NAME
fstat
- display status of open files
SYNOPSIS
fstat
[-fnv]
[-M core]
[-N system]
[-p pid]
[-u user]
[]
DESCRIPTION
fstat
identifies open files.
A file is considered open by a process if it was explicitly opened,
is the working directory, root directory, active pure text, or kernel
trace file for that process.
If no options are specified,
fstat
reports on all open files in the system.
Options:
- -f
-
Restrict examination to files open in the same filesystems as
the named file arguments, or to the filesystem containing the
current directory if there are no additional filename arguments.
For example, to find all files open in the filesystem where the
directory
/usr/src
resides, type
``
fstat
-f
/usr/src
''.
- -M
-
Extract values associated with the name list from the specified core
instead of the default
/dev/kmem
.
- -N
-
Extract the name list from the specified system instead of the default
/netbsd
.
- -n
-
Numerical format.
Print the device number (maj,min) of the filesystem
the file resides in rather than the mount point name; for special
files, print the
device number that the special device refers to rather than the filename
in
/dev
;
and print the mode of the file in octal instead of symbolic form.
- -p
-
Report all files open by the specified process.
- -u
-
Report all files open by the specified user.
- -v
-
Verbose mode.
Print error messages upon failures to locate particular
system data structures rather than silently ignoring them.
Most of
these data structures are dynamically created or deleted and it is
possible for them to disappear while
fstat
is running.
This
is normal and unavoidable since the rest of the system is running while
fstat
itself is running.
-
Restrict reports to the specified files.
The following fields are printed:
USER
-
The username of the owner of the process (effective UID).
CMD
-
The command name of the process.
PID
-
The process ID.
FD
-
The file number in the per-process open file table or one of the following
special names:
text
-
pure text inode
wd
-
current working directory
root
-
root inode
tr
-
kernel trace file
If the file number is followed by an asterisk
(``*''),
the file is not an inode, but rather a socket,
FIFO,
or there is an error.
In this case the remainder of the line doesn't
correspond to the remaining headers -- the format of the line
is described later under
SOCKETS.
MOUNT
-
If the
-n
flag wasn't specified, this header is present and is the
pathname that the filesystem the file resides in is mounted on.
DEV
-
If the
-n
flag is specified, this header is present and is the
major/minor number of the device that this file resides in.
INUM
-
The inode number of the file.
MODE
-
The mode of the file.
If the
-n
flag isn't specified, the mode is printed
using a symbolic format (see
strmode(3));
otherwise, the mode is printed
as an octal number.
SZ|DV
-
If the file is not a character or block special file, prints the size of
the file in bytes.
Otherwise, if the
-n
flag is not specified, prints
the name of the special file as located in
/dev
.
If that cannot be
located, or the
-n
flag is specified, prints the major/minor device
number that the special device refers to.
R/W
-
This column describes the access mode that the file allows.
The letter
``r''
indicates open for reading;
the letter
``w''
indicates open for writing.
This field is useful when trying to find the processes that are
preventing a filesystem from being downgraded to read-only.
NAME
-
If filename arguments are specified and the
-f
flag is not, then
this field is present and is the name associated with the given file.
Normally the name cannot be determined since there is no mapping
from an open file back to the directory entry that was used to open
that file.
Also, since different directory entries may reference
the same file (via
ln(1)),
the name printed may not be the actual
name that the process originally used to open that file.
SOCKETS
The formatting of open sockets depends on the protocol domain.
In all cases the first field is the domain name, the second field
is the socket type (stream, dgram, etc), and the third is the socket
flags field (in hex).
The remaining fields are protocol dependent.
For TCP, it is the address of the tcpcb, and for UDP, the inpcb (socket pcb).
For
UNIX
domain sockets, its the address of the socket pcb and the address
of the connected pcb (if connected).
Otherwise the protocol number and address of the socket itself are printed.
The attempt is to make enough information available to
permit further analysis without duplicating
netstat(1).
For example, the addresses mentioned above are the addresses which the
``
netstat
-A
''
command would print for TCP, UDP, and
UNIX
domain.
Note that since pipes are implemented using sockets, a pipe appears as a
connected
UNIX
domain stream socket.
A unidirectional
UNIX
domain socket indicates the direction of flow with an arrow
(``<-'' or ``->'',)
and a full duplex socket shows a double arrow
(``<->'').
For internet sockets
fstat
also attempts to print the internet address and port for the
local end of a connection.
If the socket is connected, it also prints the remote internet address
and port.
An asterisk
(``*'')
is used to indicate an INADDR_ANY binding.
SEE ALSO
netstat(1),
nfsstat(1),
ps(1),
sockstat(1),
systat(1),
vmstat(1),
iostat(8),
pstat(8)
HISTORY
The
fstat
command appeared in
4.3BSDtahoe.
BUGS
Since
fstat
takes a snapshot of the system, it is only correct for a very short period
of time.
Moreover, because DNS resolution and YP lookups cause many file
descriptor changes,
fstat
does not attempt to translate the internet address and port numbers into
symbolic names.