From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751061AbWDTP6I (ORCPT ); Thu, 20 Apr 2006 11:58:08 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751049AbWDTP6H (ORCPT ); Thu, 20 Apr 2006 11:58:07 -0400 Received: from nz-out-0102.google.com ([64.233.162.201]:58479 "EHLO nz-out-0102.google.com") by vger.kernel.org with ESMTP id S1751061AbWDTP6G (ORCPT ); Thu, 20 Apr 2006 11:58:06 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=nX1jqO5BvO1Do7UNMh7ltI4MI1eUH9dkK/Vh6V++LYIWOEVO4ITC08cfWeSuAXnUo80WUkKh5WwAdcaaHFTNIfRz/P/SK0QKdNt29GXaeQaGZK44jeq1VIUoreo7N9+87Z1aDHR+eLrJHngDZd4Ut0ZVZajT6uWZCE2XbsnDalQ= Message-ID: <4447B110.4080700@gmail.com> Date: Thu, 20 Apr 2006 23:04:32 +0700 From: Mikado Reply-To: mikado4vn@gmail.com Organization: IcySpace.net User-Agent: Thunderbird 1.5 (X11/20051201) MIME-Version: 1.0 To: "linux-os (Dick Johnson)" CC: Linux kernel Subject: Re: Which process is associated with process ID 0 (swapper) References: <4447A19E.9000008@gmail.com> In-Reply-To: X-Enigmail-Version: 0.94.0.0 OpenPGP: id=65ABD897 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 linux-os (Dick Johnson) wrote: > This must be a trick question. Linux is not VAX/VMS. There is no > swapper process. Check in /proc. Processes start at 1. Even > kernel threads have PIDs greater than 1. Linux really has swapper process ;) > Portions of the kernel networking code operate detached. The code > gets the CPU from a timer queue or from an interrupt. When an > connection is attempted, the process attempting the connection > is either waiting, with its CPU time being used, or put to > sleep, while the timer queue's CPU time is being used. The > SYN/ACK handshake is handled during this time, therefore it > is possible to find who is attempting that connection. Netstat > gets that information from /proc/net and multiple socket > calls. I'm writing kernel module that hooks into netfilter code. I can catch packet's information and its owner process. The first SYN packet of handshaking belongs to real user-space socket/process. After timeout, several SYN packets are generated by kernel-space swapper process (PID 0) Is there anyway to find out the relationship between them in _kernel_space_ (module context). Thanks, Mikado. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFER7EQNWc9T2Wr2JcRAkHYAJ9HFfmHjzTRTIDhCPSI12wgWxKAjQCfXh1R UAeStFg9Wqk+rJJDGr+WI5c= =lbpv -----END PGP SIGNATURE-----