如何在 C/C++ 中使用 lsof(列出打开的文件)应用?
有没有办法使用 c++ 获取所有打开的套接字?我知道 lsof 命令,这就是我正在寻找的命令,但如何在 c++ 应用程序?
这个想法是通过端口号和 pid 来获取打开的套接字的 FD。
Is there any way to get all opened sockets using c++? I know the lsof command and this is what I'm looking for, but how to use it in a c++ application?
The idea is to get the FD of an opened socket by its port number and the pid.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
只需打开 /proc/net 中的文件,例如 /proc/net/tcp、/proc/net/udp 等。无需费力地浏览 lsof 源。 :)
Just open the files in /proc/net, like /proc/net/tcp, /proc/net/udp, etc. No need to slog through the lsof sources. :)
如果您不想复制/粘贴或重新实现 lsof 代码块,并且它没有构建任何可以利用的有用库,您仍然可以打开到 lsof 进程的管道并仔细阅读它的输出。
If you don't want to copy/paste or reimplement chunks of the lsof code, and it doesn't build any useful libraries you could leverage, you can still open a pipe to an
lsofprocess and peruse its output.检查 lsof 源吗?
ftp://lsof.itap.purdue.edu/pub/tools/unix/ lsof/
check the lsof source?
ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
lsof命令是专门准备的,以便可以从包括 C 在内的其他程序中使用它,请参阅man lsof的其他程序的输出部分了解更多信息。例如,您可以使用-F p调用lsof,它将输出前缀为'p'pid code>:然后您可以使用 popen 在子进程中执行此命令并从其标准输出中读取。
The
lsofcommand is prepared specifically such that it can be used from other programs including C, see the section: OUTPUT FOR OTHER PROGRAMS ofman lsoffor more information. For example you can invokelsofwith-F pand it will output the pid of the processes prefixed with'p':you can then use popen to execute this commmand in a child process and read from its standard output.
在 C(或 C++)中,您可以使用 NETLINK_SOCK_DIAG 接口。这是一个可以让您访问所有这些信息的套接字。您可以过滤各种参数,例如套接字所连接的接口。
然而,该文档是备用的,但我编写了一个低级测试,看看每当有人打开新套接字时我是否可以获得事件,但这不起作用。话虽这么说,要列出现有套接字,您可以使用以下代码作为一个很好的起点:
NETLINK/SOCK_DIAG接口可以用来监听该套接字的`listen()`和`close()`事件吗?
我认为这比解析 /proc/net/tcp 和其他类似文件更干净。您获得相同的信息,但它以二进制形式提供给您。
使用 libnml 库也可能更简单,它是套接字之上的一层。它对所有调用进行许多额外的验证。然而,就像基本的 NETLINK 接口一样,它没有很好的文档记录(即绑定是否重要、可以与 TCP 或 UDP 一起使用的标志等)。好处是:您始终可以阅读源以更好地了解正在发生的事情。
In C (or C++) you can use the
NETLINK_SOCK_DIAGinterface. This is a socket that gives you access to all that information. You can filter on various parameters such as the interface the socket is attached to.The documentation is spares, however, but I wrote a low level test to see whether I could get events whenever someone opened a new socket, but that didn't work. That being said, to list existing sockets, you can use the following code as a good starting point:
Can the NETLINK/SOCK_DIAG interface be used to listen for `listen()` and `close()` events of said socket?
I think that this is cleaner than parsing the
/proc/net/tcpand other similar files. You get the same information, but it comes to you in binary.It may also be simpler to use the
libnmllibrary which is a layer over the socket. It does many additional verification on all the calls. However, just like the baseNETLINKinterface, it's not very well documented (i.e. whether binding is important, flags you can use with TCP or UDP, etc.) The good thing is: you can always read the source to better understand what's going on.