我有一个进程在系统中 24*7 运行。最近有报道说这个进程打开了太多的套接字,耗尽了它的最大限制。
root@typhoon-base-unit0:/root> lsof -p 681 | grep -i sock | wc -l
1018
root@typhoon-base-unit0:/root>
Strace 显示它每次迭代都会打开/关闭一个套接字,但突然有许多进程打开的套接字没有正确关闭。
socket(PF_NETLINK, SOCK_DGRAM, 11) = 485
socket(PF_NETLINK, SOCK_DGRAM, 11) = 486
socket(PF_NETLINK, SOCK_DGRAM, 11) = 487
socket(PF_NETLINK, SOCK_DGRAM, 11) = 488
socket(PF_NETLINK, SOCK_DGRAM, 11) = 489
socket(PF_NETLINK, SOCK_DGRAM, 11) = 490
socket(PF_NETLINK, SOCK_DGRAM, 11) = 491
socket(PF_NETLINK, SOCK_DGRAM, 11) = 492
socket(PF_NETLINK, SOCK_DGRAM, 11) = 493
socket(PF_NETLINK, SOCK_DGRAM, 11) = 494
socket(PF_NETLINK, SOCK_DGRAM, 11) = 495
socket(PF_NETLINK, SOCK_DGRAM, 11) = 496
socket(PF_NETLINK, SOCK_DGRAM, 11) = 497
socket(PF_NETLINK, SOCK_DGRAM, 11) = 498
socket(PF_NETLINK, SOCK_DGRAM, 11) = 499
socket(PF_NETLINK, SOCK_DGRAM, 11) = 500
socket(PF_NETLINK, SOCK_DGRAM, 11) = 501
socket(PF_NETLINK, SOCK_DGRAM, 11) = 502
socket(PF_NETLINK, SOCK_DGRAM, 11) = 503
socket(PF_NETLINK, SOCK_DGRAM, 11) = 504
socket(PF_NETLINK, SOCK_DGRAM, 11) = 505
socket(PF_NETLINK, SOCK_DGRAM, 11) = 506
socket(PF_NETLINK, SOCK_DGRAM, 11) = 507
socket(PF_NETLINK, SOCK_DGRAM, 11) = 508
socket(PF_NETLINK, SOCK_DGRAM, 11) = 509
socket(PF_NETLINK, SOCK_DGRAM, 11) = 510
socket(PF_NETLINK, SOCK_DGRAM, 11) = 511
socket(PF_NETLINK, SOCK_DGRAM, 11) = 512
socket(0x1e /* PF_??? */, SOCK_SEQPACKET, 0) = 513
close(513) = 0
socket(PF_NETLINK, SOCK_DGRAM, 11) = 513
socket(PF_NETLINK, SOCK_DGRAM, 11) = 514
socket(PF_NETLINK, SOCK_DGRAM, 11) = 515
socket(PF_NETLINK, SOCK_DGRAM, 11) = 516
socket(0x1e /* PF_??? */, SOCK_SEQPACKET, 0) = 517
close(517) = 0
socket(PF_NETLINK, SOCK_DGRAM, 11) = 517
socket(PF_NETLINK, SOCK_DGRAM, 11) = 518
我的问题是如何找出正在运行的进程的哪个函数创建了这个 PF_NETLINK 套接字?代码太大,无法手动跟踪所有可能的路径。有什么工具可以告诉我是哪个函数创建了这些 PF_NETLINK 套接字?
任何帮助表示赞赏。
非常感谢。