From: Mikado <mikado4vn@gmail.com>
To: Pablo Neira Ayuso <pablo@eurodev.net>
Cc: netfilter-devel@lists.netfilter.org, netfilter@lists.netfilter.org
Subject: Re: How to obtain process ID that created connection or owns one packet
Date: Mon, 26 Dec 2005 22:46:52 +0700 [thread overview]
Message-ID: <43B0106C.4000205@gmail.com> (raw)
In-Reply-To: <43AD5934.3050700@eurodev.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pablo Neira Ayuso wrote:
> Mikado wrote:
>
>>Thanks all! Finally I found the answer in 'struct sk_buff':
>>
>>struct sk_buff ( #include <linux/skbuff.h> )
>>|_struct sock ( #include <net/sock.h> )
>> |_struct socket ( #include <linux/net.h> )
>> |_struct file ( #include <linux/fs.h> )
>> |_struct fown_struct ( #include <linux/fs.h> )
>> |_int pid
>
>
> Yes, but AFAIK you can only use that in the OUTPUT hook, not in the
> INPUT path. If my mind serves well, I remember that Patrick McHardy
> posted some patches to add support for socket filtering some time ago. I
> don't know what is the status of such work.
>
Oh, I'm wrong. Below is definition of 'struct fown_struct':
struct fown_struct {
rwlock_t lock; /* protects pid, uid, euid fields */
int pid; /* pid or -pgrp where SIGIO should be sent */
uid_t uid, euid; /* uid/euid of process setting the owner */
void *security;
int signum; /* posix.1b rt signal to be delivered on IO */
};
'pid' field is not PID of the process created packet. Is there any way
to catch REAL pid from 'struct sk_buff', 'struct sock', 'struct socket',
'struct file'?
Thanks in advanced!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDsBBsmS/zF9V69ugRAge6AJ9w+KlpK5t8P0sNUBYfLWEn6qU+XwCcDLSt
QH0ZLpwbqKocgGhRbzCQJso=
=mqxD
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2005-12-26 15:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-19 4:54 Conntrack + Connection owner Mikado 4VN
2005-12-19 17:14 ` Pablo Neira Ayuso
2005-12-19 17:21 ` Pablo Neira Ayuso
2005-12-20 2:49 ` Mikado
2005-12-23 12:27 ` How to obtain process ID that created connection or owns one packet Mikado
2005-12-23 13:36 ` Edmundo Carmona
2005-12-23 14:32 ` Mikado
2005-12-23 16:30 ` Mikado
2005-12-24 14:20 ` Pablo Neira Ayuso
2005-12-26 15:46 ` Mikado [this message]
2005-12-27 17:58 ` Marcus Sundberg
2005-12-27 19:28 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43B0106C.4000205@gmail.com \
--to=mikado4vn@gmail.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
--cc=pablo@eurodev.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.