detect if file descriptor is socket in solaris 11.0 and extract ip address

Question

In Solaris, I need to get IP address a specific process is using (sshd session), I have his ID.
How do they do it on linux ? After reading netstat.c source, this is the flow:
Iterate the process file descriptors, located at /proc/ProcessId/fd/,
If iterated file descriptor is a socket, they readlink, open and finally read the file descriptor.

So in solaris, I can detect the socket file descriptor of the process.

int fd=NULL;
struct dirent *dentp;
while ((dentp = readdir(dirp)) != NULL) { //iterate file descriptors
   fd = atoi(dentp->d_name);
   struct stat statb;
   char temp_dir_path [100];
   if (stat(temp_dir_path, &statb) != -1)
   {
       if (S_ISSOCK(statb.st_mode))
       {
         //What to do here ?? temp_dir_path is /proc/12345/fd/4

I saw there are methods like getpeername(..),getsockname(..) they receive as param the file descriptor of the current context process, I want to read file descriptor for another process.
Can I open the file descriptor and cast it to struct sockaddr_in ?

The socket file descriptor structure is different between linux and solaris.. I guess i need to do whatever they do in pfiles / lsof

Answer 1

I saw there are methods like getpeername(..),getsockname(..) they receive as param the file descriptor of the current context process, I want to read file descriptor for another process. Can I open the file descriptor and cast it to struct sockaddr_in ?

No. You can open() it and use the file descriptor open() returns and try using getpeername() and getsockname() on the file descriptor you get. It might even work.

You'll probably be better served by using the method pfiles uses. Per the pfiles man page:

pfiles

Report fstat(2) and fcntl(2) information for all open files in each process. For network endpoints, the local (and peer if connected) address information is also provided. For sockets, the socket type, socket options and send and receive buffer sizes are also provided. In addition, a path to the file is reported if the information is available from /proc/pid/path. This is not necessarily the same name used to open the file. See proc(4) for more information.

The pfiles source code can be found at http://src.illumos.org/source/xref/illumos-gate/usr/src/cmd/ptools/pfiles/pfiles.c

Solaris provides a libproc interface library that does what you need. pfiles uses that - the library provides calls such as pr_getpeername() and pr_getsockname(). You can see the implementations in http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libproc/common/pr_getsockname.c

Note that there are actual system calls to get what you need directly from the kernel.

The OpenSolaris man pages for the libproc library can be found at http://illumos.org/man/3proc/all They are likely to be substantially similar to the Solaris 11 libproc implementation.

To use these tools, you have to be really careful. From the Pgrab man page for the function used to grab a process:

Grabbing a process is a destructive action. Stopping a process stops execution of all its threads. The impact of stopping a process depends on the purpose of that process. For example, if one stops a process that's primarily doing computation, then its computation is delayed the entire time that it is stopped. However, if instead this is an active TCP server, then the accept backlog may fill causing connection errors and potentially connection time out errors.

There are options to not stop the grabbed process, and to grab it read-only.