Linux /proc 中可能的内部套接字状态列表
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5992211/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
List of possible internal socket statuses from /proc
提问by The_Viper
I would like to know the possible values of stcolumn in /proc/net/tcp. I think the stcolumn equates to STATE column from netstat(8)or ss(8).
我想知道中st列的可能值/proc/net/tcp。我认为该st列等同于来自netstat(8)或的STATE 列ss(8)。
I have managed to identify three codes:
我设法识别了三个代码:
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 0100007F:08A0 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7321 1 ffff81002f449980 3000 0 0 2 -1
1: 00000000:006F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 6656 1 ffff81003a30c080 3000 0 0 2 -1
2: 00000000:0272 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 6733 1 ffff81003a30c6c0 3000 0 0 2 -1
3: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7411 1 ffff81002f448d00 3000 0 0 2 -1
4: 0100007F:0019 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7520 1 ffff81002f4486c0 3000 0 0 2 -1
5: 0100007F:089F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7339 1 ffff81002f449340 3000 0 0 2 -1
6: 0100007F:E753 0100007F:0016 01 00000000:00000000 02:000AFA92 00000000 500 0 18198 2 ffff81002f448080 204 40 20 2 -1
7: 0100007F:E752 0100007F:0016 06 00000000:00000000 03:000005EC 00000000 0 0 0 2 ffff81000805dc00
The above shows:
上图显示:
- On line sl 0: a listening port on tcp/2208.
st = 0A = LISTEN - On line sl 6: An established session on tcp/22.
st = 01 = ESTABLISHED - On line sl 7: An socket in TIME_WAIT state after ssh logout. No inode.
st = 06 = TIME_WAIT
- 在线 sl 0:tcp/2208 上的侦听端口。
st = 0A = LISTEN - 在线 sl 6:在 tcp/22 上建立的会话。
st = 01 = ESTABLISHED - 在 sl 7 行:ssh 注销后处于 TIME_WAIT 状态的套接字。没有索引节点。
st = 06 = TIME_WAIT
Can anyone expand on this list? The proc(5)manpage is quite terse on the subject stating:
任何人都可以扩展此列表吗?该proc(5)手册页是关于这个问题的说明相当简洁:
/proc/net/tcp
Holds a dump of the TCP socket table. Much of the information is not of use apart from debugging. The "sl" value is the kernel hash slot for the socket, the "local address" is the local address and
port number pair. The "remote address" is the remote address and port number pair (if connected). 'St' is the internal status of the socket. The 'tx_queue' and 'rx_queue' are the outgoing and incom-
ing data queue in terms of kernel memory usage. The "tr", "tm->when", and "rexmits" fields hold internal information of the kernel socket state and are only useful for debugging. The "uid" field
holds the effective UID of the creator of the socket.
And on a related note, the above /proc/net/tcp output is showing a few listening processes (2208, 62, 111 etc). However, I cannot see a listening tcp connection on tcp/22, althought the established and time_wait states are shown. Yes, I can see them in /proc/net/tcp6but should they not be present in /proc/net/tcpalso? Netstat output shows it differently to applications bound only to ipv4. E.g.
在相关说明中,上面的 /proc/net/tcp 输出显示了一些侦听进程(2208、62、111 等)。但是,尽管显示了已建立和 time_wait 状态,但我无法在 tcp/22 上看到侦听 tcp 连接。是的,我可以看到它们,/proc/net/tcp6但它们也不应该出现在里面/proc/net/tcp吗?Netstat 输出显示它与仅绑定到 ipv4 的应用程序不同。例如
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4231/portmap
tcp 0 0 :::22 :::* LISTEN 4556/sshd
Many thanks, -Andrew
非常感谢,-安德鲁
采纳答案by nos
They should match to the enum in ./include/net/tcp_states.hin the linux kernel sources:
它们应该与linux 内核源代码中的./include/net/tcp_states.h中的枚举匹配 :
enum {
TCP_ESTABLISHED = 1,
TCP_SYN_SENT,
TCP_SYN_RECV,
TCP_FIN_WAIT1,
TCP_FIN_WAIT2,
TCP_TIME_WAIT,
TCP_CLOSE,
TCP_CLOSE_WAIT,
TCP_LAST_ACK,
TCP_LISTEN,
TCP_CLOSING, /* Now a valid state */
TCP_MAX_STATES /* Leave at the end! */
};
As for your 2. question, are you really sure there's not an sshd listening on e.g. 0.0.0.0:22 ? If not, I suspect what you're seeing is related to v4-mapped-on-v6 sockets, see e.g. man 7 ipv6
至于你的 2. 问题,你真的确定没有 sshd 监听例如 0.0.0.0:22 吗?如果没有,我怀疑您所看到的与 v4-mapped-on-v6 套接字有关,请参见例如man 7 ipv6
