Where the %MEM value is stored in /proc?

Using the top command you can find out the %MEM used by the process, but where is this value stored in /proc? In /proc/uid/status I found only the value of virtual memory.

dnd 5e – Makes an attack of opportunity proc. Polearm Master bonus action?

You cannot use the additional action attack after an opportunity attack.

The additional butt strike attack that you can perform with Polearm's dominance feat has several requirements that you cannot meet in this situation. Let's look at the relevant part of the Feat rules (from PHB, page 168):

When you take the Attack action and attack only with a glaive, a halberd, a staff or a spear, you can use an additional action to make a melee attack with the opposite end of the weapon.

First, the additional attack requires you to use a bonus action, and you can only do a bonus action on your own turn. You cannot make a bonus action on another character's turn.

Second, the specific conditions that the feat imposes on the bonus action will not be met after you have made an attack of opportunity. Specifically, the feat says "When you do the Attack action …", and an attack of opportunity is not the same as the Attack action. See this previous question about the difference between the attack action and the more general term, attack.

partitions: where is the information from / proc / dumchar_info used on MediaTek devices?

There are many instructions to change the partition layout on Android, including MediaTek devices, and they say I need to edit MBR, EBR and a "scatter file" and feed the latter to SP Flash or MTKDroidTools. However, as noted in a response to "Where does partition information come from / proc / dumchar_info, on MTK devices?", The MediaTek-specific one /proc/dumchar_info You can't change it with those means.

Hence the question, where is the information from /proc/dumchar_info used? And if it does not reflect the actual partition design and does not agree with MBR, EBR and the "scatter file", what effects should I expect?

18.04 – How to create the file & # 39; / proc / sys / kernel / unprivileged_userns_clone & # 39;

I'm trying to use puppeteer. And he recommends me to run.
sudo sysctl -w kernel.unprivileged_userns_clone = 1 to enable the sandbox.

But when I do that in my WSL, he complains sysctl: can not stat / proc / sys / kernel / unprivileged_userns_clone: ​​There is no such file or directory. And I do not know how to go from there.

How to decrypt proc stored in Azure Managed SQL Server

I have created Managed SQL Server in Azure and encrypted some stored procedures. Can someone help me decipher the same?
Thanks in advance.

linux – How can I use the field "socket location in memory" in / proc / net / tcp

I'm working on a proxy for Linux (C ++) that, among other functions, keeps track of TCP connections and associates them with the PID of the process. To do that, I get the inode in / proc / net / tcp and then I analyze all the processes in / proc / pid / fd to see which process contains it. Very clear.

The problem is that sometimes clients can open and close the connection faster than the proxy can analyze the fds of the processes. I noticed this field – "socket location in memory", which is present in / proc / net / tcp
https://www.kernel.org/doc/Documentation/networking/proc_net_tcp.txt

and I wonder if it could be of any help, everything is very badly documented and I did not find any online resource related to it.

My questions are: what exactly is the location of the socket memory, how can it be accessed and what can I find there?

Thank you.

samsung: How silly is it to try to reassemble / proc like w?

I am trying to execute a small Python code that verifies some files in the / proc / pid of my phone

the thing is that the program will not run correctly because / proc is read-only. Because I know that proc has a special file system, I want to know if there is a way to reassemble it as writable without ruining the system

In what minix operating system file is the proc structure of the proc.h file filled?

What I want to do is add a variable p_uid of type uid_t to that structure and fill it with one of the data of the mproc structure called mp_realuid

linux – Memory dump failed in Ubuntu 18.04 in too big / proc / kcore /

There are two great articles on how to acquire memory in Linux using linpmem:

SANS
keep my safety

Trying the approach from holdmybeersecurity, I came across the following problem, which seems to be a more general problem:

wget https://github.com/google/rekall/releases/download/v1.5.1/linpmem-2.1.post4
chmod + x linpmem-2.1.post4
./linpmem-2.1.post4 -o mem.aff4r

It is running directly and creating a large file (stopped> 160 GB). Testing linpmem more closely it's based on Linux memory allocation / proc / kcore to acquire the data.

sudo ls -lh / proc / kcore
-r -------- 1 root root 128T December 12 11:32 / proc / kcore

This is huge! As indicated here …

/ proc / kcore It is the virtual allocation of your RAM for the kernel. In 64-bit systems, that size can be an absolute limit of 128T, since it is the maximum that the system can allocate.

which is something against proc man:

            / proc / kcore
This file represents the physical memory of the system and is stored in the ELF central file format. With this pseudo-file, and a kernel without pulling
(/ usr / src / linux / vmlinux) binary, GDB can be used to examine the current state of any kernel data structure.

The total length of the file is the size of the physical memory (RAM) plus 4 KiB.

So, the big question is: How to acquire only the memory / exchange, but not the content of the hard drive?

linux – / proc / sys / net / netfilter / nf_conntrack_count extreme fall when reading / proc / net / nf_conntrack

I have very busy web servers and I wanted to introduce an analysis to see what kind of traffic exists. Namely, the total number of all connections, the number of time waits, the established connections, the udp and tcp connections.

First, I made a simple graphic: show only the total number of connections by reading / proc / sys / net / netfilter / nf_conntrack_count with:

$ cat / proc / sys / net / netfilter / nf_conntrack_count
1994

Everything was very well presented in the graphic, so I introduced more details into it. Now processing / proc / net / nf_conntrack With similar commands and placing the appropriate monitoring:

$ grep -c tcp / proc / net / nf_conntrack
1273
$ grep -c udp / proc / net / nf_conntrack
49

I did this nf_conntrack analysis to run every minute. Initially, everything showed up correctly, so I left it for a day.

The next day, I noticed huge drops and rebounds in the total count of connections (/ proc / sys / net / netfilter / nf_conntrack_count) that were not normal for the web server every two minutes. After many tests and troubleshooting, I was finally able to identify the reason behind the mystery.

I have put in terminal see -n0 "cat / proc / sys / net / netfilter / nf_conntrack_count" (to verify the number of connections almost in real time) and secondly I did it alone cat / proc / net / nf_conntrack, and as soon as you hit enter. nf_conntrack_count it fell enormously from 1993 to 1411, and then recovered, in 2-3 seconds, at its "normal" value. Tested with cp, grep, conntrack -L -p tcp, etc. and every time I ran the command there was this drop.

Basically, every time there was reading / proc / net / nf_conntrack– huge, temporary, fall / proc / sys / net / netfilter / nf_conntrack_counthappened and the monitoring sometimes takes low values ​​and represents it in the graph.

Also, I have noticed that there is a big difference in the results of cat nf_conntrack Y conntrack -L. Also, the number of lines in nf_conntrack differs from nf_conntrack_count. Kernel is v4.19.4. Everything is so visible with these two commands, deployed with three seconds of difference:

[07:30:14]    root @ web1 (~) $ wc -l / proc / net / nf_conntrack; 
cat / proc / sys / net / netfilter / nf_conntrack_count
1236 / proc / net / nf_conntrack
1575

[07:30:18] root @ web1 (~) $ cat / proc / sys / net / netfilter / nf_conntrack_count; 
wc -l / proc / net / nf_conntrack
2009
1191 / proc / net / nf_conntrack

My question is what exactly happens here, why this happens (the fall), why there is a difference between the files listed and how to avoid this fall.