2.3 /proc/sys/kernel - general kernel parameters
This directory reflects general kernel behaviors. As I've said before, the
contents depend on your configuration. Here you'll find the most important
files, along with descriptions of what they mean and how to use them.
The file contains three values; highwater, lowwater, and frequency.
It exists only when BSD-style process accounting is enabled. These values
control its behavior. If the free space on the file system where the log lives
goes below lowwater percentage, accounting suspends. If it goes above
highwater percentage, accounting resumes. Frequency determines how often you
check the amount of free space (value is in seconds). Default settings are: 4,
2, and 30. That is, suspend accounting if there is less than 2 percent free;
resume it if we have a value of 3 or more percent; consider information about
the amount of free space valid for 30 seconds
The file contains a single value denoting the limit on the argv array size
for execve (in KiB). This limit is only applied when system call auditing for
execve is enabled, otherwise the value is ignored.
When the value in this file is 0, ctrl-alt-del is trapped and sent to the init
program to handle a graceful restart. However, when the value is greater that
zero, Linux's reaction to this key combination will be an immediate reboot,
without syncing its dirty buffers.
When a program (like dosemu) has the keyboard in raw mode, the
ctrl-alt-del is intercepted by the program before it ever reaches the
kernel tty layer, and it is up to the program to decide what to do with
domainname and hostname
These files can be controlled to set the NIS domainname and hostname of your
box. For the classic a simple:
# echo "darkstar" > /proc/sys/kernel/hostname 
# echo "" > /proc/sys/kernel/domainname

would suffice to set your hostname and NIS domainname.
osrelease, ostype and version
The names make it pretty obvious what these fields contain:
> cat /proc/sys/kernel/osrelease 

> cat /proc/sys/kernel/ostype 

> cat /proc/sys/kernel/version 
#4 Fri Oct 1 12:41:14 PDT 1999

The files osrelease and ostype should be clear enough. Version needs a little
more clarification. The #4 means that this is the 4th kernel built from this
source base and the date after it indicates the time the kernel was built. The
only way to tune these values is to rebuild the kernel.
The value in this file represents the number of seconds the kernel waits
before rebooting on a panic. When you use the software watchdog, the
recommended setting is 60. If set to 0, the auto reboot after a kernel panic
is disabled, which is the default setting.
The four values in printk denote
* console_loglevel,
* default_message_loglevel,
* minimum_console_loglevel and
* default_console_loglevel
These values influence printk() behavior when printing or logging error
messages, which come from inside the kernel. See syslog(2) for more
information on the different log levels.
Messages with a higher priority than this will be printed to the console.
Messages without an explicit priority will be printed with this priority.
Minimum (highest) value to which the console_loglevel can be set.
Default value for console_loglevel.
This file shows the size of the generic SCSI (sg) buffer. At this point, you
can't tune it yet, but you can change it at compile time by editing
include/scsi/sg.h and changing the value of SG_BIG_BUFF.
If you use a scanner with SANE (Scanner Access Now Easy) you might want to set
this to a higher value. Refer to the SANE documentation on this issue.
The location where the modprobe binary is located. The kernel uses this
program to load modules on demand.
The value in this file affects behavior of handling NMI. When the value is
non-zero, unknown NMI is trapped and then panic occurs. At that time, kernel
debugging information is displayed on console.
NMI switch that most IA32 servers have fires unknown NMI up, for example.
If a system hangs up, try pressing the NMI switch.
Enables/Disables the NMI watchdog on x86 systems. When the value is non-zero
the NMI watchdog is enabled and will continuously test all online cpus to
determine whether or not they are still functioning properly.
Because the NMI watchdog shares registers with oprofile, by disabling the NMI
watchdog, oprofile may have more registers to utilize.
Enables/Disables the protection of the per-process proc entries "maps" and
"smaps". When enabled, the contents of these files are visible only to
readers that are allowed to ptrace() the given process.

2.4 /proc/sys/vm - The virtual memory subsystem
The files in this directory can be used to tune the operation of the virtual
memory (VM) subsystem of the Linux kernel.
Controls the tendency of the kernel to reclaim the memory which is used for
caching of directory and inode objects.
At the default value of vfs_cache_pressure=100 the kernel will attempt to
reclaim dentries and inodes at a "fair" rate with respect to pagecache and
swapcache reclaim. Decreasing vfs_cache_pressure causes the kernel to prefer
to retain dentry and inode caches. Increasing vfs_cache_pressure beyond 100
causes the kernel to prefer to reclaim dentries and inodes.
Contains, as a percentage of total system memory, the number of pages at which
the pdflush background writeback daemon will start writing out dirty data.
Contains, as a percentage of total system memory, the number of pages at which
a process which is generating disk writes will itself start writing out dirty
The pdflush writeback daemons will periodically wake up and write `old' data
out to disk. This tunable expresses the interval between those wakeups, in
100'ths of a second.
Setting this to zero disables periodic writeback altogether.
This tunable is used to define when dirty data is old enough to be eligible
for writeout by the pdflush daemons. It is expressed in 100'ths of a second. 
Data which has been dirty in-memory for longer than this interval will be
written out next time a pdflush daemon wakes up.
If non-zero, this sysctl disables the new 32-bit mmap mmap layout - the kernel
will use the legacy (2.4) layout for all processes.
For some specialised workloads on highmem machines it is dangerous for
the kernel to allow process memory to be allocated from the "lowmem"
zone. This is because that memory could then be pinned via the mlock()
system call, or by unavailability of swapspace.
And on large highmem machines this lack of reclaimable lowmem memory
can be fatal.
So the Linux page allocator has a mechanism which prevents allocations
which _could_ use highmem from using too much lowmem. This means that
a certain amount of lowmem is defended from the possibility of being
captured into pinned user memory.
(The same argument applies to the old 16 megabyte ISA DMA region. This
mechanism will also defend that region from allocations which could use
highmem or lowmem).
The `lower_zone_protection' tunable determines how aggressive the kernel is
in defending these lower zones. The default value is zero - no
protection at all.
If you have a machine which uses highmem or ISA DMA and your
applications are using mlock(), or if you are running with no swap then
you probably should increase the lower_zone_protection setting.
The units of this tunable are fairly vague. It is approximately equal
to "megabytes," so setting lower_zone_protection=100 will protect around 100
megabytes of the lowmem zone from user allocations. It will also make
those 100 megabytes unavailable for use by applications and by
pagecache, so there is a cost.
The effects of this tunable may be observed by monitoring
/proc/meminfo:LowFree. Write a single huge file and observe the point
at which LowFree ceases to fall.
A reasonable value for lower_zone_protection is 100.
page-cluster controls the number of pages which are written to swap in
a single attempt. The swap I/O size.
It is a logarithmic value - setting it to zero means "1 page", setting
it to 1 means "2 pages", setting it to 2 means "4 pages", etc.
The default value is three (eight pages at a time). There may be some
small benefits in tuning this to a different value if your workload is
Controls overcommit of system memory, possibly allowing processes
to allocate (but not use) more memory than is actually available.

0 - Heuristic overcommit handling. Obvious overcommits of
address space are refused. Used for a typical system. It
ensures a seriously wild allocation fails while allowing
overcommit to reduce swap usage. root is allowed to
allocate slightly more memory in this mode. This is the
1 - Always overcommit. Appropriate for some scientific
2 - Don't overcommit. The total address space commit
for the system is not permitted to exceed swap plus a
configurable percentage (default is 50) of physical RAM.
Depending on the percentage you use, in most situations
this means a process will not be killed while attempting
to use already-allocated memory but will receive errors
on memory allocation as appropriate.
Percentage of physical memory size to include in overcommit calculations
(see above.)
Memory allocation limit = swapspace + physmem * (overcommit_ratio / 100)
swapspace = total size of all swap areas
physmem = size of physical memory in system
nr_hugepages and hugetlb_shm_group
nr_hugepages configures number of hugetlb page reserved for the system.
hugetlb_shm_group contains group id that is allowed to create SysV shared
memory segment using hugetlb page.
This parameter is only useful when kernelcore= is specified at boot time to
create ZONE_MOVABLE for pages that may be reclaimed or migrated. Huge pages
are not movable so are not normally allocated from ZONE_MOVABLE. A non-zero
value written to hugepages_treat_as_movable allows huge pages to be allocated
Once enabled, the ZONE_MOVABLE is treated as an area of memory the huge
pages pool can easily grow or shrink within. Assuming that applications are
not running that mlock() a lot of memory, it is likely the huge pages pool
can grow to the size of ZONE_MOVABLE by repeatedly entering the desired value
into nr_hugepages and triggering page reclaim.
laptop_mode is a knob that controls "laptop mode". All the things that are
controlled by this knob are discussed in Documentation/laptop-mode.txt.
block_dump enables block I/O debugging when set to a nonzero value. More
information on block I/O debugging is in Documentation/laptop-mode.txt.
This file contains valid hold time of swap out protection token. The Linux
VM has token based thrashing control mechanism and uses the token to prevent
unnecessary page faults in thrashing situation. The unit of the value is
second. The value would be useful to tune thrashing behavior.
Writing to this will cause the kernel to drop clean caches, dentries and
inodes from memory, causing that memory to become free.
To free pagecache:
echo 1 > /proc/sys/vm/drop_caches
To free dentries and inodes:
echo 2 > /proc/sys/vm/drop_caches
To free pagecache, dentries and inodes:
echo 3 > /proc/sys/vm/drop_caches
As this is a non-destructive operation and dirty objects are not freeable, the
user should run `sync' first.

2.5 /proc/sys/dev - Device specific parameters
Currently there is only support for CDROM drives, and for those, there is only
one read-only file containing information about the CD-ROM drives attached to
the system:
>cat /proc/sys/dev/cdrom/info 
CD-ROM information, Id: cdrom.c 2.55 1999/04/25 

drive name: sr0 hdb 
drive speed: 32 40 
drive # of slots: 1 0 
Can close tray: 1 1 
Can open tray: 1 1 
Can lock tray: 1 1 
Can change speed: 1 1 
Can select disk: 0 1 
Can read multisession: 1 1 
Can read MCN: 1 1 
Reports media changed: 1 1 
Can play audio: 1 1

You see two drives, sr0 and hdb, along with a list of their features.
2.6 /proc/sys/sunrpc - Remote procedure calls
This directory contains four files, which enable or disable debugging for the
RPC functions NFS, NFS-daemon, RPC and NLM. The default values are 0. They can
be set to one to turn debugging on. (The default value is 0 for each)
2.7 /proc/sys/net - Networking stuff
The interface to the networking parts of the kernel is located in
/proc/sys/net. Table 2-3 shows all possible subdirectories. You may see only
some of them, depending on your kernel's configuration.

Table 2-3: Subdirectories in /proc/sys/net 
Directory Content Directory Content 
core General parameter appletalk Appletalk protocol 
unix Unix domain sockets netrom NET/ROM 
802 E802 protocol ax25 AX25 
ethernet Ethernet protocol rose X.25 PLP layer 
ipv4 IP version 4 x25 X.25 protocol 
ipx IPX token-ring IBM token ring 
bridge Bridging decnet DEC net 
ipv6 IP version 6 
We will concentrate on IP networking here. Since AX15, X.25, and DEC Net are
only minor players in the Linux world, we'll skip them in this chapter. You'll
find some short info on Appletalk and IPX further on in this chapter. Review
the online documentation and the kernel source to get a detailed view of the
parameters for those protocols. In this section we'll discuss the
subdirectories printed in bold letters in the table above. As default values
are suitable for most needs, there is no need to change these values.
/proc/sys/net/core - Network core options
The default setting of the socket receive buffer in bytes.
The maximum receive socket buffer size in bytes.
The default setting (in bytes) of the socket send buffer.
The maximum send socket buffer size in bytes.
message_burst and message_cost
These parameters are used to limit the warning messages written to the kernel
log from the networking code. They enforce a rate limit to make a
denial-of-service attack impossible. A higher message_cost factor, results in
fewer messages that will be written. Message_burst controls when messages will
be dropped. The default settings limit warning messages to one every five
This controls console messages from the networking stack that can occur because
of problems on the network like duplicate address or bad checksums. Normally,
this should be enabled, but if the problem persists the messages can be

Maximum number of packets, queued on the INPUT side, when the interface
receives packets faster than kernel can process them.
Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence
of struct cmsghdr structures with appended data.
/proc/sys/net/unix - Parameters for Unix domain sockets
There are only two files in this subdirectory. They control the delays for
deleting and destroying socket descriptors.
2.8 /proc/sys/net/ipv4 - IPV4 settings
IP version 4 is still the most used protocol in Unix networking. It will be
replaced by IP version 6 in the next couple of years, but for the moment it's
the de facto standard for the internet and is used in most networking
environments around the world. Because of the importance of this protocol,
we'll have a deeper look into the subtree controlling the behavior of the IPv4
subsystem of the Linux kernel.
Let's start with the entries in /proc/sys/net/ipv4.
ICMP settings
icmp_echo_ignore_all and icmp_echo_ignore_broadcasts
Turn on (1) or off (0), if the kernel should ignore all ICMP ECHO requests, or
just those to broadcast and multicast addresses.
Please note that if you accept ICMP echo requests with a broadcast/multi\-cast
destination address your network may be used as an exploder for denial of
service packet flooding attacks to other hosts.
icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate and icmp_timeexeed_rate
Sets limits for sending ICMP packets to specific targets. A value of zero
disables all limiting. Any positive value sets the maximum package rate in
hundredth of a second (on Intel systems).
IP settings
This file contains the number one if the host received its IP configuration by
RARP, BOOTP, DHCP or a similar mechanism. Otherwise it is zero.
TTL (Time To Live) for IPv4 interfaces. This is simply the maximum number of
hops a packet may travel.
Enable dynamic socket address rewriting on interface address change. This is
useful for dialup interface with changing IP addresses.
Enable or disable forwarding of IP packages between interfaces. Changing this
value resets all other parameters to their default values. They differ if the
kernel is configured as host or router.
Range of ports used by TCP and UDP to choose the local port. Contains two
numbers, the first number is the lowest port, the second number the highest
local port. Default is 1024-4999. Should be changed to 32768-61000 for
high-usage systems.
Global switch to turn path MTU discovery off. It can also be set on a per
socket basis by the applications or on a per route basis.
Enable/disable debugging of IP masquerading.
IP fragmentation settings
ipfrag_high_trash and ipfrag_low_trash
Maximum memory used to reassemble IP fragments. When ipfrag_high_thresh bytes
of memory is allocated for this purpose, the fragment handler will toss
packets until ipfrag_low_thresh is reached.
Time in seconds to keep an IP fragment in memory.
TCP settings
This file controls the use of the ECN bit in the IPv4 headers. This is a new
feature about Explicit Congestion Notification, but some routers and firewalls
block traffic that has this bit set, so it could be necessary to echo 0 to
/proc/sys/net/ipv4/tcp_ecn if you want to talk to these sites. For more info
you could read RFC2481.
Bug-to-bug compatibility with some broken printers. On retransmit, try to send
larger packets to work around bugs in certain TCP stacks. Can be turned off by
setting it to zero.
Number of keep alive probes TCP sends out, until it decides that the
connection is broken.
How often TCP sends out keep alive messages, when keep alive is enabled. The
default is 2 hours.
Number of times initial SYNs for a TCP connection attempt will be
retransmitted. Should not be higher than 255. This is only the timeout for
outgoing connections, for incoming connections the number of retransmits is
defined by tcp_retries1.
Enable select acknowledgments after RFC2018.
Enable timestamps as defined in RFC1323.
Enable the strict RFC793 interpretation of the TCP urgent pointer field. The
default is to use the BSD compatible interpretation of the urgent pointer
pointing to the first byte after the urgent data. The RFC793 interpretation is
to have it point to the last byte of urgent data. Enabling this option may
lead to interoperability problems. Disabled by default.
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES. Send out
syncookies when the syn backlog queue of a socket overflows. This is to ward
off the common 'syn flood attack'. Disabled by default.
Note that the concept of a socket backlog is abandoned. This means the peer
may not receive reliable error messages from an over loaded server with
syncookies enabled.
Enable window scaling as defined in RFC1323.
The length of time in seconds it takes to receive a final FIN before the
socket is always closed. This is strictly a violation of the TCP
specification, but required to prevent denial-of-service attacks.
Indicates how many keep alive probes are sent per slow timer run. Should not
be set too high to prevent bursts.
Length of the per socket backlog queue. Since Linux 2.2 the backlog specified
in listen(2) only specifies the length of the backlog queue of already
established sockets. When more connection requests arrive Linux starts to drop
packets. When syncookies are enabled the packets are still answered and the
maximum queue is effectively ignored.
Defines how often an answer to a TCP connection request is retransmitted
before giving up.
Defines how often a TCP packet is retransmitted before giving up.
Interface specific settings
In the directory /proc/sys/net/ipv4/conf you'll find one subdirectory for each
interface the system knows about and one directory calls all. Changes in the
all subdirectory affect all interfaces, whereas changes in the other
subdirectories affect only one interface. All directories have the same
This switch decides if the kernel accepts ICMP redirect messages or not. The
default is 'yes' if the kernel is configured for a regular host and 'no' for a
router configuration.
Should source routed packages be accepted or declined. The default is
dependent on the kernel configuration. It's 'yes' for routers and 'no' for
Accept packets with source address 0.b.c.d with destinations not to this host
as local ones. It is supposed that a BOOTP relay daemon will catch and forward
such packets.
The default is 0, since this feature is not implemented yet (kernel version
Enable or disable IP forwarding on this interface.
Log packets with source addresses with no known route to kernel log.
Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE and a
multicast routing daemon is required.
Does (1) or does not (0) perform proxy ARP.
Integer value determines if a source validation should be made. 1 means yes, 0
means no. Disabled by default, but local/broadcast address spoofing is always
If you set this to 1 on a router that is the only connection for a network to
the net, it will prevent spoofing attacks against your internal networks
(external addresses can still be spoofed), without the need for additional
firewall rules.
Accept ICMP redirect messages only for gateways, listed in default gateway
list. Enabled by default.
If it is not set the kernel does not assume that different subnets on this
device can communicate directly. Default setting is 'yes'.
Determines whether to send ICMP redirects to other hosts.
Routing settings
The directory /proc/sys/net/ipv4/route contains several file to control
routing issues.
error_burst and error_cost
These parameters are used to limit how many ICMP destination unreachable to 
send from the host in question. ICMP destination unreachable messages are 
sent when we cannot reach the next hop while trying to transmit a packet. 
It will also print some error messages to kernel logs if someone is ignoring 
our ICMP redirects. The higher the error_cost factor is, the fewer 
destination unreachable and error messages will be let through. Error_burst 
controls when destination unreachable messages and error messages will be
dropped. The default settings limit warning messages to five every second.
Writing to this file results in a flush of the routing cache.
gc_elasticity, gc_interval, gc_min_interval_ms, gc_timeout, gc_thresh
Values to control the frequency and behavior of the garbage collection
algorithm for the routing cache. gc_min_interval is deprecated and replaced
by gc_min_interval_ms.

Maximum size of the routing cache. Old entries will be purged once the cache
reached has this size.
max_delay, min_delay
Delays for flushing the routing cache.
redirect_load, redirect_number
Factors which determine if more ICPM redirects should be sent to a specific
host. No redirects will be sent once the load limit or the maximum number of
redirects has been reached.
Timeout for redirects. After this period redirects will be sent again, even if
this has been stopped, because the load or number limit has been reached.
Network Neighbor handling
Settings about how to handle connections with direct neighbors (nodes attached
to the same link) can be found in the directory /proc/sys/net/ipv4/neigh.
As we saw it in the conf directory, there is a default subdirectory which
holds the default values, and one directory for each interface. The contents
of the directories are identical, with the single exception that the default
settings contain additional options to set garbage collection parameters.
In the interface directories you'll find the following entries:
base_reachable_time, base_reachable_time_ms
A base value used for computing the random reachable time value as specified
in RFC2461.
Expression of base_reachable_time, which is deprecated, is in seconds.
Expression of base_reachable_time_ms is in milliseconds.
retrans_time, retrans_time_ms
The time between retransmitted Neighbor Solicitation messages.
Used for address resolution and to determine if a neighbor is
Expression of retrans_time, which is deprecated, is in 1/100 seconds (for
IPv4) or in jiffies (for IPv6).
Expression of retrans_time_ms is in milliseconds.
Maximum queue length for a pending arp request - the number of packets which
are accepted from other layers while the ARP address is still resolved.
Maximum for random delay of answers to neighbor solicitation messages in
jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support
Maximum number of retries for unicast solicitation.
Maximum number of retries for multicast solicitation.
Delay for the first time probe if the neighbor is reachable. (see
An ARP/neighbor entry is only replaced with a new one if the old is at least
locktime old. This prevents ARP cache thrashing.
Maximum time (real time is random [0..proxytime]) before answering to an ARP
request for which we have an proxy ARP entry. In some cases, this is used to
prevent network flooding.
Maximum queue length of the delayed proxy arp timer. (see proxy_delay).
Determines the number of requests to send to the user level ARP daemon. Use 0
to turn off.
Determines how often to check for stale ARP entries. After an ARP entry is
stale it will be resolved again (which is useful when an IP address migrates
to another machine). When ucast_solicit is greater than 0 it first tries to
send an ARP packet directly to the known host When that fails and
mcast_solicit is greater than 0, an ARP request is broadcasted.
2.9 Appletalk
The /proc/sys/net/appletalk directory holds the Appletalk configuration data
when Appletalk is loaded. The configurable parameters are:
The amount of time we keep an ARP entry before expiring it. Used to age out
old hosts.
The amount of time we will spend trying to resolve an Appletalk address.
The number of times we will retransmit a query before giving up.
Controls the rate at which expires are checked.
The directory /proc/net/appletalk holds the list of active Appletalk sockets
on a machine.
The fields indicate the DDP type, the local address (in network:node format)
the remote address, the size of the transmit pending queue, the size of the
received queue (bytes waiting for applications to read) the state and the uid
owning the socket.
/proc/net/atalk_iface lists all the interfaces configured for appletalk.It
shows the name of the interface, its Appletalk address, the network range on
that address (or network number for phase 1 networks), and the status of the
/proc/net/atalk_route lists each known network route. It lists the target
(network) that the route leads to, the router (may be directly connected), the
route flags, and the device the route is using.
2.10 IPX
The IPX protocol has no tunable values in proc/sys/net.
The IPX protocol does, however, provide proc/net/ipx. This lists each IPX
socket giving the local and remote addresses in Novell format (that is
network:node:port). In accordance with the strange Novell tradition,
everything but the port is in hex. Not_Connected is displayed for sockets that
are not tied to a specific remote address. The Tx and Rx queue sizes indicate
the number of bytes pending for transmission and reception. The state
indicates the state the socket is in and the uid is the owning uid of the
The /proc/net/ipx_interface file lists all IPX interfaces. For each interface
it gives the network number, the node number, and indicates if the network is
the primary network. It also indicates which device it is bound to (or
Internal for internal networks) and the Frame Type if appropriate. Linux
supports 802.3, 802.2, 802.2 SNAP and DIX (Blue Book) ethernet framing for
The /proc/net/ipx_route table holds a list of IPX routes. For each route it
gives the destination network, the router node (or Directly) and the network
address of the router (or Connected) for internal networks.
2.11 /proc/sys/fs/mqueue - POSIX message queues filesystem
The "mqueue" filesystem provides the necessary kernel features to enable the
creation of a user space library that implements the POSIX message queues
API (as noted by the MSG tag in the POSIX 1003.1-2001 version of the System
Interfaces specification.)
The "mqueue" filesystem contains values for determining/setting the amount of
resources used by the file system.
/proc/sys/fs/mqueue/queues_max is a read/write file for setting/getting the
maximum number of message queues allowed on the system.
/proc/sys/fs/mqueue/msg_max is a read/write file for setting/getting the
maximum number of messages in a queue value. In fact it is the limiting value
for another (user) limit which is set in mq_open invocation. This attribute of
a queue must be less or equal then msg_max.
/proc/sys/fs/mqueue/msgsize_max is a read/write file for setting/getting the
maximum message size value (it is every message queue's attribute set during
its creation).
2.12 /proc/<pid>/oom_adj - Adjust the oom-killer score
This file can be used to adjust the score used to select which processes
should be killed in an out-of-memory situation. Giving it a high score will
increase the likelihood of this process being killed by the oom-killer. Valid
values are in the range -16 to +15, plus the special value -17, which disables
oom-killing altogether for this process.
2.13 /proc/<pid>/oom_score - Display current oom-killer score
This file can be used to check the current score used by the oom-killer is for
any given <pid>. Use it together with /proc/<pid>/oom_adj to tune which
process should be killed in an out-of-memory situation.
Certain aspects of kernel behavior can be modified at runtime, without the
need to recompile the kernel, or even to reboot the system. The files in the
/proc/sys tree can not only be read, but also modified. You can use the echo
command to write value into these files, thereby changing the default settings
of the kernel.
2.14 /proc/<pid>/io - Display the IO accounting fields
This file contains IO statistics for each running process
test:/tmp # dd if=/dev/zero of=/tmp/test.dat &
[1] 3828
test:/tmp # cat /proc/3828/io
rchar: 323934931
wchar: 323929600
syscr: 632687
syscw: 632675
read_bytes: 0
write_bytes: 323932160
cancelled_write_bytes: 0

I/O counter: chars read
The number of bytes which this task has caused to be read from storage. This
is simply the sum of bytes which this process passed to read() and pread().
It includes things like tty IO and it is unaffected by whether or not actual
physical disk IO was required (the read might have been satisfied from

I/O counter: chars written
The number of bytes which this task has caused, or shall cause to be written
to disk. Similar caveats apply here as with rchar.

I/O counter: read syscalls
Attempt to count the number of read I/O operations, i.e. syscalls like read()
and pread().

I/O counter: write syscalls
Attempt to count the number of write I/O operations, i.e. syscalls like
write() and pwrite().

I/O counter: bytes read
Attempt to count the number of bytes which this process really did cause to
be fetched from the storage layer. Done at the submit_bio() level, so it is
accurate for block-backed filesystems. <please add status regarding NFS and
CIFS at a later time>

I/O counter: bytes written
Attempt to count the number of bytes which this process caused to be sent to
the storage layer. This is done at page-dirtying time.

The big inaccuracy here is truncate. If a process writes 1MB to a file and
then deletes the file, it will in fact perform no writeout. But it will have
been accounted as having caused 1MB of write.
In other words: The number of bytes which this process caused to not happen,
by truncating pagecache. A task can cause "negative" IO too. If this task
truncates some dirty pagecache, some IO which another task has been accounted
for (in it's write_bytes) will not be happening. We _could_ just subtract that
from the truncating task's write_bytes, but there is information loss in doing

At its current implementation state, this is a bit racy on 32-bit machines: if
process A reads process B's /proc/pid/io while process B is updating one of
those 64-bit counters, process A could see an intermediate result.

More information about this can be found within the taskstats documentation in
2.15 /proc/<pid>/coredump_filter - Core dump filtering settings
When a process is dumped, all anonymous memory is written to a core file as
long as the size of the core file isn't limited. But sometimes we don't want
to dump some memory segments, for example, huge shared memory. Conversely,
sometimes we want to save file-backed memory segments into a core file, not
only the individual files.
/proc/<pid>/coredump_filter allows you to customize which memory segments
will be dumped when the <pid> process is dumped. coredump_filter is a bitmask
of memory types. If a bit of the bitmask is set, memory segments of the
corresponding memory type are dumped, otherwise they are not dumped.
The following 4 memory types are supported:
- (bit 0) anonymous private memory
- (bit 1) anonymous shared memory
- (bit 2) file-backed private memory
- (bit 3) file-backed shared memory
Note that MMIO pages such as frame buffer are never dumped and vDSO pages
are always dumped regardless of the bitmask status.
Default value of coredump_filter is 0x3; this means all anonymous memory
segments are dumped.
If you don't want to dump all shared memory segments attached to pid 1234,
write 1 to the process's proc file.
$ echo 0x1 > /proc/1234/coredump_filter
When a new process is created, the process inherits the bitmask status from its
parent. It is useful to set up coredump_filter before the program runs.
For example:
$ echo 0x7 > /proc/self/coredump_filter
$ ./some_program


    本文转自eyjian 51CTO博客,原文链接:,如需转载请自行联系原作者

IDE 网络协议 Unix
IDE 网络协议 Unix
------------------------------------------------------------------------------                       T H E  /p...
1102 0
Linux 开发者 Docker
**Linux-command 是GitHub上的一个项目,提供580+ Linux命令的搜索工具,包括手册、详解和学习资源。无广告的Web界面方便查询,可部署到个人服务器。项目已获29.5k Star,支持Docker部署。通过示例展示如何搜索命令参数和用法,助力提升Linux操作效率。[GitHub]( | [在线版](**
38 1
监控 Linux 数据处理
`mountpoint`命令在Linux中用于检测目录是否为挂载点,关键在于检查`/etc/mtab`或`/proc/mounts`。简单易用,高效且无额外依赖。例如,用`mountpoint -q /mnt/data`判断挂载点,并结合`find`列出所有挂载点。在脚本中注意检查返回值,可能需`sudo`提升权限。可与其他命令组合以扩展功能。
Linux 数据处理 Perl
`more`命令是Linux下的文本查看器,适合查看长文件,分页显示内容,支持交互操作如空格(下一页)、回车(下一行)、q(退出)。参数包括:+&lt;num&gt;从指定行开始,/-&lt;num&gt;跳过行,/pattern搜索模式。示例:查看日志`more /var/log/syslog`,从第1000行开始`more +1000 file`,搜索关键词`more /var/log/syslog +/ERROR`。大文件可考虑使用`less`。结合`grep`等命令增强功能。
安全 Linux 数据处理
`mount`命令在Linux中用于挂载文件系统到目录,如硬盘、USB或光盘,使用户能访问数据。它支持多种文件系统,提供灵活的选项控制挂载行为,如 `-t` 指定类型,`-o` 设置选项(如`ro`或`rw`)。挂载点的安全管理包括限制权限和完整性检查。示例应用包括挂载USB设备到`/mnt/usb`,只读挂载,以及重新挂载。使用时需注意权限、正确设备文件、选择合适挂载点,并确保数据安全。使用`umount`卸载文件系统。
Ubuntu IDE Linux
Linux mkinitrd命令详解:深入探索与实用指南
`mkinitrd`命令在Linux中用于创建initrd镜像,它是启动过程的关键,装载驱动和文件系统。该命令自动打包驱动和模块成内存盘,保证硬件兼容性和系统启动。常用参数包括 `-f`(覆盖现有文件)、`-v`(详细输出)、`-k`(指定内核版本)、`-o`(指定输出文件)。通过示例`mkinitrd -k 2.6.32-642.el6.x86_64 -o /boot/initrd...` 创建镜像。注意:确保内核版本匹配,检查硬件兼容性,定期更新initrd,并在操作前备份数据。
存储 安全 Linux
`modutil`是管理PKCS#11及HSM模块的工具,用于安全数据处理。它跨平台且具丰富选项,如 `-add`、`-remove`、`-list` 和 `-initToken`。示例命令是 `modutil -add &quot;MyHSM&quot; -libfile /path/to/ -slot 0 -dbdir /path/to/pkcs11_db`,用于添加模块。使用时注意权限,备份数据,阅读文档并谨慎操作,可与其他工具如`pkcs11-tool`结合使用。
存储 安全 Linux
`mkfifo`在Linux中创建命名管道,用于进程间通信(IPC)。管道是临时的,非持久存储,作为数据传输的通道。特点是无缓冲、支持阻塞/非阻塞模式和权限控制。命令语法:`mkfifo -m &lt;权限&gt; 文件名`。示例:创建`mypipe`,一个进程写入,另一进程读取。注意选择阻塞模式、管理权限、删除不再使用的管道,并处理可能的错误。用于数据交换和高效能应用。
Linux C++
这是关于Linux命令行的一些内容,主要包括了一些常见的Linux命令及其参数的用法。例如,`ls` 命令用于列出目录内容,不同的参数如 `-a` 显示所有文件(包括隐藏文件),`-l` 以详细模式显示,`-S` 按大小排序等。`mkdir` 命令用于创建目录,`cp` 命令用于复制文件或目录,`mv` 命令用于移动或重命名文件或目录,而`rm` 命令则用于删除文件或目录。在使用这些命令时,可以结合不同的参数来实现不同的操作。