B.3 Information in the proc Directory

Previous page
Table of content
Next page
   

B.3 Information in the /proc Directory

As was mentioned earlier, the files in the /proc directory serve to make current information about certain system components available to the user. They are regenerated upon each read access.

The /proc directory and its subdirectories include a large number of files that reflect the current system state. The meaning of each of these files should be known. Some information about the meaning of file contents and their partially cryptic syntax are in the Documentation directory in the kernel source text.

B.3.1 Entries in the /proc Directory

Initially, a separate subdirectory is created in the /proc directory for each process, named by the process ID. Each such subdirectory includes process-specific information. However, they are of minor interest for the Linux network architecture, so we will not discuss them any further here. Within the scope of this book, we are mainly interested in the /proc/net and /proc/sys/net directories, which contain information about and parameters of protocol instances and network devices, some of which can even be configured.

The /proc directory itself holds the following files of general interest:

  • meminfo shows information about free and occupied memory in the system.

  • kmsg: During reading of this file, the buffer with the last kernel messages is output and emptied. These messages are normally read by the klogd daemon and further processed by the syslogd daemon. (See Section B.1.2.)

  • kcore returns a copy of the kernel. The file size corresponds to the size of the kernel in main memory, including the page size. This allows you to debug the kernel at runtime:

    root@tux # gdb /usr/src/linux/vmlinux /proc/kcore

Section B.4 includes more detailed information.

  • modules shows information about the modules currently loaded and their dependencies. The contents correspond to the output of lsmod.

  • devices holds information about registered device drivers and their major numbers. The file distinguishes between character-oriented and block-oriented drivers. As was described in Chapter 5, network drivers represent a separate class of drivers; therefore, they are not listed in /proc/devices.

  • interrupts lists all instances (character-oriented, block-oriented, and network devices) that occupy interrupts. Specifically, the interrupt number, the total number of interrupts (per processor), and the device name are listed. A look in this file often helps when controlling to see whether a device's driver works. You can see this by the presence of a device and by an increasing number of interrupts. Linux supports more than one device's using the same interrupt. In this case, only the actual number of the corresponding interrupts is shown; they are not itemized by device.

  • ksyms shows the symbols exported by the kernel and their memory addresses in the kernel. This table is important for supporting kernel modules. (See Section 2.4.)

  • dma and ioports show the occupied DMA channels and I/O ports, plus the instances that reserved them.

  • slabinfo: This file holds information about the memory caches used in the kernel. (See Section 2.6.2.) Of interest for the network part are mainly skb_head_cache and the caches for the TCP transport protocol. To display information about a cache, you have to write a corresponding entry in the file mm/slab.c.

Entries in the /proc/net Directory

The entries in the /proc/net directory are listed below. Some of these entries are visible only provided that the appropriate functionality was embedded in the kernel (e.g., IP Chains). In addition, there is a separate version for the new Internet Protocol Version 6 for many entries that refer to the Internet Protocol Version 4. These entries can be identified by the 6 at the end, e.g., raw6 or igmp6.

  • arp outputs the content of the kernel ARP table. (See Chapter 15.)

  • dev shows all registered network devices and their statistical data.

  • dev_mcast lists those layer-2 multicast groups to which a network device listens (index, device name, number of references, number of bound addresses).

  • igmp lists those IP multicast groups to which the computer is subscribed. (See Chapter 17.)

  • ip_fwchains contains rules for IP Chains. (See Chapter 19.)

  • ip_fwnames holds firewall lists.

  • ip_masq holds the masquerading tables.

  • ip_masquerade holds the main masquerading table.

  • ip_mr_vifs lists the virtual network devices for multicast (VIF).

  • ip_mr_cache holds the multicast routing cache. (See Chapter 17.)

  • netstat shows detailed network statistics (for SNMP purposes).

  • raw shows statistics for Raw sockets.

  • route shows the kernel routing table.

  • rpc is the directory with RPC information.

  • rt_cache holds routing cache information. (See Chapter 16.)

  • snmp holds the Management Information Base (MIB) data for SNMP.

  • sockstat holds socket statistics.

  • tcp holds information about TCP sockets.

  • tr_rif shows the token ring RIF routing table.

  • udp holds information about UDP sockets.

  • unix holds information about UNIX domain sockets.

  • wireless shows information about wireless LANs (e.g., IEEE 802.11).

  • psched holds parameters for the packet scheduler.

  • netlink is a list of PF_NETLINK sockets.

Entries in the /proc/sys/net/core Directory

  • rmem_default: Default value for the memory space used for incoming socket buffers (in bytes).

  • rmem_max: Maximum size for incoming socket buffers (in bytes).

  • wmem_max: Maximum size for outgoing socket buffers (in bytes).

  • message_burst: Parameters limiting the number of warning or log messages created by the network implementation (number of messages per second). This is necessary to limit the consequences of denial-of-service attacks.

Entries in /proc/sys/net/ipv4/

This directory holds the most important information and configuration options for the TCP/IP protocols. Most of these entries work as switches. Specifically, if a 1 is written to the file, then a specific functionality is enabled; if a 0 is written to the file, this functionality is disabled.

  • icmp_echo_ignore_all or icmp_echo_ignore_broadcasts, respectively, suppresses a reply to all echo requests directed to the host or to multicast/broadcast addresses.

  • icmp_ ... can be used to specify, for various ICMP message types, how often at most an ICMP packet may be sent. This value is stated in packets per second.

  • ip_autoconfig shows whether the computer should be configured automatically (e.g., by RARP, BOOTP, DHCP, or similar mechanisms).

  • ip_dynaddr specifies whether IP addresses may be dynamically allocated.

  • ip_forward enables or disables packet forwarding: 1 means that packets will be forwarded and that the computer behaves like a router; 0 means that the computer behaves like a host. "Toggling" this switch sets the default parameters as specified in RFC 1122 (for hosts) and RFC 1812 (for routers).

  • ip_default_ttl holds the default value for the Time-To-Live (TTL) field in the IP packet header. This parameter normally is initialized to 64.

  • ip_mask_debug enables or disables debugging messages in masquerading.

  • ip_no_pmtu_disc disables the path MTU discovery mechanism.

  • ipfrag_high_thresh specifies the maximum memory used for IP packet defragmenting. If this threshold value is exceeded, then the kernel starts dropping fragments until the bottom threshold value, ipfrag_low_thresh, is reached. (See Chapter 14.)

  • ipfrag_low_thresh see ipfrag_high_thresh.

  • ipfrag_time is the interval (in seconds) an IP fragment is held in memory. If the rest of the fragmented packet does not arrive by the time this interval expires, then the fragment is dropped.

The following parameters concern the TCP transport protocol only:

  • tcp_syn_retries: Number of attempts to establish a TCP connection (sending the initial SYNs). This value should not be greater than 255.

  • tcp_keepalive_time specifies how long keepalive packets are sent, if keepalive is active.

  • tcp_keepalive_probes: Number of KeepAlive probes sent by TCP before the connection is declared to have failed.

  • tcp_retries1: Number of acknowledgements for a packet before it is given up.

  • tcp_retries2: Maximum number of attempts to send a packet.

  • tcp_fin_timeout: The wait time for the acknowledgement of a connection-teardown request before the connection is aborted.

  • tcp_max_syn_backlog: Number of TCP connection-establishment requests to be buffered for a socket.

  • tcp_window_scaling enables or disables the scaling of TCP windows (as specified in RFC 1323).

  • tcp_timestamps enables or disables the TCP timestamp (as specified in RFC 1323).

  • tcp_sack: Switch for select acknowledgements (TCP ACK).

  • tcp_sturg: Enables urgent priority data, as specified in RFC 793.

  • tcp_retrans_collapse: Several TCP stacks in printers are faulty. You can activate this option to work around this problem.

  • ip_local_port_range specifies the range for local ports of the TCP and UDP protocols. The first number specifies the beginning of the interval, the second specifies the end.

/proc/sys/net/ipv4/conf

The /proc/sys/net/ipv4/ directory is subdivided; let's first look at the conf subdirectory. It contains, in turn, several subdirectories: one each for each registered network device, and one named all. All of these directories include the same entries, which are introduced here:

  • accept_redirects shows whether ICMP redirects are accepted. This option is disabled by default in routers, but enabled in end systems.

  • accept_source_route enables or disables accepting of source-route packets. This option normally is enabled in routers, but disabled in end systems.

  • forwarding enables or disables the forwarding of packets on this network device.

  • log_martians enables or disables the logging of "impossible" addresses (including class-E addresses in IP).

  • mc_forwarding enables or disables multicast routing. If activated, the CONFIG_MROUTE option should additionally be compiled for the kernel, and a multicast routing daemon should be installed.

  • proxy_arp: Support for an ARP proxy.

  • rp_filter: Checking the sender IP address can be disabled.

  • secure_redirects enables or disables the option that ICMP redirect messages are accepted only by routers present in the default gateways list.

/proc/sys/net/ipv4/route

  • error_burst, error_cost: These parameters are used to limit the log messages of the routing code in the kernel. The larger that error_cost is, the earlier that log messages will be created. error_burst limits the rejection of warning messages.

  • ush: Accessing this file causes the routing cache to be deleted.

  • gc_elastic, gc_interval, gc_min_interval, gc_thresh, gc_timeout: These parameters control the automatic garbage collection of the routing table (i.e., how soon and how strictly old entries will be removed from the table.

  • max_size specifies the size of the routing cache. Older entries are removed as soon as this size is reached.

  • max_delay, min_delay: Delays for deleting the entire routing cache.

  • redirect_load, redirect_number: These factors specify how many ICMP redirect packets may be sent. No more redirects are sent as soon as redirect_load or redirect_number is exceeded.

  • redirect_silence is the timeout value for redirect packets. Once this interval expires, redirect packets that have not yet been acknowledged are retransmitted. This process runs even when redirects were disabled because redirect_load or redirect_number was exceeded.

  • max_size: Maximum number of entries in the routing cache. If this number is exceeded, the least-used entries are overwritten.

/proc/sys/net/ipv4/neigh/[net dev]

The following parameters denote the immediate network neighbors; they are located in the /proc/sys/net/ipv4/neigh/[net dev] directory of the respective network device:

  • base_reachable_time: A value used to compute the random reachable time. (See RFC 2461.)

  • retrans_time: The time between two consecutive neighbor solicitation packets, used for address resolution and for checking the reachability of a local computer. This time is specified in ticks.

  • unres_qlen: Specifies the maximum queue length for (higher-layer) packets waiting for the resolution of a specific address. (See Chapter 15.)

  • ucast_solicit: Maximum number of packets sent to resolve a unicast address.

  • mcast_solicit: Maximum number of attempts to resolve a multicast address.

  • delay_first_probe_time: Wait time, after the expiry of which a valid neighbor entry is checked again. (See gc_stale_time.)

  • locktime: An entry in an ARP/neighbor table will be replaced by a new one provided that the old entry is locktime ticks old.

  • proxy_delay: The maximum wait time for the reply to an ARP request, which has an entry in the ARP proxy.

  • proxy_qlen: Maximum length of the queue for a delayed ARP proxy timer. (See proxy_delay.)

  • arp_solicit: Specifies the number of requests sent to the ARP daemon (on user level).

  • gc_scale_time: Specifies the intervals in which the ARP table is checked for old entries (state = NUD_STALE). If an entry is in the NUD_STALE state, then an initial attempt is made to check it directly (by using a unicast packet). If this attempt fails, and if mcast_solicit > 0, a broadcast ARP request is used to find the computer.

       

    Previous page
    Table of content
    Next page
    Linux Network Architecture
    Linux Network Architecture
    ISBN: 131777203
    EAN: N/A
    Year: 2004
    Pages: 187
    BUY ON AMAZON
    Managing Enterprise Systems with the Windows Script Host
    Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
    Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
    File System Forensic Analysis
    Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
    Python Standard Library (Nutshell Handbooks) with
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy