Linux的API来确定一个进程拥有插座 [英] Linux API to determine sockets owned by a process

问题描述

有一个Linux库，使我说出什么IP套接字是由哪些进程拥有？我想我在寻找 lsof的-i 的方案相同。最后，我想通过的libpcap 来处理。

Is there a Linux library that will enable me to tell what IP sockets are owned by what processes? I guess I'm looking for the programmatic equivalent of lsof -i. Ultimately, I want to correlate packets seen through libpcap to processes.

更新：一，两个人用的/ proc /＆LT建议; PID＆GT; /网/ TCP 和 UDP ，但我的系统上，显示相同的数据为每一个过程，所以它并不能帮助。

UPDATE: A couple of people have suggested using /proc/<pid>/net/tcp and udp, but on my system, the same data is shown for every process, so it doesn't help.

推荐答案

我觉得你首先必须通过公开FDS看看在/ proc / * / FD，例如

I think you first have to look through the open fds in /proc/*/fd, e.g.

4 -> socket:[11147]

然后查找引用的套接字（由inode中）在/ proc /网/ TCP（或的/ proc /净/ UDP），例如

and then look for the referenced sockets (by the inode) in /proc/net/tcp (or /proc/net/udp), e.g.

12: B382595D:8B40 D5C43B45:0050 01 00000000:00000000 00:00000000 00000000  1000        0 11065 1 ffff88008bd35480 69 4 12 4 -1

这篇关于Linux的API来确定一个进程拥有插座的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！