1 .\" Copyright (c) 2016 Pavel Emelyanov <xemul@virtuozzo.com>
2 .\" Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
4 .\" SPDX-License-Identifier: GPL-2.0-or-later
5 .TH SOCK_DIAG 7 2021-03-22 "Linux man-pages (unreleased)"
7 sock_diag \- obtaining information about sockets
10 .B #include <sys/socket.h>
11 .B #include <linux/sock_diag.h>
12 .BR "#include <linux/unix_diag.h>" " /* for UNIX domain sockets */"
13 .BR "#include <linux/inet_diag.h>" " /* for IPv4 and IPv6 sockets */"
15 .BI "diag_socket = socket(AF_NETLINK, " socket_type ", NETLINK_SOCK_DIAG);"
18 The sock_diag netlink subsystem provides a mechanism for obtaining
19 information about sockets of various address families from the kernel.
20 This subsystem can be used to obtain information about individual
21 sockets or request a list of sockets.
23 In the request, the caller can specify additional information it would
24 like to obtain about the socket, for example, memory information or
25 information specific to the address family.
27 When requesting a list of sockets, the caller can specify filters that
28 would be applied by the kernel to select a subset of sockets to report.
29 For now, there is only the ability to filter sockets by state (connected,
30 listening, and so on.)
32 Note that sock_diag reports only those sockets that have a name;
33 that is, either sockets bound explicitly with
35 or sockets that were automatically bound to an address (e.g., by
37 This is the same set of sockets that is available via
44 The request starts with a
51 .BR SOCK_DIAG_BY_FAMILY .
52 It is followed by a header specific to the address family that starts with
53 a common part shared by all address families:
57 struct sock_diag_req {
59 uint8_t sdiag_protocol;
64 The fields of this structure are as follows:
68 It should be set to the appropriate
75 It should be set to the appropriate
89 flag set, it means that a list of sockets is being requested;
90 otherwise it is a query about an individual socket.
93 The response starts with a
95 header and is followed by an array of objects specific to the address family.
96 The array is to be accessed with the standard
102 Each object is the NLA (netlink attributes) list that is to be accessed
109 .SS UNIX domain sockets
110 For UNIX domain sockets the request is represented in the following structure:
114 struct unix_diag_req {
115 uint8_t sdiag_family;
116 uint8_t sdiag_protocol;
118 uint32_t udiag_states;
121 uint32_t udiag_cookie[2];
126 The fields of this structure are as follows:
129 The address family; it should be set to
137 These fields should be set to 0.
140 This is a bit mask that defines a filter of sockets states.
141 Only those sockets whose states are in this mask will be reported.
142 Ignored when querying for an individual socket.
143 Supported values are:
154 This is an inode number when querying for an individual socket.
155 Ignored when querying for a list of sockets.
158 This is a set of flags defining what kind of information to report.
159 Each requested kind of information is reported back as a netlink
160 attribute as described below:
164 The attribute reported in answer to this request is
166 The payload associated with this attribute is the pathname to which
167 the socket was bound (a sequence of bytes up to
172 The attribute reported in answer to this request is
174 The payload associated with this attribute is represented in the following
179 struct unix_diag_vfs {
180 uint32_t udiag_vfs_dev;
181 uint32_t udiag_vfs_ino;
186 The fields of this structure are as follows:
190 The device number of the corresponding on-disk socket inode.
193 The inode number of the corresponding on-disk socket inode.
197 The attribute reported in answer to this request is
199 The payload associated with this attribute is a
202 which is the peer's inode number.
203 This attribute is reported for connected sockets only.
206 The attribute reported in answer to this request is
207 .BR UNIX_DIAG_ICONS .
208 The payload associated with this attribute is an array of
211 which are inode numbers of sockets that has passed the
213 call, but hasn't been processed with
216 This attribute is reported for listening sockets only.
219 The attribute reported in answer to this request is
220 .BR UNIX_DIAG_RQLEN .
221 The payload associated with this attribute is represented in the following
226 struct unix_diag_rqlen {
227 uint32_t udiag_rqueue;
228 uint32_t udiag_wqueue;
233 The fields of this structure are as follows:
237 For listening sockets:
238 the number of pending connections.
239 The length of the array associated with the
241 response attribute is equal to this value.
243 For established sockets:
244 the amount of data in incoming queue.
247 For listening sockets:
248 the backlog length which equals to the value passed as the second argument to
251 For established sockets:
252 the amount of memory available for sending.
255 .B UDIAG_SHOW_MEMINFO
256 The attribute reported in answer to this request is
257 .BR UNIX_DIAG_MEMINFO .
258 The payload associated with this attribute is an array of
261 described below in the subsection "Socket memory information".
263 The following attributes are reported back without any specific request:
265 .B UNIX_DIAG_SHUTDOWN
266 The payload associated with this attribute is
268 value which represents
275 This is an array of opaque identifiers that could be used along with
277 to specify an individual socket.
278 It is ignored when querying for a list
279 of sockets, as well as when all its elements are set to \-1.
281 The response to a query for UNIX domain sockets is represented as an array of
285 struct unix_diag_msg {
286 uint8_t udiag_family;
291 uint32_t udiag_cookie[2];
296 followed by netlink attributes.
298 The fields of this structure are as follows:
301 This field has the same meaning as in
302 .IR "struct unix_diag_req" .
305 This is set to one of
312 This is set to one of
315 .BR TCP_ESTABLISHED .
318 This field is set to 0.
321 This is the socket inode number.
324 This is an array of opaque identifiers that could be used in subsequent
327 .SS IPv4 and IPv6 sockets
328 For IPv4 and IPv6 sockets,
329 the request is represented in the following structure:
333 struct inet_diag_req_v2 {
334 uint8_t sdiag_family;
335 uint8_t sdiag_protocol;
338 uint32_t idiag_states;
339 struct inet_diag_sockid id;
345 .I "struct inet_diag_sockid"
346 is defined as follows:
350 struct inet_diag_sockid {
356 uint32_t idiag_cookie[2];
362 .I "struct inet_diag_req_v2"
366 This should be set to either
370 for IPv4 or IPv6 sockets respectively.
373 This should be set to one of
377 .BR IPPROTO_UDPLITE .
380 This is a set of flags defining what kind of extended information to report.
381 Each requested kind of information is reported back as a netlink attribute
386 The payload associated with this attribute is a
389 which is the TOS of the socket.
392 The payload associated with this attribute is a
395 which is the TClass of the socket.
397 For LISTEN and CLOSE sockets, this is followed by
398 .B INET_DIAG_SKV6ONLY
399 attribute with associated
401 payload value meaning whether the socket
405 The payload associated with this attribute is represented in the following
410 struct inet_diag_meminfo {
419 The fields of this structure are as follows:
423 The amount of data in the receive queue.
426 The amount of data that is queued by TCP but not yet sent.
429 The amount of memory scheduled for future use (TCP only).
432 The amount of data in send queue.
435 .B INET_DIAG_SKMEMINFO
436 The payload associated with this attribute is an array of
439 described below in the subsection "Socket memory information".
442 The payload associated with this attribute is specific to the address family.
443 For TCP sockets, it is an object of type
444 .IR "struct tcp_info" .
447 The payload associated with this attribute is a string that describes the
448 congestion control algorithm used.
449 For TCP sockets only.
453 This should be set to 0.
456 This is a bit mask that defines a filter of socket states.
457 Only those sockets whose states are in this mask will be reported.
458 Ignored when querying for an individual socket.
461 This is a socket ID object that is used in dump requests, in queries
462 about individual sockets, and is reported back in each response.
463 Unlike UNIX domain sockets, IPv4 and IPv6 sockets are identified
464 using addresses and ports.
465 All values are in network byte order.
468 .I "struct inet_diag_sockid"
475 The destination port.
481 The destination address.
484 The interface number the socket is bound to.
487 This is an array of opaque identifiers that could be used along with
488 other fields of this structure to specify an individual socket.
489 It is ignored when querying for a list of sockets, as well as
490 when all its elements are set to \-1.
492 The response to a query for IPv4 or IPv6 sockets is represented as an array of
496 struct inet_diag_msg {
497 uint8_t idiag_family;
500 uint8_t idiag_retrans;
502 struct inet_diag_sockid id;
504 uint32_t idiag_expires;
505 uint32_t idiag_rqueue;
506 uint32_t idiag_wqueue;
508 uint32_t idiag_inode;
513 followed by netlink attributes.
515 The fields of this structure are as follows:
518 This is the same field as in
519 .IR "struct inet_diag_req_v2" .
522 This denotes socket state as in
523 .IR "struct inet_diag_req_v2" .
526 For TCP sockets, this field describes the type of timer that is currently
527 active for the socket.
528 It is set to one of the following constants:
546 a zero window probe timer
550 For non-TCP sockets, this field is set to 0.
555 values 1, 2, and 4, this field contains the number of retransmits.
558 values, this field is set to 0.
561 For TCP sockets that have an active timer, this field describes its expiration
562 time in milliseconds.
563 For other sockets, this field is set to 0.
566 For listening sockets:
567 the number of pending connections.
570 the amount of data in the incoming queue.
573 For listening sockets:
577 the amount of memory available for sending.
580 This is the socket owner UID.
583 This is the socket inode number.
585 .SS Socket memory information
586 The payload associated with
589 .B INET_DIAG_SKMEMINFO
590 netlink attributes is an array of the following
594 .B SK_MEMINFO_RMEM_ALLOC
595 The amount of data in receive queue.
598 The receive socket buffer as set by
601 .B SK_MEMINFO_WMEM_ALLOC
602 The amount of data in send queue.
605 The send socket buffer as set by
608 .B SK_MEMINFO_FWD_ALLOC
609 The amount of memory scheduled for future use (TCP only).
611 .B SK_MEMINFO_WMEM_QUEUED
612 The amount of data queued by TCP, but not yet sent.
615 The amount of memory allocated for the socket's service needs (e.g., socket
618 .B SK_MEMINFO_BACKLOG
619 The amount of packets in the backlog (not yet processed).
622 was introduced in Linux 2.6.14 and supported
627 In Linux 3.3, it was renamed to
629 and extended to support
635 .B INET_DIAG_SKMEMINFO
636 were introduced in Linux 3.6.
638 The NETLINK_SOCK_DIAG API is Linux-specific.
640 The following example program prints inode number, peer's inode number,
641 and name of all UNIX domain sockets in the current namespace.
648 #include <sys/socket.h>
650 #include <linux/netlink.h>
651 #include <linux/rtnetlink.h>
652 #include <linux/sock_diag.h>
653 #include <linux/unix_diag.h>
658 struct sockaddr_nl nladdr = {
659 .nl_family = AF_NETLINK
664 struct unix_diag_req udr;
667 .nlmsg_len = sizeof(req),
668 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
669 .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP
672 .sdiag_family = AF_UNIX,
674 .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER
679 .iov_len = sizeof(req)
681 struct msghdr msg = {
683 .msg_namelen = sizeof(nladdr),
689 if (sendmsg(fd, &msg, 0) < 0) {
702 print_diag(const struct unix_diag_msg *diag, unsigned int len)
704 if (len < NLMSG_LENGTH(sizeof(*diag))) {
705 fputs("short response\en", stderr);
708 if (diag\->udiag_family != AF_UNIX) {
709 fprintf(stderr, "unexpected family %u\en", diag\->udiag_family);
713 unsigned int rta_len = len \- NLMSG_LENGTH(sizeof(*diag));
714 unsigned int peer = 0;
716 char path[sizeof(((struct sockaddr_un *) 0)\->sun_path) + 1];
718 for (struct rtattr *attr = (struct rtattr *) (diag + 1);
719 RTA_OK(attr, rta_len); attr = RTA_NEXT(attr, rta_len)) {
720 switch (attr\->rta_type) {
723 path_len = RTA_PAYLOAD(attr);
724 if (path_len > sizeof(path) \- 1)
725 path_len = sizeof(path) \- 1;
726 memcpy(path, RTA_DATA(attr), path_len);
727 path[path_len] = \(aq\e0\(aq;
732 if (RTA_PAYLOAD(attr) >= sizeof(peer))
733 peer = *(unsigned int *) RTA_DATA(attr);
738 printf("inode=%u", diag\->udiag_ino);
741 printf(", peer=%u", peer);
744 printf(", name=%s%s", *path ? "" : "@",
745 *path ? path : path + 1);
747 putchar(\(aq\en\(aq);
752 receive_responses(int fd)
754 long buf[8192 / sizeof(long)];
755 struct sockaddr_nl nladdr;
758 .iov_len = sizeof(buf)
763 struct msghdr msg = {
765 .msg_namelen = sizeof(nladdr),
770 ssize_t ret = recvmsg(fd, &msg, flags);
782 if (nladdr.nl_family != AF_NETLINK) {
783 fputs("!AF_NETLINK\en", stderr);
787 const struct nlmsghdr *h = (struct nlmsghdr *) buf;
789 if (!NLMSG_OK(h, ret)) {
790 fputs("!NLMSG_OK\en", stderr);
794 for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) {
795 if (h\->nlmsg_type == NLMSG_DONE)
798 if (h\->nlmsg_type == NLMSG_ERROR) {
799 const struct nlmsgerr *err = NLMSG_DATA(h);
801 if (h\->nlmsg_len < NLMSG_LENGTH(sizeof(*err))) {
802 fputs("NLMSG_ERROR\en", stderr);
804 errno = \-err\->error;
805 perror("NLMSG_ERROR");
811 if (h\->nlmsg_type != SOCK_DIAG_BY_FAMILY) {
812 fprintf(stderr, "unexpected nlmsg_type %u\en",
813 (unsigned) h\->nlmsg_type);
817 if (print_diag(NLMSG_DATA(h), h\->nlmsg_len))
826 int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
833 int ret = send_query(fd) || receive_responses(fd);