LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Exploring the /proc/net/ Directory
Pages: 1, 2

Routing and ARP tables

The ARP and routing tables are exported in files named arp and route. They're both fairly self-explanatory. The ARP table looks like this.



The fields make sense when you know that HW means "hardware". The hardware type and flag codings are the ARPHRD_* and ATF_* codings found in the /usr/include/linux/if_arp.h file. The Mask field is used when advertising a promiscuous ARP entry for an IP network or subnetwork.

The first entry in the example is for a host on an Ethernet network (hardware type 1). The flags indicate the entry is incomplete; this is further evidenced by the hardware address of 00:00:00:00:00:00, which would normally contain the hardware address of the mapping described by the entry. The second entry is a working ARP entry mapping the IP address 192.168.0.4 to the hardware address 00:80:C8:8B:7A:46 on the network connected to the eth0 device.

The routing table is also easy to understand (view using cat /proc/net/route, and view an example here). Just as for the socket status tables, the IP addresses and network masks are displayed in byte-reversed hexadecimal.

Linux Network Administrator's Guide, 2nd EditionLinux Network Administrator's Guide, 2nd Edition
By Olaf Kirch & Terry Dawson
2nd Edition June 2000
1-56592-400-2, Order Number: 4002
503 pages, $39.95

The fields are:

Iface

The network interface that datagrams matching this route will leave.

Destination

In combination with the Mark field, this specifies which datagrams will match this route.

Gateway

The IP address of the host that will act as a gateway for datagrams matching this route.

Flags

An indicator of a number of route attributes. The flags field values are the RTF_* codings found in the /usr/include/linux/route.h file.

RefCnt

Unused.

Use

Unused.

Metric

The metric value associated with the route. This is used to indicate the cost or priority of a route.

Mask

In combination with the Destination field, this specifies which datagrams will match this route.

MTU

Specifies the largest TCP segment (in bytes) that will be built for transmission via this route.

Window

Specifies the TCP window (in bytes) that will be advertised for TCP connections made via this route.

IRTT

Specifies the Initial Round Trip time (in milliseconds) that will be used for TCP connections established via this route.

The MTU, Window, and IRTT values are per-route values that override those assigned to the interface and allow for some clever ways out of tricky network configurations.

Protocol statistics

The /proc/net/snmp file exports protocol statistic. It is intended to be used by SNMP (Simple Network Management Protocol) daemon programs and provides summary statistics for each of the IP, ICMP, TCP, and UDP protocols. There is a lot of information in this file, so much that I won't discuss it in detail in this column. Refer to the MIB-2 RFC if you're looking for good descriptions of these fields. Suffice it to say that if you're conversant with how the protocols operate, you can gain important insights into how your network is performing by careful analysis of the information presented here.

There is one important thing to note. All of the fields are decimal integers excepting the Ip: Forwarding field, which is a boolean value. In the SNMP world, boolean values are represented with values 1 and 2, so a value of 1 indicates that IP forwarding is disabled.

View the results of cat /proc/net/snmp here.

How do I use this information?

IP addresses in /proc/net/

In the files offered by the /proc/net/ directory, IP addresses are often represented as little-endian four-byte hexadecimal numbers. These are easy to convert into the more usual dotted-decimal notation.

For example, to convert the remote address and port of line 16 of the /proc/net/tcp output shown in this column, we'd do the following:

• Take the rem_address field:
   0100007F:0017

• Reverse the ordering of the bytes in the IP address part:
   7F000001:0017

• Let's separate the bytes of the address for readability:
   7F 00 00 01 : 0017

• Perform a simple hexadecimal-to-decimal conversion on each:
   127 0 0 1 : 23

It's a telnet connection to localhost. Simple enough.

An important part of the power of the /proc/ filesystem is that all of the files are readable and parsable using just about any program. In the past, the sort of information presented in /proc/ would have been made available via ioctl() function calls against special device files. Using plain-text files means that this information is directly usable by shell scripts, Perl scripts, PHP, and C or C++ programs alike.

It's possible for example to reimplement much of the functionality of the netstat command as a bash shell script. It's a simple task to write a shell script to read data from the /proc/net/ files and write it to a database or flat file for analysis and presentation at a later time, for example, on a web page or report. You could write a Perl script that monitored the data in the /proc/net/dev file and automatically create or destroy additional PPP connections to share network load using EQL. There are many potential uses.

If you're comfortable with the /proc/net/ directory and are hungry for more network-related configuration and statistical information, you should explore the /proc/sys/net/ directory. It contains a whole new level of detail and allows your programs to actually manipulate certain configuration parameters by writing replacement values into the files.

Happy exploring.

Terry Dawson is the author of a number of network-related HOWTO documents for the Linux Documentation Project, a co-author of the 2nd edition of O'Reilly's Linux Network Administrators Guide, and is an active participant in a number of other Linux projects.


Read more Linux Network Administration columns.

Discuss this article in the O'Reilly Network Linux Forum.

Return to the Linux DevCenter.

 




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: