3

I am trying to write a C Code to do the same Job as:

netstat -vatp

List all Remote/Local Addresses and Processes using them. But I dunno which files should I be reading?

I tried looking into /proc/net/tcp and /proc/net/udp, but they don't have the process name or process identifier like netstat displays it!

Thanks.

Sangeeth Saravanaraj
  • 16,027
  • 21
  • 69
  • 98
killercode
  • 1,666
  • 5
  • 29
  • 42

2 Answers2

4

You could check the source code http://freecode.com/projects/net-tools. Just download, unpack the bz2 file and you'll find the netstat.c source code

Quick analyse:

/proc/net/tcp for example has an inode tab, in /proc there is a subfolder for each of these inodes, which contains the information you need.

Some more analysing:

I think it's even worse. netstat just loops through the /proc directory and checks the contents of the numeric sub-directories to find the actual process matching the inode. Not sure as I'm just analysing

http://linux.die.net/man/5/proc is very nice reading :)

For your answer, see How can i match each /proc/net/tcp entry to each opened socket?

Community
  • 1
  • 1
Matthias van der Vlies
  • 3,834
  • 3
  • 24
  • 28
  • im sorry, how can i open an inode and check its ownership? just the api names and ill do the rest. thanks – killercode Jan 01 '12 at 11:18
  • Just take a look at prg_cache_load() to see what netstat() does – Matthias van der Vlies Jan 01 '12 at 11:31
  • ok, here is what i got, correct me if im wrong please. netstat opens /proc directory, gets inside each process directory, and gets to /proc//fd directory, read all links there, and each link is then added to a linked list, and that link is the inode im looking for? – killercode Jan 01 '12 at 11:42
  • Yes see http://stackoverflow.com/questions/3319521/how-can-i-match-each-proc-net-tcp-entry-to-each-opened-socket/3328068#3328068 – Matthias van der Vlies Jan 01 '12 at 11:46
  • ok, not im kinda confused, it maybe or may not be a link? or is it always a link and i just gotta use readlink all the time? – killercode Jan 01 '12 at 11:58
  • It's just a file handle, so you can open it with open() as netstat does – Matthias van der Vlies Jan 01 '12 at 12:00
  • netstat uses readlink, in the /proc//fd directory, file descriptors (named) are from 1 -> , so it must be their link, since inode value is over 3000 most of the time. i think? – killercode Jan 01 '12 at 12:14
2

You could call the netstat application from within your code. Have a look at execve to capture stdout and stderr.

EDIT: Since code says more than words:

IEFTask.h

#ifndef IEFTASK_H
#define IEFTASK_H

#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <signal.h>
#include <assert.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* MARK: Structure */
struct IEFTask {
    const char **arguments; /* last argument should be NULL */
    int standardInput;
    void *callbackArgument;

    void (*callback)(int term, char *out, size_t outLen, 
        char *err, size_t errLen, void *arg);
};
typedef struct IEFTask IEFTask;

/* MARK: Running */
int
IEFTaskRun(IEFTask *theTask);

#endif /* IEFTASK_H */

IEFTask.c

#include "IEFTask.h"

/* MARK: DECLARATION: Data Conversion */
char *
IEFTaskCreateBufferFromPipe(int fd, size_t *bufLen);

/* MARK: Running */
int
IEFTaskRun(IEFTask *myTask) {
    pid_t pid;
    int exitStatus, status;
    int outPipe[2], errPipe[2];

    assert(myTask != NULL);

    /* Create stdout and stderr pipes */
    {
        status = pipe(outPipe);
        if(status != 0) {
            return -1;
        }

        status = pipe(errPipe);
        if(status != 0) {
            close(errPipe[0]);
            close(errPipe[1]);
            return -1;
        }
    }

    /* Fork the process and wait pid */
    {

        pid = fork();

        if(pid < 0) { /* error */
            return -1;

        } else if(pid > 0) { /* parent */
            waitpid(pid, &exitStatus, 0);
            exitStatus = WEXITSTATUS(exitStatus);

        } else { /* child */
            /* close unneeded pipes */
            close(outPipe[0]);
            close(errPipe[0]);

            /* redirect stdout, stdin, stderr */
            if(myTask->standardInput >= 0) {
                close(STDIN_FILENO);
                dup2(myTask->standardInput, STDIN_FILENO);
                close(myTask->standardInput);
            }

            close(STDOUT_FILENO);
            dup2(outPipe[1], STDOUT_FILENO);
            close(outPipe[1]);

            close(STDERR_FILENO);
            dup2(errPipe[1], STDERR_FILENO);
            close(errPipe[1]);

            execve(myTask->arguments[0], 
                (char *const *)myTask->arguments, NULL);
            exit(127);
        }
    }

    /* Parent continues */
    {
        char *output, *error;
        size_t outLen, errLen;

        /* 127 = execve failed */
        if(exitStatus == 127) {
            close(errPipe[0]);
            close(errPipe[1]);
            close(outPipe[0]);
            close(outPipe[1]);
            return -1;
        }

        /* Read in data */
        close(errPipe[1]);
        close(outPipe[1]);

        output = IEFTaskCreateBufferFromPipe(outPipe[0], &outLen);
        error = IEFTaskCreateBufferFromPipe(errPipe[0], &errLen);

        close(errPipe[0]);
        close(outPipe[0]);

        /* Call callback */
        (*myTask->callback)(exitStatus, 
            output, outLen,
            error, errLen, myTask->callbackArgument);

        if(output) free(output);
        if(error) free(error);
    }

    return 0;
}

/* MARK: Data Conversion */
#define READ_BUF_SIZE (128)
char *
IEFTaskCreateBufferFromPipe(int fd, size_t *bufLen) {
    ssize_t totalRead = 0, nowRead;
    char readBuffer[READ_BUF_SIZE], *myBuffer = NULL;
    char *ptr;

    while(1) {
        nowRead = read(fd, readBuffer, READ_BUF_SIZE);
        if(nowRead == -1) {
            free(myBuffer);
            return NULL;

        } else if(nowRead == 0) {
            break;

        } else {
            ptr = realloc(myBuffer, totalRead + nowRead);
            if(ptr == NULL) {
                free(myBuffer);
                return NULL;
            }
            myBuffer = ptr;
            memcpy(&(myBuffer[totalRead]), readBuffer, nowRead);
            totalRead += nowRead;
        }
    }

    if(bufLen) *bufLen = (size_t)totalRead;

    return myBuffer;
}

main.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "IEFTask.h"


void taskCallback(int term,
    char *out, size_t outlen,
    char *err, size_t errlen)
{
    char *ptr;
    printf("Task terminated: %d\n", term);

    ptr = malloc(outlen + 1);
    memcpy(ptr, out, outlen);
    ptr[outlen] = '\0';
    printf("***STDOUT:\n%s\n***END\n", ptr);
    free(ptr);

    ptr = malloc(errlen + 1);
    memcpy(ptr, err, errlen);
    ptr[errlen] = '\0';
    printf("***STDERR:\n%s\n***END\n", ptr);
    free(ptr);
}

int main() {
    const char *arguments[] = {
        "/bin/echo",
        "Hello",
        "World",
        NULL
    };

    IEFTask myTask;
    myTask.arguments = arguments;
    myTask.standardInput = -1;
    myTask.callback = &taskCallback;

    int status;
    status = IEFTaskRun(&myTask);

    if(status != 0) {
        printf("Failed: %s\n", strerror(errno));
    }

    return 0;
}
v1Axvw
  • 3,054
  • 3
  • 26
  • 40