Parsing the Linux procfs

Overview

pfs

Very easy to use, procfs parsing library in C++.

Build

Build & Test

Run cmake . && make

Currently supported CMake configuration flags:

  • BUILD_SHARED_LIBS=<ON|OFF>: ON to compile a shared library. OFF to compile a static library (DEFAULT: ON)

You can pass any number of those to the cmake command: cmake -D<CONFIG_FLAG>=<VALUE> .

Build using clang

If you prefer using clang, just configure the compiler while running cmake:

CXX=<clang++> CC=<clang> cmake .

After that, just use make as always.

Integrate

  • Compile as a shared or static library.
  • Add the contents of /lib into your link directories
  • Add the contents of /include into your include directories. That's it, you are good to go.

Features

  • Parsing system-wide information from files directly under /procfs. See procfs.hpp for all the supported files.
  • Parsing per-task (processes and threads) information from files under /procfs/[task-id]/. See task.hpp for all the supported files.
  • Parsing network information from files under /procfs/net (which is an alias to /procfs/self/net nowadays)

Requirements

  • The library requires C++11 or newer
  • The library aims to support Linux kernel versions >= 2.6.32.

Notes

  • All APIs and function calls might throw std::bad_alloc exceptions when allocations of standard containers such as std::string fail.
  • APIs are thread-safe. There are no internal states/members/caches that might be affected by simultaneous calls.
  • Objects do NOT handle data caching. All the APIs are pure getters that always(!) fetch the information from the filesystem.
  • The location of the procfs filesystem is configurable. Just create the procfs object with the right path for your machine.

Samples

The directory sample contains a full blown application that calls all(!) the supported APIs and prints all the information gathered. When compiling the library, the sample applications is compiled as well.

Anyway, here are some cool examples:

Example 1: Iterater over all the loaded unsigned or out-of-tree kernel modules

auto pfs = pfs::procfs();
auto modules = pfs.get_modules();
for (const auto& module : modules)
{
    if (module.is_out_of_tree || module.is_unsigned)
    {
        ... do your work ...
    }
}

Example 2: Find all the memory maps for task 1234 (This can be both a process or a thread) that start with an ELFs header

auto task = pfs::procfs().get_task(1234);
auto mem = task.get_mem();
for (auto& map : task.get_maps())
{
    if (!map.perm.can_read)
    {
        continue;
    }

    static const std::vector<uint8_t> ELF_HEADER = { 0x7F, 0x45, 0x4C, 0x46 };
    if (mem.read(map.start_address, ELF_HEADER.size()) == ELF_HEADER)
    {
        ... do your work ...
    }
}

(You can either create pfs every time or once and keep it, the overhead is really small)

Example 3: Iterate over all the IPv4 TCP sockets currently in listening state (in my current network namespace):

// Same as pfs::procfs().get_task().get_net().get_tcp()
for (auto& socket : pfs::procfs().get_net().get_tcp())
{
    if (socket.current_state == socket::state::listen)
    {
        ... do your work ...
    }
}

(API behaves similar to the procfs, where /proc/net is a soft link to /proc/self/net)

Example 4: Get all the IPv6 UDP sockets in the root network namespace belonging to a specific user ID:

for (auto& socket : pfs::procfs().get_task(1).get_net().get_udp6())
{
    if (socket.uid == <some-uid-value>)
    {
        ... do your work ...
    }
}

Example 5: Check if the process catches SIGSTOP signals

auto status = pfs::procfs().get_task(1234).get_status();
bool handles_sigstop = status.sig_cgt.is_set(pfs::signal::sigstop);
Comments
  • Make building samples and tests optional.

    Make building samples and tests optional.

    During compilation on ubuntu 21.10 with gcc, I got the following compilation error, which seems to be caused by the test framework:

    /...src/projects/pfs/test/catch.hpp:10822:58: error: call to non-‘constexpr’ function ‘long int sysconf(int)’
    10822 |     static constexpr std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ;
          |                                                          ^~~~~~~~~~~
    In file included from /usr/include/x86_64-linux-gnu/bits/sigstksz.h:24,
                     from /usr/include/signal.h:328,
                     from /...src/projects/pfs/test/catch.hpp:8034,
                     from /...src/projects/pfs/test/main.cpp:18:
    /usr/include/unistd.h:640:17: note: ‘long int sysconf(int)’ declared here
      640 | extern long int sysconf (int __name) __THROW;
          |                 ^~~~~~~
    In file included from /...src/projects/pfs/test/main.cpp:18:
    /...src/projects/pfs/test/catch.hpp:10881:45: error: size of array ‘altStackMem’ is not an integral constant-expression
    10881 |     char FatalConditionHandler::altStackMem[sigStackSize] = {};
    
    

    Added cmake options to be able to build without samples and tests.

    opened by bveldhoen 2
  • Unknown typename 'loff_t'

    Unknown typename 'loff_t'

    I get this error (when including <pfs/procfs.hpp>): error: unknown type name 'loff_t'; did you mean 'off_t'? std::vector<uint8_t> read(loff_t offset, size_t len); in mem.hpp.

    I think we should fix it as done here: https://github.com/nwchemgit/nwchem/commit/492f2661105ef5914fe9c3df4b6c74232bac0dd2

    What do you think?

    32bit 
    opened by kfiros 2
  • non-constexpr sysconf(int) used in constexpr environment wrt sigStackSize on ubuntu 21.10

    non-constexpr sysconf(int) used in constexpr environment wrt sigStackSize on ubuntu 21.10

    An out of the box build on ubuntu 21.10 which uses c++ (Ubuntu 11.2.0-7ubuntu2) 11.2.0 takes an error:

    [ 48%] Building CXX object CMakeFiles/unittest.dir/test/main.cpp.o
    /usr/bin/c++  -I/home/robhenry/rrhtools/pfs/include -g -std=c++11 -Wall -Wextra -pedantic -Werror -o CMakeFiles/unittest.dir/test/main.cpp.o -c /home/robhenry/rrhtools/pfs/test/main.cpp
    [ 61%] Built target sample
    In file included from /usr/include/signal.h:328,
                     from /home/robhenry/rrhtools/pfs/test/catch.hpp:7959,
                     from /home/robhenry/rrhtools/pfs/test/main.cpp:18:
    /home/robhenry/rrhtools/pfs/test/catch.hpp:10822:58: error: call to non-‘constexpr’ function ‘long int sysconf(int)’
    10822 |     static constexpr std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ;
          |                                                          ^~~~~~~~~~~
    In file included from /usr/include/aarch64-linux-gnu/bits/sigstksz.h:24,
                     from /usr/include/signal.h:328,
                     from /home/robhenry/rrhtools/pfs/test/catch.hpp:7959,
                     from /home/robhenry/rrhtools/pfs/test/main.cpp:18:
    /usr/include/unistd.h:640:17: note: ‘long int sysconf(int)’ declared here
      640 | extern long int sysconf (int __name) __THROW;
          |                 ^~~~~~~
    In file included from /home/robhenry/rrhtools/pfs/test/main.cpp:18:
    /home/robhenry/rrhtools/pfs/test/catch.hpp:10881:45: error: size of array ‘altStackMem’ is not an integral constant-expression
    
    catch 
    opened by RobertHenry6bev 1
  • Fix wrong member types in the proc_stat struct

    Fix wrong member types in the proc_stat struct

    It appears that ctxt and processes members of the proc_stat struct might exceed the size of unsigned int, fixing this bug by using unsigned long long instead.

    opened by kfiros 1
  • Compiling with Clang fails with

    Compiling with Clang fails with "explicitly defaulted copy assignment operator is implicitly deleted"

    When compiling with clang 12 it fails with the following error message:

    /tmp/pfs/include/pfs/net.hpp:39:10: error: explicitly defaulted copy assignment operator is implicitly deleted [-Werror,-Wdefaulted-function-deleted]
        net& operator=(const net&) = default;
             ^
    /tmp/pfs/include/pfs/net.hpp:66:23: note: copy assignment operator of 'net' is implicitly deleted because field '_procfs_root' has no copy assignment operator
        const std::string _procfs_root;
                          ^
    /tmp/pfs/include/pfs/net.hpp:40:10: error: explicitly defaulted move assignment operator is implicitly deleted [-Werror,-Wdefaulted-function-deleted]
        net& operator=(net&&) = default;
             ^
    /tmp/pfs/include/pfs/net.hpp:66:23: note: move assignment operator of 'net' is implicitly deleted because field '_procfs_root' has no move assignment operator
        const std::string _procfs_root;
                          ^
    2 errors generated.
    make[2]: *** [CMakeFiles/pfs.dir/build.make:63: CMakeFiles/pfs.dir/src/net.cpp.o] Error 1
    make[1]: *** [CMakeFiles/Makefile2:134: CMakeFiles/pfs.dir/all] Error 2
    make: *** [Makefile:84: all] Error 2
    

    Also, pretty useful library. It works fine with g++ including the tests.

    enhancement 
    opened by codecnotsupported 1
  • Add Parser for /proc/net/route

    Add Parser for /proc/net/route

    Working on a parser for IPv6 as well (it's a different file called /proc/net/ipv6_route)

    Use pfs to get network device information from /proc/net/route. Adds parser, unit test, and sample out for new parser.

    enhancement 
    opened by lyshar 0
  • Adjust to compilation as CMake sub-directory

    Adjust to compilation as CMake sub-directory

    Avoid possible option collisions when using pfs as sub-directory. Some options are supposed to be shared with the project and are common CMake flags, like the CMAKE_BUILD_TYPE or BUILD_SHARED_LIBS. Whereas other flags are not supposed to be shared, and hence should are to be prefixed with the project name.

    While at it, print all CMake options while building to ease debugging and standardize the formatting of the CMakeLists.txt file.

    enhancement 
    opened by dtrugman 0
  • Fix unknown type loff_t

    Fix unknown type loff_t

    This fixes #13 Modules that included mem.hpp encountered an error: loff_t type is unknown Because the relevant include was included from the source file.

    opened by dtrugman 0
  • Readme errors

    Readme errors

    Some of the network samples in the readme file were not updated after the changes introduced in: https://github.com/dtrugman/pfs/commit/49e0edef290cd59baf26badf251ae5474b6904ac

    Samples should be fixed and tested.

    opened by kfiros 0
  • Enhancement/move delim and remap into parser

    Enhancement/move delim and remap into parser

    Move constant values that are relevant to the specific parser into the class instead of passing it to them. Caller should not care about those values at all.

    enhancement 
    opened by dtrugman 0
  • Add count_fds() API as part of the task API

    Add count_fds() API as part of the task API

    The current get_fds() API allows obtaining the process's number of opened file descriptors, however, it forces saving extra temporary information. The new count_fds() API could be useful in case of processes with a large number of fds (ex: massive fd leakage).

    opened by kfiros 0
Releases(v0.6.0)
  • v0.6.0(Nov 4, 2022)

  • v0.5.0(Sep 30, 2022)

  • v0.4.6(Sep 19, 2022)

    New features:

    • Add gid & uid map (/proc/<id>/gid_map and /proc/<id>/uid_map) parsing
    • Add net device (/proc/net/dev) parsing

    Enhancements:

    • Make building tests and samples optional
    Source code(tar.gz)
    Source code(zip)
  • v0.4.5(Nov 24, 2021)

  • v0.4.4(Oct 28, 2021)

  • v0.4.3(Aug 2, 2021)

  • v0.4.2(Aug 2, 2021)

  • v0.4.1(Jul 27, 2021)

    New features:

    • Allow access to both process-wide (/proc/<id>) and thread-specific (/proc/<pid>/task/<tid>) information

    Enhancements:

    • Allow DEBUG compilations without the address sanitizer enabled

    Bug fixes:

    • Fix unknown 'loff_t' type
    • Fix README examples
    Source code(tar.gz)
    Source code(zip)
  • v0.4.0(Jul 12, 2021)

    New features:

    • Add API to extract system stat information
    • Add API to extract cgroup information (Both system-wide controllers and per-task)

    Enhancements:

    • Use std::chrono types for uptime durations

    Bug fixes:

    • Fix UT compilation on 32-bit systems
    • Fix mem API on 32-bit systems

    Known issues:

    • Version macro is set to 0.3.0 (was not bumped to 0.4.0)
    Source code(tar.gz)
    Source code(zip)
  • v0.3.1(Jun 4, 2021)

    New features:

    • Add API to extract /proc/uptime
    • New API to count number of open FDs

    Enhancements:

    • Set CMake project name
    • Performance improvements to namespace inode extraction

    Bug fixes:

    • Fix parsing issues on 32-bit systems
    • Minor fixes: missing includes & cosmetic changes
    Source code(tar.gz)
    Source code(zip)
  • v0.3.0(Mar 6, 2021)

    New features:

    • Add new wrapper class for FDs - Allows easy access to FD properties to help with stitching against network information
    • Add netlink sockets parsing
    • New sample applications
      • Added FD enumeration with stitching against network information
      • Added "lsmod"-like implementation with a regex filter
      • Improved the sample application structure

    Enhancements:

    • Return vectors instead of sets to retain order of output values when ordering is not "expected"
    • Compile by default with address sanitizer enabled
    • Rename some types for a more consistent experience
    • Standardize styles and use default values for structs that might not be fully initialized

    Bug fixes:

    • Fix readfile bug when file is empty
    • Fix min number of expected tokens for the UNIX socket parser
    Source code(tar.gz)
    Source code(zip)
  • v0.2.0(Feb 22, 2021)

    New features:

    • Add new task memory reading API (using mem file)

    Enhancements:

    • Support building with clang

    Bug fixes:

    • Fix an issue where certain memory sizes from status weren't correctly read
    • Fix an issue where maps with multi-token pathnames weren't correctly parsed
    Source code(tar.gz)
    Source code(zip)
  • v0.1.0(Feb 21, 2021)

    Initial release - v0.1.0

    Supports:

    • Parsing system-wide information files: buddyinfo, cmdline, filesystems, loadavg, meminfo, modules, version, version_signature
    • Parsing per-task information files: cmdline, comm, cwd, environ, exe, fds, maps, mountinfo, ns, root, stat, statm, status
    • Parsing network information files: icmp[6], raw[6], tcp[6], udp[6], udplite[6], unix
    Source code(tar.gz)
    Source code(zip)
Owner
Daniel Trugman
Daniel Trugman
High performance library for creating, modiyfing and parsing PDF files in C++

Welcome to PDF-Writer. A Fast and Free C++ Library for Creating, Parsing an Manipulating PDF Files and Streams. Documentation is available here. Proje

gal kahana 674 Dec 30, 2022
C++ 98/11/14 manual pages for Linux/MacOS

cppman C++ 98/11/14/17/20 manual pages for Linux, with source from cplusplus.com and cppreference.com. Features Supports two backends (switch it with

Wei-Ning Huang 1.1k Jan 3, 2023
Linux C/C++ 学习笔记、内含视频 + 电子书 + 项目等,专注于 C++ 技术栈!

programming-cpp C++ 方向 一、要不要选择 C++ 二、C++ 选择经历 2.1、上 2.2、下 个人履历 编程学习 C++ 学习笔记 一、汇编 二、Linux 三、C 语言基础 四、C 语言实战 五、数据结构实战 六、C++ 基础 七、STL 八、Boost 库 九、网络编程 十

null 106 Dec 22, 2022
A very small v8 javascript runtime for linux only

Just A very small v8 javascript runtime for linux only Build and Run Currently working on modern linux (debian/ubuntu and alpine teste

theanarkh 9 Nov 8, 2021
Linux 源码分析

alinux Linux 源码分析 本项目地址 欢迎大家以 Markdown 的形式提交有关硬件内容的 PR!!! 配置开发环境 克隆代码,执行命令 git clone https://github.com/StevenBaby/alinux.git 然后可以在 devel 目录执行 make b

Steven 28 Dec 20, 2022
Sysmon For Linux install and build instructions

The packages are available in the official Microsoft Linux repositories and instructions on how to install the packages for the different Linux distributions can be found in the Installation instructions.

Sysinternals 1.2k Jan 1, 2023
A simple floating clock for Linux

Hoverclock Hoverclock is a simple, yet customizable floating clock for Linux created with QT. Table of contents General info Technologies Quick note U

Kostoski Stefan 13 Sep 13, 2022
Linux Network Programming in Modern C++

Linux Network Programming in Modern C++ Starter code for network programming in the Linux environment, providing wrapper classes written in modern C++

Francis Y. Yan 13 Feb 7, 2022
✔️The smallest header-only GUI library(4 KLOC) for all platforms

Welcome to GUI-lite The smallest header-only GUI library (4 KLOC) for all platforms. 中文 Lightweight ✂️ Small: 4,000+ lines of C++ code, zero dependenc

null 6.6k Jan 8, 2023
Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.

Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.

John Davidson 1.3k Jan 8, 2023
KoanLogic 400 Dec 25, 2022
C++ library and cmdline tools for parsing and manipulating VCF files

vcflib A C++ library for parsing and manipulating VCF files. overview The Variant Call Format (VCF) is a flat-file, tab-delimited textual format that

null 526 Jan 2, 2023
Tiny ISO-compliant C++ EXIF and XMP parsing library for JPEG.

TinyEXIF: Tiny ISO-compliant C++ EXIF and XMP parsing library for JPEG Introduction TinyEXIF is a tiny, lightweight C++ library for parsing the metada

cDc 84 Dec 18, 2022
A simple class for parsing JSON data into a QVariant hierarchy and vice versa.

The qt-json project is a simple collection of functions for parsing and serializing JSON data to and from QVariant hierarchies. NOTE: Qt5 introduced a

null 305 Dec 13, 2022
Parsing gigabytes of JSON per second

simdjson : Parsing gigabytes of JSON per second JSON is everywhere on the Internet. Servers spend a *lot* of time parsing it. We need a fresh approach

null 16.3k Dec 27, 2022
A fast streaming JSON parsing library in C.

********************************************************************** This is YAJL 2. For the legacy version of YAJL see https

Lloyd Hilaiel 2.1k Jan 1, 2023
:hocho: Strictly RFC 3986 compliant URI parsing and handling library written in C89; moved from SourceForge to GitHub

uriparser uriparser is a strictly RFC 3986 compliant URI parsing and handling library written in C89 ("ANSI C"). uriparser is cross-platform, fast, su

uriparser 260 Dec 28, 2022
Parsing Expression Grammar Template Library

Welcome to the PEGTL The Parsing Expression Grammar Template Library (PEGTL) is a zero-dependency C++ header-only parser combinator library for creati

The Art of C++ 1.6k Jan 8, 2023
Expat - a C library for parsing XML

Fast streaming XML parser written in C

Expat development team 831 Dec 28, 2022