

在Linux 3.9内核和更高版本中运行,我有一个应用程序X,它在特定的套接字上侦听连接.我想编写一个不相关的应用程序Y,该应用程序跟踪连接到此套接字的尝试次数,源IP等.

Running in Linux 3.9 kernel and later, I have an application X, which listens on a particular socket for connections. I want to write an unrelated application, Y, which tracks the number of attempts to connect to this socket, the source IP, etc.

在c ++中(理想情况下通过Qt库)是否可以共享/监视不相关进程已经使用的套接字?我发现了几个StackOverflow问题,建议分叉共享套接字,但是在这种情况下是不可能的.

Is it possible in c++ (ideally through Qt library) to share / monitor a socket already in use by an unrelated process? I found several StackOverflow questions which suggest forking to share the socket, but that's not possible in this case.



It is possible to transfer a file descriptor to another process, which behaves like a cross process dup(2). See Can I open a socket and pass it to another process in Linux for details. But this needs to be explicitly done, i.e. one process sends the file descriptor and another receives it. Thus the "unrelated" process must cooperate.


But a listen socket cannot be used for monitoring. The socket can only accept a connection but it is not possible to see if another process accepted a connection on the same socket, no matter if the sockets are shared with fork,threading or by file descriptor passing.


Given the right permissions and OS you can monitor the behavior of an application at the syscall level using the ptrace(2) or similar interface. There you could see if the application uses accept and what it returns. Or like suggested in a comment you can use packet capturing (tcpdump, raw sockets) to simply watch the traffic and deduct from a successful TCP handshake that some (unknown) process must have accepted the connection.


07-29 18:58