Who's talking to whom?
One way to understand how your system works is to look at which programs talk to other programs.
Here's a graph showing all the processes on my system and their sockets:
(click for a larger image)
The notation is:
- Cyan node - a process
- White circle - a normal (connected) socket
- Text - a named socket (waiting for new connections)
- Yellow - a connection to a named socket (the "server" end of a connection)
- Red - a non-Unix-domain socket (probably a connection to the outside world)
The main hubs seem to be:
- X (all graphical applications must connect to the X server to display windows),
- The system dbus (the one connected to the X server), and
- xfce4-session (anything that needs to save state on logout).
Actually, there's an even bigger gathering around the "/tmp/seahorse-6d4bQD" socket. This bit is very odd,
because all the processes are sharing a single socket. I suspect there's a bug here somewhere and a process
has accidentally passed the socket to all of its children.
Sockets are similar to pipes, but are more complex. A brief summary of sockets:
- A socket is one end of a communications channel.
- There are different types of socket. Most are used for communicating with
other computers over a physical network, but there is a special kind called
"Unix domain sockets" which are used for communication within a computer.
- To communicate, two sockets must be connected together. Data can then be sent
in both directions.
There are three ways to get a connected socket:
- You can create a pair of sockets that are already connected, and then give
one of them to someone else. In the diagram, this appears as two white sockets
connected together (e.g. "dbus-daemon" in the top-left corner).
- You can bind a socket to an address and start accepting new incoming connections.
This is a listening socket, represented by the text of its address. In the
diagram "syslogd" has no connections, but is ready to accept one.
Each time someone connects, a new socket is created to handle that connection.
gconfd-2 is handling a number of existing connections (each yellow socket), as well as accepting new ones
- You can connect to a listening socket. This results in having your white socket
connected to a new yellow socket at the other process.
Generating the graph
The main problem with making the image is that I couldn't find a way of finding out which
sockets were connected to which other sockets. In the end, I edited unix_seq_show() in
net/unix/af_unix.c in the Linux source to print "unix_peer(s)" in a new column.
Then, it's just a matter of parsing /proc/net/unix and /proc/*/fd/* to build the graph,
and sending it to neato for rendering.