28

我想知道中st列的可能值/proc/net/tcp。我认为该st列等同于来自netstat(8)or的 STATE 列ss(8)

我设法识别了三个代码:

sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
0: 0100007F:08A0 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 7321 1 ffff81002f449980 3000 0 0 2 -1                     
1: 00000000:006F 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 6656 1 ffff81003a30c080 3000 0 0 2 -1                     
2: 00000000:0272 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 6733 1 ffff81003a30c6c0 3000 0 0 2 -1                     
3: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 7411 1 ffff81002f448d00 3000 0 0 2 -1                     
4: 0100007F:0019 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 7520 1 ffff81002f4486c0 3000 0 0 2 -1                     
5: 0100007F:089F 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 7339 1 ffff81002f449340 3000 0 0 2 -1           
6: 0100007F:E753 0100007F:0016 01 00000000:00000000 02:000AFA92 00000000   500        0 18198 2 ffff81002f448080 204 40 20 2 -1                   
7: 0100007F:E752 0100007F:0016 06 00000000:00000000 03:000005EC 00000000     0        0 0 2 ffff81000805dc00

上图显示:

  • 在线 sl 0:tcp/2208 上的监听端口。st = 0A = LISTEN
  • 在第 sl 6 行:在 tcp/22 上建立的会话。st = 01 = ESTABLISHED
  • 在第 sl 7 行:ssh 注销后处于 TIME_WAIT 状态的套接字。没有索引节点。st = 06 = TIME_WAIT

任何人都可以扩展此列表吗?联机帮助页在proc(5)主题上非常简洁,说明:

   /proc/net/tcp
          Holds a dump of the TCP socket table. Much of the information is not of use apart from debugging. The "sl" value is the kernel hash slot for the socket, the "local address" is  the  local  address  and
          port  number pair.  The "remote address" is the remote address and port number pair (if connected). ’St’ is the internal status of the socket.  The ’tx_queue’ and ’rx_queue’ are the outgoing and incom-
          ing data queue in terms of kernel memory usage.  The "tr", "tm->when", and "rexmits" fields hold internal information of the kernel socket state and are only useful  for  debugging.   The  "uid"  field
          holds the effective UID of the creator of the socket.

在相关说明中,上述 /proc/net/tcp 输出显示了一些侦听进程(2208、62、111 等)。但是,尽管显示了已建立和 time_wait 状态,但我在 tcp/22 上看不到正在侦听的 tcp 连接。是的,我可以看到它们,/proc/net/tcp6但它们也不应该出现在/proc/net/tcp里面吗?Netstat 输出显示它与仅绑定到 ipv4 的应用程序不同。例如

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      4231/portmap        
tcp        0      0 :::22                       :::*                        LISTEN      4556/sshd

非常感谢,-安德鲁

4

1 回答 1

34

它们应该与 linux 内核源代码中的./include/net/tcp_states.h中的枚举匹配:

enum {
    TCP_ESTABLISHED = 1,
    TCP_SYN_SENT,
    TCP_SYN_RECV,
    TCP_FIN_WAIT1,
    TCP_FIN_WAIT2,
    TCP_TIME_WAIT,
    TCP_CLOSE,
    TCP_CLOSE_WAIT,
    TCP_LAST_ACK,
    TCP_LISTEN,
    TCP_CLOSING,    /* Now a valid state */

    TCP_MAX_STATES  /* Leave at the end! */
};

至于你的 2. 问题,你真的确定没有 sshd 监听例如 0.0.0.0:22 吗?如果不是,我怀疑您所看到的与 v4-mapped-on-v6 套接字有关,请参见例如man 7 ipv6

于 2011-05-13T13:05:24.483 回答