检测文件描述符是否为 solaris 11.0 中的套接字并提取 ip 地址
detect if file descriptor is socket in solaris 11.0 and extract ip address
在 Solaris 中,我需要获取特定进程正在使用的 IP 地址(sshd 会话),我有他的 ID。
他们如何在 linux 上做到这一点?看完netstat.c源码后,流程是这样的:
迭代进程文件描述符,位于 /proc/ProcessId/fd/,
如果迭代文件描述符是一个套接字,它们会读取链接、打开并最终读取文件描述符。
所以在solaris中,我可以检测到进程的套接字文件描述符。
int fd=NULL;
struct dirent *dentp;
while ((dentp = readdir(dirp)) != NULL) { //iterate file descriptors
fd = atoi(dentp->d_name);
struct stat statb;
char temp_dir_path [100];
if (stat(temp_dir_path, &statb) != -1)
{
if (S_ISSOCK(statb.st_mode))
{
//What to do here ?? temp_dir_path is /proc/12345/fd/4
我看到有像 getpeername(..),getsockname(..) 这样的方法,它们接收 当前上下文进程 的文件描述符作为参数,我想读取文件另一个进程的描述符。
我可以打开文件描述符并将其转换为 struct sockaddr_in 吗?
linux 和 solaris 之间的套接字文件描述符结构不同。我想我需要做他们在 pfiles / lsof
中做的任何事情
I saw there are methods like getpeername(..),getsockname(..) they receive as param the file descriptor of the current context process, I want to read file descriptor for another process.
Can I open the file descriptor and cast it to struct sockaddr_in ?
没有。您可以 open()
它并使用文件描述符 open()
returns 并尝试在您获得的文件描述符上使用 getpeername()
和 getsockname()
。它甚至可能有效。
使用 pfiles
使用的方法可能会更好地为您服务。 Per the pfiles
man page:
pfiles
Report fstat(2)
and fcntl(2)
information for all open files in
each process. For network endpoints, the local (and peer if
connected) address information is also provided. For sockets, the
socket type, socket options and send and receive buffer sizes are also
provided. In addition, a path to the file is reported if the
information is available from /proc/pid/path. This is not necessarily
the same name used to open the file. See proc(4) for more information.
pfiles
源代码可以在 http://src.illumos.org/source/xref/illumos-gate/usr/src/cmd/ptools/pfiles/pfiles.c
找到
Solaris 提供了一个 libproc
接口库来满足您的需求。 pfiles
使用它 - 库提供诸如 pr_getpeername()
and pr_getsockname()
. You can see the implementations in http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libproc/common/pr_getsockname.c
之类的调用
请注意,有实际的系统调用可以直接从内核中获取您需要的内容。
Openlibproc
库的 Solaris 手册页可以在 http://illumos.org/man/3proc/all 找到它们可能与 Solaris 11 非常相似libproc
实施。
要使用这些工具,您必须非常小心。来自 the Pgrab
man page for the function used to grab a process:
Grabbing a process is a destructive action. Stopping a process stops
execution of all its threads. The impact of stopping a process depends
on the purpose of that process. For example, if one stops a process
that's primarily doing computation, then its computation is delayed
the entire time that it is stopped. However, if instead this is an
active TCP server, then the accept backlog may fill causing connection
errors and potentially connection time out errors.
有选项可以不停止抓取进程,并以只读方式抓取它。
在 Solaris 中,我需要获取特定进程正在使用的 IP 地址(sshd 会话),我有他的 ID。
他们如何在 linux 上做到这一点?看完netstat.c源码后,流程是这样的:
迭代进程文件描述符,位于 /proc/ProcessId/fd/,
如果迭代文件描述符是一个套接字,它们会读取链接、打开并最终读取文件描述符。
所以在solaris中,我可以检测到进程的套接字文件描述符。
int fd=NULL;
struct dirent *dentp;
while ((dentp = readdir(dirp)) != NULL) { //iterate file descriptors
fd = atoi(dentp->d_name);
struct stat statb;
char temp_dir_path [100];
if (stat(temp_dir_path, &statb) != -1)
{
if (S_ISSOCK(statb.st_mode))
{
//What to do here ?? temp_dir_path is /proc/12345/fd/4
我看到有像 getpeername(..),getsockname(..) 这样的方法,它们接收 当前上下文进程 的文件描述符作为参数,我想读取文件另一个进程的描述符。
我可以打开文件描述符并将其转换为 struct sockaddr_in 吗?
linux 和 solaris 之间的套接字文件描述符结构不同。我想我需要做他们在 pfiles / lsof
中做的任何事情I saw there are methods like getpeername(..),getsockname(..) they receive as param the file descriptor of the current context process, I want to read file descriptor for another process. Can I open the file descriptor and cast it to struct sockaddr_in ?
没有。您可以 open()
它并使用文件描述符 open()
returns 并尝试在您获得的文件描述符上使用 getpeername()
和 getsockname()
。它甚至可能有效。
使用 pfiles
使用的方法可能会更好地为您服务。 Per the pfiles
man page:
pfiles
Report
fstat(2)
andfcntl(2)
information for all open files in each process. For network endpoints, the local (and peer if connected) address information is also provided. For sockets, the socket type, socket options and send and receive buffer sizes are also provided. In addition, a path to the file is reported if the information is available from /proc/pid/path. This is not necessarily the same name used to open the file. See proc(4) for more information.
pfiles
源代码可以在 http://src.illumos.org/source/xref/illumos-gate/usr/src/cmd/ptools/pfiles/pfiles.c
Solaris 提供了一个 libproc
接口库来满足您的需求。 pfiles
使用它 - 库提供诸如 pr_getpeername()
and pr_getsockname()
. You can see the implementations in http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libproc/common/pr_getsockname.c
请注意,有实际的系统调用可以直接从内核中获取您需要的内容。
Openlibproc
库的 Solaris 手册页可以在 http://illumos.org/man/3proc/all 找到它们可能与 Solaris 11 非常相似libproc
实施。
要使用这些工具,您必须非常小心。来自 the Pgrab
man page for the function used to grab a process:
Grabbing a process is a destructive action. Stopping a process stops execution of all its threads. The impact of stopping a process depends on the purpose of that process. For example, if one stops a process that's primarily doing computation, then its computation is delayed the entire time that it is stopped. However, if instead this is an active TCP server, then the accept backlog may fill causing connection errors and potentially connection time out errors.
有选项可以不停止抓取进程,并以只读方式抓取它。