1 ------------------------------------------------------------------------------
2 T H E /proc F I L E S Y S T E M
3 ------------------------------------------------------------------------------
4 /proc/sys Terrehon Bowden <terrehon@pacbell.net> October 7 1999
5 Bodo Bauer <bb@ricochet.net>
7 2.4.x update Jorge Nerin <comandante@zaralinux.com> November 14 2000
8 ------------------------------------------------------------------------------
9 Version 1.3 Kernel version 2.2.12
10 Kernel version 2.4.0-test11-pre4
11 ------------------------------------------------------------------------------
17 0.1 Introduction/Credits
20 1 Collecting System Information
21 1.1 Process-Specific Subdirectories
23 1.3 IDE devices in /proc/ide
24 1.4 Networking info in /proc/net
26 1.6 Parallel port info in /proc/parport
27 1.7 TTY info in /proc/tty
29 2 Modifying System Parameters
30 2.1 /proc/sys/fs - File system data
31 2.2 /proc/sys/fs/binfmt_misc - Miscellaneous binary formats
32 2.3 /proc/sys/kernel - general kernel parameters
33 2.4 /proc/sys/vm - The virtual memory subsystem
34 2.5 /proc/sys/dev - Device specific parameters
35 2.6 /proc/sys/sunrpc - Remote procedure calls
36 2.7 /proc/sys/net - Networking stuff
37 2.8 /proc/sys/net/ipv4 - IPV4 settings
41 ------------------------------------------------------------------------------
43 ------------------------------------------------------------------------------
45 0.1 Introduction/Credits
46 ------------------------
48 This documentation is part of a soon (or so we hope) to be released book on
49 the SuSE Linux distribution. As there is no complete documentation for the
50 /proc file system and we've used many freely available sources to write these
51 chapters, it seems only fair to give the work back to the Linux community.
52 This work is based on the 2.2.* kernel version and the upcoming 2.4.*. I'm
53 afraid it's still far from complete, but we hope it will be useful. As far as
54 we know, it is the first 'all-in-one' document about the /proc file system. It
55 is focused on the Intel x86 hardware, so if you are looking for PPC, ARM,
56 SPARC, APX, etc., features, you probably won't find what you are looking for.
57 It also only covers IPv4 networking, not IPv6 nor other protocols - sorry. But
58 additions and patches are welcome and will be added to this document if you
61 We'd like to thank Alan Cox, Rik van Riel, and Alexey Kuznetsov and a lot of
62 other people for help compiling this documentation. We'd also like to extend a
63 special thank you to Andi Kleen for documentation, which we relied on heavily
64 to create this document, as well as the additional information he provided.
65 Thanks to everybody else who contributed source or docs to the Linux kernel
66 and helped create a great piece of software... :)
68 If you have any comments, corrections or additions, please don't hesitate to
69 contact Bodo Bauer at bb@ricochet.net. We'll be happy to add them to this
72 The latest version of this document is available online at
73 http://skaro.nightcrawler.com/~bb/Docs/Proc as HTML version.
75 If the above direction does not works for you, ypu could try the kernel
76 mailing list at linux-kernel@vger.kernel.org and/or try to reach me at
77 comandante@zaralinux.com.
82 We don't guarantee the correctness of this document, and if you come to us
83 complaining about how you screwed up your system because of incorrect
84 documentation, we won't feel responsible...
86 ------------------------------------------------------------------------------
87 CHAPTER 1: COLLECTING SYSTEM INFORMATION
88 ------------------------------------------------------------------------------
90 ------------------------------------------------------------------------------
92 ------------------------------------------------------------------------------
93 * Investigating the properties of the pseudo file system /proc and its
94 ability to provide information on the running Linux system
95 * Examining /proc's structure
96 * Uncovering various information about the kernel and the processes running
98 ------------------------------------------------------------------------------
101 The proc file system acts as an interface to internal data structures in the
102 kernel. It can be used to obtain information about the system and to change
103 certain kernel parameters at runtime (sysctl).
105 First, we'll take a look at the read-only parts of /proc. In Chapter 2, we
106 show you how you can use /proc/sys to change settings.
108 1.1 Process-Specific Subdirectories
109 -----------------------------------
111 The directory /proc contains (among other things) one subdirectory for each
112 process running on the system, which is named after the process ID (PID).
114 The link self points to the process reading the file system. Each process
115 subdirectory has the entries listed in Table 1-1.
118 Table 1-1: Process specific entries in /proc
119 ..............................................................................
121 cmdline Command line arguments
122 cpu Current and last cpu in wich it was executed (2.4)(smp)
123 cwd Link to the current working directory
124 environ Values of environment variables
125 exe Link to the executable of this process
126 fd Directory, which contains all file descriptors
127 maps Memory maps to executables and library files (2.4)
128 mem Memory held by this process
129 root Link to the root directory of this process
131 statm Process memory status information
132 status Process status in human readable form
133 ..............................................................................
135 For example, to get the status information of a process, all you have to do is
136 read the file /proc/PID/status:
138 >cat /proc/self/status
154 SigPnd: 0000000000000000
155 SigBlk: 0000000000000000
156 SigIgn: 0000000000000000
157 SigCgt: 0000000000000000
158 CapInh: 00000000fffffeff
159 CapPrm: 0000000000000000
160 CapEff: 0000000000000000
163 This shows you nearly the same information you would get if you viewed it with
164 the ps command. In fact, ps uses the proc file system to obtain its
165 information. The statm file contains more detailed information about the
166 process memory usage. Its seven fields are explained in Table 1-2.
169 Table 1-2: Contents of the statm files
170 ..............................................................................
172 size total program size
173 resident size of memory portions
174 shared number of pages that are shared
175 trs number of pages that are 'code'
176 drs number of pages of data/stack
177 lrs number of pages of library
178 dt number of dirty pages
179 ..............................................................................
184 Similar to the process entries, the kernel data files give information about
185 the running kernel. The files used to obtain this information are contained in
186 /proc and are listed in Table 1-3. Not all of these will be present in your
187 system. It depends on the kernel configuration and the loaded modules, which
188 files are there, and which are missing.
190 Table 1-3: Kernel info in /proc
191 ..............................................................................
193 apm Advanced power management info
194 bus Directory containing bus specific information
195 cmdline Kernel command line
196 cpuinfo Info about the CPU
197 devices Available devices (block and character)
198 dma Used DMS channels
199 filesystems Supported filesystems
200 driver Various drivers grouped here, currently rtc (2.4)
201 execdomains Execdomains, related to security (2.4)
202 fb Frame Buffer devices (2.4)
203 fs File system parameters, currently nfs/exports (2.4)
204 ide Directory containing info about the IDE subsystem
205 interrupts Interrupt usage
206 iomem Memory map (2.4)
207 ioports I/O port usage
208 irq Masks for irq to cpu affinity (2.4)(smp?)
209 isapnp ISA PnP (Plug&Play) Info (2.4)
210 kcore Kernel core image (can be ELF or A.OUT(deprecated in 2.4))
212 ksyms Kernel symbol table
213 loadavg Load average of last 1, 5 & 15 minutes
217 modules List of loaded modules
218 mounts Mounted filesystems
219 net Networking info (see text)
220 partitions Table of partitions known to the system
221 pci Depreciated info of PCI bus (new way -> /proc/bus/pci/,
222 decoupled by lspci (2.4)
224 scsi SCSI info (see text)
225 slabinfo Slab pool info
226 stat Overall statistics
227 swaps Swap space utilization
229 sysvipc Info of SysVIPC Resources (msg, sem, shm) (2.4)
230 tty Info of tty drivers
232 version Kernel version
233 video bttv info of video resources (2.4)
234 ..............................................................................
236 You can, for example, check which interrupts are currently in use and what
237 they are used for by looking in the file /proc/interrupts:
239 > cat /proc/interrupts
241 0: 8728810 XT-PIC timer
242 1: 895 XT-PIC keyboard
244 3: 531695 XT-PIC aha152x
245 4: 2014133 XT-PIC serial
246 5: 44401 XT-PIC pcnet_cs
249 12: 182918 XT-PIC PS/2 Mouse
251 14: 1232265 XT-PIC ide0
255 In 2.4.* a couple of lines where added to this file LOC & ERR (this time is the
256 output of a SMP machine):
258 > cat /proc/interrupts
261 0: 1243498 1214548 IO-APIC-edge timer
262 1: 8949 8958 IO-APIC-edge keyboard
263 2: 0 0 XT-PIC cascade
264 5: 11286 10161 IO-APIC-edge soundblaster
265 8: 1 0 IO-APIC-edge rtc
266 9: 27422 27407 IO-APIC-edge 3c503
267 12: 113645 113873 IO-APIC-edge PS/2 Mouse
269 14: 22491 24012 IO-APIC-edge ide0
270 15: 2183 2415 IO-APIC-edge ide1
271 17: 30564 30414 IO-APIC-level eth0
272 18: 177 164 IO-APIC-level bttv
277 NMI is incremented in this case because every timer interrupt generates a NMI
278 (Non Maskable Interrupt) which is used by the NMI Watchdog to detect lookups.
280 LOC is the local interrupt counter of the internal APIC of every CPU.
282 ERR is incremented in the case of errors in the IO-APIC bus (the bus that
283 connects the CPUs in a SMP system. This means that an error has been detected,
284 the IO-APIC automatically retry the transmission, so it should not be a big
285 problem, but you should read the SMP-FAQ.
287 In this context it could be interesting to note the new irq directory in 2.4.
288 It could be used to set IRQ to CPU affinity, this means that you can "hook" an
289 IRQ to only one CPU, or to exclude a CPU of handling IRQs. The contents of the
290 irq subdir is one subdir for each IRQ, and one file; prof_cpu_mask
294 0 10 12 14 16 18 2 4 6 8 prof_cpu_mask
295 1 11 13 15 17 19 3 5 7 9
299 The contents of the prof_cpu_mask file and each smp_affinity file for each IRQ
300 is the same by default:
302 > cat /proc/irq/0/smp_affinity
305 It's a bitmask, in wich you can specify wich CPUs can handle the IRQ, you can
308 > echo 1 > /proc/irq/prof_cpu_mask
310 This means that only the first CPU will handle the IRQ, but you can also echo 5
311 wich means that only the first and fourth CPU can handle the IRQ.
313 The way IRQs are routed is handled by the IO-APIC, and it's Round Robin
314 between all the CPUs which are allowed to handle it. As usual the kernel has
315 more info than you and does a better job than you, so the defaults are the
316 best choice for almost everyone.
318 There are three more important subdirectories in /proc: net, scsi, and sys.
319 The general rule is that the contents, or even the existence of these
320 directories, depend on your kernel configuration. If SCSI is not enabled, the
321 directory scsi may not exist. The same is true with the net, which is there
322 only when networking support is present in the running kernel.
324 The slabinfo file gives information about memory usage at the slab level.
325 Linux uses slab pools for memory management above page level in version 2.2.
326 Commonly used objects have their own slab pool (such as network buffers,
327 directory cache, and so on).
329 1.3 IDE devices in /proc/ide
330 ----------------------------
332 The subdirectory /proc/ide contains information about all IDE devices of which
333 the kernel is aware. There is one subdirectory for each IDE controller, the
334 file drivers and a link for each IDE device, pointing to the device directory
335 in the controller specific subtree.
337 The file drivers contains general information about the drivers used for the
340 > cat /proc/ide/drivers
341 ide-cdrom version 4.53
342 ide-disk version 1.08
345 More detailed information can be found in the controller specific
346 subdirectories. These are named ide0, ide1 and so on. Each of these
347 directories contains the files shown in table 1-4.
350 Table 1-4: IDE controller info in /proc/ide/ide?
351 ..............................................................................
353 channel IDE channel (0 or 1)
354 config Configuration (only for PCI/IDE bridge)
356 model Type/Chipset of IDE controller
357 ..............................................................................
359 Each device connected to a controller has a separate subdirectory in the
360 controllers directory. The files listed in table 1-5 are contained in these
364 Table 1-5: IDE device information
365 ..............................................................................
368 capacity Capacity of the medium (in 512Byte blocks)
369 driver driver and version
370 geometry physical and logical geometry
371 identify device identify block
373 model device identifier
374 settings device setup
375 smart_thresholds IDE disk management thresholds
376 smart_values IDE disk management values
377 ..............................................................................
379 The most interesting file is settings. This file contains a nice overview of
380 the drive parameters:
382 # cat /proc/ide/ide0/hda/settings
383 name value min max mode
384 ---- ----- --- --- ----
385 bios_cyl 526 0 65535 rw
386 bios_head 255 0 255 rw
388 breada_readahead 4 0 127 rw
390 file_readahead 72 0 2097151 rw
392 keepsettings 0 0 1 rw
393 max_kb_per_request 122 1 127 rw
397 pio_mode write-only 0 255 w
403 1.4 Networking info in /proc/net
404 --------------------------------
406 The subdirectory /proc/net follows the usual pattern. Table 1-6 shows the
407 additional values you get for IP version 6 if you configure the kernel to
408 support this. Table 1-7 lists the files and their meaning.
411 Table 1-6: IPv6 info in /proc/net
412 ..............................................................................
414 udp6 UDP sockets (IPv6)
415 tcp6 TCP sockets (IPv6)
416 raw6 Raw device statistics (IPv6)
417 igmp6 IP multicast addresses, which this host joined (IPv6)
418 if_inet6 List of IPv6 interface addresses
419 ipv6_route Kernel routing table for IPv6
420 rt6_stats Global IPv6 routing tables statistics
421 sockstat6 Socket statistics (IPv6)
422 snmp6 Snmp data (IPv6)
423 ..............................................................................
426 Table 1-7: Network info in /proc/net
427 ..............................................................................
430 dev network devices with statistics
431 dev_mcast the Layer2 multicast groups a device is listening too
432 (interface index, label, number of references, number of bound
434 dev_stat network device status
435 ip_fwchains Firewall chain linkage
436 ip_fwnames Firewall chain names
437 ip_masq Directory containing the masquerading tables
438 ip_masquerade Major masquerading table
439 netstat Network statistics
440 raw raw device statistics
441 route Kernel routing table
442 rpc Directory containing rpc info
443 rt_cache Routing cache
445 sockstat Socket statistics
447 tr_rif Token ring RIF routing table
449 unix UNIX domain sockets
450 wireless Wireless interface data (Wavelan etc)
451 igmp IP multicast addresses, which this host joined
452 psched Global packet scheduler parameters.
453 netlink List of PF_NETLINK sockets
454 ip_mr_vifs List of multicast virtual interfaces
455 ip_mr_cache List of multicast routing cache
456 ..............................................................................
458 You can use this information to see which network devices are available in
459 your system and how much traffic was routed over those devices:
463 face |bytes packets errs drop fifo frame compressed multicast|[...
464 lo: 908188 5596 0 0 0 0 0 0 [...
465 ppp0:15475140 20721 410 0 0 410 0 0 [...
466 eth0: 614530 7085 0 0 0 0 0 1 [...
469 ...] bytes packets errs drop fifo colls carrier compressed
470 ...] 908188 5596 0 0 0 0 0 0
471 ...] 1375103 17405 0 0 0 0 0 0
472 ...] 1703981 5535 0 0 0 3 0 0
474 In addition, each Channel Bond interface has it's own directory. For
475 example, the bond0 device will have a directory called /proc/net/bond0/.
476 It will contain information that is specific to that bond, such as the
477 current slaves of the bond, the link status of the slaves, and how
478 many times the slaves link has failed.
483 If you have a SCSI host adapter in your system, you'll find a subdirectory
484 named after the driver for this adapter in /proc/scsi. You'll also see a list
485 of all recognized SCSI devices in /proc/scsi:
489 Host: scsi0 Channel: 00 Id: 00 Lun: 00
490 Vendor: IBM Model: DGHS09U Rev: 03E0
491 Type: Direct-Access ANSI SCSI revision: 03
492 Host: scsi0 Channel: 00 Id: 06 Lun: 00
493 Vendor: PIONEER Model: CD-ROM DR-U06S Rev: 1.04
494 Type: CD-ROM ANSI SCSI revision: 02
497 The directory named after the driver has one file for each adapter found in
498 the system. These files contain information about the controller, including
499 the used IRQ and the IO address range. The amount of information shown is
500 dependent on the adapter you use. The example shows the output for an Adaptec
501 AHA-2940 SCSI adapter:
503 > cat /proc/scsi/aic7xxx/0
505 Adaptec AIC7xxx driver version: 5.1.19/3.2.4
507 TCQ Enabled By Default : Disabled
508 AIC7XXX_PROC_STATS : Disabled
509 AIC7XXX_RESET_DELAY : 5
510 Adapter Configuration:
511 SCSI Adapter: Adaptec AHA-294X Ultra SCSI host adapter
512 Ultra Wide Controller
513 PCI MMAPed I/O Base: 0xeb001000
514 Adapter SEEPROM Config: SEEPROM found and used.
515 Adaptec SCSI BIOS: Enabled
517 SCBs: Active 0, Max Active 2,
518 Allocated 15, HW 16, Page 255
520 BIOS Control Word: 0x18b6
521 Adapter Control Word: 0x005b
522 Extended Translation: Enabled
523 Disconnect Enable Flags: 0xffff
524 Ultra Enable Flags: 0x0001
525 Tag Queue Enable Flags: 0x0000
526 Ordered Queue Tag Flags: 0x0000
527 Default Tag Queue Depth: 8
528 Tagged Queue By Device array for aic7xxx host instance 0:
529 {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}
530 Actual queue depth per device for aic7xxx host instance 0:
531 {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}
534 Device using Wide/Sync transfers at 40.0 MByte/sec, offset 8
535 Transinfo settings: current(12/8/1/0), goal(12/8/1/0), user(12/15/1/0)
536 Total transfers 160151 (74577 reads and 85574 writes)
538 Device using Narrow/Sync transfers at 5.0 MByte/sec, offset 15
539 Transinfo settings: current(50/15/0/0), goal(50/15/0/0), user(50/15/0/0)
540 Total transfers 0 (0 reads and 0 writes)
543 1.6 Parallel port info in /proc/parport
544 ---------------------------------------
546 The directory /proc/parport contains information about the parallel ports of
547 your system. It has one subdirectory for each port, named after the port
550 These directories contain the four files shown in Table 1-8.
553 Table 1-8: Files in /proc/parport
554 ..............................................................................
556 autoprobe Any IEEE-1284 device ID information that has been acquired.
557 devices list of the device drivers using that port. A + will appear by the
558 name of the device currently using the port (it might not appear
560 hardware Parallel port's base address, IRQ line and DMA channel.
561 irq IRQ that parport is using for that port. This is in a separate
562 file to allow you to alter it by writing a new value in (IRQ
564 ..............................................................................
566 1.7 TTY info in /proc/tty
567 -------------------------
569 Information about the available and actually used tty's can be found in the
570 directory /proc/tty.You'll find entries for drivers and line disciplines in
571 this directory, as shown in Table 1-9.
574 Table 1-9: Files in /proc/tty
575 ..............................................................................
577 drivers list of drivers and their usage
578 ldiscs registered line disciplines
579 driver/serial usage statistic and status of single tty lines
580 ..............................................................................
582 To see which tty's are currently in use, you can simply look into the file
585 > cat /proc/tty/drivers
586 pty_slave /dev/pts 136 0-255 pty:slave
587 pty_master /dev/ptm 128 0-255 pty:master
588 pty_slave /dev/ttyp 3 0-255 pty:slave
589 pty_master /dev/pty 2 0-255 pty:master
590 serial /dev/cua 5 64-67 serial:callout
591 serial /dev/ttyS 4 64-67 serial
592 /dev/tty0 /dev/tty0 4 0 system:vtmaster
593 /dev/ptmx /dev/ptmx 5 2 system
594 /dev/console /dev/console 5 1 system:console
595 /dev/tty /dev/tty 5 0 system:/dev/tty
596 unknown /dev/tty 4 1-63 console
599 ------------------------------------------------------------------------------
601 ------------------------------------------------------------------------------
602 The /proc file system serves information about the running system. It not only
603 allows access to process data but also allows you to request the kernel status
604 by reading files in the hierarchy.
606 The directory structure of /proc reflects the types of information and makes
607 it easy, if not obvious, where to look for specific data.
608 ------------------------------------------------------------------------------
610 ------------------------------------------------------------------------------
611 CHAPTER 2: MODIFYING SYSTEM PARAMETERS
612 ------------------------------------------------------------------------------
614 ------------------------------------------------------------------------------
616 ------------------------------------------------------------------------------
617 * Modifying kernel parameters by writing into files found in /proc/sys
618 * Exploring the files which modify certain parameters
619 * Review of the /proc/sys file tree
620 ------------------------------------------------------------------------------
623 A very interesting part of /proc is the directory /proc/sys. This is not only
624 a source of information, it also allows you to change parameters within the
625 kernel. Be very careful when attempting this. You can optimize your system,
626 but you can also cause it to crash. Never alter kernel parameters on a
627 production system. Set up a development machine and test to make sure that
628 everything works the way you want it to. You may have no alternative but to
629 reboot the machine once an error has been made.
631 To change a value, simply echo the new value into the file. An example is
632 given below in the section on the file system data. You need to be root to do
633 this. You can create your own boot script to perform this every time your
636 The files in /proc/sys can be used to fine tune and monitor miscellaneous and
637 general things in the operation of the Linux kernel. Since some of the files
638 can inadvertently disrupt your system, it is advisable to read both
639 documentation and source before actually making adjustments. In any case, be
640 very careful when writing to any of these files. The entries in /proc may
641 change slightly between the 2.1.* and the 2.2 kernel, so if there is any doubt
642 review the kernel documentation in the directory /usr/src/linux/Documentation.
643 This chapter is heavily based on the documentation included in the pre 2.2
644 kernels, and became part of it in version 2.2.1 of the Linux kernel.
646 2.1 /proc/sys/fs - File system data
647 -----------------------------------
649 This subdirectory contains specific file system, file handle, inode, dentry
650 and quota information.
652 Currently, these files are in /proc/sys/fs:
657 Status of the directory cache. Since directory entries are dynamically
658 allocated and deallocated, this file indicates the current status. It holds
659 six values, in which the last two are not used and are always zero. The others
660 are listed in table 2-1.
663 Table 2-1: Status files of the directory cache
664 ..............................................................................
666 nr_dentry Almost always zero
667 nr_unused Number of unused cache entries
669 in seconds after the entry may be reclaimed, when memory is short
670 want_pages internally
671 ..............................................................................
673 dquot-nr and dquot-max
674 ----------------------
676 The file dquot-max shows the maximum number of cached disk quota entries.
678 The file dquot-nr shows the number of allocated disk quota entries and the
679 number of free disk quota entries.
681 If the number of available cached disk quotas is very low and you have a large
682 number of simultaneous system users, you might want to raise the limit.
687 The kernel allocates file handles dynamically, but doesn't free them again at
690 The value in file-max denotes the maximum number of file handles that the
691 Linux kernel will allocate. When you get a lot of error messages about running
692 out of file handles, you might want to raise this limit. The default value is
693 4096. To change it, just write the new number into the file:
695 # cat /proc/sys/fs/file-max
697 # echo 8192 > /proc/sys/fs/file-max
698 # cat /proc/sys/fs/file-max
702 This method of revision is useful for all customizable parameters of the
703 kernel - simply echo the new value to the corresponding file.
705 The three values in file-nr denote the number of allocated file handles, the
706 number of used file handles, and the maximum number of file handles. When the
707 allocated file handles come close to the maximum, but the number of actually
708 used ones is far behind, you've encountered a peak in your usage of file
709 handles and you don't need to increase the maximum.
711 inode-state and inode-nr
712 ------------------------
714 The file inode-nr contains the first two items from inode-state, so we'll skip
717 inode-state contains two actual numbers and five dummy values. The numbers
718 are nr_inodes and nr_free_inodes (in order of appearance).
723 Denotes the number of inodes the system has allocated. This number will
724 grow and shrink dynamically.
729 Represents the number of free inodes. Ie. The number of inuse inodes is
730 (nr_inodes - nr_free_inodes).
732 super-nr and super-max
733 ----------------------
735 Again, super block structures are allocated by the kernel, but not freed. The
736 file super-max contains the maximum number of super block handlers, where
737 super-nr shows the number of currently allocated ones.
739 Every mounted file system needs a super block, so if you plan to mount lots of
740 file systems, you may want to increase these numbers.
742 2.2 /proc/sys/fs/binfmt_misc - Miscellaneous binary formats
743 -----------------------------------------------------------
745 Besides these files, there is the subdirectory /proc/sys/fs/binfmt_misc. This
746 handles the kernel support for miscellaneous binary formats.
748 Binfmt_misc provides the ability to register additional binary formats to the
749 Kernel without compiling an additional module/kernel. Therefore, binfmt_misc
750 needs to know magic numbers at the beginning or the filename extension of the
753 It works by maintaining a linked list of structs that contain a description of
754 a binary format, including a magic with size (or the filename extension),
755 offset and mask, and the interpreter name. On request it invokes the given
756 interpreter with the original program as argument, as binfmt_java and
757 binfmt_em86 and binfmt_mz do. Since binfmt_misc does not define any default
758 binary-formats, you have to register an additional binary-format.
760 There are two general files in binfmt_misc and one file per registered format.
761 The two general files are register and status.
763 Registering a new binary format
764 -------------------------------
766 To register a new binary format you have to issue the command
768 echo :name:type:offset:magic:mask:interpreter: > /proc/sys/fs/binfmt_misc/register
772 with appropriate name (the name for the /proc-dir entry), offset (defaults to
773 0, if omitted), magic, mask (which can be omitted, defaults to all 0xff) and
774 last but not least, the interpreter that is to be invoked (for example and
775 testing /bin/echo). Type can be M for usual magic matching or E for filename
776 extension matching (give extension in place of magic).
778 Check or reset the status of the binary format handler
779 ------------------------------------------------------
781 If you do a cat on the file /proc/sys/fs/binfmt_misc/status, you will get the
782 current status (enabled/disabled) of binfmt_misc. Change the status by echoing
783 0 (disables) or 1 (enables) or -1 (caution: this clears all previously
784 registered binary formats) to status. For example echo 0 > status to disable
785 binfmt_misc (temporarily).
787 Status of a single handler
788 --------------------------
790 Each registered handler has an entry in /proc/sys/fs/binfmt_misc. These files
791 perform the same function as status, but their scope is limited to the actual
792 binary format. By cating this file, you also receive all related information
793 about the interpreter/magic of the binfmt.
795 Example usage of binfmt_misc (emulate binfmt_java)
796 --------------------------------------------------
798 cd /proc/sys/fs/binfmt_misc
799 echo ':Java:M::\xca\xfe\xba\xbe::/usr/local/java/bin/javawrapper:' > register
800 echo ':HTML:E::html::/usr/local/java/bin/appletviewer:' > register
801 echo ':Applet:M::<!--applet::/usr/local/java/bin/appletviewer:' > register
802 echo ':DEXE:M::\x0eDEX::/usr/bin/dosexec:' > register
805 These four lines add support for Java executables and Java applets (like
806 binfmt_java, additionally recognizing the .html extension with no need to put
807 <!--applet> to every applet file). You have to install the JDK and the
808 shell-script /usr/local/java/bin/javawrapper too. It works around the
809 brokenness of the Java filename handling. To add a Java binary, just create a
810 link to the class-file somewhere in the path.
812 2.3 /proc/sys/kernel - general kernel parameters
813 ------------------------------------------------
815 This directory reflects general kernel behaviors. As I've said before, the
816 contents depend on your configuration. Here you'll find the most important
817 files, along with descriptions of what they mean and how to use them.
822 The file contains three values; highwater, lowwater, and frequency.
824 It exists only when BSD-style process accounting is enabled. These values
825 control its behavior. If the free space on the file system where the log lives
826 goes below lowwater percentage, accounting suspends. If it goes above
827 highwater percentage, accounting resumes. Frequency determines how often you
828 check the amount of free space (value is in seconds). Default settings are: 4,
829 2, and 30. That is, suspend accounting if there is less than 2 percent free;
830 resume it if we have a value of 3 or more percent; consider information about
831 the amount of free space valid for 30 seconds
836 When the value in this file is 0, ctrl-alt-del is trapped and sent to the init
837 program to handle a graceful restart. However, when the value is greater that
838 zero, Linux's reaction to this key combination will be an immediate reboot,
839 without syncing its dirty buffers.
842 When a program (like dosemu) has the keyboard in raw mode, the
843 ctrl-alt-del is intercepted by the program before it ever reaches the
844 kernel tty layer, and it is up to the program to decide what to do with
847 domainname and hostname
848 -----------------------
850 These files can be controlled to set the NIS domainname and hostname of your
851 box. For the classic darkstar.frop.org a simple:
853 # echo "darkstar" > /proc/sys/kernel/hostname
854 # echo "frop.org" > /proc/sys/kernel/domainname
857 would suffice to set your hostname and NIS domainname.
859 osrelease, ostype and version
860 -----------------------------
862 The names make it pretty obvious what these fields contain:
864 > cat /proc/sys/kernel/osrelease
867 > cat /proc/sys/kernel/ostype
870 > cat /proc/sys/kernel/version
871 #4 Fri Oct 1 12:41:14 PDT 1999
874 The files osrelease and ostype should be clear enough. Version needs a little
875 more clarification. The #4 means that this is the 4th kernel built from this
876 source base and the date after it indicates the time the kernel was built. The
877 only way to tune these values is to rebuild the kernel.
882 The value in this file represents the number of seconds the kernel waits
883 before rebooting on a panic. When you use the software watchdog, the
884 recommended setting is 60. If set to 0, the auto reboot after a kernel panic
885 is disabled, which is the default setting.
890 The four values in printk denote
892 * default_message_loglevel,
893 * minimum_console_level and
894 * default_console_loglevel
897 These values influence printk() behavior when printing or logging error
898 messages, which come from inside the kernel. See syslog(2) for more
899 information on the different log levels.
904 Messages with a higher priority than this will be printed to the console.
906 default_message_level
907 ---------------------
909 Messages without an explicit priority will be printed with this priority.
911 minimum_console_loglevel
912 ------------------------
914 Minimum (highest) value to which the console_loglevel can be set.
916 default_console_loglevel
917 ------------------------
919 Default value for console_loglevel.
924 This file shows the size of the generic SCSI (sg) buffer. At this point, you
925 can't tune it yet, but you can change it at compile time by editing
926 include/scsi/sg.h and changing the value of SG_BIG_BUFF.
928 If you use a scanner with SANE (Scanner Access Now Easy) you might want to set
929 this to a higher value. Refer to the SANE documentation on this issue.
934 The location where the modprobe binary is located. The kernel uses this
935 program to load modules on demand.
937 2.4 /proc/sys/vm - The virtual memory subsystem
938 -----------------------------------------------
939 Please read Documentation/sysctl/vm.txt
941 2.5 /proc/sys/dev - Device specific parameters
942 ----------------------------------------------
944 Currently there is only support for CDROM drives, and for those, there is only
945 one read-only file containing information about the CD-ROM drives attached to
948 >cat /proc/sys/dev/cdrom/info
949 CD-ROM information, Id: cdrom.c 2.55 1999/04/25
953 drive # of slots: 1 0
957 Can change speed: 1 1
959 Can read multisession: 1 1
961 Reports media changed: 1 1
965 You see two drives, sr0 and hdb, along with a list of their features.
967 2.6 /proc/sys/sunrpc - Remote procedure calls
968 ---------------------------------------------
970 This directory contains four files, which enable or disable debugging for the
971 RPC functions NFS, NFS-daemon, RPC and NLM. The default values are 0. They can
972 be set to one to turn debugging on. (The default value is 0 for each)
974 2.7 /proc/sys/net - Networking stuff
975 ------------------------------------
977 The interface to the networking parts of the kernel is located in
978 /proc/sys/net. Table 2-3 shows all possible subdirectories. You may see only
979 some of them, depending on your kernel's configuration.
982 Table 2-3: Subdirectories in /proc/sys/net
983 ..............................................................................
984 Directory Content Directory Content
985 core General parameter appletalk Appletalk protocol
986 unix Unix domain sockets netrom NET/ROM
987 802 E802 protocol ax25 AX25
988 ethernet Ethernet protocol rose X.25 PLP layer
989 ipv4 IP version 4 x25 X.25 protocol
990 ipx IPX token-ring IBM token ring
991 bridge Bridging decnet DEC net
993 ..............................................................................
995 We will concentrate on IP networking here. Since AX15, X.25, and DEC Net are
996 only minor players in the Linux world, we'll skip them in this chapter. You'll
997 find some short info on Appletalk and IPX further on in this chapter. Review
998 the online documentation and the kernel source to get a detailed view of the
999 parameters for those protocols. In this section we'll discuss the
1000 subdirectories printed in bold letters in the table above. As default values
1001 are suitable for most needs, there is no need to change these values.
1003 /proc/sys/net/core - Network core options
1004 -----------------------------------------
1009 The default setting of the socket receive buffer in bytes.
1014 The maximum receive socket buffer size in bytes.
1019 The default setting (in bytes) of the socket send buffer.
1024 The maximum send socket buffer size in bytes.
1026 message_burst and message_cost
1027 ------------------------------
1029 These parameters are used to limit the warning messages written to the kernel
1030 log from the networking code. They enforce a rate limit to make a
1031 denial-of-service attack impossible. A higher message_cost factor, results in
1032 fewer messages that will be written. Message_burst controls when messages will
1033 be dropped. The default settings limit warning messages to one every five
1039 Maximum number of packets, queued on the INPUT side, when the interface
1040 receives packets faster than kernel can process them.
1045 Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence
1046 of struct cmsghdr structures with appended data.
1048 /proc/sys/net/unix - Parameters for Unix domain sockets
1049 -------------------------------------------------------
1051 There are only two files in this subdirectory. They control the delays for
1052 deleting and destroying socket descriptors.
1054 2.8 /proc/sys/net/ipv4 - IPV4 settings
1055 --------------------------------------
1057 IP version 4 is still the most used protocol in Unix networking. It will be
1058 replaced by IP version 6 in the next couple of years, but for the moment it's
1059 the de facto standard for the internet and is used in most networking
1060 environments around the world. Because of the importance of this protocol,
1061 we'll have a deeper look into the subtree controlling the behavior of the IPv4
1062 subsystem of the Linux kernel.
1064 Let's start with the entries in /proc/sys/net/ipv4.
1069 icmp_echo_ignore_all and icmp_echo_ignore_broadcasts
1070 ----------------------------------------------------
1072 Turn on (1) or off (0), if the kernel should ignore all ICMP ECHO requests, or
1073 just those to broadcast and multicast addresses.
1075 Please note that if you accept ICMP echo requests with a broadcast/multi\-cast
1076 destination address your network may be used as an exploder for denial of
1077 service packet flooding attacks to other hosts.
1079 icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate and icmp_timeexeed_rate
1080 ---------------------------------------------------------------------------------------
1082 Sets limits for sending ICMP packets to specific targets. A value of zero
1083 disables all limiting. Any positive value sets the maximum package rate in
1084 hundredth of a second (on Intel systems).
1092 This file contains the number one if the host received its IP configuration by
1093 RARP, BOOTP, DHCP or a similar mechanism. Otherwise it is zero.
1098 TTL (Time To Live) for IPv4 interfaces. This is simply the maximum number of
1099 hops a packet may travel.
1104 Enable dynamic socket address rewriting on interface address change. This is
1105 useful for dialup interface with changing IP addresses.
1110 Enable or disable forwarding of IP packages between interfaces. Changing this
1111 value resets all other parameters to their default values. They differ if the
1112 kernel is configured as host or router.
1117 Range of ports used by TCP and UDP to choose the local port. Contains two
1118 numbers, the first number is the lowest port, the second number the highest
1119 local port. Default is 1024-4999. Should be changed to 32768-61000 for
1125 Global switch to turn path MTU discovery off. It can also be set on a per
1126 socket basis by the applications or on a per route basis.
1131 Enable/disable debugging of IP masquerading.
1133 IP fragmentation settings
1134 -------------------------
1136 ipfrag_high_trash and ipfrag_low_trash
1137 --------------------------------------
1139 Maximum memory used to reassemble IP fragments. When ipfrag_high_thresh bytes
1140 of memory is allocated for this purpose, the fragment handler will toss
1141 packets until ipfrag_low_thresh is reached.
1146 Time in seconds to keep an IP fragment in memory.
1154 This file controls the use of the ECN bit in the IPv4 headers, this is a new
1155 feature about Explicit Congestion Notification, but some routers and firewalls
1156 block trafic that has this bit set, so it could be necessary to echo 0 to
1157 /proc/sys/net/ipv4/tcp_ecn, if you want to talk to this sites. For more info
1158 you could read RFC2481.
1160 tcp_retrans_collapse
1161 --------------------
1163 Bug-to-bug compatibility with some broken printers. On retransmit, try to send
1164 larger packets to work around bugs in certain TCP stacks. Can be turned off by
1167 tcp_keepalive_probes
1168 --------------------
1170 Number of keep alive probes TCP sends out, until it decides that the
1171 connection is broken.
1176 How often TCP sends out keep alive messages, when keep alive is enabled. The
1182 Number of times initial SYNs for a TCP connection attempt will be
1183 retransmitted. Should not be higher than 255. This is only the timeout for
1184 outgoing connections, for incoming connections the number of retransmits is
1185 defined by tcp_retries1.
1190 Enable select acknowledgments after RFC2018.
1195 Enable timestamps as defined in RFC1323.
1200 Enable the strict RFC793 interpretation of the TCP urgent pointer field. The
1201 default is to use the BSD compatible interpretation of the urgent pointer
1202 pointing to the first byte after the urgent data. The RFC793 interpretation is
1203 to have it point to the last byte of urgent data. Enabling this option may
1204 lead to interoperatibility problems. Disabled by default.
1209 Only valid when the kernel was compiled with CONFIG_SYNCOOKIES. Send out
1210 syncookies when the syn backlog queue of a socket overflows. This is to ward
1211 off the common 'syn flood attack'. Disabled by default.
1213 Note that the concept of a socket backlog is abandoned. This means the peer
1214 may not receive reliable error messages from an over loaded server with
1220 Enable window scaling as defined in RFC1323.
1225 The length of time in seconds it takes to receive a final FIN before the
1226 socket is always closed. This is strictly a violation of the TCP
1227 specification, but required to prevent denial-of-service attacks.
1232 Indicates how many keep alive probes are sent per slow timer run. Should not
1233 be set too high to prevent bursts.
1238 Length of the per socket backlog queue. Since Linux 2.2 the backlog specified
1239 in listen(2) only specifies the length of the backlog queue of already
1240 established sockets. When more connection requests arrive Linux starts to drop
1241 packets. When syncookies are enabled the packets are still answered and the
1242 maximum queue is effectively ignored.
1247 Defines how often an answer to a TCP connection request is retransmitted
1253 Defines how often a TCP packet is retransmitted before giving up.
1255 Interface specific settings
1256 ---------------------------
1258 In the directory /proc/sys/net/ipv4/conf you'll find one subdirectory for each
1259 interface the system knows about and one directory calls all. Changes in the
1260 all subdirectory affect all interfaces, whereas changes in the other
1261 subdirectories affect only one interface. All directories have the same
1267 This switch decides if the kernel accepts ICMP redirect messages or not. The
1268 default is 'yes' if the kernel is configured for a regular host and 'no' for a
1269 router configuration.
1274 Should source routed packages be accepted or declined. The default is
1275 dependent on the kernel configuration. It's 'yes' for routers and 'no' for
1281 Accept packets with source address 0.b.c.d with destinations not to this host
1282 as local ones. It is supposed that a BOOTP relay daemon will catch and forward
1285 The default is 0, since this feature is not implemented yet (kernel version
1291 Enable or disable IP forwarding on this interface.
1296 Log packets with source addresses with no known route to kernel log.
1301 Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE and a
1302 multicast routing daemon is required.
1307 Does (1) or does not (0) perform proxy ARP.
1312 Integer value determines if a source validation should be made. 1 means yes, 0
1313 means no. Disabled by default, but local/broadcast address spoofing is always
1316 If you set this to 1 on a router that is the only connection for a network to
1317 the net, it will prevent spoofing attacks against your internal networks
1318 (external addresses can still be spoofed), without the need for additional
1324 Accept ICMP redirect messages only for gateways, listed in default gateway
1325 list. Enabled by default.
1330 If it is not set the kernel does not assume that different subnets on this
1331 device can communicate directly. Default setting is 'yes'.
1336 Determines whether to send ICMP redirects to other hosts.
1341 The directory /proc/sys/net/ipv4/route contains several file to control
1344 error_burst and error_cost
1345 --------------------------
1347 These parameters are used to limit how many ICMP destination unreachable to
1348 send from the host in question. ICMP destination unreachable messages are
1349 sent when we can not reach the next hop, while trying to transmit a packet.
1350 It will also print some error messages to kernel logs if someone is ignoring
1351 our ICMP redirects. The higher the error_cost factor is, the fewer
1352 destination unreachable and error messages will be let through. Error_burst
1353 controls when destination unreachable messages and error messages will be
1354 dropped. The default settings limit warning messages to five every second.
1359 Writing to this file results in a flush of the routing cache.
1361 gc_elastic, gc_interval, gc_min_interval, gc_tresh, gc_timeout
1362 --------------------------------------------------------------
1364 Values to control the frequency and behavior of the garbage collection
1365 algorithm for the routing cache.
1370 Maximum size of the routing cache. Old entries will be purged once the cache
1371 reached has this size.
1373 max_delay, min_delay
1374 --------------------
1376 Delays for flushing the routing cache.
1378 redirect_load, redirect_number
1379 ------------------------------
1381 Factors which determine if more ICPM redirects should be sent to a specific
1382 host. No redirects will be sent once the load limit or the maximum number of
1383 redirects has been reached.
1388 Timeout for redirects. After this period redirects will be sent again, even if
1389 this has been stopped, because the load or number limit has been reached.
1391 Network Neighbor handling
1392 -------------------------
1394 Settings about how to handle connections with direct neighbors (nodes attached
1395 to the same link) can be found in the directory /proc/sys/net/ipv4/neigh.
1397 As we saw it in the conf directory, there is a default subdirectory which
1398 holds the default values, and one directory for each interface. The contents
1399 of the directories are identical, with the single exception that the default
1400 settings contain additional options to set garbage collection parameters.
1402 In the interface directories you'll find the following entries:
1407 A base value used for computing the random reachable time value as specified
1413 The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor
1414 Solicitation messages. Used for address resolution and to determine if a
1415 neighbor is unreachable.
1420 Maximum queue length for a pending arp request - the number of packets which
1421 are accepted from other layers while the ARP address is still resolved.
1426 Maximum for random delay of answers to neighbor solicitation messages in
1427 jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support
1433 Maximum number of retries for unicast solicitation.
1438 Maximum number of retries for multicast solicitation.
1440 delay_first_probe_time
1441 ----------------------
1443 Delay for the first time probe if the neighbor is reachable. (see
1449 An ARP/neighbor entry is only replaced with a new one if the old is at least
1450 locktime old. This prevents ARP cache thrashing.
1455 Maximum time (real time is random [0..proxytime]) before answering to an ARP
1456 request for which we have an proxy ARP entry. In some cases, this is used to
1457 prevent network flooding.
1462 Maximum queue length of the delayed proxy arp timer. (see proxy_delay).
1467 Determines the number of requests to send to the user level ARP daemon. Use 0
1473 Determines how often to check for stale ARP entries. After an ARP entry is
1474 stale it will be resolved again (which is useful when an IP address migrates
1475 to another machine). When ucast_solicit is greater than 0 it first tries to
1476 send an ARP packet directly to the known host When that fails and
1477 mcast_solicit is greater than 0, an ARP request is broadcasted.
1482 The /proc/sys/net/appletalk directory holds the Appletalk configuration data
1483 when Appletalk is loaded. The configurable parameters are:
1488 The amount of time we keep an ARP entry before expiring it. Used to age out
1494 The amount of time we will spend trying to resolve an Appletalk address.
1496 aarp-retransmit-limit
1497 ---------------------
1499 The number of times we will retransmit a query before giving up.
1504 Controls the rate at which expires are checked.
1506 The directory /proc/net/appletalk holds the list of active Appletalk sockets
1509 The fields indicate the DDP type, the local address (in network:node format)
1510 the remote address, the size of the transmit pending queue, the size of the
1511 received queue (bytes waiting for applications to read) the state and the uid
1514 /proc/net/atalk_iface lists all the interfaces configured for appletalk.It
1515 shows the name of the interface, its Appletalk address, the network range on
1516 that address (or network number for phase 1 networks), and the status of the
1519 /proc/net/atalk_route lists each known network route. It lists the target
1520 (network) that the route leads to, the router (may be directly connected), the
1521 route flags, and the device the route is using.
1526 The IPX protocol has no tunable values in proc/sys/net.
1528 The IPX protocol does, however, provide proc/net/ipx. This lists each IPX
1529 socket giving the local and remote addresses in Novell format (that is
1530 network:node:port). In accordance with the strange Novell tradition,
1531 everything but the port is in hex. Not_Connected is displayed for sockets that
1532 are not tied to a specific remote address. The Tx and Rx queue sizes indicate
1533 the number of bytes pending for transmission and reception. The state
1534 indicates the state the socket is in and the uid is the owning uid of the
1537 The /proc/net/ipx_interface file lists all IPX interfaces. For each interface
1538 it gives the network number, the node number, and indicates if the network is
1539 the primary network. It also indicates which device it is bound to (or
1540 Internal for internal networks) and the Frame Type if appropriate. Linux
1541 supports 802.3, 802.2, 802.2 SNAP and DIX (Blue Book) ethernet framing for
1544 The /proc/net/ipx_route table holds a list of IPX routes. For each route it
1545 gives the destination network, the router node (or Directly) and the network
1546 address of the router (or Connected) for internal networks.
1548 ------------------------------------------------------------------------------
1550 ------------------------------------------------------------------------------
1551 Certain aspects of kernel behavior can be modified at runtime, without the
1552 need to recompile the kernel, or even to reboot the system. The files in the
1553 /proc/sys tree can not only be read, but also modified. You can use the echo
1554 command to write value into these files, thereby changing the default settings
1556 ------------------------------------------------------------------------------