有没有办法让多个进程共享一个监听套接字？

大多数其他人已经提供了这个方法的技术原理。这里是一些 Python 代码，您可以运行以证明其有效性：

import socket
import os

def main():
    serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    serversocket.bind(("127.0.0.1", 8888))
    serversocket.listen(0)

    # Child Process
    if os.fork() == 0:
        accept_conn("child", serversocket)

    accept_conn("parent", serversocket)

def accept_conn(message, s):
    while True:
        c, addr = s.accept()
        print 'Got connection from in %s' % message
        c.send('Thank you for your connecting to %s\n' % message)
        c.close()

if __name__ == "__main__":
    main()

请注意，确实有两个进程ID在监听：

$ lsof -i :8888
COMMAND   PID    USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
Python  26972 avaitla    3u  IPv4 0xc26aa26de5a8fc6f      0t0  TCP localhost:ddi-tcp-1 (LISTEN)
Python  26973 avaitla    3u  IPv4 0xc26aa26de5a8fc6f      0t0  TCP localhost:ddi-tcp-1 (LISTEN)

这里是运行telnet和程序后的结果：

$ telnet 127.0.0.1 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Thank you for your connecting to parent
Connection closed by foreign host.
$ telnet 127.0.0.1 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Thank you for your connecting to child
Connection closed by foreign host.
$ telnet 127.0.0.1 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Thank you for your connecting to parent
Connection closed by foreign host.

$ python prefork.py 
Got connection from in parent
Got connection from in child
Got connection from in parent

我想补充一点，Unix/Linux上的套接字可以通过AF__UNIX套接字（进程间套接字）进行共享。似乎会创建一个新的套接字描述符，这是原始描述符的别名。将此新的套接字描述符通过AFUNIX套接字发送到其他进程。在某些情况下，这非常有用，例如进程不能fork()来共享其文件描述符时。例如，当使用由于线程问题防止此操作的库时。您应该创建一个Unix域套接字并使用libancillary发送描述符。

参见：

• https://www.linuxquestions.org/questions/programming-9/how-to-share-socket-between-processes-289978/

创建AF_UNIX套接字：

• http://docs.sun.com/app/docs/doc/817-4415/portmapper-51908?a=view

示例代码：

• http://lists.canonical.org/pipermail/kragen-hacks/2002-January/000292.html
• http://cpansearch.perl.org/src/SAMPO/Socket-PassAccessRights-0.03/passfd.c

看起来MarkR和zackthehack已经完全回答了这个问题，但我想补充一点，Nginx是监听套接字继承模型的一个例子。

这里有一个很好的描述：

• http://zimbra.imladris.sk/download/src/GNR-601/ThirdParty/nginx/docs/IMPLEMENTATION

         Implementation of HTTP Auth Server Round-Robin and
                Memory Caching for NGINX Email Proxy

                            June 6, 2007
             Md. Mansoor Peerbhoy <mansoor@zimbra.com>

...

Flow of an NGINX worker process

After the main NGINX process reads the configuration file and forks into the configured number of worker processes, each worker process enters into a loop where it waits for any events on its respective set of sockets.

Each worker process starts off with just the listening sockets, since there are no connections available yet. Therefore, the event descriptor set for each worker process starts off with just the listening sockets.

(NOTE) NGINX can be configured to use any one of several event polling mechanisms: aio/devpoll/epoll/eventpoll/kqueue/poll/rtsig/select

When a connection arrives on any of the listening sockets (POP3/IMAP/SMTP), each worker process emerges from its event poll, since each NGINX worker process inherits the listening socket. Then, each NGINX worker process will attempt to acquire a global mutex. One of the worker processes will acquire the lock, whereas the others will go back to their respective event polling loops.

Meanwhile, the worker process that acquired the global mutex will examine the triggered events, and will create necessary work queue requests for each event that was triggered. An event corresponds to a single socket descriptor from the set of descriptors that the worker was watching for events from.

If the triggered event corresponds to a new incoming connection, NGINX accepts the connection from the listening socket. Then, it associates a context data structure with the file descriptor. This context holds information about the connection (whether POP3/IMAP/SMTP, whether the user is yet authenticated, etc). Then, this newly constructed socket is added into the event descriptor set for that worker process.

The worker now relinquishes the mutex (which means that any events that arrived on other workers can proceeed), and starts processing each request that was earlier queued. Each request corresponds to an event that was signaled. From each socket descriptor that was signaled, the worker process retrieves the corresponding context data structure that was earlier associated with that descriptor, and then calls the corresponding call back functions that perform actions based on the state of that connection. For instance, in case of a newly established IMAP connection, the first thing that NGINX will do is to write the standard IMAP welcome message onto the
connected socket (* OK IMAP4 ready).

By and by, each worker process completes processing the work queue entry for each outstanding event, and returns back to its event polling loop. Once any connection is established with a client, the events usually are more rapid, since whenever the connected socket is ready for reading, the read event is triggered, and the corresponding action must be taken.

虽然不确定与原问题有多大关联，但在Linux内核3.9中，有一个补丁添加了一个TCP/UDP功能：TCP和UDP支持SO_REUSEPORT套接字选项；新的套接字选项允许同一主机上的多个套接字绑定到同一端口，并旨在提高运行在多核系统上的多线程网络服务器应用程序的性能。更多信息可以在参考链接中的LWN链接LWN SO_REUSEPORT in Linux Kernel 3.9中找到。

虽然SO_REUSEPORT选项是非标准的，但在其他许多UNIX系统（特别是BSD系统，该想法起源于此）中以类似形式可用。它似乎为在多核系统上运行的网络应用程序挤出最大性能而提供了有用的替代方案，而无需使用fork模式。

有一个单一的任务，其唯一工作是监听传入连接。当收到连接时，它接受连接-这将创建一个单独的套接字描述符。接受的套接字传递给您可用的一个工作任务，而主任务则返回侦听。

s = socket();
bind(s);
listen(s);
while (1) {
  s2 = accept(s);
  send_to_worker(s2);
}

如果你在Windows上使用HTTP协议，避免涉及复杂细节的另一种方法是使用HTTP.SYS。这允许多个进程在同一端口上监听不同的URL。在Server 2003/2008/Vista/7上，这就是IIS的工作方式，因此您可以与它共享端口。（在XP SP2上支持HTTP.SYS，但IIS5.1不使用它。）

其他高级API（包括WCF）也使用HTTP.SYS。

听起来你想要的是一个进程监听新客户端并在连接建立后将其交接。在跨线程执行此操作很容易，在 .Net 中，你甚至可以使用 BeginAccept 等方法来处理大量的管道工作。而在进程边界上进行连接交接则会变得复杂，并且没有任何性能优势。

或者你可以让多个进程绑定并监听同一个套接字。

TcpListener tcpServer = new TcpListener(IPAddress.Loopback, 10090);
tcpServer.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, true);
tcpServer.Start();

while (true)
{
    TcpClient client = tcpServer.AcceptTcpClient();
    Console.WriteLine("TCP client accepted from " + client.Client.RemoteEndPoint + ".");
}

如果您启动两个进程，每个进程执行上述代码，它将起作用，并且第一个进程似乎会获得所有连接。如果第一个进程被杀死，则第二个进程将获得连接。像这样共享套接字，我不确定Windows如何决定哪个进程获得新连接，尽管快速测试确实指向最旧的进程首先获得它们。至于是否共享，如果第一个进程很忙或其他任何情况，我不知道。