NOTE: CentOS Enterprise Linux 5 is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux 5 is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux 5.
Common groups of information concerning the kernel are grouped
into directories and subdirectories within the /proc/ directory.
3.3.1. Process Directories
Every /proc/ directory
contains a number of directories with numerical names. A
listing of them may be similar to the following:
dr-xr-xr-x 3 root root 0 Feb 13 01:28 1
dr-xr-xr-x 3 root root 0 Feb 13 01:28 1010
dr-xr-xr-x 3 xfs xfs 0 Feb 13 01:28 1087
dr-xr-xr-x 3 daemon daemon 0 Feb 13 01:28 1123
dr-xr-xr-x 3 root root 0 Feb 13 01:28 11307
dr-xr-xr-x 3 apache apache 0 Feb 13 01:28 13660
dr-xr-xr-x 3 rpc rpc 0 Feb 13 01:28 637
dr-xr-xr-x 3 rpcuser rpcuser 0 Feb 13 01:28 666
These directories are called process
directories, as they are named after a program's
process ID and contain information specific to that
process. The owner and group of each process directory is
set to the user running the process. When the process is
terminated, its /proc/
process directory vanishes.
Each process directory contains the following files:
cmdline
— Contains the command issued when starting the
process.
cwd
— A symbolic link to the current working directory
for the process.
environ
— A list of the environment variables for the
process. The environment variable is given in all
upper-case characters, and the value is in lower-case
characters.
exe
— A symbolic link to the executable of this
process.
fd
— A directory containing all of the file
descriptors for a particular process. These are given in
numbered links:
total 0
lrwx------ 1 root root 64 May 8 11:31 0 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 1 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 2 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 3 -> /dev/ptmx
lrwx------ 1 root root 64 May 8 11:31 4 -> socket:[7774817]
lrwx------ 1 root root 64 May 8 11:31 5 -> /dev/ptmx
lrwx------ 1 root root 64 May 8 11:31 6 -> socket:[7774829]
lrwx------ 1 root root 64 May 8 11:31 7 -> /dev/ptmx
maps
— A list of memory maps to the various executables
and library files associated with this process. This
file can be rather long, depending upon the complexity
of the process, but sample output from the sshd process begins like the
following:
The information in this output includes the process name
and ID, the state (such as S (sleeping) or
R
(running)), user/group ID running the
process, and detailed data regarding memory usage.
3.3.1.1. /proc/self/
The /proc/self/
directory is a link to the currently running process. This
allows a process to look at itself without having to know
its process ID.
Within a shell environment, a listing of the /proc/self/ directory produces
the same contents as listing the process directory for
that process.
3.3.2. /proc/bus/
This directory contains information specific to the various
buses available on the system. For example, on a standard
system containing PCI and USB buses, current data on each of
these buses is available within a subdirectory within
/proc/bus/ by the same
name, such as /proc/bus/pci/.
The subdirectories and files available within /proc/bus/ vary depending on the
devices connected to the system. However, each bus type has
at least one directory. Within these bus directories are
normally at least one subdirectory with a numerical name,
such as 001, which
contain binary files.
For example, the /proc/bus/usb/ subdirectory
contains files that track the various devices on any USB
buses, as well as the drivers required for them. The
following is a sample listing of a /proc/bus/usb/ directory:
total 0 dr-xr-xr-x 1 root root 0 May 3 16:25 001
-r--r--r-- 1 root root 0 May 3 16:25 devices
-r--r--r-- 1 root root 0 May 3 16:25 drivers
The /proc/bus/usb/001/
directory contains all devices on the first USB bus and the
devices file identifies
the USB root hub on the motherboard.
The following is a example of a /proc/bus/usb/devices file:
This directory contains information for specific drivers in
use by the kernel.
A common file found here is rtc which provides output from
the driver for the system's Real Time Clock
(RTC), the device that keeps the time while the
system is switched off. Sample output from /proc/driver/rtc looks like the
following:
rtc_time : 16:21:00
rtc_date : 2004-08-31
rtc_epoch : 1900
alarm : 21:16:27
DST_enable : no
BCD : yes
24hr : yes
square_wave : no
alarm_IRQ : no
update_IRQ : no
periodic_IRQ : no
periodic_freq : 1024
batt_status : okay
For more information about the RTC, refer to the following
installed documentation:
This directory shows which file systems are exported. If
running an NFS server, typing cat
/proc/fs/nfsd/exports displays the file systems
being shared and the permissions granted for those file
systems. For more on file system sharing with NFS, refer to
Chapter 18, Network File System (NFS).
3.3.5. /proc/ide/
This directory contains information about IDE devices on the
system. Each IDE channel is represented as a separate
directory, such as /proc/ide/ide0 and /proc/ide/ide1. In addition, a
drivers file is
available, providing the version number of the various
drivers used on the IDE channels:
ide-floppy version 0.99.
newide ide-cdrom version 4.61
ide-disk version 1.18
Many chipsets also provide a file in this directory with
additional data concerning the drives connected through the
channels. For example, a generic Intel PIIX4 Ultra 33
chipset produces the /proc/ide/piix file which reveals
whether DMA or UDMA is enabled for the devices on the IDE
channels:
Intel PIIX4 Ultra 33 Chipset.
------------- Primary Channel ---------------- Secondary Channel -------------
enabled enabled
------------- drive0 --------- drive1 -------- drive0 ---------- drive1 ------
DMA enabled: yes no yes no
UDMA enabled: yes no no no
UDMA enabled: 2 X X X
UDMA DMA PIO
Navigating into the directory for an IDE channel, such as
ide0, provides
additional information. The channel file provides the channel
number, while the model
identifies the bus type for the channel (such as
pci).
3.3.5.1. Device Directories
Within each IDE channel directory is a device
directory. The name of the device directory corresponds to
the drive letter in the /dev/ directory. For instance,
the first IDE drive on ide0 would be hda.
Note
There is a symbolic link to each of these device
directories in the /proc/ide/ directory.
Each device directory contains a collection of information
and statistics. The contents of these directories vary
according to the type of device connected. Some of the more
useful files common to many devices include:
cache — The
device cache.
capacity —
The capacity of the device, in 512 byte blocks.
driver — The
driver and version used to control the device.
geometry —
The physical and logical geometry of the device.
media — The
type of device, such as a disk.
model — The
model name or number of the device.
settings — A
collection of current device parameters. This file
usually contains quite a bit of useful, technical
information. A sample settings file for a standard
IDE hard disk looks similar to the following:
This directory is used to set IRQ to CPU affinity, which
allows the system to connect a particular IRQ to only one
CPU. Alternatively, it can exclude a CPU from handling any
IRQs.
Each IRQ has its own directory, allowing for the individual
configuration of each IRQ. The /proc/irq/prof_cpu_mask file is a
bitmask that contains the default values for the smp_affinity file in the IRQ
directory. The values in smp_affinity specify which CPUs
handle that particular IRQ.
For more information about the /proc/irq/ directory, refer to the
following installed documentation:
This directory provides a comprehensive look at various
networking parameters and statistics. Each directory and
virtual file within this directory describes aspects of the
system's network configuration. Below is a partial list of
the /proc/net/
directory:
arp — Lists
the kernel's ARP table. This file is particularly useful
for connecting a hardware address to an IP address on a
system.
atm/ directory
— The files within this directory contain
Asynchronous Transfer Mode (ATM)
settings and statistics. This directory is primarily used
with ATM networking and ADSL cards.
dev — Lists
the various network devices configured on the system,
complete with transmit and receive statistics. This file
displays the number of bytes each interface has sent and
received, the number of packets inbound and outbound, the
number of errors seen, the number of packets dropped, and
more.
dev_mcast —
Lists Layer2 multicast groups on which each device is
listening.
igmp — Lists
the IP multicast addresses which this system joined.
ip_conntrack —
Lists tracked network connections for machines that are
forwarding IP connections.
ip_tables_names
— Lists the types of iptables in use. This file is
only present if iptables is active on the
system and contains one or more of the following values:
filter, mangle, or nat.
ip_mr_cache —
Lists the multicast routing cache.
ip_mr_vif —
Lists multicast virtual interfaces.
netstat —
Contains a broad yet detailed collection of networking
statistics, including TCP timeouts, SYN cookies sent and
received, and much more.
psched — Lists
global packet scheduler parameters.
raw — Lists
raw device statistics.
route — Lists
the kernel's routing table.
rt_cache —
Contains the current routing cache.
snmp — List of
Simple Network Management Protocol (SNMP) data for
various networking protocols in use.
sockstat —
Provides socket statistics.
tcp — Contains
detailed TCP socket information.
tr_rif — Lists
the token ring RIF routing table.
udp — Contains
detailed UDP socket information.
unix — Lists
UNIX domain sockets currently in use.
wireless —
Lists wireless interface data.
3.3.8. /proc/scsi/
This directory is analogous to the /proc/ide/ directory, but it is
for connected SCSI devices.
The primary file in this directory is /proc/scsi/scsi, which contains a
list of every recognized SCSI device. From this listing, the
type of device, as well as the model name, vendor, SCSI
channel and ID data is available.
For example, if a system contains a SCSI CD-ROM, a tape
drive, a hard drive, and a RAID controller, this file looks
similar to the following:
Each SCSI driver used by the system has its own directory
within /proc/scsi/,
which contains files specific to each SCSI controller using
that driver. From the previous example, aic7xxx/ and megaraid/ directories are
present, since two drivers are in use. The files in each of
the directories typically contain an I/O address range, IRQ
information, and statistics for the SCSI controller using
that driver. Each controller can report a different type
and amount of information. The Adaptec AIC-7880 Ultra SCSI
host adapter's file in this example system produces the
following output:
Adaptec AIC7xxx driver version: 5.1.20/3.2.4
Compile Options:
TCQ Enabled By Default : Disabled
AIC7XXX_PROC_STATS : Enabled
AIC7XXX_RESET_DELAY : 5
Adapter Configuration:
SCSI Adapter: Adaptec AIC-7880 Ultra SCSI host adapter
Ultra Narrow Controller PCI MMAPed
I/O Base: 0xfcffe000
Adapter SEEPROM Config: SEEPROM found and used.
Adaptec SCSI BIOS: Enabled
IRQ: 30
SCBs: Active 0, Max Active 1, Allocated 15, HW 16, Page 255
Interrupts: 33726
BIOS Control Word: 0x18a6
Adapter Control Word: 0x1c5f
Extended Translation: Enabled
Disconnect Enable Flags: 0x00ff
Ultra Enable Flags: 0x0020
Tag Queue Enable Flags: 0x0000
Ordered Queue Tag Flags: 0x0000
Default Tag Queue Depth: 8
Tagged Queue By Device array for aic7xxx
host instance 1: {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}
Actual queue depth per device for aic7xxx host instance 1: {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}
Statistics:
(scsi1:0:5:0) Device using Narrow/Sync transfers at 20.0 MByte/sec, offset 15
Transinfo settings: current(12/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 0 (0 reads and 0 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 0 0 0 0 0
(scsi1:0:6:0) Device using Narrow/Sync transfers at 10.0 MByte/sec, offset 15
Transinfo settings: current(25/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 132 (0 reads and 132 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 1 131 0 0 0
This output reveals the transfer speed to the SCSI
devices connected to the controller based on channel ID,
as well as detailed statistics concerning the amount and
sizes of files read or written by that device. For
example, this controller is communicating with the
CD-ROM at 20 megabytes per second, while the tape drive
is only communicating at 10 megabytes per second.
3.3.9. /proc/sys/
The /proc/sys/
directory is different from others in /proc/ because it not only
provides information about the system but also allows
the system administrator to immediately enable and
disable kernel features.
Caution
Use caution when changing settings on a production
system using the various files in the /proc/sys/
directory. Changing the wrong setting may render the
kernel unstable, requiring a system reboot.
For this reason, be sure the options are valid for
that file before attempting to change any value in
/proc/sys/.
A good way to determine if a particular file can be
configured, or if it is only designed to provide
information, is to list it with the -l
option at the shell prompt. If the file is writable, it
may be used to configure the kernel. For example, a
partial listing of /proc/sys/fs looks like the
following:
-r--r--r-- 1 root root 0 May 10 16:14 dentry-state
-rw-r--r-- 1 root root 0 May 10 16:14 dir-notify-enable
-r--r--r-- 1 root root 0 May 10 16:14 dquot-nr
-rw-r--r-- 1 root root 0 May 10 16:14 file-max
-r--r--r-- 1 root root 0 May 10 16:14 file-nr
In this listing, the files dir-notify-enable and
file-max can be
written to and, therefore, can be used to configure the
kernel. The other files only provide feedback on current
settings.
Changing a value within a /proc/sys/ file is done by
echoing the new value into the file. For example, to
enable the System Request Key on a running kernel, type
the command:
echo 1 > /proc/sys/kernel/sysrq
This changes the value for sysrq from 0 (off) to
1 (on).
A few /proc/sys/
configuration files contain more than one value. To
correctly send new values to them, place a space
character between each value passed with the echo command, such as is done
in this example:
echo 4 2 45 > /proc/sys/kernel/acct
Note
Any configuration changes made using the echo command disappear when
the system is restarted. To make configuration changes
take effect after the system is rebooted, refer to
Section 3.4, “Using the sysctl Command”.
The /proc/sys/
directory contains several subdirectories controlling
different aspects of a running kernel.
3.3.9.1. /proc/sys/dev/
This directory provides parameters for particular
devices on the system. Most systems have at least two
directories, cdrom/ and raid/. Customized kernels
can have other directories, such as parport/, which provides
the ability to share one parallel port between
multiple device drivers.
The cdrom/
directory contains a file called info, which reveals a
number of important CD-ROM parameters:
CD-ROM information, Id: cdrom.c 3.20 2003/12/17
drive name: hdc
drive speed: 48
drive # of slots: 1
Can close tray: 1
Can open tray: 1
Can lock tray: 1
Can change speed: 1
Can select disk: 0
Can read multisession: 1
Can read MCN: 1
Reports media changed: 1
Can play audio: 1
Can write CD-R: 0
Can write CD-RW: 0
Can read DVD: 0
Can write DVD-R: 0
Can write DVD-RAM: 0
Can read MRW: 0
Can write MRW: 0
Can write RAM: 0
This file can be quickly scanned to discover the
qualities of an unknown CD-ROM. If multiple CD-ROMs
are available on a system, each device is given its
own column of information.
Various files in /proc/sys/dev/cdrom, such
as autoclose and
checkmedia, can
be used to control the system's CD-ROM. Use the
echo command to
enable or disable these features.
If RAID support is compiled into the kernel, a
/proc/sys/dev/raid/
directory becomes available with at least two files
in it: speed_limit_min and
speed_limit_max. These
settings determine the acceleration of RAID devices
for I/O intensive tasks, such as resyncing the disks.
3.3.9.2. /proc/sys/fs/
This directory contains an array of options and
information concerning various aspects of the file
system, including quota, file handle, inode, and
dentry information.
The binfmt_misc/
directory is used to provide kernel support for
miscellaneous binary formats.
The important files in /proc/sys/fs/ include:
dentry-state
— Provides the status of the directory
cache. The file looks similar to the following:
57411 52939 45 0 0 0
The first number reveals the total number of
directory cache entries, while the second number
displays the number of unused entries. The third
number tells the number of seconds between when a
directory has been freed and when it can be
reclaimed, and the fourth measures the pages
currently requested by the system. The last two
numbers are not used and display only zeros.
dquot-nr
— Lists the maximum number of cached disk
quota entries.
file-max
— Lists the maximum number of file handles
that the kernel allocates. Raising the value in
this file can resolve errors caused by a lack of
available file handles.
file-nr
— Lists the number of allocated file
handles, used file handles, and the maximum number
of file handles.
overflowgid
and overflowuid —
Defines the fixed group ID and user ID,
respectively, for use with file systems that only
support 16-bit group and user IDs.
super-max
— Controls the maximum number of superblocks
available.
super-nr
— Displays the current number of superblocks
in use.
3.3.9.3. /proc/sys/kernel/
This directory contains a variety of different
configuration files that directly affect the operation
of the kernel. Some of the most important files
include:
acct —
Controls the suspension of process accounting
based on the percentage of free space available on
the file system containing the log. By default,
the file looks like the following:
4 2 30
The first value dictates the percentage of free
space required for logging to resume, while the
second value sets the threshold percentage of free
space when logging is suspended. The third value
sets the interval, in seconds, that the kernel
polls the file system to see if logging should be
suspended or resumed.
cap-bound
— Controls the capability
bounding settings, which provides a
list of capabilities for any process on the
system. If a capability is not listed here, then
no process, no matter how privileged, can do
it. The idea is to make the system more secure by
ensuring that certain things cannot happen, at
least beyond a certain point in the boot process.
For a valid list of values for this virtual file,
refer to the following installed documentation:
ctrl-alt-del
— Controls whether Ctrl-Alt-Delete
gracefully restarts the computer using init (0) or forces an
immediate reboot without syncing the dirty buffers
to disk (1).
domainname
— Configures the system domain name, such as
example.com.
exec-shield
— Configures the Exec Shield feature of the
kernel. Exec Shield provides protection against
certain types of buffer overflow attacks.
There are two possible values for this virtual
file:
0 —
Disables Exec Shield.
1 —
Enables Exec Shield. This is the default
value.
Important
If a system is running security-sensitive
applications that were started while Exec Shield
was disabled, these applications must be
restarted when Exec Shield is enabled in order
for Exec Shield to take effect.
exec-shield-randomize
— Enables location randomization of various
items in memory. This helps deter potential
attackers from locating programs and daemons in
memory. Each time a program or daemon starts, it
is put into a different memory location each time,
never in a static or absolute memory address.
There are two possible values for this virtual
file:
0 —
Disables randomization of Exec Shield. This
may be useful for application debugging
purposes.
1 —
Enables randomization of Exec Shield. This is
the default value. Note: The exec-shield file
must also be set to 1 for exec-shield-randomize
to be effective.
hostname
— Configures the system hostname, such as
www.example.com.
hotplug
— Configures the utility to be used when a
configuration change is detected by the
system. This is primarily used with USB and
Cardbus PCI. The default value of /sbin/hotplug
should not be changed unless testing a new program
to fulfill this role.
modprobe
— Sets the location of the program used to
load kernel modules. The default value is
/sbin/modprobe
which means kmod calls it to load
the module when a kernel thread calls kmod.
msgmax
— Sets the maximum size of any message sent
from one process to another and is set to
8192 bytes by
default. Be careful when raising this value, as
queued messages between processes are stored in
non-swappable kernel memory. Any increase in
msgmax would
increase RAM requirements for the system.
msgmnb
— Sets the maximum number of bytes in a
single message queue. The default is
16384.
msgmni
— Sets the maximum number of message queue
identifiers. The default is 16.
osrelease
— Lists the Linux kernel release
number. This file can only be altered by changing
the kernel source and recompiling.
ostype
— Displays the type of operating system. By
default, this file is set to Linux, and this
value can only be changed by changing the kernel
source and recompiling.
overflowgid
and overflowuid —
Defines the fixed group ID and user ID,
respectively, for use with system calls on
architectures that only support 16-bit group and
user IDs.
panic —
Defines the number of seconds the kernel postpones
rebooting when the system experiences a kernel
panic. By default, the value is set to
0, which disables
automatic rebooting after a panic.
printk
— This file controls a variety of settings
related to printing or logging error
messages. Each error message reported by the
kernel has a loglevel
associated with it that defines the importance of
the message. The loglevel values break down in
this order:
0 —
Kernel emergency. The system is unusable.
1 —
Kernel alert. Action must be taken
immediately.
2 —
Condition of the kernel is considered
critical.
3 —
General kernel error condition.
4 —
General kernel warning condition.
5 —
Kernel notice of a normal but significant
condition.
6 —
Kernel informational message.
7 —
Kernel debug-level messages.
Four values are found in the printk file:
6 4 1 7
Each of these values defines a different rule for
dealing with error messages. The first value,
called the console
loglevel, defines the lowest priority
of messages printed to the console. (Note that,
the lower the priority, the higher the loglevel
number.) The second value sets the default
loglevel for messages without an explicit loglevel
attached to them. The third value sets the lowest
possible loglevel configuration for the console
loglevel. The last value sets the default value
for the console loglevel.
random/
directory — Lists a number of values related
to generating random numbers for the kernel.
rtsig-max
— Configures the maximum number of POSIX
real-time signals that the system may have queued
at any one time. The default value is
1024.
rtsig-nr
— Lists the current number of POSIX
real-time signals queued by the kernel.
sem —
Configures semaphore
settings within the kernel. A semaphore is a
System V IPC object that is used to control
utilization of a particular process.
shmall
— Sets the total amount of shared memory
that can be used at one time on the system, in
bytes. By default, this value is 2097152.
shmmax
— Sets the largest shared memory segment
size allowed by the kernel, in bytes. By default,
this value is 33554432. However,
the kernel supports much larger values than this.
shmmni
— Sets the maximum number of shared memory
segments for the whole system, in bytes. By
default, this value is 4096
sysrq —
Activates the System Request Key, if this value is
set to anything other than zero (0), the default.
The System Request Key allows immediate input to
the kernel through simple key combinations. For
example, the System Request Key can be used to
immediately shut down or restart a system, sync
all mounted file systems, or dump important
information to the console. To initiate a System
Request Key, type Alt-SysRq-<system request
code>
. Replace <system request
code> with one of the following
system request codes:
r —
Disables raw mode for the keyboard and sets it
to XLATE (a limited keyboard mode which does
not recognize modifiers such as Alt, Ctrl, or Shift for all keys).
k —
Kills all processes active in a virtual
console. Also called Secure Access
Key (SAK),
it is often used to verify that the login
prompt is spawned from init and not a
trojan copy designed to capture usernames and
passwords.
b —
Reboots the kernel without first unmounting
file systems or syncing disks attached to the
system.
c —
Crashes the system without first unmounting
file systems or syncing disks attached to the
system.
o —
Shuts off the system.
s —
Attempts to sync disks attached to the system.
u —
Attempts to unmount and remount all file
systems as read-only.
p —
Outputs all flags and registers to the
console.
t —
Outputs a list of processes to the console.
m
—
Outputs memory statistics to the console.
0 through
9 —
Sets the log level for the console.
e —
Kills all processes except init using SIGTERM.
i —
Kills all processes except init using SIGKILL.
l —
Kills all processes using SIGKILL (including
init). The
system is unusable after issuing this System
Request Key code.
h —
Displays help text.
This feature is most beneficial when using a
development kernel or when experiencing system
freezes.
Caution
The System Request Key feature is considered a
security risk because an unattended console
provides an attacker with access to the
system. For this reason, it is turned off by
default.
Refer to /usr/share/doc/kernel-doc-<version>/Documentation/sysrq.txt
for more information about the System Request Key.
sysrq-key
— Defines the key code for the System
Request Key (84 is the
default).
sysrq-sticky
— Defines whether the System Request Key is
a chorded key combination. The accepted values are
as follows:
0 —
Alt-SysRq
and the system request code must be pressed
simultaneously. This is the default value.
1 —
Alt-SysRq
must be pressed simultaneously, but the system
request code can be pressed anytime before the
number of seconds specified in /proc/sys/kernel/sysrq-timer
elapses.
sysrq-timer
— Specifies the number of seconds allowed to
pass before the system request code must be
pressed. The default value is 10.
tainted
— Indicates whether a non-GPL module is
loaded.
0 — No
non-GPL modules are loaded.
1 — At
least one module without a GPL license
(including modules with no license) is loaded.
2
—
At least one module was force-loaded with the
command insmod
-f.
threads-max
— Sets the maximum number of threads to be
used by the kernel, with a default value of
2048.
version
— Displays the date and time the kernel was
last compiled. The first field in this file, such
as #3, relates to
the number of times a kernel was built from the
source base.
3.3.9.4. /proc/sys/net/
This directory contains subdirectories concerning
various networking topics. Various configurations at
the time of kernel compilation make different
directories available here, such as ethernet/, ipv4/, ipx/, and ipv6/. By altering the
files within these directories, system administrators
are able to adjust the network configuration on a
running system.
Given the wide variety of possible networking options
available with Linux, only the most common /proc/sys/net/ directories
are discussed.
The /proc/sys/net/core/
directory contains a variety of settings that control
the interaction between the kernel and networking
layers. The most important of these files are:
message_burst
— Sets the amount of time in tenths of a
second required to write a new warning
message. This setting is used to mitigate
Denial of Service
(DoS) attacks. The default
setting is 50.
message_cost
— Sets a cost on every warning message. The
higher the value of this file (default of
5), the more
likely the warning message is ignored. This
setting is used to mitigate DoS attacks.
The idea of a DoS attack is to bombard the
targeted system with requests that generate errors
and fill up disk partitions with log files or
require all of the system's resources to handle
the error logging. The settings in message_burst and
message_cost
are designed to be modified based on the system's
acceptable risk versus the need for comprehensive
logging.
netdev_max_backlog
— Sets the maximum number of packets allowed
to queue when a particular interface receives
packets faster than the kernel can process
them. The default value for this file is
300.
optmem_max
— Configures the maximum ancillary buffer
size allowed per socket.
rmem_default
— Sets the receive socket buffer default
size in bytes.
rmem_max
— Sets the receive socket buffer maximum
size in bytes.
wmem_default
— Sets the send socket buffer default size
in bytes.
wmem_max
— Sets the send socket buffer maximum size
in bytes.
The /proc/sys/net/ipv4/
directory contains additional networking
settings. Many of these settings, used in conjunction
with one another, are useful in preventing attacks on
the system or when using the system to act as a
router.
Caution
An erroneous change to these files may affect remote
connectivity to the system.
The following is a list of some of the more important
files within the /proc/sys/net/ipv4/
directory:
icmp_destunreach_rate,
icmp_echoreply_rate,
icmp_paramprob_rate,
and icmp_timeexeed_rate
— Set the maximum ICMP send packet rate, in
1/100 of a second, to hosts under certain
conditions. A setting of 0 removes any
delay and is not a good idea.
icmp_echo_ignore_all
and icmp_echo_ignore_broadcasts
— Allows the kernel to ignore ICMP ECHO
packets from every host or only those originating
from broadcast and multicast addresses,
respectively. A value of 0 allows the
kernel to respond, while a value of
1
ignores the packets.
ip_default_ttl —
Sets the default Time To Live
(TTL), which limits the number of hops
a packet may make before reaching its
destination. Increasing this value can diminish
system performance.
ip_forward
— Permits interfaces on the system to
forward packets to one other. By default, this
file is set to 0. Setting this
file to 1 enables network
packet forwarding.
ip_local_port_range
— Specifies the range of ports to be used by
TCP or UDP when a local port is needed. The first
number is the lowest port to be used and the
second number specifies the highest port. Any
systems that expect to require more ports than the
default 1024 to 4999 should use a range from 32768
to 61000.
tcp_syn_retries —
Provides a limit on the number of times the system
re-transmits a SYN packet when attempting to make
a connection.
tcp_retries1
— Sets the number of permitted
re-transmissions attempting to answer an incoming
connection. Default of 3.
tcp_retries2
— Sets the number of permitted
re-transmissions of TCP packets. Default of
15.
contains a complete list of files and options
available in the /proc/sys/net/ipv4/
directory.
A number of other directories exist within the
/proc/sys/net/ipv4/
directory and each covers a different aspect of the
network stack. The /proc/sys/net/ipv4/conf/
directory allows each system interface to be
configured in different ways, including the use of
default settings for unconfigured devices (in the
/proc/sys/net/ipv4/conf/default/
subdirectory) and settings that override all special
configurations (in the /proc/sys/net/ipv4/conf/all/
subdirectory).
The /proc/sys/net/ipv4/neigh/
directory contains settings for communicating with a
host directly connected to the system (called a
network neighbor) and also contains different settings
for systems more than one hop away.
Routing over IPV4 also has its own directory,
/proc/sys/net/ipv4/route/. Unlike
conf/ and
neigh/, the
/proc/sys/net/ipv4/route/
directory contains specifications that apply to
routing with any interfaces on the system. Many of
these settings, such as max_size, max_delay, and min_delay, relate to
controlling the size of the routing cache. To clear
the routing cache, write any value to the flush file.
Additional information about these directories and the
possible values for their configuration files can be
found in:
This directory facilitates the configuration of the Linux
kernel's virtual memory (VM) subsystem. The kernel makes
extensive and intelligent use of virtual memory, which is
commonly referred to as swap space.
The following files are commonly found in the /proc/sys/vm/ directory:
block_dump —
Configures block I/O debugging when enabled. All
read/write and block dirtying operations done to files
are logged accordingly. This can be useful if
diagnosing disk spin up and spin downs for laptop
battery conservation. All output when block_dump is enabled can be
retrieved via dmesg. The default value is
0.
Tip
If block_dump is
enabled at the same time as kernel debugging, it is
prudent to stop the klogd daemon, as it generates
erroneous disk activity caused by block_dump.
dirty_background_ratio
— Starts background writeback of dirty data at
this percentage of total memory, via a pdflush
daemon. The default value is 10.
dirty_expire_centisecs
— Defines when dirty in-memory data is old enough
to be eligible for writeout. Data which has been dirty
in-memory for longer than this interval is written out
next time a pdflush daemon wakes up. The default value
is 3000, expressed
in hundredths of a second.
dirty_ratio
— Starts active writeback of dirty data at this
percentage of total memory for the generator of dirty
data, via pdflush. The default value is 40.
dirty_writeback_centisecs
— Defines the interval between pdflush daemon
wakeups, which periodically writes dirty in-memory data
out to disk. The default value is 500, expressed in hundredths
of a second.
laptop_mode
— Minimizes the number of times that a hard disk
needs to spin up by keeping the disk spun down for as
long as possible, therefore conserving battery power on
laptops. This increases efficiency by combining all
future I/O processes together, reducing the frequency
of spin ups. The default value is 0, but is
automatically enabled in case a battery on a laptop is
used.
This value is controlled automatically by the acpid
daemon once a user is notified battery power is
enabled. No user modifications or interactions are
necessary if the laptop supports the ACPI (Advanced
Configuration and Power Interface) specification.
For more information, refer to the following installed
documentation:
lower_zone_protection
— Determines how aggressive the kernel is in
defending lower memory allocation zones. This is
effective when utilized with machines configured with
highmem memory
space enabled. The default value is 0, no protection at
all. All other integer values are in megabytes, and
lowmem memory is
therefore protected from being allocated by users.
For more information, refer to the following installed
documentation:
max_map_count
— Configures the maximum number of memory map
areas a process may have. In most cases, the default
value of 65536 is appropriate.
min_free_kbytes
— Forces the Linux VM (virtual memory manager) to
keep a minimum number of kilobytes free. The VM uses
this number to compute a pages_min value for each
lowmem zone in the
system. The default value is in respect to the total
memory on the machine.
nr_hugepages
— Indicates the current number of configured
hugetlb pages in
the kernel.
For more information, refer to the following installed
documentation:
nr_pdflush_threads
—
Indicates the number of pdflush daemons that are
currently running. This file is read-only, and should
not be changed by the user. Under heavy I/O loads, the
default value of two is increased by the kernel.
overcommit_memory
— Configures the conditions under which a large
memory request is accepted or denied. The following
three modes are available:
0 — The
kernel performs heuristic memory over commit
handling by estimating the amount of memory
available and failing requests that are blatantly
invalid. Unfortunately, since memory is allocated
using a heuristic rather than a precise algorithm,
this setting can sometimes allow available memory
on the system to be overloaded. This is the default
setting.
1 — The
kernel performs no memory over commit
handling. Under this setting, the potential for
memory overload is increased, but so is performance
for memory intensive tasks (such as those executed
by some scientific software).
2 — The
kernel fails requests for memory that add up to all
of swap plus the percent of physical RAM specified
in /proc/sys/vm/overcommit_ratio. This
setting is best for those who desire less risk of
memory overcommitment.
Note
This setting is only recommended for systems with
swap areas larger than physical memory.
overcommit_ratio
— Specifies the percentage of physical RAM
considered when /proc/sys/vm/overcommit_memory
is set to 2. The
default value is 50.
page-cluster
— Sets the number of pages read in a single
attempt. The default value of 3, which actually
relates to 16 pages, is appropriate for most systems.
swappiness —
Determines how much a machine should swap. The higher
the value, the more swapping occurs. The default value,
as a percentage, is set to 60.
All kernel-based documentation can be found in the
following locally installed location:
/usr/share/doc/kernel-doc-<version>/Documentation/,
which contains additional information.
3.3.10. /proc/sysvipc/
This directory contains information about System V IPC
resources. The files in this directory relate to System V IPC
calls for messages (msg), semaphores (sem), and shared memory (shm).
3.3.11. /proc/tty/
This directory contains information about the available and
currently used tty devices on the
system. Originally called teletype
devices, any character-based data terminals are
called tty devices.
In Linux, there are three different kinds of tty
devices. Serial devices are used with
serial connections, such as over a modem or using a serial
cable. Virtual terminals create the
common console connection, such as the virtual consoles
available when pressing Alt-<F-key>
at the system console. Pseudo terminals
create a two-way communication that is used by some higher
level applications, such as XFree86. The drivers file is a list of the
current tty devices in use, as in the following example:
The /proc/tty/driver/serial file lists
the usage statistics and status of each of the serial tty
lines.
In order for tty devices to be used as network devices, the
Linux kernel enforces line discipline
on the device. This allows the driver to place a specific
type of header with every block of data transmitted over the
device, making it possible for the remote end of the
connection to a block of data as just one in a stream of data
blocks. SLIP and PPP are common line disciplines, and each
are commonly used to connect systems to one other over a
serial link.
Registered line disciplines are stored in the ldiscs file, and more detailed
information is available within the ldisc/ directory.