ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to monitor the changes in the procfs, in particular in /proc/net/tcp file. I tried inotify but it doesn't work with proc as it is not a regular file system. I need to catch the changes almost instantly. Any ideas?
Well, this is the programming forum, so you came to the right place.
Perl might be your best bet. Suck in the whole file (/proc/net/tcp) as though it were a regular file. Knock yourself out analyzing it. Then sleep for a second or five and do it all again.
Ahhhh - you sure this is really the way you want to do this ???.
Conceptually, the contents of a procfs "file" don't exist until you (userland) query it. The data is exposed in response to the query.
It doesn't "change" until you look.
Thank you for your answers and sorry for my delayed response. Yes, I know that I can't really monitor it in the real time. Let me give you some more details so you know what the actual problem is. I need to monitor the system sockets. In particular I have to discover the event of the new socket creation as immediately as possible. This is my goal. The problem is I have to do it from the user space with no kernel mods/patches/etc. involved whatsoever. I can't even use the hooks (similar to those that rootkits use) to "patch kernel" on fly and "replace" standard system calls to monitor the particular system call. I've gone through ptrace already but stumbled at the signaling issues which are pain to deal with when tracing multiple forks/vforks and all other flavors of sys_clone. Even strace doesn't deal with them correctly. So, if you have any other ideas they will be appreciated.
Thank you, I actually added a usleep() to ease down the polling intensity and the implementation seems just good enough for what I'm doing. BTW, could you think of any implementation involving stock kernel modules? I looked at kernel debugging and relayfs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.