The /proc filesystem contains a few basic directories and entries, which we will describe a little bit closer in this section before we go on to the ipv4 system.
First of all, the filesystem contains a huge set of numbered directories that come and go. Each and one of these numbered directories contains information pertaining to all of the currently active processes on the machine. When a new process is started, a new directory is created in the /proc filesystem for it, and a lot of data is created within it regarding the process, such as the commandline with which the program was started with, a link to the "current working directory", environment variables, where the executable is located, and so on.
Except this, we also have quite a few files as well as directories in the root of the /proc filesystem. This is a complete listing of them all:
[blueflux@work1 ]$ ls -l /proc total 0 .... -r--r--r-- 1 root root 0 Sep 19 18:09 apm dr-xr-xr-x 4 root root 0 Sep 19 10:52 bus -r--r--r-- 1 root root 0 Sep 19 18:09 cmdline -r--r--r-- 1 root root 0 Sep 19 18:09 cpuinfo -r--r--r-- 1 root root 0 Sep 19 18:09 devices -r--r--r-- 1 root root 0 Sep 19 18:09 dma dr-xr-xr-x 4 root root 0 Sep 19 18:09 driver -r--r--r-- 1 root root 0 Sep 19 18:09 execdomains -r--r--r-- 1 root root 0 Sep 19 18:09 fb -r--r--r-- 1 root root 0 Sep 19 18:09 filesystems dr-xr-xr-x 2 root root 0 Sep 19 18:09 fs dr-xr-xr-x 4 root root 0 Sep 19 18:09 ide -r--r--r-- 1 root root 0 Sep 19 18:09 interrupts -r--r--r-- 1 root root 0 Sep 19 18:09 iomem -r--r--r-- 1 root root 0 Sep 19 18:09 ioports dr-xr-xr-x 18 root root 0 Sep 19 18:09 irq -r-------- 1 root root 268374016 Sep 19 18:09 kcore -r-------- 1 root root 0 Sep 19 10:52 kmsg -r--r--r-- 1 root root 0 Sep 19 18:09 ksyms -r--r--r-- 1 root root 0 Sep 19 18:09 loadavg -r--r--r-- 1 root root 0 Sep 19 18:09 locks -r--r--r-- 1 root root 0 Sep 19 18:09 mdstat -r--r--r-- 1 root root 0 Sep 19 18:09 meminfo -r--r--r-- 1 root root 0 Sep 19 18:09 misc -r--r--r-- 1 root root 0 Sep 19 18:09 modules lrwxrwxrwx 1 root root 11 Sep 19 18:09 mounts -> self/mounts -rw-r--r-- 1 root root 208 Sep 19 11:02 mtrr dr-xr-xr-x 3 root root 0 Sep 19 18:09 net dr-xr-xr-x 2 root root 0 Sep 19 18:09 nv -r--r--r-- 1 root root 0 Sep 19 18:09 partitions -r--r--r-- 1 root root 0 Sep 19 18:09 pci dr-xr-xr-x 3 root root 0 Sep 19 18:09 scsi lrwxrwxrwx 1 root root 64 Sep 19 12:01 self -> 2864 -rw-r--r-- 1 root root 0 Sep 19 18:09 slabinfo -r--r--r-- 1 root root 0 Sep 19 18:09 stat -r--r--r-- 1 root root 0 Sep 19 18:09 swaps dr-xr-xr-x 10 root root 0 Sep 19 14:39 sys dr-xr-xr-x 2 root root 0 Sep 19 18:09 sysvipc dr-xr-xr-x 4 root root 0 Sep 19 18:09 tty -r--r--r-- 1 root root 0 Sep 19 18:09 uptime -r--r--r-- 1 root root 0 Sep 19 18:09 version [blueflux@work1 proc]$
Most of the information in the files are rather "human readable", except a few of them. However, a few of them you should not touch, such as the kcore file. The kcore file contains debugging information regarding the kernel, and if you try to 'cat' it, your system may very well hang up and die. If you try to copy it to a real file on the harddrive, you will very soon have filled up your whole partition, and so on. What all of this tells you is to be very careful. Mostly, none of the variables or entries in the /proc filesystem is not dangerous to watch, but a few of them are. A brief walkthrough of the most important files:
cmdline - The command line issued when starting the kernel.
cpuinfo - Information about the Central Processing Unit, who made it, known bugs, flags etcetera.
dma - Contains information about all DMA channels available, and which driver is using it.
filesystems - Contains short information about every single filesystem that the kernel supports.
interrupts - Gives you a brief listing of all IRQ channels, how many interrupts they have seen and what driver is actually using it.
iomem - A brief file containing all IO memory mappings used by different drivers.
ioports - Contains a brief listing of all IO ports used by different drivers.
kcore - Contains a complete memory dump. Do not cat or anything like that, you may freeze your system. Mainly used to debug the system.
kmsg - Contains messages sent by kernel, is not and should not be readable by users since it may contain vital information. Main usage is to debug the system.
ksyms - This contains the kernel symbol table, which is mainly used to debug the kernel.
loadavg - Gives the load average of the system during the last 1, 5 and 15 minutes.
meminfo - Contains information about memory usage on the system.
modules - Contains information about all currently loaded modules in the kernel.
mounts - Symlink to another file in the /proc filesystem which contains information about all mounted filesystems.
partitions - Contains information about all partitions found on all drives in the system.
pci - Gives tons of hardware information about all PCI devices on the system, also includes AGP devices and built in devices which are connected to the PCI bus.
swaps - Contains information about all swap partitions mounted.
uptime - Gives you the uptime of the computer since it was last rebooted in seconds.
version - Gives the exact version string of the kernel currently running, including build date and gcc versions etcetera.
And here is a list of the main directories and what you can expect to find in there:
bus - Contains information about all the buses, hardware-wise, such as USB, PCI and ISA buses.
ide - Contains information about all of the IDE buses on systems that has IDE buses.
net - Some basic information and statistics about the different network systems compiled into the system.
scsi - This directory contains information about SCSI buses on SCSI systems.
sys - Contains lots of variables that may be changed, including the /proc/sys/net/ipv4 which will be deeply discussed in this document.
As you can see, there is literally hundreds of files in the /proc filesystem that may be read and checked for information, and we haven't looked at half of them here. As has already been said, we will only look closer on the ipv4 part and the variables that are tunable through the sysctl inside the /proc filesystem.