Every /proc/ directory contains a number of
directories with numerical names. A listing of them may be similar to
the following:
dr-xr-xr-x 3 root root 0 Feb 13 01:28 1
dr-xr-xr-x 3 root root 0 Feb 13 01:28 1010
dr-xr-xr-x 3 xfs xfs 0 Feb 13 01:28 1087
dr-xr-xr-x 3 daemon daemon 0 Feb 13 01:28 1123
dr-xr-xr-x 3 root root 0 Feb 13 01:28 11307
dr-xr-xr-x 3 apache apache 0 Feb 13 01:28 13660
dr-xr-xr-x 3 rpc rpc 0 Feb 13 01:28 637
dr-xr-xr-x 3 rpcuser rpcuser 0 Feb 13 01:28 666
These directories are called process
directories, as they are named after a program's process
ID and contain information specific to that process. The owner and
group of each process directory is set to the user running the
process. When the process is terminated, its
/proc/ process directory vanishes.
Each process directory contains the following files:
cmdline — Contains the
command issued when starting the process.
cwd — A symbolic link to the current
working directory for the process.
environ — A list of
the environment variables for the process. The environment
variable is given in all upper-case characters, and the value is in
lower-case characters.
exe — A symbolic link to the
executable of this process.
fd — A directory containing
all of the file descriptors for a particular process. These are
given in numbered links:
total 0
lrwx------ 1 root root 64 May 8 11:31 0 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 1 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 2 -> /dev/null
lrwx------ 1 root root 64 May 8 11:31 3 -> /dev/ptmx
lrwx------ 1 root root 64 May 8 11:31 4 -> socket:[7774817]
lrwx------ 1 root root 64 May 8 11:31 5 -> /dev/ptmx
lrwx------ 1 root root 64 May 8 11:31 6 -> socket:[7774829]
lrwx------ 1 root root 64 May 8 11:31 7 -> /dev/ptmx
maps — A list of memory maps
to the various executables and library files associated with this
process. This file can be rather long, depending upon the
complexity of the process, but sample output from the
sshd process begins like the following:
The information in this output includes the process name and ID,
the state (such as S (sleeping)
or R (running)), user/group ID
running the process, and detailed data regarding memory usage.
This directory contains information specific to the various buses
available on the system. For example, on a standard system
containing PCI and USB buses, current data on each of these buses is
available within a subdirectory within /proc/bus/ by
the same name, such as /proc/bus/pci/.
The subdirectories and files available within
/proc/bus/ vary depending on the devices
connected to the system. However, each bus type has at least one
directory. Within these bus directories are normally at least one
subdirectory with a numerical name, such as 001,
which contain binary files.
For example, the /proc/bus/usb/ subdirectory
contains files that track the various devices on any USB buses, as
well as the drivers required for them. The following is a sample
listing of a /proc/bus/usb/ directory:
total 0
dr-xr-xr-x 1 root root 0 May 3 16:25 001
-r--r--r-- 1 root root 0 May 3 16:25 devices
-r--r--r-- 1 root root 0 May 3 16:25 drivers
The /proc/bus/usb/001/ directory contains all
devices on the first USB bus and the devices file
identifies the USB root hub on the motherboard.
The following is a example of a
/proc/bus/usb/devices file:
This directory contains information for specific drivers in use by the
kernel.
A common file found here is rtc which provides
output from the driver for the system's Real Time Clock
(RTC), the device that keeps the time while the system is
switched off. Sample output from /proc/driver/rtc
looks like the following:
rtc_time : 16:21:00
rtc_date : 2004-08-31
rtc_epoch : 1900
alarm : 21:16:27
DST_enable : no
BCD : yes
24hr : yes
square_wave : no
alarm_IRQ : no
update_IRQ : no
periodic_IRQ : no
periodic_freq : 1024
batt_status : okay
For more information about the RTC, refer to the following installed
documentation:
This directory shows which file systems are exported. If running an
NFS server, typing cat /proc/fs/nfsd/exports
displays the file systems being shared and the permissions granted for
those file systems. For more on file system sharing with NFS, refer to
Chapter 9 Network File System (NFS).
This directory contains information about IDE devices on the system. Each
IDE channel is represented as a separate directory, such as
/proc/ide/ide0 and
/proc/ide/ide1. In addition, a
drivers file is available, providing the version
number of the various drivers used on the IDE channels:
ide-floppy version 0.99.newide
ide-cdrom version 4.61
ide-disk version 1.18
Many chipsets also provide a file in this directory with additional
data concerning the drives connected through the channels. For
example, a generic Intel PIIX4 Ultra 33 chipset produces the
/proc/ide/piix file which reveals whether DMA or
UDMA is enabled for the devices on the IDE channels:
Intel PIIX4 Ultra 33 Chipset.
------------- Primary Channel ---------------- Secondary Channel -------------
enabled enabled
------------- drive0 --------- drive1 -------- drive0 ---------- drive1 ------
DMA enabled: yes no yes no
UDMA enabled: yes no no no
UDMA enabled: 2 X X X
UDMA
DMA
PIO
Navigating into the directory for an IDE channel, such as
ide0, provides additional information. The
channel file provides the channel number, while
the model identifies the bus type for the channel
(such as pci).
Within each IDE channel directory is a device directory. The name
of the device directory corresponds to the drive letter in the
/dev/ directory. For instance, the first IDE drive on
ide0 would be hda.
Note
There is a symbolic link to each of these device
directories in the /proc/ide/ directory.
Each device directory contains a collection of information and
statistics. The contents of these directories vary according to the
type of device connected. Some of the more useful files common to
many devices include:
cache — The device cache.
capacity — The capacity of the
device, in 512 byte blocks.
driver — The driver and version used
to control the device.
geometry — The physical and logical
geometry of the device.
media — The type of device, such as a
disk.
model — The model name or number of
the device.
settings — A collection of current
device parameters. This file usually contains quite a bit
of useful, technical information. A sample
settings file for a standard IDE hard disk
looks similar to the following:
This directory is used to set IRQ to CPU affinity, which allows the
system to connect a particular IRQ to only one CPU. Alternatively, it
can exclude a CPU from handling any IRQs.
Each IRQ has its own directory, allowing for the individual
configuration of each IRQ. The
/proc/irq/prof_cpu_mask file is a bitmask that
contains the default values for the smp_affinity
file in the IRQ directory. The values in
smp_affinity specify which CPUs handle that
particular IRQ.
For more information about the /proc/irq/
directory, refer to the following installed documentation:
This directory provides a comprehensive look at various networking
parameters and statistics. Each directory and virtual file within this
directory describes aspects of the system's network
configuration. Below is a partial list of the
/proc/net/ directory:
arp — Lists the kernel's ARP
table. This file is particularly useful for connecting a hardware
address to an IP address on a system.
atm/ directory — The files within
this directory contain Asynchronous Transfer Mode
(ATM) settings and statistics. This directory is
primarily used with ATM networking and ADSL cards.
dev — Lists the various network
devices configured on the system, complete with transmit and
receive statistics. This file displays the number of bytes each
interface has sent and received, the number of packets inbound and
outbound, the number of errors seen, the number of packets
dropped, and more.
dev_mcast — Lists Layer2 multicast
groups on which each device is listening.
igmp — Lists the IP multicast
addresses which this system joined.
ip_conntrack — Lists tracked
network connections for machines that are forwarding IP
connections.
ip_tables_names — Lists the types
of iptables in use. This file is only present
if iptables is active on the system and
contains one or more of the following values:
filter, mangle, or
nat.
ip_mr_cache — Lists the multicast routing cache.
ip_mr_vif — Lists multicast virtual interfaces.
netstat — Contains a broad yet detailed
collection of networking statistics, including TCP timeouts, SYN
cookies sent and received, and much more.
psched — Lists global packet scheduler parameters.
raw — Lists raw device statistics.
route — Lists the kernel's routing
table.
rt_cache — Contains the current routing cache.
snmp — List of Simple Network Management
Protocol (SNMP) data for various networking protocols in use.
sockstat — Provides socket
statistics.
tcp — Contains detailed TCP socket information.
tr_rif — Lists the token ring RIF routing table.
udp — Contains detailed UDP socket information.
unix — Lists UNIX domain sockets
currently in use.
This directory is analogous to the /proc/ide/
directory, but it is for connected SCSI devices.
The primary file in this directory is
/proc/scsi/scsi, which contains a list of every
recognized SCSI device. From this listing, the type of device, as
well as the model name, vendor, SCSI channel and ID data is
available.
For example, if a system contains a SCSI CD-ROM, a tape drive, a hard
drive, and a RAID controller, this file looks similar to the
following:
Each SCSI driver used by the system has its own directory within
/proc/scsi/, which contains files specific to
each SCSI controller using that driver. From the previous example,
aic7xxx/ and megaraid/
directories are present, since two drivers are in use. The files in
each of the directories typically contain an I/O address range, IRQ
information, and statistics for the SCSI controller using that
driver. Each controller can report a different type and amount of
information. The Adaptec AIC-7880 Ultra SCSI host adapter's file in
this example system produces the following output:
Adaptec AIC7xxx driver version: 5.1.20/3.2.4
Compile Options:
TCQ Enabled By Default : Disabled
AIC7XXX_PROC_STATS : Enabled
AIC7XXX_RESET_DELAY : 5
Adapter Configuration:
SCSI Adapter: Adaptec AIC-7880 Ultra SCSI host adapter
Ultra Narrow Controller
PCI MMAPed I/O Base: 0xfcffe000
Adapter SEEPROM Config: SEEPROM found and used.
Adaptec SCSI BIOS: Enabled
IRQ: 30
SCBs: Active 0, Max Active 1,
Allocated 15, HW 16, Page 255
Interrupts: 33726
BIOS Control Word: 0x18a6
Adapter Control Word: 0x1c5f
Extended Translation: Enabled
Disconnect Enable Flags: 0x00ff
Ultra Enable Flags: 0x0020
Tag Queue Enable Flags: 0x0000
Ordered Queue Tag Flags: 0x0000
Default Tag Queue Depth: 8
Tagged Queue By Device array for aic7xxx host instance 1:
{255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}
Actual queue depth per device for aic7xxx host instance 1:
{1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}
Statistics:
(scsi1:0:5:0)
Device using Narrow/Sync transfers at 20.0 MByte/sec, offset 15
Transinfo settings: current(12/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 0 (0 reads and 0 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 0 0 0 0 0
(scsi1:0:6:0)
Device using Narrow/Sync transfers at 10.0 MByte/sec, offset 15
Transinfo settings: current(25/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 132 (0 reads and 132 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 1 131 0 0 0
This output reveals the transfer speed to the SCSI devices connected
to the controller based on channel ID, as well as detailed statistics
concerning the amount and sizes of files read or written by that
device. For example, this controller is communicating with the CD-ROM
at 20 megabytes per second, while the tape drive is only communicating
at 10 megabytes per second.
The /proc/sys/ directory is different from others
in /proc/ because it not only provides
information about the system but also allows the system administrator
to immediately enable and disable kernel features.
Caution
Use caution when changing settings on a production system
using the various files in the /proc/sys/
directory. Changing the wrong setting may render the kernel
unstable, requiring a system reboot.
For this reason, be sure the options are valid for that file before
attempting to change any value in /proc/sys/.
A good way to determine if a particular file can be configured, or if
it is only designed to provide information, is to list it with the
-l option at the shell prompt. If the file is
writable, it may be used to configure the kernel. For example, a
partial listing of /proc/sys/fs looks like the following:
-r--r--r-- 1 root root 0 May 10 16:14 dentry-state
-rw-r--r-- 1 root root 0 May 10 16:14 dir-notify-enable
-r--r--r-- 1 root root 0 May 10 16:14 dquot-nr
-rw-r--r-- 1 root root 0 May 10 16:14 file-max
-r--r--r-- 1 root root 0 May 10 16:14 file-nr
In this listing, the files dir-notify-enable and
file-max can be written to and, therefore, can be
used to configure the kernel. The other files only provide feedback on
current settings.
Changing a value within a /proc/sys/ file is done
by echoing the new value into the file. For example, to enable the
System Request Key on a running kernel, type the command:
echo 1 > /proc/sys/kernel/sysrq
This changes the value for sysrq from
0 (off) to
1 (on).
A few /proc/sys/ configuration files contain more
than one value. To correctly send new values to them, place a
space character between each value passed with the
echo command, such as is done in this example:
echo 4 2 45 > /proc/sys/kernel/acct
Note
Any configuration changes made using the echo
command disappear when the system is restarted. To make
configuration changes take effect after the system is rebooted,
refer to Section 5.4 Using the sysctl Command.
The /proc/sys/ directory contains several
subdirectories controlling different aspects of a running kernel.
This directory provides parameters for particular devices on the
system. Most systems have at least two directories,
cdrom/ and raid/. Customized
kernels can have other directories, such as
parport/, which provides the ability to share
one parallel port between multiple device drivers.
The cdrom/ directory contains a file called
info, which reveals a number of important
CD-ROM parameters:
CD-ROM information, Id: cdrom.c 3.20 2003/12/17
drive name: hdc
drive speed: 48
drive # of slots: 1
Can close tray: 1
Can open tray: 1
Can lock tray: 1
Can change speed: 1
Can select disk: 0
Can read multisession: 1
Can read MCN: 1
Reports media changed: 1
Can play audio: 1
Can write CD-R: 0
Can write CD-RW: 0
Can read DVD: 0
Can write DVD-R: 0
Can write DVD-RAM: 0
Can read MRW: 0
Can write MRW: 0
Can write RAM: 0
This file can be quickly scanned to discover the qualities of an
unknown CD-ROM. If multiple
CD-ROMs are available on a system, each device is given its own
column of information.
Various files in /proc/sys/dev/cdrom, such as
autoclose and checkmedia,
can be used to control the system's CD-ROM. Use the
echo command to enable or disable these features.
If RAID support is compiled into the kernel, a
/proc/sys/dev/raid/ directory becomes available with
at least two files in it: speed_limit_min and
speed_limit_max. These settings determine the
acceleration of RAID devices for I/O intensive tasks, such as
resyncing the disks.
This directory contains an array of options and information
concerning various aspects of the file system, including quota, file
handle, inode, and dentry information.
The binfmt_misc/ directory is used to
provide kernel support for miscellaneous binary formats.
The important files in /proc/sys/fs/ include:
dentry-state — Provides the status of the
directory cache. The file looks similar to the following:
57411 52939 45 0 0 0
The first number reveals the total number of directory cache
entries, while the second number displays the number of unused
entries. The third number tells the number of seconds between
when a directory has been freed and when it can be reclaimed,
and the fourth measures the pages currently requested by the
system. The last two numbers are not used and display only
zeros.
dquot-nr — Lists the maximum number
of cached disk quota entries.
file-max — Lists the maximum
number of file handles that the kernel allocates. Raising
the value in this file can resolve errors caused by a lack of
available file handles.
file-nr — Lists the number of
allocated file handles, used file handles, and the maximum
number of file handles.
overflowgid and
overflowuid — Defines the fixed group
ID and user ID, respectively, for use with file systems that only
support 16-bit group and user IDs.
super-max — Controls the maximum
number of superblocks available.
super-nr — Displays the current
number of superblocks in use.
This directory contains a variety of different configuration files
that directly affect the operation of the kernel. Some of the most important
files include:
acct — Controls the suspension of
process accounting based on the percentage of free space
available on the file system containing the log. By default, the
file looks like the following:
4 2 30
The first value dictates the percentage of free space
required for logging to resume, while the second value sets the
threshold percentage of free space when logging is
suspended. The third value sets the interval, in seconds, that
the kernel polls the file system to see if logging should be
suspended or resumed.
cap-bound — Controls the
capability bounding settings, which
provides a list of capabilities for any process on the system. If
a capability is not listed here, then no process, no matter how
privileged, can do it. The idea is to make the system
more secure by ensuring that certain things cannot happen, at
least beyond a certain point in the boot process.
For a valid list of values for this virtual file, refer
to the following installed documentation:
ctrl-alt-del — Controls whether
[Ctrl]-[Alt]-[Delete]
gracefully restarts the computer using
init (0) or
forces an immediate reboot without syncing the dirty buffers to
disk (1).
domainname — Configures
the system domain name, such as example.com.
exec-shield — Configures
the Exec Shield feature of the kernel. Exec Shield provides
protection against certain types of buffer overflow attacks.
There are two possible values for this virtual file:
0 — Disables Exec Shield.
1 — Enables Exec Shield. This
is the default value.
Important
If a system is running security-sensitive applications
that were started while Exec Shield was disabled, these
applications must be restarted when Exec Shield is enabled
in order for Exec Shield to take effect.
exec-shield-randomize — Enables
location randomization of various items in memory. This helps
deter potential attackers from locating programs and daemons in
memory. Each time a program or daemon starts, it is put into a
different memory location each time, never in a static or
absolute memory address.
There are two possible values for this virtual file:
0 — Disables randomization of
Exec Shield. This may be useful for application debugging
purposes.
1 — Enables randomization of
Exec Shield. This is the default value. Note: The
exec-shield file must also be set to
1 for
exec-shield-randomize to be effective.
hostname — Configures the system
hostname, such as
www.example.com.
hotplug — Configures the utility
to be used when a configuration change is detected by the
system. This is primarily used with USB and Cardbus PCI. The
default value of /sbin/hotplug
should not be changed unless testing a new program to fulfill
this role.
modprobe — Sets the location of
the program used to load kernel modules. The default value is
/sbin/modprobe which means
kmod calls it to load the module when a
kernel thread calls kmod.
msgmax — Sets the maximum size of
any message sent from one process to another and is set to
8192 bytes by default. Be
careful when raising this value, as queued messages between
processes are stored in non-swappable kernel memory. Any
increase in msgmax would increase RAM
requirements for the system.
msgmnb — Sets the maximum number
of bytes in a single message queue. The default is
16384.
msgmni — Sets the maximum number
of message queue identifiers. The default is
16.
osrelease — Lists the Linux kernel
release number. This file can only be altered by changing the
kernel source and recompiling.
ostype — Displays the type of
operating system. By default, this file is set to
Linux, and this value can only
be changed by changing the kernel source and recompiling.
overflowgid and
overflowuid — Defines the fixed group
ID and user ID, respectively, for use with system calls on
architectures that only support 16-bit group and user IDs.
panic — Defines the number of
seconds the kernel postpones rebooting when the system
experiences a kernel panic. By default, the value is set to
0, which disables automatic
rebooting after a panic.
printk — This file controls a variety
of settings related to printing or logging error messages. Each
error message reported by the kernel has a
loglevel associated with it that defines
the importance of the message. The loglevel values break down in
this order:
0 — Kernel
emergency. The system is unusable.
1 — Kernel
alert. Action must be taken immediately.
2 — Condition of the
kernel is considered critical.
3 — General kernel
error condition.
4 — General kernel
warning condition.
5 — Kernel
notice of a normal but significant condition.
6 — Kernel
informational message.
7 — Kernel
debug-level messages.
Four values are found in the printk file:
6 4 1 7
Each of these values defines a different rule for dealing with
error messages. The first value, called the console
loglevel, defines the lowest priority of messages
printed to the console. (Note that, the lower the priority, the
higher the loglevel number.) The second value sets the default
loglevel for messages without an explicit loglevel attached to
them. The third value sets the lowest possible loglevel
configuration for the console loglevel. The last value sets the
default value for the console loglevel.
random/ directory —
Lists a number of values related to generating random numbers
for the kernel.
rtsig-max — Configures the maximum
number of POSIX real-time signals that the system may have queued
at any one time. The default value is
1024.
rtsig-nr — Lists the current
number of POSIX real-time signals queued by the kernel.
sem — Configures
semaphore settings within the kernel. A
semaphore is a System V IPC object that is used to control
utilization of a particular process.
shmall — Sets the total amount of
shared memory that can be used at one time on the system, in
bytes. By default, this value is
2097152.
shmmax — Sets the largest shared
memory segment size allowed by the kernel, in bytes. By default,
this value is
33554432. However, the kernel
supports much larger values than this.
shmmni — Sets the maximum number of
shared memory segments for the whole system, in bytes. By default, this
value is 4096
sysrq — Activates the System
Request Key, if this value is set to anything other than zero
(0), the default.
The System Request Key allows immediate input to the kernel
through simple key combinations. For example, the System Request
Key can be used to immediately shut down or restart a system,
sync all mounted file systems, or dump important information to
the console. To initiate a System Request Key, type [Alt]-[SysRq]-[<system
request code>]. Replace
<system request code> with one
of the following system request codes:
r — Disables raw mode for the
keyboard and sets it to XLATE (a limited keyboard mode
which does not recognize modifiers such as
[Alt], [Ctrl], or
[Shift] for all keys).
k — Kills all processes active
in a virtual console. Also called Secure
Access Key (SAK), it is
often used to verify that the login prompt is spawned from
init and not a trojan copy designed to
capture usernames and passwords.
b — Reboots the kernel without
first unmounting file systems or syncing disks attached to
the system.
c — Crashes the system without
first unmounting file systems or syncing disks attached to
the system.
o — Shuts off the system.
s — Attempts to sync disks
attached to the system.
u — Attempts to unmount and
remount all file systems as read-only.
p — Outputs all flags and
registers to the console.
t — Outputs a list of processes
to the console.
m — Outputs memory statistics
to the console.
0 through 9
— Sets the log level for the console.
e — Kills all processes except
init using SIGTERM.
i — Kills all processes except
init using SIGKILL.
l — Kills all processes using
SIGKILL (including init). The
system is unusable after issuing this System Request Key
code.
h — Displays help text.
This feature is most beneficial when using a development kernel
or when experiencing system freezes.
Caution
The System Request Key feature is considered a security risk
because an unattended console provides an attacker with
access to the system. For this reason, it is turned off by
default.
Refer to
/usr/share/doc/kernel-doc-<version>/Documentation/sysrq.txt
for more information about the System Request Key.
sysrq-key — Defines the key code
for the System Request Key (84
is the default).
sysrq-sticky — Defines whether
the System Request Key is a chorded key combination. The
accepted values are as follows:
0 — [Alt]-[SysRq] and
the system request code must be pressed
simultaneously. This is the default value.
1 — [Alt]-[SysRq] must
be pressed simultaneously, but the system request code can
be pressed anytime before the number of seconds specified
in /proc/sys/kernel/sysrq-timer elapses.
sysrq-timer — Specifies the
number of seconds allowed to pass before the system request code
must be pressed. The default value is 10.
tainted — Indicates whether a
non-GPL module is loaded.
0 — No non-GPL
modules are loaded.
1 — At least one
module without a GPL license (including modules with no
license) is loaded.
2 — At least one
module was force-loaded with the command insmod
-f.
threads-max — Sets the maximum number
of threads to be used by the kernel, with a default value of
2048.
version — Displays the date and time
the kernel was last compiled. The first field in this file, such
as #3, relates to the number of
times a kernel was built from the source base.
This directory contains subdirectories concerning various networking
topics. Various configurations at the time of kernel compilation
make different directories available here, such as
appletalk/, ethernet/,
ipv4/, ipx/, and
ipv6/. By altering the files within these
directories, system administrators are able to adjust the network
configuration on a running system.
Given the wide variety of possible networking options available with
Linux, only the most common /proc/sys/net/
directories are discussed.
The /proc/sys/net/core/ directory contains a variety of
settings that control the interaction between the kernel and
networking layers. The most important of these files are:
message_burst — Sets the amount
of time in tenths of a second required to write a new warning
message. This setting is used to mitigate Denial of
Service (DoS) attacks. The
default setting is 50.
message_cost — Sets a cost on
every warning message. The higher the value of this file
(default of 5), the more likely
the warning message is ignored. This setting is used to mitigate
DoS attacks.
The idea of a DoS attack is to bombard the targeted system with
requests that generate errors and fill up disk partitions with
log files or require all of the system's resources to handle
the error logging. The settings in
message_burst and
message_cost are designed to be modified
based on the system's acceptable risk versus the need for
comprehensive logging.
netdev_max_backlog — Sets the maximum
number of packets allowed to queue when a particular interface
receives packets faster than the kernel can process them. The
default value for this file is 300.
optmem_max — Configures the maximum
ancillary buffer size allowed per socket.
rmem_default — Sets the receive
socket buffer default size in bytes.
rmem_max — Sets the receive socket
buffer maximum size in bytes.
wmem_default — Sets the send socket
buffer default size in bytes.
wmem_max — Sets the send socket
buffer maximum size in bytes.
The /proc/sys/net/ipv4/ directory contains
additional networking settings. Many of these settings, used in
conjunction with one another, are useful in preventing attacks on
the system or when using the system to act as a router.
Caution
An erroneous change to these files may affect remote connectivity
to the system.
The following is a list of some of the more important files within
the /proc/sys/net/ipv4/ directory:
icmp_destunreach_rate,
icmp_echoreply_rate,
icmp_paramprob_rate, and
icmp_timeexeed_rate — Set the maximum
ICMP send packet rate, in 1/100 of a second, to hosts under
certain conditions. A setting of
0 removes any delay and is not
a good idea.
icmp_echo_ignore_all and
icmp_echo_ignore_broadcasts — Allows
the kernel to ignore ICMP ECHO packets from every host or only
those originating from broadcast and multicast addresses,
respectively. A value of 0
allows the kernel to respond, while a value of
1 ignores the packets.
ip_default_ttl — Sets the default
Time To Live (TTL), which limits the
number of hops a packet may make before reaching its
destination. Increasing this value can diminish system
performance.
ip_forward — Permits interfaces
on the system to forward packets to one other. By default, this
file is set to 0. Setting this
file to 1 enables network
packet forwarding.
ip_local_port_range — Specifies
the range of ports to be used by TCP or UDP when a local port is
needed. The first number is the lowest port to be used and the
second number specifies the highest port. Any systems that
expect to require more ports than the default 1024 to 4999
should use a range from 32768 to 61000.
tcp_syn_retries — Provides a limit on
the number of times the system re-transmits a SYN packet
when attempting to make a connection.
tcp_retries1 — Sets the number of
permitted re-transmissions attempting to answer an incoming
connection. Default of 3.
tcp_retries2 — Sets the number of
permitted re-transmissions of TCP packets. Default of
15.
file contains a complete list of files and options available in the
/proc/sys/net/ipv4/ directory.
A number of other directories exist within the
/proc/sys/net/ipv4/ directory and each covers a
different aspect of the network stack. The
/proc/sys/net/ipv4/conf/ directory allows each
system interface to be configured in different ways, including the
use of default settings for unconfigured devices (in the
/proc/sys/net/ipv4/conf/default/ subdirectory)
and settings that override all special configurations (in the
/proc/sys/net/ipv4/conf/all/ subdirectory).
The /proc/sys/net/ipv4/neigh/ directory
contains settings for communicating with a host directly connected
to the system (called a network neighbor) and also contains
different settings for systems more than one hop away.
Routing over IPV4 also has its own directory,
/proc/sys/net/ipv4/route/. Unlike
conf/ and neigh/, the
/proc/sys/net/ipv4/route/ directory contains
specifications that apply to routing with any interfaces on the
system. Many of these settings, such as
max_size, max_delay, and
min_delay, relate to controlling the size of
the routing cache. To clear the routing cache, write any value to
the flush file.
Additional information about these directories and the possible
values for their configuration files can be found in:
This directory facilitates the configuration of the Linux kernel's
virtual memory (VM) subsystem. The kernel makes extensive and
intelligent use of virtual memory, which is commonly referred to as
swap space.
The following files are commonly found in the
/proc/sys/vm/ directory:
block_dump — Configures block I/O
debugging when enabled. All read/write and block dirtying
operations done to files are logged accordingly. This can be
useful if diagnosing disk spin up and spin downs for laptop
battery conservation. All output when
block_dump is enabled can be retrieved via
dmesg. The default value is
0.
Tip
If block_dump is enabled at the same time
as kernel debugging, it is prudent to stop the
klogd daemon, as it generates erroneous
disk activity caused by block_dump.
dirty_background_ratio — Starts
background writeback of dirty data at this percentage of total
memory, via a pdflush daemon. The default value is
10.
dirty_expire_centisecs — Defines
when dirty in-memory data is old enough to be eligible for
writeout. Data which has been dirty in-memory for longer than
this interval is written out next time a pdflush daemon
wakes up. The default value is 3000,
expressed in hundredths of a second.
dirty_ratio — Starts active
writeback of dirty data at this percentage of total memory for
the generator of dirty data, via pdflush. The default value is
40.
dirty_writeback_centisecs —
Defines the interval between pdflush daemon wakeups, which
periodically writes dirty in-memory data out to disk. The
default value is 500, expressed in hundredths
of a second.
laptop_mode — Minimizes the
number of times that a hard disk needs to spin up by keeping the
disk spun down for as long as possible, therefore conserving
battery power on laptops. This increases efficiency by combining
all future I/O processes together, reducing the frequency of
spin ups. The default value is 0, but is
automatically enabled in case a battery on a laptop is used.
This value is controlled automatically by the acpid daemon once
a user is notified battery power is enabled. No user
modifications or interactions are necessary if the laptop
supports the ACPI (Advanced Configuration and Power Interface)
specification.
For more information, refer to the following installed
documentation:
lower_zone_protection —
Determines how aggressive the kernel is in defending lower
memory allocation zones. This is effective when utilized with
machines configured with highmem memory
space enabled. The default value is
0, no protection at all. All
other integer values are in megabytes, and
lowmem memory is therefore protected
from being allocated by users.
For more information, refer to the following installed
documentation:
max_map_count — Configures the
maximum number of memory map areas a process may have. In most
cases, the default value of
65536 is appropriate.
min_free_kbytes — Forces the
Linux VM (virtual memory manager) to keep a minimum number of
kilobytes free. The VM uses this number to compute a
pages_min value for each
lowmem zone in the system. The default
value is in respect to the total memory on the machine.
nr_hugepages — Indicates the
current number of configured hugetlb pages in
the kernel.
For more information, refer to the following installed
documentation:
nr_pdflush_threads — Indicates
the number of pdflush daemons that are currently running. This
file is read-only, and should not be changed by the user. Under
heavy I/O loads, the default value of two is increased by the
kernel.
overcommit_memory — Configures
the conditions under which a large memory request is accepted or
denied. The following three modes are available:
0 — The kernel performs
heuristic memory over commit handling by estimating the
amount of memory available and failing requests that are
blatantly invalid. Unfortunately, since memory is allocated
using a heuristic rather than a precise algorithm, this
setting can sometimes allow available memory on the system
to be overloaded. This is the default setting.
1 — The kernel performs no
memory over commit handling. Under this setting, the
potential for memory overload is increased, but so is
performance for memory intensive tasks (such as those
executed by some scientific software).
2 — The kernel fails requests
for memory that add up to all of swap plus the percent of
physical RAM specified in
/proc/sys/vm/overcommit_ratio. This
setting is best for those who desire less risk of memory
overcommitment.
Note
This setting is only recommended for systems with
swap areas larger than physical memory.
overcommit_ratio — Specifies the
percentage of physical RAM considered when
/proc/sys/vm/overcommit_memory is set to
2. The default value is
50.
page-cluster — Sets the number of
pages read in a single attempt. The default value of
3, which actually relates to 16
pages, is appropriate for most systems.
swappiness — Determines how much
a machine should swap. The higher the value, the more swapping
occurs. The default value, as a percentage, is set to
60.
All kernel-based documentation can be found in the following
locally installed location:
/usr/share/doc/kernel-doc-<version>/Documentation/,
which contains additional information.
This directory contains information about System V IPC resources. The files
in this directory relate to System V IPC calls for messages
(msg), semaphores (sem), and
shared memory (shm).
This directory contains information about the available and currently
used tty devices on the system. Originally
called teletype devices, any character-based
data terminals are called tty devices.
In Linux, there are three different kinds of tty
devices. Serial devices are used with serial
connections, such as over a modem or using a serial
cable. Virtual terminals create the common
console connection, such as the virtual consoles available when
pressing [Alt]-[<F-key>] at the system console. Pseudo
terminals create a two-way communication that is used by
some higher level applications, such as
XFree86. The drivers file
is a list of the current tty devices in use, as in the following example:
The /proc/tty/driver/serial file lists the usage
statistics and status of each of the serial tty lines.
In order for tty devices to be used as network devices, the Linux
kernel enforces line discipline on the
device. This allows the driver to place a specific type of header with
every block of data transmitted over the device, making it possible
for the remote end of the connection to a block of data as just one in
a stream of data blocks. SLIP and PPP are common line disciplines, and
each are commonly used to connect systems to one other over a serial
link.
Registered line disciplines are stored in the
ldiscs file, and more detailed information is available
within the ldisc/ directory.
