sock_diag ¤

Lightweight wrapper around the kernel SOCK_DIAG netlink subsystem.

Right now we only expose the unix-domain peer lookup, which procinfo uses to turn an anonymous unix socket FD into a "this end is connected to PID X" line. There is no /proc file that exposes peer information, so this can only run against the local kernel: callers must skip it for remote / cross-machine debugging targets.

Functions:

get_unix_peers –

Return {inode: peer_inode} for unix sockets on the local kernel.
find_socket_inode_owners –

For each inode in inodes, find a process holding it as a socket FD.

get_unix_peers ¤

get_unix_peers() -> dict[int, int]

Return {inode: peer_inode} for unix sockets on the local kernel.

Sockets without a peer (e.g. listening or unconnected) are simply absent from the returned mapping. Returns an empty dict if the kernel doesn't speak NETLINK_SOCK_DIAG, if we lack permission, or if anything goes wrong while parsing — callers should treat the absence of an entry as "unknown", not as "no peer".

find_socket_inode_owners ¤

find_socket_inode_owners(inodes: set[int]) -> dict[int, tuple[int, int, str]]

For each inode in inodes, find a process holding it as a socket FD.

Returns {inode: (pid, fd, comm)} for the first owner discovered per inode (peer ownership is 1-to-1 for connected unix sockets, so a single owner is enough). Inodes with no discoverable owner are absent.

This walks /proc/*/fd directly, so it only makes sense on a local target. Permission errors on individual processes are ignored.