Re: unix socket connection tracking

From: Jan Engelhardt
Date: Sun Apr 23 2006 - 13:47:51 EST

Next message: Jesper Juhl: "[PATCH] Resource leak fix for whiteheat driver"
Previous message: Thomas Gleixner: "Re: [PATCH] Shrink rbtree"
In reply to: Lukasz Stelmach: "Re: unix socket connection tracking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>Please understand my situation. I've got GNOME running, gconfd-2 is a "registry"
>management process that accepts connections through a unix domain socket (named
>one) from many *unrelated* (child/parent) processes. In fact from most gnome
>applications. I *do* strace it to see what it does. It does some write(2)s to
>some sockets. I would like to know which socket leads where. Try to strace
>gconfd-2 and you'will see what I mean.
>

UNIX sockets do not necessarily have a path in the filesystem. In fact,
every socket object you see in the filesystem gets mapped to an object
within sockfs (which you can't mount). You recognize it as "[socket:147829]"
when looking in /proc/11249/fd/. You will never see /dev/log within
/proc/XX/fd.

You can look at the source of the `lsof` utility which does some socket
resolution.

lsof:
syslog-ng 3656 root 3u unix 0xdf70f5e0 6404 /dev/log
gconfd-2 11249 jengelh 14u unix 0xd4e4f1e0 147829 socket

Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesper Juhl: "[PATCH] Resource leak fix for whiteheat driver"
Previous message: Thomas Gleixner: "Re: [PATCH] Shrink rbtree"
In reply to: Lukasz Stelmach: "Re: unix socket connection tracking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]