[实践OK]ps -eo 自定义查看进程组之pid ppid 虚拟内存vsz和实际物理内存rss和命令行cmd的输出方法。lsof -nPp pid查看程序的IP和端口连接情况。stress-ng,并能用lsof -nPp 查看cwd的dir目录位置以方便目录定位,lsof -d 5|grep 2654实现反debug程序PID里的fd对应的tcp连接句柄。ls /proc/57700/cwd/,删目录前看是否有进程打开了目录里的文件之lsof命令。

jackx 2018-9-26 23:31 | |
sudo fstat -p 42477 | grep my.cnf 打开后关掉了,无法找到。
cat /usr/local/etc/rc.d/mysql-server |grep my.cnf
#                       ${mysql_confdir}/my.cnf if it exists.
if [ -f "${mysql_confdir}/my.cnf" ]; then
: ${mysql_optfile="${mysql_confdir}/my.cnf"}
elif [ -f "${mysql_dbdir}/my.cnf" ]; then
: ${mysql_optfile="${mysql_dbdir}/my.cnf"}

sh  -x /usr/local/etc/rc.d/mysql-server  start //于是直接-x找my.cnf
+ : /usr/local/etc/mysql
+ [ -f /usr/local/etc/mysql/my.cnf ]
+ [ -f /var/db/mysql/my.cnf ]
ls /etc/mysql/my.cnf /etc/my.cnf /usr/local/mysql/my.cnf /usr/local/etc/my.cnf /usr/local/etc/mysql/my.cnf /var/db/mysql/my.cnf


ps -eo pid,ppid,pgrp,session,comm --forest|less      # Linux上使用,Macbook: brew install pstree ,用pstree

ps -eo pid,ppid,pgrp,session,comm|grep -E '(Google\ Chrome|chrome)'

一)基础命令:删目录前看是否有进程打开了目录里的文件之lsof命令。
lsof -c abc 显示abc进程现在打开的文件
lsof -p  列出进程号为1234的进程所打开的文件
lsof -c java  #实践成功
lsof  -p  51640  #实践成功
lsof -g gid 显示归属gid的进程情况
lsof -g 0|grep zcms-0103
lsof  app-2020-08-05.log    #lsof abc.txt 显示开启文件abc.txt的进程
lsof  -d 4 #lsof -d 4 显示使用fd为4的进程,每个进程PID里都是从0,1,2,3,4开始的,出来的有4的所有进程列表。
lsof abc.txt 显示开启文件abc.txt的进程
来自:https://blog.csdn.net/weixin_34019929/article/details/92364579

二)常用想删目录时查看进程是否打开并在访问:
lsof +d /usr/local/ 显示目录下被进程开启的文件
lsof +D /usr/local/ 同上,但是会搜索目录下的目录,时间较长

lsof +d /data/www/zcms3x/zcms-0103
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
oosplash  49169 root  cwd    DIR 253,17     4096 5245406 /data/www/zcms3x/zcms-0103
soffice.b 49188 root  cwd    DIR 253,17     4096 5245406 /data/www/zcms3x/zcms-0103

lsof +D /data/www/zcms3x/zcms-0103
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
oosplash  49169 root  cwd    DIR 253,17     4096 5245406 /data/www/zcms3x/zcms-0103
soffice.b 49188 root  cwd    DIR 253,17     4096 5245406 /data/www/zcms3x/zcms-0103


kubectl exec stress-pod -- ps -o "rss,vsz,comm"|grep -v VSZ
2576 6256 stress-ng
3628 6900 stress-ng-cpu
  64 6256 stress-ng-vm
135m 262m stress-ng-vm
   4 1504 ps

rss: 物理
vsz: 虚拟
VSS - Virtual Set Size 虚拟耗用内存(包含共享库占用的内存)
RSS - Resident Set Size 实际使用物理内存(包含共享库占用的内存)

背景:在多进程时,用那个叫物理内存、虚拟内存的,怎么看?https://blog.csdn.net/i_am_jojo/article/details/7862362

ps -eo pid,ppid,gid,sid,tty,cmd --forest|less


  -e     Select all processes.  Identical to -A.
  -o format
              User-defined format.  format is a single argument in the form of a blank-separated or comma-separated
              list, which offers a way to specify individual output columns.  The recognized keywords are described
              in the STANDARD FORMAT SPECIFIERS section below.  Headers may be renamed (ps -o pid,ruser=RealUser -o
              comm=Command) as desired.  If all column headers are empty (ps -o pid= -o comm=) then the header line
              will not be output.  Column width will increase as needed for wide headers; this may be used to widen
              up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm).  Explicit width control (ps opid,
              wchan:42,cmd) is offered too.  The behavior of ps -o pid=X,comm=Y varies with personality; output may
              be one column named "X,comm=Y" or two columns named "X" and "Y".  Use multiple -o options when in
              doubt.  Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are
              macros that may be used to choose the default UNIX or BSD columns.

       -C cmdlist
              Select by command name.  This selects the processes whose executable name is given in cmdlist.
       --forest
              ASCII art process tree.

#ps -eo 'pid,ppid,gid,sid,tty,cmd' |grep Easy
26721 62388     0 62388 pts/4    EasySwoole
26722 26721     0 62388 pts/4    EasySwoole
26744 26722     0 62388 pts/4    EasySwoole.Crontab
31311 26722     0 62388 pts/4    EasySwoole.Worker.0
31312 26722     0 62388 pts/4    EasySwoole.Worker.1
31313 26722     0 62388 pts/4    EasySwoole.Worker.2
31314 26722     0 62388 pts/4    EasySwoole.Worker.3
31315 26722     0 62388 pts/4    EasySwoole.Worker.4
31316 26722     0 62388 pts/4    EasySwoole.Worker.5
31317 26722     0 62388 pts/4    EasySwoole.Worker.6
31318 26722     0 62388 pts/4    EasySwoole.Worker.7
31319 26722     0 62388 pts/4    EasySwoole.TaskWorker.8
31320 26722     0 62388 pts/4    EasySwoole.TaskWorker.9
31321 26722     0 62388 pts/4    EasySwoole.TaskWorker.10
31322 26722     0 62388 pts/4    EasySwoole.TaskWorker.11
31323 26722     0 62388 pts/4    EasySwoole.TaskWorker.12
31324 26722     0 62388 pts/4    EasySwoole.TaskWorker.13
31325 26722     0 62388 pts/4    EasySwoole.TaskWorker.14
31326 26722     0 62388 pts/4    EasySwoole.TaskWorker.15

对Crontab进行查看:
lsof -nPp 26744|grep swoole.log
php     26744 root   11u      REG              253,0  39874179 100744037 /data/logs/php/swoole.lo

#lsof -nPp 26721 |grep LISTEN
php     26721 root    3u     IPv4             763966       0t0       TCP *:8080 (LISTEN)
php     26721 root   10u     IPv4             762762       0t0       TCP 127.0.0.1:9000 (LISTEN)


26721 62388     0 62388 pts/4         \_ EasySwoole
26722 26721     0 62388 pts/4             \_ EasySwoole
26742 26722     0 62388 pts/4                 \_ HotReload
26743 26722     0 62388 pts/4                 \_ KafkaAddFormId
26744 26722     0 62388 pts/4                 \_ EasySwoole.Crontab
31311 26722     0 62388 pts/4                 \_ EasySwoole.Worker.0
31312 26722     0 62388 pts/4                 \_ EasySwoole.Worker.1
31313 26722     0 62388 pts/4                 \_ EasySwoole.Worker.2
31314 26722     0 62388 pts/4                 \_ EasySwoole.Worker.3
31315 26722     0 62388 pts/4                 \_ EasySwoole.Worker.4
31316 26722     0 62388 pts/4                 \_ EasySwoole.Worker.5
31317 26722     0 62388 pts/4                 \_ EasySwoole.Worker.6
31318 26722     0 62388 pts/4                 \_ EasySwoole.Worker.7
31319 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.8
31320 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.9
31321 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.10
31322 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.11
31323 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.12
31324 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.13
31325 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.14
31326 26722     0 62388 pts/4                 \_ EasySwoole.TaskWorker.15

ps --headers -eo pid,ppid,GID,tty,sid,vsz,rss,cmd -C EasySwoole


To see every process with a user-defined format:
          ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm

Print only the process IDs of syslogd:
          ps -C syslogd -o pid=

相查看树,能看到进程的继承关系:
ps -eo 'pid,ppid,vsz,rss,cmd' --forest
3078  1214  48620  3032  \_ sshd: xiangdong [priv]
3084  3078  48752  1680      \_ sshd: xiangdong@pts/0,pts/1,pts/2
3085  3084 108352  1788          \_ -bash
3644  3085 189592  2940          |   \_ sudo su -
3645  3644 163756  1964          |       \_ su -
3646  3645 108476  1908          |           \_ -bash
5416  3646 108412  1200          |               \_ ps -eo pid,ppid,vsz,rss,cmd --forest
5417  3646 105460   816          |               \_ less

1481     1  55604  1460 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
1484  1481  76816 22864  \_ nginx: worker process                                          
1485  1481  76816 22936  \_ nginx: worker process                                          
1486  1481  76816 22936  \_ nginx: worker process                                          
1487  1481  76816 22936  \_ nginx: worker process  


cat pod-test.yml    



PHP连接未释放之lsof -d 5|grep 2654实现反debug程序PID里的fd对应的tcp连接句柄:
原文,以下是学习到的点:php curl连接未释放,strace结果:poll([{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 1000) = 0 (Timeout)
https://www.jianshu.com/p/8a247cae629a
Nc服务端:
[root@golang_server_10_10_0_44:/usr/local/src/go-sftp]
#nc -l 1234
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: 10.10.0.44:1234
Accept: */*

Client连接端:
[root@swoole_server_10_10_0_45:~]
#ps -ef|grep curl
root      9055  9012  0 03:57 pts/1    00:00:00 curl 10.10.0.44:1234
#curl 10.10.0.44:1234
#ls /proc/9055/fd
0  1  2  3

[root@swoole_server_10_10_0_45:~]
#lsof  -d 3|grep 9055
curl       9055      root    3u     IPv4           23202662      0t0       TCP wx.levoo.com:41490->localhost:search-agent (ESTABLISHED)

#strace -f -p 9055
strace: Process 9055 attached
restart_syscall(<... resuming interrupted poll ...>) = 0
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000


设置超时后呢?
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 1000)  = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 987)   = 0 (Timeout)会提示:
curl: (28) Operation timed out after 20001 milliseconds with 0 out of -1 bytes received


#curl 10.10.0.44:1234 --connect-timeout 10 -m 20
curl: (28) Operation timed out after 20001 milliseconds with 0 out of -1 bytes received



man lsof
       -d s     specifies a list of file descriptors (FDs) to exclude from or include in the output listing.  The file descriptors are  specified  in
                the comma-separated set s - e.g., ``cwd,1,3'', ``^6,^2''.  (There should be no spaces in the set.)
lsof  -nPp 57700|grep cwd
nginx   57700 root  cwd    DIR             253,16     4096   47185921 /data/www
lsof  -nPp 33441|grep cwd
java    33441 root  cwd    DIR              104,3     4096  2757893 /data/xxxxrsync
ls /proc/33441/cwd/  #/data/xxxxrsync的目录的东西
函数说明:chdir()用户将当前的工作目录改变成以参数路径所指的目录。


连接超时时间用 --connect-timeout 参数来指定,数据传输的最大允许时间用 -m 参数来指定。

一直Poll的解决办法:php curl调用时设置超时
libcurl中同一时候封装了select以及poll这两种I/O机制。
代码中使用宏HAVE_POLL_FINE对这两者进行分离。假设定义了这个宏,则使用poll,否则使用select。
libcurl中同一时候封装了select以及poll这两种I/O机制。
代码中使用宏HAVE_POLL_FINE对这两者进行分离。假设定义了这个宏,则使用poll,否则使用select。
这两者的使用代码都位于函数curl_poll()中,而此函数定义在文件lib/select.c中。我看默认是poll的模式。

Curl不设置超时,对nc -l 1234进行访问会一直不退出的,一直 poll的,刚才实践的确如此,一般都要加上超时参数,如:curl 10.10.0.44:1234 --connect-timeout 10 -m 20
来自:https://blog.csdn.net/weixin_30340745/article/details/98854529

作者:jackx@向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除
地址:http://jackxiang.com/post/9908/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!


最后编辑: jackx 编辑于2024-3-13 08:27
评论列表
发表评论

昵称

网址

电邮

打开HTML 打开UBB 打开表情 隐藏 记住我 [登入] [注册]