First of all, the filesystem contains a huge set of numbered directories that come and go. Each and one of these numbered directories contains information pertaining to all of the currently active processes on the machine. When a new process is started, a new directory is created in the /proc filesystem for it, and a lot of data is created within it regarding the process, such as the commandline with which the program was started with, a link to the “current working directory”, environment variables, where the executable is located, and so on.
Except this, we also have quite a few files as well as directories in the root of the /proc filesystem. This is a complete listing of them all:
[blueflux@work1 ]$ ls -l /proc total 0 .... -r--r--r-- 1 root root 0 Sep 19 18:09 apm dr-xr-xr-x 4 root root 0 Sep 19 10:52 bus -r--r--r-- 1 root root 0 Sep 19 18:09 cmdline -r--r--r-- 1 root root 0 Sep 19 18:09 cpuinfo -r--r--r-- 1 root root 0 Sep 19 18:09 devices -r--r--r-- 1 root root 0 Sep 19 18:09 dma dr-xr-xr-x 4 root root 0 Sep 19 18:09 driver -r--r--r-- 1 root root 0 Sep 19 18:09 execdomains -r--r--r-- 1 root root 0 Sep 19 18:09 fb -r--r--r-- 1 root root 0 Sep 19 18:09 filesystems dr-xr-xr-x 2 root root 0 Sep 19 18:09 fs dr-xr-xr-x 4 root root 0 Sep 19 18:09 ide -r--r--r-- 1 root root 0 Sep 19 18:09 interrupts -r--r--r-- 1 root root 0 Sep 19 18:09 iomem -r--r--r-- 1 root root 0 Sep 19 18:09 ioports dr-xr-xr-x 18 root root 0 Sep 19 18:09 irq -r-------- 1 root root 268374016 Sep 19 18:09 kcore -r-------- 1 root root 0 Sep 19 10:52 kmsg -r--r--r-- 1 root root 0 Sep 19 18:09 ksyms -r--r--r-- 1 root root 0 Sep 19 18:09 loadavg -r--r--r-- 1 root root 0 Sep 19 18:09 locks -r--r--r-- 1 root root 0 Sep 19 18:09 mdstat -r--r--r-- 1 root root 0 Sep 19 18:09 meminfo -r--r--r-- 1 root root 0 Sep 19 18:09 misc -r--r--r-- 1 root root 0 Sep 19 18:09 modules lrwxrwxrwx 1 root root 11 Sep 19 18:09 mounts -> self/mounts -rw-r--r-- 1 root root 208 Sep 19 11:02 mtrr dr-xr-xr-x 3 root root 0 Sep 19 18:09 net dr-xr-xr-x 2 root root 0 Sep 19 18:09 nv -r--r--r-- 1 root root 0 Sep 19 18:09 partitions -r--r--r-- 1 root root 0 Sep 19 18:09 pci dr-xr-xr-x 3 root root 0 Sep 19 18:09 scsi lrwxrwxrwx 1 root root 64 Sep 19 12:01 self -> 2864 -rw-r--r-- 1 root root 0 Sep 19 18:09 slabinfo -r--r--r-- 1 root root 0 Sep 19 18:09 stat -r--r--r-- 1 root root 0 Sep 19 18:09 swaps dr-xr-xr-x 10 root root 0 Sep 19 14:39 sys dr-xr-xr-x 2 root root 0 Sep 19 18:09 sysvipc dr-xr-xr-x 4 root root 0 Sep 19 18:09 tty -r--r--r-- 1 root root 0 Sep 19 18:09 uptime -r--r--r-- 1 root root 0 Sep 19 18:09 version [blueflux@work1 proc]$
Most of the information in the files are rather “human readable”, except a few of them. However, a few of them you should not touch, such as the kcore file. The kcore file contains debugging information regarding the kernel, and if you try to ‘cat’ it, your system may very well hang up and die. If you try to copy it to a real file on the harddrive, you will very soon have filled up your whole partition, and so on. What all of this tells you is to be very careful. Mostly, none of the variables or entries in the /proc filesystem is not dangerous to watch, but a few of them are. A brief walkthrough of the most important files:
- cmdline – The command line issued when starting the kernel.
- cpuinfo – Information about the Central Processing Unit, who made it, known bugs, flags etcetera.
- dma – Contains information about all DMA channels available, and which driver is using it.
- filesystems – Contains short information about every single filesystem that the kernel supports.
- interrupts – Gives you a brief listing of all IRQ channels, how many interrupts they have seen and what driver is actually using it.
- iomem – A brief file containing all IO memory mappings used by different drivers.
- ioports – Contains a brief listing of all IO ports used by different drivers.
- kcore – Contains a complete memory dump. Do not cat or anything like that, you may freeze your system. Mainly used to debug the system.
- kmsg – Contains messages sent by kernel, is not and should not be readable by users since it may contain vital information. Main usage is to debug the system.
- ksyms – This contains the kernel symbol table, which is mainly used to debug the kernel.
- loadavg – Gives the load average of the system during the last 1, 5 and 15 minutes.
- meminfo – Contains information about memory usage on the system.
- modules – Contains information about all currently loaded modules in the kernel.
- mounts – Symlink to another file in the /proc filesystem which contains information about all mounted filesystems.
- partitions – Contains information about all partitions found on all drives in the system.
- pci – Gives tons of hardware information about all PCI devices on the system, also includes AGP devices and built in devices which are connected to the PCI bus.
- swaps – Contains information about all swap partitions mounted.
- uptime – Gives you the uptime of the computer since it was last rebooted in seconds.
- version – Gives the exact version string of the kernel currently running, including build date and gcc versions etcetera.
And here is a list of the main directories and what you can expect to find in there:
- bus – Contains information about all the buses, hardware-wise, such as USB, PCI and ISA buses.
- ide – Contains information about all of the IDE buses on systems that has IDE buses.
- net – Some basic information and statistics about the different network systems compiled into the system.
- scsi – This directory contains information about SCSI buses on SCSI systems.
- sys – Contains lots of variables that may be changed, including the /proc/sys/net/ipv4 which will be deeply discussed in this document.
As you can see, there is literally hundreds of files in the /proc filesystem that may be read and checked for information, and we haven’t looked at half of them here. As has already been said, we will only look closer on the ipv4 part and the variables that are tunable through the sysctl inside the /proc filesystem.
The ipsysctl variables may be set in two different ways which entails two totally different methods. The first one is via the sysctl application provided with most distributions per default these days. The other way entails using the /proc filesystem, which should come with any linux installation as long as you have a kernel that has /proc filesystem turned on. In other words, any linux system you find should contain the /proc filesystem).
The sysctl command is a bit more complex than the /proc filesystem, depending on how you see things. Also, as already mentioned, if you use the sysctl application you need more than just the kernel which is almost all that is required via the /proc filesystem. One of the better things with the sysctl command is that it is much easier to maintain a larger listing of changes that we may want to do. All of the changes that we want to use on the system can then be saved into a special configuration file which contains all of the variables and their values. This way of doing things is in other words more suitable for setting variables that we want to use under all circumstances.
The /proc filesystem way of doing things is a little bit easier while tweaking around with settings. When we finally have figured out the proper setting, we may as well set it in the sysctl.conf file and see to it that sysctl is run upon boot, and we will always have our settings set to kernel. Command lines in a script which sets variables through the /proc filesystem will look much worse than sysctl commands and they are generally less readable. Therefore, if you are planning to implement a huge set of ipsysctl settings in a script or another, or if you figure out that you need to set a lot of them, then you should generally try to use the sysctl command instead.
Well there is a lot more information on http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html
Bytes won't bite ... 
FANTASTIC!