How to obtain process ID that created connection or owns one
packet
Mikado
mikado4vn at gmail.com
Mon Dec 26 16:46:52 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pablo Neira Ayuso wrote:
> Mikado wrote:
>
>>Thanks all! Finally I found the answer in 'struct sk_buff':
>>
>>struct sk_buff ( #include <linux/skbuff.h> )
>>|_struct sock ( #include <net/sock.h> )
>> |_struct socket ( #include <linux/net.h> )
>> |_struct file ( #include <linux/fs.h> )
>> |_struct fown_struct ( #include <linux/fs.h> )
>> |_int pid
>
>
> Yes, but AFAIK you can only use that in the OUTPUT hook, not in the
> INPUT path. If my mind serves well, I remember that Patrick McHardy
> posted some patches to add support for socket filtering some time ago. I
> don't know what is the status of such work.
>
Oh, I'm wrong. Below is definition of 'struct fown_struct':
struct fown_struct {
rwlock_t lock; /* protects pid, uid, euid fields */
int pid; /* pid or -pgrp where SIGIO should be sent */
uid_t uid, euid; /* uid/euid of process setting the owner */
void *security;
int signum; /* posix.1b rt signal to be delivered on IO */
};
'pid' field is not PID of the process created packet. Is there any way
to catch REAL pid from 'struct sk_buff', 'struct sock', 'struct socket',
'struct file'?
Thanks in advanced!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDsBBsmS/zF9V69ugRAge6AJ9w+KlpK5t8P0sNUBYfLWEn6qU+XwCcDLSt
QH0ZLpwbqKocgGhRbzCQJso=
=mqxD
-----END PGP SIGNATURE-----
More information about the netfilter-devel
mailing list