"netstat -p" sometimes produces erroneous "Program name" output because
it looks at /proc/*/cmdline (which can be manipulated by setproctitle)
and assumes that information is structured as a pathname.
For example, this process (output from "ps auxw"):
joe 5987 0.0 0.3 68380 1908 ? S 20:57 0:00 sshd: joe@pts/9
was associated with this incorrect output from "netstat -anp":
tcp 0 0 10.0.0.10:34199 10.0.0.10:443 ESTABLISHED 5987/9
The text "5987/9" appeared in the "PID/Program name" column because
netstat parsed "9" as the final path element of the command.
The attached patch causes netstat to determine the program name by
dereferencing the /proc/*/exe symlink instead, producing the following
(correct) output regarding the same process:
tcp 0 0 10.0.0.10:34199 10.0.0.10:443 ESTABLISHED 5987/sshd
Patch (also submitted upstream):
--- netstat.c 2001-04-15 14:41:17.000000000 +0000
+++ netstat.c 2012-01-22 20:24:19.000000000 +0000
@@ -246,6 +246,8 @@
#define PATH_PROC_X_FD PATH_PROC "/%s/" PATH_FD_SUFF
#define PATH_CMDLINE "cmdline"
#define PATH_CMDLINEl strlen(PATH_CMDLINE)
+#define PATH_EXE "exe"
+#define PATH_EXEl strlen(PATH_EXE)
/* NOT working as of glibc-2.0.7: */
#undef DIRENT_HAVE_D_TYPE_WORKS
@@ -393,16 +395,11 @@
if (inode < 0) continue;
if (!cmdlp) {
- if (procfdlen - PATH_FD_SUFFl + PATH_CMDLINEl >=
+ if (procfdlen - PATH_FD_SUFFl + PATH_EXEl >=
sizeof(line) - 5)
continue;
- strcpy(line + procfdlen-PATH_FD_SUFFl, PATH_CMDLINE);
- fd = open(line, O_RDONLY);
- if (fd < 0)
- continue;
- cmdllen = read(fd, cmdlbuf, sizeof(cmdlbuf) - 1);
- if (close(fd))
- continue;
+ strcpy(line + procfdlen-PATH_FD_SUFFl, PATH_EXE);
+ cmdllen = readlink(line, cmdlbuf, sizeof(cmdlbuf)-1);
if (cmdllen == -1)
continue;
if (cmdllen < sizeof(cmdlbuf) - 1)