not enabled per default)
Limit the maximum rate of ICMP datagram sent to a specific target. 0 indicates that there is no limit; otherwise, it indicates the number of jiffies data units that can be sent.
Icmp_ignore_bogus_error_responses-Boolean Type
Some routers violate the rfc1122 standard and send forged responses to broadcast frames to respond. Such violations are usually recorded in system logs by means of alarms. If this option is set to true, the kernel does not record this warning. The default value is false.
(1) jiffie: the internal time unit used by the kernel. The size of jiffie is 1/100 s on the i386 system and 1/1024 s in Alpha. Hz in/usr/include/ASM/Param. h defines a specific system value.
Conf/interface /*:
Conf/All/* is specific and used to modify the settings of all interfaces. It is special and changes the settings for all interfaces.
Change special settings per interface.
Log_martians-Boolean Type
Record data with an Invalid Address to the kernel log.
Accept_redirects-Boolean Type
Send and receive ICMP redirection messages. The default value is true for the host and false for the router.
Forwarding-Boolean Type
Enable the forwarding function on this interface.
Mc_forwarding-Boolean Type
Whether to perform multicast routing. This parameter is valid only when config_mroute is compiled in the kernel and a route service program is running.
Proxy_arp-Boolean Type
Enable the proxy ARP function.
Shared_media-Boolean Type
Send (router) or receive (host) rfc1620 shared media redirection. Overwrite the value of ip_secure_redirects. The default value is true.
Secure_redirects-Boolean Type
Only receive ICMP redirection messages sent to the Gateway in the default gateway list. The default value is true.
Send_redirects-Boolean Type
If it is a router, send a redirection message. The default value is true.
Bootp_relay-Boolean Type
The received source address is 0. B. C. D. the destination address is not a local datagram. It is used to support the bootp forwarding service process, which will capture and forward the package. The default value is false, which is not implemented yet.
Accept_source_route-Boolean Type
Receives a datagram with the SRR option. The default value is false for the host and true for the router.
Rp_filter parameter type
1-verify the source address (defined in rfc1812) through reverse path backtracking ). This option is recommended for single-point hosts and stub network routers.
0-source address verification is not performed through reverse path backtracking.
The default value is 0. Some releases are automatically opened at startup. '