Unix domain socket leak in 6-STABLE

[Ulrich Spoerlein]

Hi,

as you are aware, there is a unix domain socket leak in 6-STABLE,
which AFAIK is not yet fully fixed.

I wanted to ask about the status or some possible fixes, as I know a
way to reproduce the problem in a matter of minutes.

We are running Cyrus and Postfix with the user DB in OpenLDAP. When
using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
quickly runs out of filedescriptors as it is not closing any unix
sockets (judging by ever increasing lsof output).

Using TCP sockets is just fine. If there are patches I could try,
don't hesitate to send them to me.

Cheers,
Uli
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Ivan Voras]

Ulrich Spoerlein wrote:

Hi,

as you are aware, there is a unix domain socket leak in 6-STABLE,
which AFAIK is not yet fully fixed.



We are running Cyrus and Postfix with the user DB in OpenLDAP. When
using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
quickly runs out of filedescriptors as it is not closing any unix
sockets (judging by ever increasing lsof output).


Can you perhaps isolate the bug / give more information on it? I'm 
asking because I'm currently using an application with unix domain 
sockets in production wich handles lots of connects/disconnects per 
second and it doesn't seem to show leakage.




signature.asc
Description: OpenPGP digital signature

Re: Unix domain socket leak in 6-STABLE

[Jeremy Chadwick]

On Wed, Jun 13, 2007 at 04:22:45PM +0200, Ulrich Spoerlein wrote:
>  Hi,
> 
>  as you are aware, there is a unix domain socket leak in 6-STABLE,
>  which AFAIK is not yet fully fixed.
> 
>  I wanted to ask about the status or some possible fixes, as I know a
>  way to reproduce the problem in a matter of minutes.
> 
>  We are running Cyrus and Postfix with the user DB in OpenLDAP. When
>  using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
>  both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
>  quickly runs out of filedescriptors as it is not closing any unix
>  sockets (judging by ever increasing lsof output).
> 
>  Using TCP sockets is just fine. If there are patches I could try,
>  don't hesitate to send them to me.

Might be a red herring, but worth mentioning as a possibility:

I've seen this kind of problem with domain sockets (at least on Linux
with a multi-use tool called busybox) where on error conditions the
code never bothered to close the existing socket it opened, thus
resulting in leaks/resource exhaustion over time.  The code later got
fixed, but a pretty nasty bug especially when the program is used in
a lot of embedded products...

In regards to FreeBSD, I remember reading some mails from Robert Watson
last month in regards to UNIX domain socket code changes:

http://monkey.org/freebsd/archive/freebsd-stable/200705/msg00200.html

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Ronald Klop]

On Wed, 13 Jun 2007 16:22:45 +0200, Ulrich Spoerlein  
<[EMAIL PROTECTED]> wrote:



Hi,

as you are aware, there is a unix domain socket leak in 6-STABLE,
which AFAIK is not yet fully fixed.

I wanted to ask about the status or some possible fixes, as I know a
way to reproduce the problem in a matter of minutes.

We are running Cyrus and Postfix with the user DB in OpenLDAP. When
using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
quickly runs out of filedescriptors as it is not closing any unix
sockets (judging by ever increasing lsof output).


Shouldn't slapd close its unix socket? Or am I misreading this.


Using TCP sockets is just fine. If there are patches I could try,
don't hesitate to send them to me.

Cheers,
Uli


Ronald.


--
 Ronald Klop
 Amsterdam, The Netherlands
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re Unix domain socket leak in 6-STABLE

[Ulrich Spoerlein]

On 6/13/07, Ivan Voras <[EMAIL PROTECTED]> wrote:

Can you perhaps isolate the bug / give more information on it? I'm
asking because I'm currently using an application with unix domain
sockets in production wich handles lots of connects/disconnects per
second and it doesn't seem to show leakage.


Ok, I'm not exactly sure what I should do. First of all, there are two
LDAP consumers: postfix and cyrus-saslauthd. A fairly common setup, I
suppose.

If I bombard this setup with hundreds of mails, cyrus is at one point
unable to process the mails further, stating that:
Jun 13 18:27:22 misctest1 lmtpunix[47460]: IOERROR: opening
/data/cyrus/spool/user/ulrspoe/cyrus.cache: Too many open files

The error is misleading, though, as it is not cyrus that is out of
file descriptors, but rather OpenLDAP. Restarting slapd will make
cyrus work again.

I logged the lsof output during the mail bomb and the slapd-lines are
continually rising:

misctest1# while :; do echo -n `date` "  "; lsof 2>/dev/null | awk '$1
~ /imapd/{imapd+=1} $1 ~ /slapd/{slapd+=1} $3 ~ /postfix/{pf+=1}
END{print imapd, pf, slapd}'; sleep 60;done
Wed Jun 13 18:21:55 CEST 2007   1378 71 272
Wed Jun 13 18:22:57 CEST 2007   1378 71 272
Wed Jun 13 18:23:58 CEST 2007   1378 216 316
Wed Jun 13 18:24:59 CEST 2007   1378 321 644
Wed Jun 13 18:26:01 CEST 2007   1378 333 1132
Wed Jun 13 18:27:02 CEST 2007   1378 329 1804
Wed Jun 13 18:28:04 CEST 2007   1378 417 2280

The third column never goes down significantly. I have the setup now
sitting at 2k open files for the slapd process and will wait until
tomorrow, if the count ever decreases again.

Changing from
ldapi://%2fvar%2frun%2fopenldap%2fldapi/ to ldap://127.0.0.1/ "fixes"
the problem. It might be a genuine problem in OpenLDAP, though. We are
using openldap-server-2.3.34_1

Cheers,
Uli
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Marc G. Fournier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- --On Wednesday, June 13, 2007 09:17:36 -0700 Jeremy Chadwick 
<[EMAIL PROTECTED]> wrote:


> I've seen this kind of problem with domain sockets (at least on Linux
> with a multi-use tool called busybox) where on error conditions the
> code never bothered to close the existing socket it opened, thus
> resulting in leaks/resource exhaustion over time.  The code later got
> fixed, but a pretty nasty bug especially when the program is used in
> a lot of embedded products...
>
> In regards to FreeBSD, I remember reading some mails from Robert Watson
> last month in regards to UNIX domain socket code changes:
>
> http://monkey.org/freebsd/archive/freebsd-stable/200705/msg00200.html

'k, just to ring in here ... I can definitely attest to there being a leak 
here, as it was me that was originally burned by it ... in my case, I 
eventually was able to isolate which VPS/jail was causing it and haven't run it 
since, but was never able to determine exactly what was causing it, since there 
wasn't really anything unusual running in that jail :(

But ... based on the discussions that were had at the time, it was my 
understanding that if all applications were shut down on the server (to the 
bare minimal), eventually the kernel GC should clean up all residual sockets 
... when I did this (shut down all applications but the very bare minimum) and 
waited for 10+ minutes, socket usage never drop'd below about 4k sockets in 
use, or something like that ...

Unlike Ulrich, I wasn't running LDAP at the time, so that wasn't the cause for 
me ...

I could easily enough restart that jail if there was some more useful 
information I could get from it, but the thread kinda dwindled off over time, 
and rebooting a server ever 3 days was getting a wee bit annoying to my clients 
:)

But, if someone has something they'd like me to do to provide more info, I'm 
willing to do it (short of anything that requires DDB / console access ... that 
server is remote) ...

- 
Marc G. Fournier   Hub.Org Networking Services (http://www.hub.org)
Email . [EMAIL PROTECTED]  MSN . [EMAIL PROTECTED]
Yahoo . yscrappy   Skype: hub.orgICQ . 7615664
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFGcC0y4QvfyHIvDvMRApuZAJ9xKfa2/LqkcMkFEr4vrtnLt3ObcQCg43hs
7QX1hYskbQh/L8XJn1r1/Ts=
=xKdx
-END PGP SIGNATURE-

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Ulrich Spoerlein]

Marc G. Fournier wrote:
> 'k, just to ring in here ... I can definitely attest to there being a leak 
> here, as it was me that was originally burned by it ... in my case, I 
> eventually was able to isolate which VPS/jail was causing it and haven't run 
> it 
> since, but was never able to determine exactly what was causing it, since 
> there 
> wasn't really anything unusual running in that jail :(
> 
> But ... based on the discussions that were had at the time, it was my 
> understanding that if all applications were shut down on the server (to the 
> bare minimal), eventually the kernel GC should clean up all residual sockets 
> ... when I did this (shut down all applications but the very bare minimum) 
> and 
> waited for 10+ minutes, socket usage never drop'd below about 4k sockets in 
> use, or something like that ...

Hi Marc,

was your leak a "kernel leak" or a "user leak" (if it actually makes a
difference). Because I'm only hitting the problem within the slapd
process itself. Restart it, every thing is good again. Other
applications are also no affected.

I think what's happening to me, is that slapd keeps unix domain sockets
lingering too long. When blasting mails through the system, all those
tiny ldap lookups then lead to slapd reaching it's process limit.

I wonder though: maxfilesperproc is roughly 12k, but lsof needs to only
count 2.5k lines of slapd output when the limit is hit. Is there
a better way to check, how much fds/resources are open by a certain process?

When using TCP sockets, the number of open files hardly changes.

Ulrich Spoerlein
-- 
"The trouble with the dictionary is you have to know how the word is
spelled before you can look it up to see how it is spelled."
-- Will Cuppy
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Jeremy Chadwick]

On Wed, Jun 13, 2007 at 08:15:56PM +0200, Ulrich Spoerlein wrote:
> I wonder though: maxfilesperproc is roughly 12k, but lsof needs to only
> count 2.5k lines of slapd output when the limit is hit. Is there
> a better way to check, how much fds/resources are open by a certain process?

sockstat is what you're looking for.

Also, do not forget about limits(1).

If the sockets aren't being closed (in any condition; after completion
or after error), there's going to be a leak until the daemon is
restarted.  I wouldn't be surprised if this is what's happening, based
on previous experience I've had with slapd during my day job.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Alexandre Biancalana]

On 6/13/07, Ulrich Spoerlein <[EMAIL PROTECTED]> wrote:


Hi,

as you are aware, there is a unix domain socket leak in 6-STABLE,
which AFAIK is not yet fully fixed.

I wanted to ask about the status or some possible fixes, as I know a
way to reproduce the problem in a matter of minutes.

We are running Cyrus and Postfix with the user DB in OpenLDAP. When
using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
quickly runs out of filedescriptors as it is not closing any unix
sockets (judging by ever increasing lsof output).

Using TCP sockets is just fine. If there are patches I could try,
don't hesitate to send them to me.




Ohhh !! I had exactly the same problem last night.

After change the line of /usr/local/etc/nss_ldap.conf from

uri ldap://127.0.0.1/

to

uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/

The open sockets off this machine started to increase until reach maxfiles
limit and show messages like this:

kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).

and slapd stopped to accept new connections.

During the day (production hours) the number off connections (using TCP
sockets) to OpenLDAP range from 16 to 45. Last night after change the type
connection to Unix Domain Socket the number of connections raised rapidly to
about 4000. I get this numbers using sockstat -c command.

This machine is our Samba PDC, running 6.2-STABLE compile in Apr  5 13:33:50
using samba-3.0.24,1, nss_ldap-1.255, openldap-server-2.3.34_1

I can provide more information if need.

Any Advises/Patches ?

Best Regards,
Alexandre Biancalana
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Alfred Perlstein]

* Alexandre Biancalana <[EMAIL PROTECTED]> [070613 12:40] wrote:
> On 6/13/07, Ulrich Spoerlein <[EMAIL PROTECTED]> wrote:
> >
> >Hi,
> >
> >as you are aware, there is a unix domain socket leak in 6-STABLE,
> >which AFAIK is not yet fully fixed.
> >
> >I wanted to ask about the status or some possible fixes, as I know a
> >way to reproduce the problem in a matter of minutes.
> >
> >We are running Cyrus and Postfix with the user DB in OpenLDAP. When
> >using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
> >both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
> >quickly runs out of filedescriptors as it is not closing any unix
> >sockets (judging by ever increasing lsof output).
> >
> >Using TCP sockets is just fine. If there are patches I could try,
> >don't hesitate to send them to me.
> 
> 
> 
> Ohhh !! I had exactly the same problem last night.
> 
> After change the line of /usr/local/etc/nss_ldap.conf from
> 
> uri ldap://127.0.0.1/
> 
> to
> 
> uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
> 
> The open sockets off this machine started to increase until reach maxfiles
> limit and show messages like this:
> 
> kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).
> 
> and slapd stopped to accept new connections.
> 
> During the day (production hours) the number off connections (using TCP
> sockets) to OpenLDAP range from 16 to 45. Last night after change the type
> connection to Unix Domain Socket the number of connections raised rapidly to
> about 4000. I get this numbers using sockstat -c command.
> 
> This machine is our Samba PDC, running 6.2-STABLE compile in Apr  5 13:33:50
> using samba-3.0.24,1, nss_ldap-1.255, openldap-server-2.3.34_1
> 
> I can provide more information if need.
> 
> Any Advises/Patches ?

I would advise running "truss" or ktrace against the process
to see if it's actually attempting to close the descriptor.

this would explain if the leak is in the application, or
maybe libc/kernel.

-- 
- Alfred Perlstein
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Alexandre Biancalana]

On 6/13/07, Alfred Perlstein <[EMAIL PROTECTED]> wrote:


I would advise running "truss" or ktrace against the process
to see if it's actually attempting to close the descriptor.

this would explain if the leak is in the application, or
maybe libc/kernel.

--
- Alfred Perlstein



Hi !

I change nss_ldap.conf again to access OpenLDAP via unix domain socket.

Here is the connection counter before the change:

Wed Jun 13 22:35:55 BRT 2007
unix sockets:   99
tcp sockets:   12


Here is the connection counter rigth before change connection method back to
TCP socket:

Wed Jun 13 22:56:01 BRT 2007
unix sockets: 2902
tcp sockets:   13


Follow the link to the 500k lines kdump file from a ktrace of an smbd
process that leaked more than 1000 unix domain sockets connections during
this time.

http://www.seudns.net/~ale/smbd.kdump.bz2

ps: I removed some lines from the file that shows socket read returns,
because they showed usernames e other informations that I don't want to
expose.


Regards,

Alexandre
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Marc G. Fournier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



- --On Wednesday, June 13, 2007 20:15:56 +0200 Ulrich Spoerlein 
<[EMAIL PROTECTED]> wrote:


> was your leak a "kernel leak" or a "user leak" (if it actually makes a
> difference).

I don't know ... it was caused by an application, but nothing was freed up 
after the application was stop'd ...


Marc G. Fournier   Hub.Org Networking Services (http://www.hub.org)
Email . [EMAIL PROTECTED]  MSN . [EMAIL PROTECTED]
Yahoo . yscrappy   Skype: hub.orgICQ . 7615664
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFGcWes4QvfyHIvDvMRAnaVAJ4pfQ69GvcfXObQ37yMlHG61Foz4wCcClFp
p2TKa/KvLdgkKv9XCbA5hok=
=d3WG
-END PGP SIGNATURE-

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Alexandre Biancalana]

On 6/14/07, Marc G. Fournier <[EMAIL PROTECTED]> wrote:


I don't know ... it was caused by an application, but nothing was freed up
after the application was stop'd ...



In my case the sockets are closed only if I stop the samba processes. When I
just changed the connection mode from Unix Socket to TCP on nss_ldap.conf,
the connections remain opened. I think this could be a problem with nss_ldap
(in the way of the connections are handled ?) because samba is accessing
OpenLDAP directly via TCP, the access via Unix Sockets is only done by Samba
throughnss_ldap.

I trying to simulate this error on another machine. I will write some
scripts/program that connect to OpenLDAP socket directly and via nss_ldap
and post the results.

Any more hints ?
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Marc G. Fournier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



- --On Thursday, June 14, 2007 14:03:27 -0300 Alexandre Biancalana 
<[EMAIL PROTECTED]> wrote:

> On 6/14/07, Marc G. Fournier <[EMAIL PROTECTED]> wrote:
>
>> I don't know ... it was caused by an application, but nothing was freed up
>> after the application was stop'd ...
>
>
> In my case the sockets are closed only if I stop the samba processes. When I
> just changed the connection mode from Unix Socket to TCP on nss_ldap.conf,
> the connections remain opened. I think this could be a problem with nss_ldap
> (in the way of the connections are handled ?) because samba is accessing
> OpenLDAP directly via TCP, the access via Unix Sockets is only done by Samba
> throughnss_ldap.
>
> I trying to simulate this error on another machine. I will write some
> scripts/program that connect to OpenLDAP socket directly and via nss_ldap
> and post the results.
>
> Any more hints ?

Hrmm .. how about nss in general?  the one VPS that I killed off was using 
nss-mysql for passwd/group and shadow ... its definitely not something that is 
normally done here, and about the only thing I can think of that is 'unusual' 
about that specific VPS, in my case ...

- 
Marc G. Fournier   Hub.Org Networking Services (http://www.hub.org)
Email . [EMAIL PROTECTED]  MSN . [EMAIL PROTECTED]
Yahoo . yscrappy   Skype: hub.orgICQ . 7615664
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)

iD4DBQFGcZL54QvfyHIvDvMRAgbBAJ4zbygUUNdl6kKEp+sAPW0vLgJsvwCWP768
Ulzq5eM+ygPOM+A243NTsg==
=EuC7
-END PGP SIGNATURE-

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unix domain socket leak in 6-STABLE

[Alexandre Biancalana]

On 6/14/07, Marc G. Fournier <[EMAIL PROTECTED]> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



- --On Thursday, June 14, 2007 14:03:27 -0300 Alexandre Biancalana
<[EMAIL PROTECTED]> wrote:

> On 6/14/07, Marc G. Fournier <[EMAIL PROTECTED]> wrote:
>
>> I don't know ... it was caused by an application, but nothing was freed
up
>> after the application was stop'd ...
>
>
> In my case the sockets are closed only if I stop the samba processes.
When I
> just changed the connection mode from Unix Socket to TCP on
nss_ldap.conf,
> the connections remain opened. I think this could be a problem with
nss_ldap
> (in the way of the connections are handled ?) because samba is accessing
> OpenLDAP directly via TCP, the access via Unix Sockets is only done by
Samba
> throughnss_ldap.
>
> I trying to simulate this error on another machine. I will write some
> scripts/program that connect to OpenLDAP socket directly and via
nss_ldap
> and post the results.
>
> Any more hints ?

Hrmm .. how about nss in general?  the one VPS that I killed off was using
nss-mysql for passwd/group and shadow ... its definitely not something
that is
normally done here, and about the only thing I can think of that is
'unusual'
about that specific VPS, in my case ...



H maybe... I don't know nss-mysql (I didn't ever know about your
existence. hahaha) What's the connection method used to access MySQL
database ? You can read the rest of my message and try a similar test..

How I said. here is the test:

I write the following perl script:

#!/usr/bin/perl

$counter = 0;
@users = ('user1', 'user2', 'user3');

while ( $counter <= 4 ) {


 my $idx = int(rand($#users));
 my @data = getpwnam($users[$idx]);

 print join(' ', @data) . "\n";

 $counter++;
}

sleep(50);


After run the script I have:

AleStation:/usr/home/ale $ sockstat -uc
USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN
ADDRESS
root xterm  1528  3  stream -> /tmp/.X11-unix/X0
root xterm  1464  3  stream -> /tmp/.X11-unix/X0
ale  nedit  1436  3  stream -> /tmp/.X11-unix/X0
ale  xmms   1404  3  stream -> /tmp/.X11-unix/X0
ale  gconfd-2   1331  4  dgram  -> ??
ale  gconfd-2   1331  12 stream
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale  gconfd-2   1331  14 stream ->
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale  dbus-daemo 1329  4  stream -> /var/run/openldap/ldapi
ale  dbus-daemo 1329  5  stream -> ??
ale  dbus-daemo 1329  7  stream -> ??
ale  dbus-daemo 1329  8  stream /var/tmp/dbus-luPSSzilmv
ale  dbus-daemo 1329  10 stream -> /var/run/openldap/ldapi
ale  dbus-launc 1328  3  stream -> /tmp/.X11-unix/X0
ale  pidgin 1324  3  stream -> /tmp/.X11-unix/X0
ale  pidgin 1324  5  stream -> /var/tmp/dbus-luPSSzilmv
ale  firefox-bi 1323  3  stream -> /tmp/.X11-unix/X0
ale  firefox-bi 1323  11 stream ->
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale  firefox-bi 1323  19 stream
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale  gkrellm1309  5  stream -> /tmp/.X11-unix/X0
ale  wmaker 1306  3  stream -> /tmp/.X11-unix/X0
root Xorg   1301  10 stream /tmp/.X11-unix/X0
root Xorg   1301  11 stream /tmp/.X11-unix/X0
root Xorg   1301  12 stream /tmp/.X11-unix/X0
root Xorg   1301  13 stream /tmp/.X11-unix/X0
root Xorg   1301  14 stream /tmp/.X11-unix/X0
root Xorg   1301  15 stream /tmp/.X11-unix/X0
root Xorg   1301  16 stream /tmp/.X11-unix/X0
root Xorg   1301  17 stream /tmp/.X11-unix/X0
root Xorg   1301  18 stream /tmp/.X11-unix/X0
root Xorg   1301  19 stream /tmp/.X11-unix/X0
ale  xinit  1300  3  stream -> /tmp/.X11-unix/X0
root login  1295  3  dgram  -> ??
root login  1295  5  stream -> /var/run/openldap/ldapi
root natd   1294  4  dgram  -> ??
_dhcpdhclient   1219  3  dgram  -> ??
root dhclient   1195  3  dgram  -> ??
root smbd   1044  4  dgram  -> ??
root smbd   1044  18 stream ->
/var/db/samba/winbindd_privileged/pipe
root smbd   1044  22 stream -> /var/run/openldap/ldapi
root winbindd   954   3  dgram  -> ??
root winbindd   954   15 stream -> ??
root winbindd   954   17 stream -> ??
root winbindd   954   19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd   954   20 stream -> ??
root winbindd   953   3  dgram  -> ??
root winbindd   953   15 stream -> ??
root winbindd   953   17 stream -> ??
root winbindd   953   19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd   951   3  dgram  -> ??
root winbindd   951   14 stream -> ??
root winbindd   925   3  dgram  -> ??
root winbindd   925   15 stream -> ??
root winbindd   925   19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd   925   20 stream -> ??
root winbindd   925   21 stream -> ??
root smbd   921   4  dgram  -> ??
root smbd   921