mirror of https://github.com/tLDP/LDP
1667 lines
84 KiB
XML
1667 lines
84 KiB
XML
<sect1 id="proc">
|
|
<title>/proc</title>
|
|
|
|
<para>/proc is very special in that it is also a virtual filesystem.
|
|
It's sometimes referred to as a process information pseudo-file system.
|
|
It doesn't contain 'real' files but runtime system information
|
|
(e.g. system memory, devices mounted, hardware configuration, etc). For this
|
|
reason it can be regarded as a control and information centre for the
|
|
kernel. In fact, quite a lot of system utilities are simply calls to files
|
|
in this directory. For example, 'lsmod' is the same as 'cat
|
|
/proc/modules' while 'lspci' is a synonym for 'cat
|
|
/proc/pci'. By altering files located in this directory you can even
|
|
read/change kernel parameters (sysctl) while the system is running.</para>
|
|
|
|
<para>The most distinctive thing about files in this directory is the fact
|
|
that all of them have a file size of 0, with the exception of kcore, mtrr
|
|
and self. A directory listing looks similar to the following:</para>
|
|
|
|
<para><screen>
|
|
total 525256
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 1
|
|
dr-xr-xr-x 3 daemon root 0 Jan 19 15:00 109
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 170
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 173
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 178
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 2
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 3
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 4
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 421
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 425
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 433
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 439
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 444
|
|
dr-xr-xr-x 3 daemon daemon 0 Jan 19 15:00 446
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 449
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 453
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 456
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 458
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 462
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 463
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 464
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 465
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 466
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 467
|
|
dr-xr-xr-x 3 gdm gdm 0 Jan 19 15:00 472
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 483
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 5
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 6
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 7
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 8
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 apm
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 bus
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 cmdline
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 cpuinfo
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 devices
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 dma
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 driver
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 execdomains
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 fb
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 filesystems
|
|
dr-xr-xr-x 2 root root 0 Jan 19 15:00 fs
|
|
dr-xr-xr-x 4 root root 0 Jan 19 15:00 ide
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 interrupts
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 iomem
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 ioports
|
|
dr-xr-xr-x 18 root root 0 Jan 19 15:00 irq
|
|
-r-------- 1 root root 536809472 Jan 19 15:00 kcore
|
|
-r-------- 1 root root 0 Jan 19 14:58 kmsg
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 ksyms
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 loadavg
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 locks
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 mdstat
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 meminfo
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 misc
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 modules
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 mounts
|
|
-rw-r--r-- 1 root root 137 Jan 19 14:59 mtrr
|
|
dr-xr-xr-x 3 root root 0 Jan 19 15:00 net
|
|
dr-xr-xr-x 2 root root 0 Jan 19 15:00 nv
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 partitions
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 pci
|
|
dr-xr-xr-x 4 root root 0 Jan 19 15:00 scsi
|
|
lrwxrwxrwx 1 root root 64 Jan 19 14:58 self -> 483
|
|
-rw-r--r-- 1 root root 0 Jan 19 15:00 slabinfo
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 stat
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 swaps
|
|
dr-xr-xr-x 10 root root 0 Jan 19 15:00 sys
|
|
dr-xr-xr-x 2 root root 0 Jan 19 15:00 sysvipc
|
|
dr-xr-xr-x 4 root root 0 Jan 19 15:00 tty
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 uptime
|
|
-r--r--r-- 1 root root 0 Jan 19 15:00 version
|
|
</screen></para>
|
|
|
|
<para>Each of the numbered directories corresponds to an actual process ID.
|
|
Looking at the process table, you can match processes with the associated
|
|
process ID. For example, the process table might indicate the following for
|
|
the secure shell server:</para>
|
|
|
|
<para><screen>
|
|
# ps ax | grep sshd
|
|
439 ? S 0:00 /usr/sbin/sshd
|
|
</screen></para>
|
|
|
|
<para>Details of this process can be obtained by looking at the associated
|
|
files in the directory for this process, /proc/460. You might wonder how you
|
|
can see details of a process that has a file size of 0. It makes more sense
|
|
if you think of it as a window into the kernel. The file doesn't
|
|
actually contain any data; it just acts as a pointer to where the actual
|
|
process information resides. For example, a listing of the files in the
|
|
/proc/460 directory looks similar to the following:</para>
|
|
|
|
<para><screen>total 0
|
|
-r--r--r-- 1 root root 0 Jan 19 15:02 cmdline
|
|
lrwxrwxrwx 1 root root 0 Jan 19 15:02 cwd -> /
|
|
-r-------- 1 root root 0 Jan 19 15:02 environ
|
|
lrwxrwxrwx 1 root root 0 Jan 19 15:02 exe -> /usr/sbin/sshd
|
|
dr-x------ 2 root root 0 Jan 19 15:02 fd
|
|
-r--r--r-- 1 root root 0 Jan 19 15:02 maps
|
|
-rw------- 1 root root 0 Jan 19 15:02 mem
|
|
lrwxrwxrwx 1 root root 0 Jan 19 15:02 root -> /
|
|
-r--r--r-- 1 root root 0 Jan 19 15:02 stat
|
|
-r--r--r-- 1 root root 0 Jan 19 15:02 statm
|
|
-r--r--r-- 1 root root 0 Jan 19 15:02 status
|
|
</screen></para>
|
|
|
|
<para>The purpose and contents of each of these files is explained below:</para>
|
|
|
|
<para><variablelist>
|
|
|
|
<varlistentry><term>/proc/PID/cmdline</term><listitem><para>Command
|
|
line arguments.</para></listitem></varlistentry><varlistentry><term>/proc/PID/cpu</term><listitem><para>Current
|
|
and last cpu in which it was executed.</para></listitem></varlistentry><varlistentry><term>/proc/PID/cwd</term><listitem><para>Link
|
|
to the current working directory.</para></listitem></varlistentry><varlistentry><term>/proc/PID/environ</term><listitem><para>Values
|
|
of environment variables.</para></listitem></varlistentry><varlistentry><term>/proc/PID/exe</term><listitem><para>Link
|
|
to the executable of this process.</para></listitem></varlistentry><varlistentry><term>/proc/PID/fd</term><listitem><para>Directory,
|
|
which contains all file descriptors.</para></listitem></varlistentry><varlistentry><term>/proc/PID/maps</term><listitem><para>Memory
|
|
maps to executables and library files.</para></listitem></varlistentry><varlistentry><term>/proc/PID/mem</term><listitem><para>Memory
|
|
held by this process.</para></listitem></varlistentry><varlistentry><term>/proc/PID/root</term><listitem><para>Link
|
|
to the root directory of this process.</para></listitem></varlistentry><varlistentry><term>/proc/PID/stat</term><listitem><para>Process
|
|
status.</para></listitem></varlistentry><varlistentry><term>/proc/PID/statm</term><listitem><para>Process
|
|
memory status information.</para></listitem></varlistentry><varlistentry><term>/proc/PID/status</term><listitem><para>Process
|
|
status in human readable form.</para></listitem></varlistentry>
|
|
|
|
</variablelist></para>
|
|
|
|
<para>Should you wish to know more, the man page for proc describes each of
|
|
the files associated with a running process ID in far greater detail.</para>
|
|
|
|
<para>Even though files appear to be of size 0, examining their contents
|
|
reveals otherwise:</para>
|
|
|
|
<para><screen># cat status</screen></para>
|
|
|
|
<para><screen>
|
|
Name: sshd
|
|
State: S (sleeping)
|
|
Tgid: 439
|
|
Pid: 439
|
|
PPid: 1
|
|
TracerPid: 0
|
|
Uid: 0 0 0 0
|
|
Gid: 0 0 0 0
|
|
FDSize: 32
|
|
Groups:
|
|
VmSize: 2788 kB
|
|
VmLck: 0 kB
|
|
VmRSS: 1280 kB
|
|
VmData: 252 kB
|
|
VmStk: 16 kB
|
|
VmExe: 268 kB
|
|
VmLib: 2132 kB
|
|
SigPnd: 0000000000000000
|
|
SigBlk: 0000000000000000
|
|
SigIgn: 8000000000001000
|
|
SigCgt: 0000000000014005
|
|
CapInh: 0000000000000000
|
|
CapPrm: 00000000fffffeff
|
|
CapEff: 00000000fffffeff
|
|
</screen></para>
|
|
|
|
<para>The files in the /proc directory act very similar to the process ID
|
|
subdirectory files. For example, examining the contents of the
|
|
/proc/interrupts file displays something like the following:</para>
|
|
|
|
<para><screen># cat interrupts</screen></para>
|
|
|
|
<para><screen> CPU0
|
|
0: 32657 XT-PIC timer
|
|
1: 1063 XT-PIC keyboard
|
|
2: 0 XT-PIC cascade
|
|
8: 3 XT-PIC rtc
|
|
9: 0 XT-PIC cmpci
|
|
11: 332 XT-PIC nvidia
|
|
14: 5289 XT-PIC ide0
|
|
15: 13 XT-PIC ide1
|
|
NMI: 0
|
|
ERR: 0
|
|
</screen></para>
|
|
|
|
<para>Each of the numbers down the left-hand column represents the interrupt
|
|
that is in use. Examining the contents of the file dynamically gathers the
|
|
associated data and displays it to the screen. Most of the /proc file system
|
|
is read-only; however, some files allow kernel variable to be changed. This
|
|
provides a mechanism to actually tune the kernel without recompiling and
|
|
rebooting.</para>
|
|
|
|
<para>The procinfo utility summarizes /proc file system information into a
|
|
display similar to the following:</para>
|
|
|
|
<para><screen># /usr/bin/procinfo</screen></para>
|
|
|
|
<para><screen>Linux 2.4.18 (root@DEB) (gcc 2.95.4 20011002 ) #2 1CPU [DEB.(none)]
|
|
|
|
Memory: Total Used Free Shared Buffers Cached
|
|
Mem: 513908 107404 406504 0 2832 82180
|
|
Swap: 265032 0 265032
|
|
|
|
Bootup: Sun Jan 19 14:58:27 2003 Load average: 0.29 0.13 0.05 1/30 566
|
|
|
|
user : 0:00:10.26 2.3% page in : 74545 disk 1: 6459r 796w
|
|
nice : 0:00:00.00 0.0% page out: 9416 disk 2: 19r 0w
|
|
system: 0:00:19.55 4.5% swap in : 1
|
|
idle : 0:06:48.30 93.2% swap out: 0
|
|
uptime: 0:07:18.11 context : 22059
|
|
|
|
irq 0: 43811 timer irq 9: 0 cmpci
|
|
irq 1: 1427 keyboard irq 11: 332 nvidia
|
|
irq 2: 0 cascade [4] irq 12: 2
|
|
irq 6: 2 irq 14: 7251 ide0
|
|
irq 8: 3 rtc irq 15: 83 ide1
|
|
</screen></para>
|
|
|
|
<para><variablelist>
|
|
|
|
<varlistentry><term>/proc/apm</term><listitem><para>
|
|
Advanced power management info.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/bus</term><listitem><para> Directory containing
|
|
bus specific information.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/cmdline</term><listitem><para> Kernel command
|
|
line.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/cpuinfo</term><listitem><para>
|
|
Information about the processor, such as its type, make, model, and
|
|
performance.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/devices</term><listitem><para>
|
|
List of device drivers configured into the currently running kernel (block
|
|
and character).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/dma</term><listitem><para> Shows which DMA
|
|
channels are being used at the moment.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/driver</term><listitem><para> Various drivers
|
|
grouped here, currently rtc</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/execdomains</term><listitem><para> Execdomains,
|
|
related to security.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/fb</term><listitem><para> Frame Buffer devices.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/filesystems</term><listitem><para> Filesystems
|
|
configured/supported into/by the kernel.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/fs</term><listitem><para> File system parameters,
|
|
currently nfs/exports.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/ide</term><listitem><para> This subdirectory
|
|
contains information about all IDE devices of which the kernel is aware.
|
|
There is one subdirectory for each IDE controller, the file drivers and a
|
|
link for each IDE device, pointing to the device directory in the
|
|
controller-specific subtree. The file drivers contains general information
|
|
about the drivers used for the IDE devices. More detailed information can be
|
|
found in the controller-specific subdirectories. These are named ide0, ide1
|
|
and so on. Each of these directories contains the files shown here:
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/ide/ide?/channel</term><listitem><para> IDE
|
|
channel (0 or 1)</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/config</term><listitem><para>
|
|
Configuration (only for PCI/IDE bridge)</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/mate</term><listitem><para> Mate name
|
|
(onchip partnered controller)</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model</term><listitem><para> Type/Chipset
|
|
of IDE controller</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>
|
|
Each device connected to a controller has a separate subdirectory in the controllers
|
|
directory. The following files listed are contained in these directories:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/ide/ide?/model/cache</term><listitem><para>
|
|
The cache.</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/capacity</term><listitem><para>
|
|
Capacity of the medium (in 512Byte blocks)</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/driver</term><listitem><para>
|
|
driver and version</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/geometry</term><listitem><para>
|
|
physical and logical geometry</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/identify</term><listitem><para>
|
|
device identify block</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/media</term><listitem><para> media
|
|
type</para></listitem></varlistentry> <varlistentry><term>/proc/ide/ide?/model/model</term><listitem><para>
|
|
device identifier</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/settings</term><listitem><para>
|
|
device setup</para></listitem></varlistentry> <varlistentry><term>/proc/ide/ide?/model/smart_thresholds</term><listitem><para>
|
|
IDE disk management thresholds</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/ide/ide?/model/smart_values</term><listitem><para>
|
|
IDE disk management values</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/interrupts</term><listitem><para> Shows which
|
|
interrupts are in use, and how many of each there have been.
|
|
|
|
<variablelist>
|
|
<varlistentry><term></term><listitem>
|
|
<para>You can, for example, check which interrupts are currently in use
|
|
and what they are used for by looking in the file /proc/interrupts:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para><screen># cat /proc/interrupts</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para><screen>
|
|
CPU0 0: 8728810
|
|
XT-PIC timer 1: 895
|
|
XT-PIC keyboard 2:
|
|
0 XT-PIC cascade 3: 531695
|
|
XT-PIC aha152x 4: 2014133
|
|
XT-PIC serial 5: 44401
|
|
XT-PIC pcnet_cs 8: 2
|
|
XT-PIC rtc 11: 8
|
|
XT-PIC i82365 12: 182918
|
|
XT-PIC PS/2 Mouse 13: 1
|
|
XT-PIC fpu 14: 1232265
|
|
XT-PIC ide0 15: 7
|
|
XT-PIC ide1 NMI: 0
|
|
</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>In 2.4 based kernels a couple of
|
|
lines were added to this file LOC & ERR (this is the output of an SMP
|
|
machine):</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para><screen># cat /proc/interrupts</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>
|
|
<screen>
|
|
CPU0 CPU1
|
|
0: 1243498 1214548 IO-APIC-edge timer
|
|
1: 8949 8958 IO-APIC-edge keyboard
|
|
2: 0 0 XT-PIC cascade
|
|
5: 11286 10161 IO-APIC-edge soundblaster
|
|
8: 1 0 IO-APIC-edge rtc
|
|
9: 27422 27407 IO-APIC-edge 3c503
|
|
12: 113645 113873 IO-APIC-edge PS/2 Mouse
|
|
13: 0 0 XT-PIC fpu 14: 22491 24012 IO-APIC-edge ide0
|
|
15: 2183 2415 IO-APIC-edge ide1
|
|
17: 30564 30414 IO-APIC-level eth0
|
|
18: 177 164 IO-APIC-level bttv NMI: 2457961 2457959
|
|
LOC: 2457882 2457881 ERR: 2155
|
|
</screen>
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>NMI is incremented in this
|
|
case because every timer interrupt generates a NMI (Non Maskable Interrupt)
|
|
which is used by the NMI Watchdog to detect lookups.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>LOC is the
|
|
local interrupt counter of the internal APIC of every CPU.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>ERR is incremented in the case of errors in the IO-APIC bus (the bus
|
|
that connects the CPUs in an SMP system. This means that an error has been
|
|
detected, the IO-APIC automatically retries the transmission, so it should
|
|
not be a big problem, but you should read the SMP-FAQ.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>In this
|
|
context it could be interesting to note the new irq directory in 2.4. It
|
|
could be used to set IRQ to CPU affinity, this means that you can
|
|
"hook" an IRQ to only one CPU, or to exclude a CPU from handling
|
|
IRQs. The contents of the irq subdir is one subdir for each IRQ, and one
|
|
file; prof_cpu_mask. For example,</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>
|
|
<screen>
|
|
# ls /proc/irq/ 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask
|
|
1 11 13 15 17 19 3 5 7 9
|
|
</screen>
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>
|
|
<screen>
|
|
# ls /proc/irq/0/ smp_affinity
|
|
</screen>
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>The contents of the prof_cpu_mask file and each smp_affinity file for
|
|
each IRQ is the same by default:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>
|
|
<screen>
|
|
# cat /proc/irq/0/smp_affinity
|
|
ffffffff
|
|
</screen>
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>It's a bitmask, in which you can specify which CPUs can handle
|
|
the IRQ, you can set it by doing:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para><screen># echo 1 > /proc/irq/prof_cpu_mask</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>This means that only the first CPU will handle the IRQ, but you can
|
|
also echo 5 which means that only the first and fourth CPU can handle the
|
|
IRQ. The way IRQs are routed is handled by the IO-APIC, and its Round
|
|
Robin between all the CPUs which are allowed to handle it. As usual the
|
|
kernel has more info than you and does a better job than you, so the
|
|
defaults are the best choice for almost everyone.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/iomem</term><listitem><para> Memory map.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/ioports</term><listitem><para> Which I/O ports are
|
|
in use at the moment.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/irq</term><listitem><para> Masks for irq to cpu
|
|
affinity.</para></listitem></varlistentry> <varlistentry><term>/proc/isapnp</term><listitem><para>
|
|
ISA PnP (Plug&Play) Info.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/kcore</term><listitem><para> An image of the
|
|
physical memory of the system (can be ELF or A.OUT (deprecated in 2.4)).
|
|
This is exactly the same size as your physical memory, but does not really
|
|
take up that much memory; it is generated on the fly as programs access it.
|
|
(Remember: unless you copy it elsewhere, nothing under /proc takes up any
|
|
disk space at all.)</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/kmsg</term><listitem><para> Messages output by the
|
|
kernel. These are also routed to syslog.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/ksyms</term><listitem><para> Kernel symbol table.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/loadavg</term><listitem><para> The 'load
|
|
average' of the system; three indicators of how much work the system has
|
|
done during the last 1, 5 & 15 minutes.</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/locks</term><listitem><para> Kernel locks.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/meminfo</term><listitem><para> Information about
|
|
memory usage, both physical and swap. Concatenating this file produces
|
|
similar results to using 'free' or the first few lines of
|
|
'top'.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/misc</term><listitem><para> Miscellaneous pieces
|
|
of information. This is for information that has no real place within the
|
|
rest of the proc filesystem.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/modules</term><listitem><para> Kernel modules
|
|
currently loaded. Typically its output is the same as that given by the
|
|
'lsmod' command.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/mounts</term><listitem><para> Mounted filesystems</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/mtrr</term><listitem><para> Information regarding
|
|
mtrrs. (On Intel P6 family processors (Pentium Pro, Pentium II and later)
|
|
the Memory Type Range Registers (MTRRs) may be used to control processor
|
|
access to memory ranges. This is most useful when you have a video (VGA)
|
|
card on a PCI or AGP bus. Enabling write-combining allows bus write
|
|
transfers to be combined into a larger transfer before bursting over the
|
|
PCI/AGP bus. This can increase performance of image write operations 2.5
|
|
times or more. The Cyrix 6x86, 6x86MX and M II processors have Address Range
|
|
Registers (ARRs) which provide a similar functionality to MTRRs. For these,
|
|
the ARRs are used to emulate the MTRRs. The AMD K6-2 (stepping 8 and above)
|
|
and K6-3 processors have two MTRRs. These are supported. The AMD Athlon
|
|
family provide 8 Intel style MTRRs. The Centaur C6 (WinChip) has 8 MCRs,
|
|
allowing write-combining. These are also supported. The VIA Cyrix III and
|
|
VIA C3 CPUs offer 8 Intel style MTRRs.) For more details regarding mtrr
|
|
technology see /usr/src/linux/Documentation/mtrr.txt.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net</term><listitem><para> Status information
|
|
about network protocols.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>IPv6 information</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/net/udp6</term><listitem><para>
|
|
UDP sockets (IPv6).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/tcp6</term><listitem><para> TCP sockets
|
|
(IPv6).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/raw6</term><listitem><para>
|
|
Raw device statistics (IPv6).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/igmp6</term><listitem><para> IP multicast
|
|
addresses, which this host joined (IPv6).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/if_inet6</term><listitem><para> List of IPv6
|
|
interface addresses.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ipv6_route</term><listitem><para> Kernel
|
|
routing table for IPv6.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/rt6_stats</term><listitem><para> Global IPv6
|
|
routing tables statistics.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/sockstat6</term><listitem><para> Socket
|
|
statistics (IPv6).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/snmp6</term><listitem><para> Snmp data (IPv6).</para></listitem></varlistentry>
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>General Network information</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/net/arp</term><listitem><para>
|
|
Kernel ARP table.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/dev</term><listitem><para> network devices
|
|
with statistics.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/dev_mcast</term><listitem><para> the Layer2
|
|
multicast groups which a device is listening to (interface index, label,
|
|
number of references, number of bound addresses).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/dev_stat</term><listitem><para> network device
|
|
status.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_fwchains</term><listitem><para>
|
|
Firewall chain linkage.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_fwnames</term><listitem><para> Firewall
|
|
chain names.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_masq</term><listitem><para>
|
|
Directory containing the masquerading tables.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_masquerade</term><listitem><para> Major
|
|
masquerading table.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/netstat</term><listitem><para> Network
|
|
statistics.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/raw</term><listitem><para>
|
|
raw device statistics.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/route</term><listitem><para> Kernel routing
|
|
table.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/rpc</term><listitem><para>
|
|
Directory containing rpc info.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/rt_cache</term><listitem><para> Routing cache.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/snmp</term><listitem><para> SNMP data.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/sockstat</term><listitem><para> Socket
|
|
statistics.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/tcp</term><listitem><para>
|
|
TCP sockets.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/tr_rif</term><listitem><para>
|
|
Token ring RIF routing table.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/udp</term><listitem><para> UDP sockets.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/unix</term><listitem><para> UNIX domain
|
|
sockets.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/wireless</term><listitem><para>
|
|
Wireless interface data (Wavelan etc).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/igmp</term><listitem><para> IP multicast
|
|
addresses, which this host joined.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/psched</term><listitem><para> Global packet
|
|
scheduler parameters.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/netlink</term><listitem><para> List of
|
|
PF_NETLINK sockets.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_mr_vifs</term><listitem><para> List of
|
|
multicast virtual interfaces.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/ip_mr_cache</term><listitem><para> List of
|
|
multicast routing cache.</para> <para>You can use this information to see
|
|
which network devices are available in your system
|
|
and how much traffic was routed over those devices. In addition, each
|
|
Channel Bond interface has its own directory. For example, the bond0 device
|
|
will have a directory called /proc/net/bond0/. It will contain information
|
|
that is specific to that bond, such as the current slaves of the bond, the
|
|
link status of the slaves, and how many times the slaves link has failed.</para>
|
|
</listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term>/proc/parport</term><listitem><para>
|
|
The directory /proc/parport contains information about the parallel
|
|
ports of your system. It has one subdirectory for each port,
|
|
named after the port number (0,1,2,...).
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/parport/autoprobe</term><listitem><para>
|
|
Any IEEE-1284 device ID information that has been acquired.</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/parport/devices</term><listitem><para> list of the
|
|
device drivers using that port. A + will appear by the name of the device
|
|
currently using the port (it might not appear against any).</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/parport/hardware</term><listitem><para> Parallel
|
|
port's base address, IRQ line and DMA channel.</para></listitem></varlistentry>
|
|
<varlistentry><term>/proc/parport/irq</term><listitem><para> IRQ that
|
|
parport is using for that port. This is in a separate file to allow you to
|
|
alter it by writing a new value in (IRQ number or none).</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term>/proc/partitions</term><listitem><para> Table of
|
|
partitions known to the system</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/pci, /proc/bus/pci</term><listitem><para>
|
|
Depreciated info of PCI bus.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/rtc</term><listitem><para> Real time clock</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/scsi</term><listitem><para> If you have a SCSI
|
|
host adapter in your system, you'll find a subdirectory named after the
|
|
driver for this adapter in /proc/scsi. You'll also see a list of all
|
|
recognized SCSI devices in /proc/scsi. The directory named after the driver
|
|
has one file for each adapter found in the system. These files contain
|
|
information about the controller, including the used IRQ and the IO address
|
|
range. The amount of information shown is dependent on the adapter you use.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/self</term><listitem><para> A symbolic link to the
|
|
process directory of the program that is looking at /proc. When two
|
|
processes look at /proc, they get different links. This is mainly a
|
|
convenience to make it easier for programs to get at their process
|
|
directory.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/slabinfo</term><listitem><para>
|
|
The slabinfo file gives information about memory usage at the slab level.
|
|
Linux uses slab pools for memory management above page level in version 2.2.
|
|
Commonly used objects have their own slab pool (such as network buffers,
|
|
directory cache, and so on).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/stat</term><listitem><para> Overall/various
|
|
statistics about the system, such as the number of page faults since the
|
|
system was booted.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/swaps</term><listitem><para> Swap space
|
|
utilization</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys</term><listitem><para>
|
|
This is not only a source of information, it also allows you to change
|
|
parameters within the kernel without the need for recompilation or even a
|
|
system reboot. Take care when attempting this as it can both optimize your
|
|
system and also crash it. It is advisable to read both documentation and
|
|
source before actually making adjustments. The entries in /proc may change
|
|
slightly between kernel versions, so if there is any doubt review the kernel
|
|
documentation in the directory /usr/src/linux/Documentation. Under some
|
|
circumstances, you may have no alternative but to reboot the machine once an
|
|
error occurs. To change a value, simply echo the new value into the file. An
|
|
example is given below in the section on the file system data. Of course,
|
|
you need to be 'root' to do any of this. You can create your own
|
|
boot script to perform this every time your system boots.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/fs</term><listitem><para>Contains file system
|
|
data. This subdirectory contains specific file system, file handle, inode,
|
|
dentry and quota information.
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>dentry-state</term><listitem><para> Status of the
|
|
directory cache. Since directory entries are dynamically allocated and
|
|
deallocated, this file indicates the current status. It holds six values, in
|
|
which the last two are not used and are always zero. The others are listed
|
|
below:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para><screen>
|
|
File Content
|
|
nr_dentry Almost always zero
|
|
nr_unused Number of unused cache entries
|
|
age_limit in seconds after the entry may be
|
|
reclaimed, when memory is short want_pages internally
|
|
</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>dquot-max</term><listitem><para>
|
|
The file dquot-max shows the maximum number of cached disk
|
|
quota entries.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>dquot-nr</term><listitem><para>
|
|
shows the number of allocated disk quota entries and the number of
|
|
free disk quota entries. If the number of available cached disk quotas
|
|
is very low and you have a large number of simultaneous system users,
|
|
you might want to raise the limit.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>file-nr and file-max</term><listitem><para>
|
|
The kernel allocates file handles dynamically, but doesn't
|
|
free them again at this time. The value in file-max denotes
|
|
the maximum number of file handles that the Linux kernel will allocate. When
|
|
you get a lot of error messages about running out of file handles, you might
|
|
want to raise this limit. The default value is 4096. To change it, just
|
|
write the new number into the file:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para><screen>
|
|
# cat /proc/sys/fs/file-max
|
|
4096
|
|
# echo 8192 > /proc/sys/fs/file-max
|
|
# cat /proc/sys/fs/file-max
|
|
8192
|
|
</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>This method of revision is useful for all customizable parameters
|
|
of the kernel - simply echo the new value to the corresponding file.</para>
|
|
</listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>The three values in file-nr denote the number of allocated file
|
|
handles, the number of used file handles, and the maximum number of
|
|
file handles. When the allocated file handles come close to the maximum,
|
|
but the number of actually used handles is far behind, you've
|
|
encountered a peak in your usage of file handles and you don't
|
|
need to increase the maximum.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>inode-state, inode-nr and inode-max</term><listitem><para>
|
|
As with file handles, the kernel allocates the inode
|
|
structures dynamically, but can't free them yet.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>The value in inode-max denotes the maximum number of
|
|
inode handlers. This value should be 3 to 4 times larger than the
|
|
value in file-max, since stdin, stdout, and
|
|
network sockets also need an inode struct to handle them. If you regularly
|
|
run out of inodes, you should increase this value.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>The file inode-nr contains the first two items from inode-state,
|
|
so we'll skip to that file...</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>inode-state contains three actual numbers and four dummy
|
|
values. The numbers are nr_inodes, nr_free_inodes, and preshrink (in order
|
|
of appearance).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>nr_inodes</term><listitem><para>
|
|
Denotes the number of inodes the system has allocated. This can be
|
|
slightly more than inode-max because Linux allocates them one pageful at a time.
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>nr_free_inodes</term><listitem><para>
|
|
Represents the number of free inodes and preshrink is nonzero when nr_inodes
|
|
is greater than inode-max and the system needs to prune the inode list
|
|
instead of allocating more.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>super-nr and super-max</term><listitem><para>
|
|
Again, super block structures are allocated by the
|
|
kernel, but not freed. The file super-max contains the maximum number of
|
|
super block handlers, where super-nr shows the number of currently allocated
|
|
ones. Every mounted file system needs a super block, so if you plan to mount
|
|
lots of file systems, you may want to increase these numbers.
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>binfmt_misc</term><listitem><para>
|
|
This handles the kernel support for miscellaneous binary formats.
|
|
binfmt_misc provides the ability to register additional binary formats to
|
|
the kernel without compiling an additional module/kernel. Therefore,
|
|
binfmt_misc needs to know magic numbers at the beginning or the filename
|
|
extension of the binary. It works by maintaining a linked list of structs
|
|
that contain a description of a binary format, including a magic with size
|
|
(or the filename extension), offset and mask, and the interpreter name. On
|
|
request it invokes the given interpreter with the original program as
|
|
argument, as binfmt_java and binfmt_em86 and binfmt_mz do. Since binfmt_misc
|
|
does not define any default binary-formats, you have to register an
|
|
additional binary-format. There are two general files in binfmt_misc and one
|
|
file per registered format. The two general files are register and status.
|
|
To register a new binary format you have to issue the command echo
|
|
:name:type:offset:magic:mask:interpreter: > /proc/sys/fs/binfmt_misc/register
|
|
with appropriate name (the name for the /proc-dir entry), offset
|
|
(defaults to 0, if omitted), magic, mask (which can be omitted,
|
|
defaults to all 0xff) and last but not least, the interpreter
|
|
that is to be invoked (for example and testing /bin/echo). Type can be M for
|
|
usual magic matching or E for filename extension matching (give extension in
|
|
place of magic). If you do a cat on the file /proc/sys/fs/binfmt_misc/status,
|
|
you will get the current status (enabled/disabled) of binfmt_misc.
|
|
Change the status by echoing 0 (disables) or 1 (enables) or -1
|
|
(caution: this clears all previously registered binary
|
|
formats) to status. For example echo 0 > status to disable binfmt_misc
|
|
(temporarily). Each registered handler has an entry in /proc/sys/fs/binfmt_misc.
|
|
These files perform the same function as status, but their scope is limited
|
|
to the actual binary format. By 'cating' this file, you also receive
|
|
all related information about the interpreter/magic of the binfmt. An
|
|
example of the usage of binfmt_misc (emulate binfmt_java) follows:
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para><screen>
|
|
cd /proc/sys/fs/binfmt_misc
|
|
echo ':Java:M::\xca\xfe\xba\xbe::/usr/local/java/bin/javawrapper:'
|
|
> register
|
|
echo ':HTML:E::html::/usr/local/java/bin/appletviewer:'
|
|
> register
|
|
echo ':Applet:M::<!--applet::/usr/local/java/bin/appletviewer:' >
|
|
register
|
|
echo ':DEXE:M::\x0eDEX::/usr/bin/dosexec:' < register
|
|
</screen></para>
|
|
</listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>
|
|
These four lines add support for Java executables and Java applets (like
|
|
binfmt_java, additionally recognizing the .html extension with no need to
|
|
put <!--applet> to every applet file). You have to install the JDK
|
|
and the shell-script /usr/local/java/bin/javawrapper too. It works around
|
|
the brokenness of the Java filename handling. To add a Java binary, just
|
|
create a link to the class-file somewhere in the path.</para>
|
|
</listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel</term><listitem><para> This directory
|
|
reflects general kernel behaviors and the contents will be dependent upon
|
|
your configuration. Here you'll find the most important files, along
|
|
with descriptions of what they mean and how to use them.
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/acct</term><listitem><para> The file
|
|
contains three values; highwater, lowwater, and frequency. It exists only
|
|
when BSD-style process accounting is enabled. These values control its
|
|
behavior. If the free space on the file system where the log lives goes
|
|
below lowwater percentage, accounting suspends. If it goes above highwater
|
|
percentage, accounting resumes. Frequency determines how often you check the
|
|
amount of free space (value is in seconds). Default settings are: 4, 2, and
|
|
30. That is, suspend accounting if there is less than 2 percent free; resume
|
|
it if we have a value of 3 or more percent; consider information about the
|
|
amount of free space valid for 30 seconds</para></listitem>
|
|
|
|
</varlistentry>
|
|
<varlistentry><term>/proc/sys/kernel/ctrl-alt-del</term><listitem><para>
|
|
When the value in this file is 0, ctrl-alt-del is trapped and sent to the
|
|
init program to handle a graceful restart. However, when the value is
|
|
greater that zero, Linux's reaction to this key combination will be an
|
|
immediate reboot, without syncing its dirty buffers. It should be noted that
|
|
when a program (like dosemu) has the keyboard in raw mode, the ctrl-alt-del
|
|
is intercepted by the program before it ever reaches the kernel tty layer,
|
|
and it is up to the program to decide what to do with it.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/domainname, /proc/sys/kernel/hostname</term><listitem><para>
|
|
These files can be controlled to set the NIS domainname and hostname of your
|
|
box. For the classic darkstar.frop.org a simple: # echo "darkstar"
|
|
> /proc/sys/kernel/hostname # echo "frop.org" >
|
|
/proc/sys/kernel/domainname would suffice to set your hostname and NIS
|
|
domainname. /proc/sys/kernel/osrelease, /proc/sys/kernel/ostype,
|
|
/proc/sys/kernel/version The names make it pretty obvious what these fields
|
|
contain: # cat /proc/sys/kernel/osrelease 2.2.12 # cat
|
|
/proc/sys/kernel/ostype Linux # cat /proc/sys/kernel/version #4 Fri Oct 1
|
|
12:41:14 PDT 1999 The files osrelease and ostype should be clear enough.
|
|
Version needs a little more clarification. The #4 means that this is the 4th
|
|
kernel built from this source base and the date after it indicates the time
|
|
the kernel was built. The only way to tune these values is to rebuild the
|
|
kernel.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/panic</term><listitem><para>
|
|
The value in this file represents the number of seconds the kernel waits
|
|
before rebooting on a panic. When you use the software watchdog, the
|
|
recommended setting is 60. If set to 0, the auto reboot after a kernel panic
|
|
is disabled, which is the default setting.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/printk</term><listitem><para> The four
|
|
values in printk denote * console_loglevel, * default_message_loglevel, *
|
|
minimum_console_level and * default_console_loglevel respectively. These
|
|
values influence printk() behavior when printing or logging error messages,
|
|
which come from inside the kernel. See syslog(2) for more information on the
|
|
different log levels.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/console_loglevel</term><listitem><para>
|
|
Messages with a higher priority than this will be printed to the console.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/default_message_level</term><listitem><para>
|
|
Messages without an explicit priority will be printed with this priority.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/minimum_console_loglevel</term><listitem><para>
|
|
Minimum (highest) value to which the console_loglevel can be set.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/default_console_loglevel</term><listitem><para>
|
|
Default value for console_loglevel.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/sg-big-buff</term><listitem><para> This
|
|
file shows the size of the generic SCSI (sg) buffer. At this point, you
|
|
can't tune it yet, but you can change it at compile time by editing
|
|
include/scsi/sg.h and changing the value of SG_BIG_BUFF. If you use a
|
|
scanner with SANE (Scanner Access Now Easy) you might want to set this to a
|
|
higher value. Refer to the SANE documentation on this issue.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/kernel/modprobe</term><listitem><para> The
|
|
location where the modprobe binary is located. The kernel uses this program
|
|
to load modules on demand.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term>/proc/sys/vm</term><listitem><para>The files in this
|
|
directory can be used to tune the operation of the virtual memory (VM)
|
|
subsystem of the Linux kernel. In addition, one of the files (bdflush) has
|
|
some influence on disk usage.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>nfract</term><listitem><para>
|
|
This parameter governs the maximum number of dirty buffers in the buffer cache.
|
|
Dirty means that the contents of the buffer still have to be written to disk
|
|
(as opposed to a clean buffer, which can just be forgotten about). Setting
|
|
this to a higher value means that Linux can delay disk writes for a long
|
|
time, but it also means that it will have to do a lot of I/O at once when
|
|
memory becomes short. A lower value will spread out disk I/O more evenly.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ndirty</term><listitem><para>
|
|
Ndirty gives the maximum number of dirty buffers that bdflush can
|
|
write to the disk at one time. A high value will mean delayed, bursty I/O,
|
|
while a small value can lead to memory shortage when bdflush isn't woken
|
|
up often enough.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>nrefill</term><listitem><para>
|
|
This is the number of buffers that bdflush will add
|
|
to the list of free buffers when refill_freelist() is called. It is
|
|
necessary to allocate free buffers beforehand, since the buffers are often
|
|
different sizes than the memory pages and some bookkeeping needs to be done
|
|
beforehand. The higher the number, the more memory will be wasted and the
|
|
less often refill_freelist() will need to run.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>nref_dirt</term><listitem><para>
|
|
When refill_freelist() comes across more than nref_dirt dirty buffers, it will
|
|
wake up bdflush.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>age_buffer, age_super</term><listitem><para>
|
|
Finally, the age_buffer and age_super parameters govern the maximum
|
|
time Linux waits before writing out a dirty buffer to disk.
|
|
The value is expressed in jiffies (clockticks), the number
|
|
of jiffies per second is 100. Age_buffer is the maximum age for data blocks,
|
|
while age_super is for filesystems meta data.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>buffermem</term><listitem><para>
|
|
The three values in this file control how much memory should be
|
|
used for buffer memory. The percentage is calculated as a percentage
|
|
of total system memory.
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem><para>The values are:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>min_percent</term><listitem><para>
|
|
This is the minimum percentage of memory that should be
|
|
spent on buffer memory.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>borrow_percent</term><listitem><para>
|
|
When Linux is short on memory, and the buffer cache uses
|
|
more than it has been allotted, the memory management
|
|
(MM) subsystem will prune the buffer cache more heavily than other memory to
|
|
compensate.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>max_percent</term><listitem><para>
|
|
This is the maximum amount of memory that can be
|
|
used for buffer memory.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>freepages</term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem><para>This file contains three values: min, low and high:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>min</term><listitem><para>
|
|
When the number of free pages in the system reaches this
|
|
number, only the kernel can allocate more memory.</para></listitem></varlistentry>
|
|
<varlistentry><term>low</term><listitem><para>
|
|
If the number of free pages falls below this point,
|
|
the kernel starts swapping aggressively.</para></listitem></varlistentry>
|
|
<varlistentry><term>high</term><listitem><para>
|
|
The kernel tries to keep up to this amount of memory free; if memory falls
|
|
below this point, the kernel starts gently swapping in the hopes that it
|
|
never has to do really aggressive swapping.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>kswapd</term><listitem><para>
|
|
Kswapd is the kernel swap out daemon. That is, kswapd is that
|
|
piece of the kernel that frees memory when it gets fragmented
|
|
or full. Since every system is different, you'll
|
|
probably want some control over this piece of the system.
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem><para>The file contains three numbers:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tries_base</term><listitem><para>
|
|
The maximum number of pages kswapd tries to free
|
|
in one round is calculated from this number. Usually this number will be
|
|
divided by 4 or 8 (see mm/vmscan.c), so it isn't as big as it looks.
|
|
When you need to increase the bandwidth to/from swap, you'll want to
|
|
increase this number.</para></listitem></varlistentry>
|
|
<varlistentry><term>tries_min</term><listitem><para>
|
|
This is the minimum number of times kswapd
|
|
tries to free a page each time it is called. Basically it's just there
|
|
to make sure that kswapd frees some pages even when it's being called
|
|
with minimum priority.</para></listitem></varlistentry>
|
|
<varlistentry><term>swap_cluster</term><listitem><para>
|
|
This is probably the greatest influence
|
|
on system performance. swap_cluster is the number of pages kswapd writes in
|
|
one turn. You'll want this value to be large so that kswapd does its I/O
|
|
in large chunks and the disk doesn't have to seek as often, but you
|
|
don't want it to be too large since that would flood the request queue.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term>overcommit_memory</term><listitem><para>
|
|
This file contains one value. The following algorithm is
|
|
used to decide if there's enough memory: if the value of
|
|
overcommit_memory is positive, then there's always enough memory. This
|
|
is a useful feature, since programs often malloc() huge amounts of memory
|
|
'just in case', while they only use a small part of it. Leaving this
|
|
value at 0 will lead to the failure of such a huge malloc(), when in fact
|
|
the system has enough memory for the program to run. On the other hand,
|
|
enabling this feature can cause you to run out of memory and thrash the
|
|
system to death, so large and/or important servers will want to set this
|
|
value to 0.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>pagecache</term><listitem><para>
|
|
This file does exactly the same job as buffermem, only
|
|
this file controls the amount of memory allowed for memory mapping and
|
|
generic caching of files. You don't want the minimum level to be too
|
|
low, otherwise your system might thrash when memory is tight or
|
|
fragmentation is high.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>pagetable_cache</term><listitem><para>
|
|
The kernel keeps a number of page
|
|
tables in a per-processor cache (this helps a lot on SMP systems). The cache
|
|
size for each processor will be between the low and the high value. On a
|
|
low-memory, single CPU system, you can safely set these values to 0 so you
|
|
don't waste memory. It is used on SMP systems so that the system can
|
|
perform fast pagetable allocations without having to acquire the kernel
|
|
memory lock. For large systems, the settings are probably fine. For normal
|
|
systems they won't hurt a bit. For small systems ( less than 16MB ram)
|
|
it might be advantageous to set both values to 0.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>swapctl</term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>This file contains no less than 8 variables.
|
|
All of these values are used by kswapd. The first
|
|
four variables sc_max_page_age, sc_page_advance, sc_page_decline and
|
|
sc_page_initial_age are used to keep track of Linux's page aging. Page
|
|
ageing is a bookkeeping method to track which pages of memory are often
|
|
used, and which pages can be swapped out without consequences.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>When a page is swapped in, it starts at sc_page_initial_age (default 3)
|
|
and when the page is scanned by kswapd, its age is adjusted
|
|
according to the following scheme.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>If the page was used since the last time we scanned, its age is
|
|
increased by sc_page_advance (default 3). Where the maximum value is given
|
|
by sc_max_page_age (default 20). Otherwise (meaning it wasn't used)
|
|
its age is decreased by sc_page_decline (default 1).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>When a page reaches age 0, it's ready to be swapped out.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>The variables sc_age_cluster_fract,
|
|
sc_age_cluster_min, sc_pageout_weight and sc_bufferout_weight, can be used
|
|
to control kswapd's aggressiveness in swapping out pages.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>Sc_age_cluster_fract is used to calculate how many pages from a process are
|
|
to be scanned by kswapd. The formula used is</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>(sc_age_cluster_fract divided by 1024) times resident set size</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>So if you want kswapd to scan the whole process,
|
|
sc_age_cluster_fract needs to have a value of 1024. The minimum
|
|
number of pages kswapd will scan is represented by sc_age_cluster_min, which
|
|
is done so that kswapd will also scan small processes. The values of
|
|
sc_pageout_weight and sc_bufferout_weight are used to control how many tries
|
|
kswapd will make in order to swap out one page/buffer. These values can be
|
|
used to fine-tune the ratio between user pages and buffer/cache memory. When
|
|
you find that your Linux system is swapping out too many process pages in
|
|
order to satisfy buffer memory demands, you may want to either increase
|
|
sc_bufferout_weight, or decrease the value of sc_pageout_weight.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/dev</term><listitem><para>Device specific
|
|
parameters. Currently there is only support for CDROM drives, and for those,
|
|
there is only one read-only file containing information about the CD-ROM
|
|
drives attached to the system: >cat /proc/sys/dev/cdrom/info CD-ROM
|
|
information, Id: cdrom.c 2.55 1999/04/25 drive name: sr0 hdb drive speed: 32
|
|
40 drive # of slots: 1 0 Can close tray: 1 1 Can open tray: 1 1 Can lock
|
|
tray: 1 1 Can change speed: 1 1 Can select disk: 0 1 Can read multisession:
|
|
1 1 Can read MCN: 1 1 Reports media changed: 1 1 Can play audio: 1 1 You see
|
|
two drives, sr0 and hdb, along with a list of their features.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>SUNRPC</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/sunrpc</term><listitem><para>
|
|
This directory contains four files, which enable or disable debugging for
|
|
the RPC functions NFS, NFS-daemon, RPC and NLM. The default values are 0.
|
|
They can be set to one to turn debugging on. (The default value is 0 for
|
|
each)</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/net</term><listitem><para>
|
|
The interface to the networking parts of the kernel is located in
|
|
/proc/sys/net. The following table shows all possible subdirectories. You
|
|
may see only some of them, depending on your kernel's configuration. Our
|
|
main focus will be on IP networking since AX15, X.25, and DEC Net are only
|
|
minor players in the Linux world. Should you wish review the online
|
|
documentation and the kernel source to get a detailed view of the parameters
|
|
for those protocols not covered here. In this section we'll discuss the
|
|
subdirectories listed above. As default values are suitable for most needs,
|
|
there is no need to change these values.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry><term><emphasis>GENERAL PARAMETERS</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/net/core</term><listitem><para>
|
|
Network core options</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>rmem_default</term><listitem><para>The default setting
|
|
of the socket receive buffer in bytes.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>rmem_max</term><listitem><para>The maximum receive
|
|
socket buffer size in bytes.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>wmem_default</term><listitem><para>The default setting
|
|
(in bytes) of the socket send buffer.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>wmem_max</term><listitem><para>The maximum send socket
|
|
buffer size in bytes.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>message_burst and message_cost</term><listitem><para>
|
|
These parameters are used to limit the warning messages written to the
|
|
kernel log from the networking code. They enforce a rate limit to make a
|
|
denial-of-service attack impossible. A higher message_cost factor, results
|
|
in fewer messages that will be written. Message_burst controls when messages
|
|
will be dropped. The default settings limit warning messages to one every
|
|
five seconds.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>netdev_max_backlog</term><listitem><para>
|
|
Maximum number of packets, queued on the INPUT side, when the interface
|
|
receives packets faster than kernel can process them.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>optmem_max</term><listitem><para>Maximum ancillary
|
|
buffer size allowed per socket. Ancillary data is a sequence of struct
|
|
cmsghdr structures with appended data.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>UNIX DOMAIN SOCKETS</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/net/unix</term><listitem><para>
|
|
Parameters for Unix domain sockets</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>There are only two files in this subdirectory. They control the
|
|
delays for deleting and destroying socket descriptors.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>IPv4</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/net/ipv4</term><listitem><para>IPV4 settings.
|
|
IP version 4 is still the most used protocol in Unix networking. It will be
|
|
replaced by IP version 6 in the next couple of years, but for the moment
|
|
it's the de facto standard for the internet and is used in most
|
|
networking environments around the world. Because of the importance of this
|
|
protocol, we'll have a deeper look into the subtree controlling the
|
|
behavior of the Ipv4 subsystem of the Linux kernel.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>Let's start with the entries in /proc/sys/net/ipv4.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>ICMP settings</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>icmp_echo_ignore_all and icmp_echo_ignore_broadcasts</term><listitem><para>Turn on (1) or off (0), if the kernel should ignore all ICMP ECHO requests, or just those to
|
|
broadcast and multicast addresses.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>Please note that if you accept ICMP echo requests with a
|
|
broadcast/multi\-cast destination address your network
|
|
may be used as an exploder for denial of service packet flooding attacks to
|
|
other hosts.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate
|
|
and icmp_timeexeed_rate</term><listitem><para>
|
|
Sets limits for sending ICMP packets to specific
|
|
targets. A value of zero disables all limiting. Any positive value sets
|
|
the maximum package rate in hundredth of a second (on
|
|
Intel systems).</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>IP settings</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>ip_autoconfig</term><listitem><para>This file contains
|
|
the number one if the host received its IP configuration by RARP, BOOTP,
|
|
DHCP or a similar mechanism. Otherwise it is zero.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_default_ttl</term><listitem><para>TTL (Time To Live)
|
|
for IPv4 interfaces. This is simply the maximum number of hops a packet may
|
|
travel.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_dynaddr</term><listitem><para>
|
|
Enable dynamic socket address rewriting on interface address change. This is
|
|
useful for dialup interface with changing IP addresses.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_forward</term><listitem><para>Enable or disable
|
|
forwarding of IP packages between interfaces. Changing this value resets all
|
|
other parameters to their default values. They differ if the kernel is
|
|
configured as host or router.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_local_port_range</term><listitem><para>Range of
|
|
ports used by TCP and UDP to choose the local port. Contains two numbers,
|
|
the first number is the lowest port, the second number the highest local
|
|
port. Default is 1024-4999. Should be changed to 32768-61000 for high-usage
|
|
systems.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_no_pmtu_disc</term><listitem><para>
|
|
Global switch to turn path MTU discovery off. It can also be set on a per
|
|
socket basis by the applications or on a per route basis.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ip_masq_debug</term><listitem><para> Enable/disable
|
|
debugging of IP masquerading.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>IP fragmentation settings</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>ipfrag_high_trash and ipfrag_low_trash</term><listitem><para>Maximum memory used to reassemble IP fragments. When ipfrag_high_thrash bytes of memory is allocated for this purpose, the fragment handler will toss packets until ipfrag_low_thrash is reached.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ipfrag_time</term><listitem><para>
|
|
Time in seconds to keep an IP fragment in memory.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
<varlistentry><term><emphasis>TCP settings</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>tcp_ecn</term><listitem><para>
|
|
This file controls the use of the ECN bit in the IPv4 headers, this is a new
|
|
feature about Explicit Congestion Notification, but some routers and
|
|
firewalls block traffic that has this bit set, so it could be necessary to
|
|
echo 0 to /proc/sys/net/ipv4/tcp_ecn, if you want to talk to this sites. For
|
|
more info you could read RFC2481.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_retrans_collapse</term><listitem><para>Bug-to-bug
|
|
compatibility with some broken printers. On retransmit, try to send larger
|
|
packets to work around bugs in certain TCP stacks. Can be turned off by
|
|
setting it to zero.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_keepalive_probes</term><listitem><para>Number of
|
|
keep alive probes TCP sends out, until it decides that the connection is
|
|
broken.</para></listitem></varlistentry> <varlistentry><term>tcp_keepalive_time</term><listitem><para>
|
|
How often TCP sends out keep alive messages, when keep alive is enabled. The
|
|
default is 2 hours.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_syn_retries</term><listitem><para>Number of times
|
|
initial SYNs for a TCP connection attempt will be retransmitted. Should not
|
|
be higher than 255. This is only the timeout for outgoing connections, for
|
|
incoming connections the number of retransmits is defined by tcp_retries1.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_sack</term><listitem><para>Enable select
|
|
acknowledgments after RFC2018.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_timestamps</term><listitem><para>Enable timestamps
|
|
as defined in RFC1323.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_stdurg</term><listitem><para>Enable the strict
|
|
RFC793 interpretation of the TCP urgent pointer field. The default is to use
|
|
the BSD compatible interpretation of the urgent pointer pointing to the
|
|
first byte after the urgent data. The RFC793 interpretation is to have it
|
|
point to the last byte of urgent data. Enabling this option may lead to
|
|
interoperability problems. Disabled by default.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_syncookies</term><listitem><para>Only valid when
|
|
the kernel was compiled with CONFIG_SYNCOOKIES. Send out syncookies when the
|
|
syn backlog queue of a socket overflows. This is to ward off the common
|
|
'syn flood attack'. Disabled by default. Note that the concept of a
|
|
socket backlog is abandoned. This means the peer may not receive reliable
|
|
error messages from an over loaded server with syncookies enabled.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_window_scaling</term><listitem><para>Enable window
|
|
scaling as defined in RFC1323.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_fin_timeout</term><listitem><para>The length of
|
|
time in seconds it takes to receive a final FIN before the socket is always
|
|
closed. This is strictly a violation of the TCP specification, but required
|
|
to prevent denial-of-service attacks.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_max_ka_probes</term><listitem><para>Indicates how
|
|
many keep alive probes are sent per slow timer run. Should not be set too
|
|
high to prevent bursts.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_max_syn_backlog</term><listitem><para>Length of the
|
|
per socket backlog queue. Since Linux 2.2 the backlog specified in listen(2)
|
|
only specifies the length of the backlog queue of already established
|
|
sockets. When more connection requests arrive Linux starts to drop packets.
|
|
When syncookies are enabled the packets are still answered and the maximum
|
|
queue is effectively ignored.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_retries1</term><listitem><para>Defines how often an
|
|
answer to a TCP connection request is retransmitted before giving up.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>tcp_retries2</term><listitem><para>Defines how often a
|
|
TCP packet is retransmitted before giving up.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/net/ipv4/conf</term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>Here you'll find one subdirectory for each interface the system knows
|
|
about and one directory called all. Changes in the all subdirectory affect all
|
|
interfaces, whereas changes in the other subdirectories affect only one
|
|
interface. All directories have the same entries:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>accept_redirects</term><listitem><para>This switch
|
|
decides if the kernel accepts ICMP redirect messages or not. The default is
|
|
'yes' if the kernel is configured for a regular host and
|
|
'no' for a router configuration.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>accept_source_route</term><listitem><para>Should source
|
|
routed packages be accepted or declined. The default is dependent on the
|
|
kernel configuration. It's 'yes' for routers and 'no'
|
|
for hosts.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>bootp_relay</term><listitem><para>
|
|
Accept packets with source address 0.b.c.d with destinations not to this
|
|
host as local ones. It is supposed that a BOOTP relay daemon will catch and
|
|
forward such packets. The default is 0.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>forwarding</term><listitem><para>Enable or disable IP
|
|
forwarding on this interface.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>log_martians</term><listitem><para>Log packets with
|
|
source addresses with no known route to kernel log.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>mc_forwarding</term><listitem><para>Do multicast
|
|
routing. The kernel needs to be compiled with CONFIG_MROUTE and a multicast
|
|
routing daemon is required.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>proxy_arp</term><listitem><para>Does (1) or does not
|
|
(0) perform proxy ARP.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>rp_filter</term><listitem><para>Integer value
|
|
determines if a source validation should be made. 1 means yes, 0 means no.
|
|
Disabled by default, but local/broadcast address spoofing is always on. If
|
|
you set this to 1 on a router that is the only connection for a network to
|
|
the net, it will prevent spoofing attacks against your internal networks
|
|
(external addresses can still be spoofed), without the need for additional
|
|
firewall rules.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>secure_redirects</term><listitem><para>Accept ICMP
|
|
redirect messages only for gateways, listed in default gateway list. Enabled
|
|
by default.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>shared_media</term><listitem><para>
|
|
If it is not set the kernel does not assume that different subnets on this
|
|
device can communicate directly. Default setting is 'yes'.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>send_redirects</term><listitem><para>Determines whether
|
|
to send ICMP redirects to other hosts.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>Routing settings</term><listitem><para>The directory
|
|
/proc/sys/net/ipv4/route contains several file to control routing issues.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>error_burst and error_cost</term><listitem><para>These
|
|
parameters are used to limit the warning messages written to the kernel log
|
|
from the routing code. The higher the error_cost factor is, the fewer
|
|
messages will be written. Error_burst controls when messages will be
|
|
dropped. The default settings limit warning messages to one every five
|
|
seconds.</para></listitem></varlistentry> <varlistentry><term>flush</term><listitem><para>
|
|
Writing to this file results in a flush of the routing cache.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>gc_elastic, gc_interval, gc_min_interval, gc_tresh,
|
|
gc_timeout</term><listitem><para>Values to control the frequency and
|
|
behavior of the garbage collection algorithm for the routing cache.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>max_size</term><listitem><para>Maximum size of the
|
|
routing cache. Old entries will be purged once the cache reached has this
|
|
size.</para></listitem></varlistentry> <varlistentry><term>max_delay,
|
|
min_delay</term><listitem><para> Delays for flushing the routing cache.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>redirect_load, redirect_number</term><listitem><para>
|
|
Factors which determine if more ICPM redirects should be sent to a specific
|
|
host. No redirects will be sent once the load limit or the maximum number of
|
|
redirects has been reached.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>redirect_silence</term><listitem><para>Timeout for
|
|
redirects. After this period redirects will be sent again, even if this has
|
|
been stopped, because the load or number limit has been reached. </para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sys/net/ipv4/neigh</term><listitem><para>Network
|
|
Neighbor handling. It contains settings about how to handle connections with
|
|
direct neighbors (nodes attached to the same link). As we saw it in the conf
|
|
directory, there is a default subdirectory which holds the default values,
|
|
and one directory for each interface. The contents of the directories are
|
|
identical, with the single exception that the default settings contain
|
|
additional options to set garbage collection parameters.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>In the interface directories you'll find the following entries:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>base_reachable_time</term><listitem><para>A base value
|
|
used for computing the random reachable time value as specified in RFC2461.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>retrans_time</term><listitem><para>The time, expressed
|
|
in jiffies (1/100 sec), between retransmitted Neighbor Solicitation
|
|
messages. Used for address resolution and to determine if a neighbor is
|
|
unreachable.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>unres_qlen</term><listitem><para>
|
|
Maximum queue length for a pending arp request - the number of packets which
|
|
are accepted from other layers while the ARP address is still resolved.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>anycast_delay</term><listitem><para>Maximum for random
|
|
delay of answers to neighbor solicitation messages in jiffies (1/100 sec).
|
|
Not yet implemented (Linux does not have anycast support yet).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ucast_solicit</term><listitem><para>Maximum number of
|
|
retries for unicast solicitation.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>mcast_solicit</term><listitem><para>Maximum number of
|
|
retries for multicast solicitation.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>delay_first_probe_time</term><listitem><para>Delay for
|
|
the first time probe if the neighbor is reachable. (see gc_stale_time)</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>locktime</term><listitem><para>An ARP/neighbor entry is
|
|
only replaced with a new one if the old is at least locktime old. This
|
|
prevents ARP cache thrashing.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>proxy_delay</term><listitem><para>Maximum time (real
|
|
time is random [0..proxytime]) before answering to an ARP request for which
|
|
we have an proxy ARP entry. In some cases, this is used to prevent network
|
|
flooding.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>proxy_qlen</term><listitem><para>
|
|
Maximum queue length of the delayed proxy arp timer. (see proxy_delay).</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>app_solcit</term><listitem><para>Determines the number
|
|
of requests to send to the user level ARP daemon. Use 0 to turn off.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>gc_stale_time</term><listitem><para>Determines how
|
|
often to check for stale ARP entries. After an ARP entry is stale it will be
|
|
resolved again (which is useful when an IP address migrates to another
|
|
machine). When ucast_solicit is greater than 0 it first tries to send an ARP
|
|
packet directly to the known host When that fails and mcast_solicit is
|
|
greater than 0, an ARP request is broadcasted.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>APPLETALK</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>/proc/sys/net/appletalk</term><listitem><para>
|
|
Holds the Appletalk configuration data when Appletalk is loaded. The
|
|
configurable parameters are:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>aarp-expiry-time</term><listitem><para>
|
|
The amount of time we keep an ARP entry before expiring it. Used to age out
|
|
old hosts.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>aarp-resolve-time</term><listitem><para>
|
|
The amount of time we will spend trying to resolve an Appletalk address.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>aarp-retransmit-limit</term><listitem><para>
|
|
The number of times we will retransmit a query before giving up.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>aarp-tick-time</term><listitem><para>
|
|
Controls the rate at which expires are checked.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/appletalk</term><listitem><para>Holds the
|
|
list of active Appletalk sockets on a machine. The fields indicate the DDP
|
|
type, the local address (in network:node format) the remote address, the
|
|
size of the transmit pending queue, the size of the received queue (bytes
|
|
waiting for applications to read) the state and the uid owning the socket.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/atalk_iface</term><listitem><para>lists all
|
|
the interfaces configured for appletalk. It shows the name of the interface,
|
|
its Appletalk address, the network range on that address (or network number
|
|
for phase 1 networks), and the status of the interface.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/net/atalk_route</term><listitem><para>lists each
|
|
known network route. It lists the target (network) that the route leads to,
|
|
the router (may be directly connected), the route flags, and the device the
|
|
route is using.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term><emphasis>IPX</emphasis></term><listitem><para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem><para>The IPX protocol has no tunable values in proc/sys/net, it does,
|
|
however, provide proc/net/ipx. This lists each IPX socket giving the local
|
|
and remote addresses in Novell format (that is network:node:port). In
|
|
accordance with the strange Novell tradition, everything but the port is in
|
|
hex. Not_Connected is displayed for sockets that are not tied to a specific
|
|
remote address. The Tx and Rx queue sizes indicate the number of bytes
|
|
pending for transmission and reception. The state indicates the state the
|
|
socket is in and the uid is the owning uid of the socket.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ipx_interface</term><listitem><para>Lists all IPX interfaces. For each interface it gives the network number, the node number, and indicates if the network is the
|
|
primary network. It also indicates which device it is bound to (or Internal
|
|
for internal networks) and the Frame Type if appropriate. Linux supports
|
|
802.3, 802.2, 802.2 SNAP and DIX (Blue Book) ethernet framing for IPX.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>ipx_route</term><listitem><para>Table holding a list of IPX routes. For each route it gives
|
|
the destination network, the router node (or Directly) and the network
|
|
address of the router (or Connected) for internal networks.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/sysvipc</term><listitem><para>Info of SysVIPC
|
|
Resources (msg, sem, shm) (2.4)</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/tty</term><listitem><para>Information about the
|
|
available and actually used tty's can be found in the directory
|
|
/proc/tty. You'll find entries for drivers and line disciplines in this
|
|
directory.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/tty/drivers</term><listitem><para>
|
|
list of drivers and their usage.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/tty/ldiscs</term><listitem><para>registered line
|
|
disciplines.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/tty/driver/serial</term><listitem><para>
|
|
usage statistic and status of single tty lines.
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para>To see which tty's are currently in use, you can simply
|
|
look into the file /proc/tty/drivers:</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem>
|
|
<para> <screen>
|
|
# cat /proc/tty/drivers
|
|
serial /dev/cua 5 64-127 serial:callout
|
|
serial /dev/ttyS 4 64-127 serial
|
|
pty_slave /dev/pts 143 0-255 pty:slave
|
|
pty_master /dev/ptm 135 0-255 pty:master
|
|
pty_slave /dev/pts 142 0-255 pty:slave
|
|
pty_master /dev/ptm 134 0-255 pty:master
|
|
pty_slave /dev/pts 141 0-255 pty:slave
|
|
pty_master /dev/ptm 133 0-255 pty:master
|
|
pty_slave /dev/pts 140 0-255 pty:slave
|
|
pty_master /dev/ptm 132 0-255 pty:master
|
|
pty_slave /dev/pts 139 0-255 pty:slave
|
|
pty_master /dev/ptm 131 0-255 pty:master
|
|
pty_slave /dev/pts 138 0-255 pty:slave
|
|
pty_master /dev/ptm 130 0-255 pty:master
|
|
pty_slave /dev/pts 137 0-255 pty:slave
|
|
pty_master /dev/ptm 129 0-255 pty:master
|
|
pty_slave /dev/pts 136 0-255 pty:slave
|
|
pty_master /dev/ptm 128 0-255 pty:master
|
|
pty_slave /dev/ttyp 3 0-255 pty:slave
|
|
pty_master /dev/pty 2 0-255 pty:master
|
|
/dev/vc/0 /dev/vc/0 4 0 system:vtmaster
|
|
/dev/ptmx /dev/ptmx 5 2 system
|
|
/dev/console /dev/console 5 1 system:console
|
|
/dev/tty /dev/tty 5 0 system:/dev/tty
|
|
unknown /dev/vc/%d 4 1-63 console
|
|
</screen></para></listitem></varlistentry>
|
|
|
|
<varlistentry><term></term><listitem><para>Note that while the above files tend to be
|
|
easily readable text files, they can sometimes be formatted in a way that is
|
|
not easily digestible. There are many commands that do little more than read
|
|
the above files and format them for easier understanding. For example, the
|
|
free program reads /proc/meminfo and converts the amounts given in bytes to
|
|
kilobytes (and adds a little more information, as well). </para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/uptime</term><listitem><para>The time the system
|
|
has been up.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/version</term><listitem><para>
|
|
The kernel version.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>/proc/video</term><listitem><para>BTTV info of video
|
|
resources.</para></listitem></varlistentry>
|
|
|
|
</variablelist></para>
|
|
|
|
</sect1>
|