For debugging purposes one often times needs to know the communication
partner on a socket or pipe a program has open. This information is not
readily available:
ls -l /proc//fd provides output like:
lr-x------ 1 root root 64 Oct 15 08:26 27 -> pipe:[5144]lsof shows:
lrwx------ 1 root root 64 Oct 15 08:26 28 -> socket:[5146]
lrwx------ 1 root root 64 Oct 15 08:26 29 -> socket:[5148]
systemd 1 root 42u unix 0xffff88023f1367c0 0t0 5148 socketnetstat shows:
unix 3 [ ] STREAM CONNECTED 5148socklist only covers network sockets.
A tool is missing that allows one to find the communication partner of an (unnamed) socket or (unnamed) pipe.
Goal of this project is to research where this information can be found, make it available and create a demo tool collecting this information. This demo tool should serve as a sample implementation which can be used to integrate the functionality into other tools.
Looking for hackers with the skills:
Nothing? Add some keywords!
This project is part of:
Hack Week 11
Activity
Comments
-
about 10 years ago by eeich | Reply
It turned out that implementing this was a lot easier than I thought. The unix socket struct of the kernel has a member which points directly to the socket of the peer. From this the inode of the peer can be obtained easily. I wonder who this information hasn't been made available in /proc/net/unix. To avoid modifying this proc file a new proc file was added: /proc/net/unix_peer listing the sockets which have peers (are not in listening state) and their peers. The iterator funciton is just 16 lines of code plus some overhead to add the new entry. Pipe pairs are easy to find - they share the same inode. To identify the processes which communicate over these pipes and sockets more easily there are two perl scripts processing the information from /proc. To ease processing in user space there are
Similar Projects
This project is one of its kind!