Differences between revisions 14 and 15
Revision 14 as of 2007-10-12 12:46:38
Size: 3110
Editor: 202-156-12-12
Comment:
Revision 15 as of 2007-10-12 12:50:54
Size: 3118
Editor: 202-156-12-12
Comment:
Deletions are marked like this. Additions are marked like this.
Line 35: Line 35:
}}}
{{{

pfiles for Linux

Problem

Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles] tool. pfiles is a Solaris proc utility that reports information of all open files by the process id. [http://sources.redhat.com/systemtap/wiki/EugeneTeo Eugene] decided to write a similar tool for Linux using SystemTap. It is based on an example output posted in Red Hat BZ#223489.

Scripts

The script is too long to be listed here. Please download the [attachment:pfiles.stp script] (GPL) instead.

TODO:

  • report socket information
  • report pathname information
  • report locked open files

Output

$ stap -g pfiles.stp $$
3291:  -bash
  Current rlimit: 256 file descriptors
     0: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     1: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     2: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
   255: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR FD_CLOEXEC

$ stap -g pfiles.stp $$ &> output
$ head output 
3291:  -bash
  Current rlimit: 256 file descriptors
     0: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     1: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     2: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
   255: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR FD_CLOEXEC

To gather information about sockets, you can use lsof with pfiles. For example: 

$ /usr/sbin/lsof -i :1-65535 -P
COMMAND     PID USER   FD   TYPE DEVICE SIZE NODE NAME
mugshot    3148 eteo    9u  IPv4  15146       TCP w.x.y.z:35439->w.x.y.z:5222 (ESTABLISHED)
[...]
ssh        4025 eteo    3u  IPv4  18562       TCP w.x.y.z:38303->w.x.y.z:22 (ESTABLISHED)
pidgin     4038 eteo    7u  IPv4  18722       TCP w.x.y.z:40695->w.x.y.z:5222 (ESTABLISHED)
pidgin     4038 eteo   20u  IPv4  18744       TCP w.x.y.z:36216->w.x.y.z:1863 (ESTABLISHED)
ssh       10206 eteo    3u  IPv4  27165       TCP w.x.y.z:51226->w.x.y.z:22 (ESTABLISHED)

Lessons

You can write very useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.

WarStories

None: WSPfiles (last edited 2010-04-19 12:10:27 by 92)