Aidan Cully wrote:

> So I said I'd said my bit.  Oh, well.
> 
> On Sat, Apr 15, 2000 at 11:18:55PM -0500, erh@nimenees.com wrote:
> > 	Hey.  I think I just convinced myself that this should use a 
> > special type of socket.  (argh, I wish I could remember who suggested
> > that, or what list it was on.)  make socket with domain of KINFO, protocol
> > PROC_INFO, write the size of your struct kinfo_proc2, read the total
> > size, then read the kinfo_proc2 table.  When you're done, close or
> > write the size again, repeat.
> 
> Make socket with domain AF_KINFO, connect to address
> int address[] = { PROC_INFO, op, arg, elemsize };
> The connect() makes the snapshot, socket options could allow for the
> filtering I was keen on before, and the data is copied out as it's read.
> Close the socket to free the snapshot.

One thing I'm not keen about from the snapshot and socket POV is where
to keep the snapshot.  On my single user home machine with only 120
odd processes running, I'd use (assuming about 500 bytes for a struct
kinfo_proc2 based on what I've pieced together so far) about 60kB of
kernel memory for the snapshot.  This doesn't seem to scale well for
large multi-user machines - imagine a kernel memory DOS attack where
multiple users open a KINFO but don't read anything.

Brian's idea is really just an extension of what sysctl(KERN_PROC) with
no data pointer does - it just returns KERN_PROCSLOP (5) greater than
the current number of processes.

Simon.