Is it possible to get the relation between process & socket by using netlink

[asdfsx]

I'm working on netflow monitoring, and try to get the relation between process and socket.
First I tried to use fsnotify to monitor /proc/pid/fd, so I can be notified when socket is created by a specific process
but I failed cause the lib doesn't support to monitor /proc
So I try to do the same thing by using netlink.
Is it possible to get the relation between process & socket by using netlink?

[florianl]

To my knowledge the netlink subsystem of the Linux kernel is not aware of the concept of processes. A connecting bit could be inodes (if you can match an inode to a process), that can be fetched via NETLINK_SOCK_DIAG.

[asdfsx]

@florianl I think I can match an inode to a process by scanning /proc/{pid}/fd. But the problem is sometimes the inode removed as soon as the socket closed, while I haven't finish scanning the /proc/{pid}/fd. So I want tried to use fsnotify, hope it can send a notify when /proc/{pid}/fd changed. But fsnotify doesn't support monitoring /proc. Maybe I should use inotifywait instead.