Differences between revisions 21 and 22
Revision 21 as of 2007-10-13 14:49:54
Size: 3912
Editor: anonymizer
Comment:
Revision 22 as of 2007-10-13 23:17:59
Size: 3959
Editor: c-c387e255
Comment:
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
 * report pathname information ''done 13/10''

pfiles for Linux

Problem

Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles] tool. pfiles is a Solaris proc utility that reports information of all open files by the process id. [http://sources.redhat.com/systemtap/wiki/EugeneTeo Eugene] decided to write a similar tool for Linux using SystemTap. It is based on an example output posted in Red Hat BZ#223489.

Scripts

The script is too long to be listed here. Please download the [attachment:pfiles.stp script] (GPL) instead.

TODO:

  • report locked open files
  • report socket information
  • report pathname information done 13/10

Output

$ stap -g pfiles.stp `pgrep firefox`
3914:  -firefox-bin
  Current rlimit: 256 file descriptors
   0: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   1: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   2: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   3: S_IFSOCK mode:0777 dev:0,5 ino:18253 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
        socket:[18253]
   4: S_IFREG mode:0664 dev:253,0 ino:16253091 uid:500 gid:500 rdev:0,0
        O_WRONLY 
        /home/eteo/.mozilla/firefox/4b7rsevm.default/.parentlock
   5: S_IFIFO mode:0600 dev:0,6 ino:18260 uid:500 gid:500 rdev:0,0
        O_RDONLY|O_NONBLOCK|O_NDELAY 
        pipe:[18260]
[...]

$ stap -g pfiles.stp `pgrep firefox` &> output
$ head output 
3914:  -firefox-bin
  Current rlimit: 256 file descriptors
   0: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   1: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   2: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
        O_RDWR 
        /dev/pts/4
   3: S_IFSOCK mode:0777 dev:0,5 ino:18253 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
        socket:[18253]
   4: S_IFREG mode:0664 dev:253,0 ino:16253091 uid:500 gid:500 rdev:0,0
        O_WRONLY 
        /home/eteo/.mozilla/firefox/4b7rsevm.default/.parentlock
   5: S_IFIFO mode:0600 dev:0,6 ino:18260 uid:500 gid:500 rdev:0,0
        O_RDONLY|O_NONBLOCK|O_NDELAY 
        pipe:[18260]
[...]

To gather information about sockets, you can use lsof with pfiles. For example:

$ /usr/sbin/lsof -i :1-65535 -P
COMMAND     PID USER   FD   TYPE DEVICE SIZE NODE NAME
mugshot    3148 eteo    9u  IPv4  15146       TCP w.x.y.z:35439->w.x.y.z:5222 (ESTABLISHED)
[...]
ssh        4025 eteo    3u  IPv4  18562       TCP w.x.y.z:38303->w.x.y.z:22 (ESTABLISHED)
pidgin     4038 eteo    7u  IPv4  18722       TCP w.x.y.z:40695->w.x.y.z:5222 (ESTABLISHED)
pidgin     4038 eteo   20u  IPv4  18744       TCP w.x.y.z:36216->w.x.y.z:1863 (ESTABLISHED)
ssh       10206 eteo    3u  IPv4  27165       TCP w.x.y.z:51226->w.x.y.z:22 (ESTABLISHED)

Lessons

You can write very useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.


WarStories

None: WSPfiles (last edited 2010-04-19 12:10:27 by 92)