技术控

    今日:102| 主题:49113
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] Understanding /proc with ps

[复制链接]
慌乱了年华 发表于 2016-10-5 09:50:06
75 1

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
Last week I created a small    psclone in ruby. This was done purely out of curiosity, just wondering    howdoes    psworks and how it knows all about current running processes.    You can find the project here.  
  Cool things I learned in the process:
  
       
  •       procfsis a virtual filesystem that stores process data!   
  •       psclone is merely file reading (really).  
  Exploring procfs  

  At first, I went around the web and read about    psand linux processes. This happened to be the first time I was introduced to    procfsreading at TLDP (    http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html) (awesome documentation btw).  
  In summary, all linux’s processes can be found in    /procfolder. This folder is of    procfstype which, like I said before, is a virtual filesystem and most of its file descriptors point to in-memory data. This is why if you run a    ls /proc -lyou’ll notice that most files and folders are of size 0.  
           
  1. ls -l /procdr-xr-xr-x.  9 root           root                         0 Sep 25 22:10 1dr-xr-xr-x.  9 root           root                         0 Oct  1 10:38 10dr-xr-xr-x.  9 root           root                         0 Oct  1 12:46 101dr-xr-xr-x.  9 root           root                         0 Oct  1 12:46 102...
复制代码
       Inside ‘/proc’ there is one folder for    eachprocess running with its pid as name. So I opened one of the folders to see what I could learn about a running process just by reading these filed.  
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...
复制代码
       Ok, now I have a bunch of files like    autogroup,    gid_mapand    mapsthat I have no idea what they’re for. A good starting point would be checking for their documentation. But why on earth shouldn’t I just open them?  
  So I started looping through the files one by one and most of them were completely unreadable for me, until I ran into the golden pot:
           
  1. cat /proc/<pid>/statusName:        chromeState:        S (sleeping)Tgid:        3054Ngid:        0Pid:        3054PPid:        2934TracerPid:        0Uid:        1000        1000        1000        1000Gid:        1000        1000        1000        1000FDSize:        64Groups:        10 1000 1001VmPeak:         1305996 kBVmSize:         1232520 kB...
复制代码
       This is great! Finally something human readable. It contains general data about the process, like its state, memory usage and owner. But is this all I need?
  Not satisfied with ‘/proc’ file exploration, I decided to run    psagainst    straceto see if it’s accessing any of the files I found.  
           
  1. strace -o ./strace_log ps aux
复制代码
       Strace returns all system calls executed by a program. So I filter strace result by ‘open’ system call and as I suspected (maybe I didn’t) the files being open by operating system were the same I first checked:
           
  1. cat ./strace_log | grep open[...]open("/proc/1/stat", O_RDONLY) = 6open("/proc/1/status", O_RDONLY) = 6[...]open("/proc/2/stat", O_RDONLY) = 6open("/proc/2/status", O_RDONLY) = 6open("/proc/2/cmdline", O_RDONLY) = 6open("/proc/3/stat", O_RDONLY) = 6open("/proc/3/status", O_RDONLY) = 6open("/proc/3/cmdline", O_RDONLY) = 6[...]
复制代码
       Ok, so we have    stat,    statusand    cmdlinefiles to check, now all we need to do is to parse this and extract what we need.  
  The code  

  The implementation turned out to be fairly simple and it comes down to reading files and display its content in an organized matter.
  Process data structure  

  We want to display our data in a tabular way; where each process is a record on this table. Let’s take the following class as one of our table records:
           
  1. class ProcessData  attr_reader :pid  attr_reader :name  attr_reader :user  attr_reader :state  attr_reader :rss  def initialize pid, name, user, state, rss    @pid = pid    @name = parse_name name    @user = user    @state = state    @rss = rss  endend
复制代码
       Finding Pid’s for running processes  

  Take into account what we know so far:
  
       
  •       /procfolder contains sub-folders with all processes   
  • All process folders have their pid as name  
  So gathering a list of all current pids should be easy:
           
  1. def get_current_pids  pids = []  Dir.foreach("/proc") { |d|    if is_process_folder?(d)      pids.push(d)    end  }  return pidsend
复制代码
       In order to be a valid process folder it must fulfill two requirements:
  
       
  • It’s a folder (duh?)   
  • It’s name contains only number (this is why we have to cast folder name to int)  
           
  1. def is_process_folder? folder  File.directory?("/proc/#{folder}") and (folder.to_i != 0)end
复制代码
       Extracting process data  

  Now that we know every pid in the system we should create a method that exposes data from    /proc/<pid>/statusfor any of them.  
  But first, lets analyze the file.
           
  1. cat /proc/<pid>/statusName:        chromeState:        S (sleeping)...Uid:        1000        1000        1000        1000
复制代码
       This file is organized in the following way:    Key:\t[values]. This means that for    everypiece of data in this file we can follow this same pattern to extract it. However, some lines will have an individual value and others will have a list of values (like    Uid)  
           
  1. def get_process_data pid  proc_data = {}  File.open("/proc/#{pid}/status") { |file|    begin      while line = file.readline        data = line.strip.split("\t")        key = data.delete_at(0).downcase        proc_data[key] = data      end      file.close    rescue EOFError      file.close    end  }  return proc_dataend
复制代码
       The method above results in the following structure:  
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...0
复制代码
       Reading user data  

  User    uidand name association is kept in    /etc/passwdfile, so in order to show the correct username we must also read this file and parse it.  
  For the sake of simplicity, let’s just read the whole file and save it in a    Hashwith key as    Uidand value as name.  
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...1
复制代码
       Creating process records  

  So far we have found the    pidsin the system, read the    statusfile and extracted the data. What we have to do now is to filter and organize this data into a    single recordthat will be presented to the user.  
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...2
复制代码
       The reason why we get    VMRssvalue is because we want to check resident memory values, this means, only what’s stored in the physical memory and not what’s sitting in our disk.  
  Extra (formatting)  

  You can format ProcessData text in a tabular way to get a prettier output.
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...3
复制代码
       Result:
           
  1. ls -l /proc/<pid>total 0dr-xr-xr-x. 2 fredrb fredrb 0 Sep 28 23:15 attr-rw-r--r--. 1 root   root   0 Oct  1 10:46 autogroup-r--------. 1 root   root   0 Oct  1 10:46 auxv-r--r--r--. 1 root   root   0 Sep 28 23:15 cgroup--w-------. 1 root   root   0 Oct  1 10:46 clear_refs-r--r--r--. 1 root   root   0 Sep 28 22:41 cmdline-rw-r--r--. 1 root   root   0 Oct  1 10:46 comm-rw-r--r--. 1 root   root   0 Oct  1 10:46 coredump_filter...4
复制代码
       Conclusion  

  There is a lot of information that you can find under    /procfolder. This post only covers basic data like name, state and resident memory. But if you dig deep into those files you will find a lot more, like memory mapping and CPU usage.  
  It was very interesting exploring this part of Linux and hopefully you learned something new with this.
友荐云推荐




上一篇:How I test Ansible configuration on 7 different OSes with Docker
下一篇:Evolving Your Open Source Project Infrastructure: There&#x27;s No Such Thing As
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

xundoucha 发表于 2016-10-23 22:20:56
介是神马?!!
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表