[RFC PATCH 0/2] PID-based network traffic monitoring

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nuno Martins <nuno.martins@caixamagica.pt>
To: netdev <netdev@vger.kernel.org>, nuno.martins@caixamagica.pt
Cc: Alfredo Matos <alfredo.matos@caixamagica.pt>,
	Paulo Trezentos <paulo.trezentos@caixamagica.pt>
Subject: [RFC PATCH 0/2] PID-based network traffic monitoring
Date: Wed,  4 Apr 2012 10:16:15 +0100	[thread overview]
Message-ID: <cover.1333466900.git.nuno.martins@caixamagica.pt> (raw)

 In this patchset we introduce the support for pid-based network monitoring, through a new BPF/LSF instruction, supported by KProbes to dynamically detect opening and closing connections.
 With these changes it is possible to pass a PID to tcpdump, and monitor the traffic on the network which belongs to a specific PID. More information can be found at the project page [1].

 * The first patch provides the infrastructure to registering custom BPF filter functions through setsockopt.
 * The second patch introduces a pid monitor that keeps track of the ongoing connections (src addr, dst addr, src port, dst, port and protocol), associated to a PID, passed from userspace as part of a custom BFP filter.

 For testing with tcpdump, a modified pcap library is required. The patch can be found at [2].
 This approach is still in early stages of development and under heavy testing. Any feedback or suggestions are appreciated.

 Thanks,

 Nuno Martins.

 [1] http://projects.caixamagica.pt/projects/pidmonitoring
 [2] http://projects.caixamagica.pt/projects/pidmonitoring/attachment/wiki/WikiStart/libpcap.patch

Nuno Martins (2):
  Multiple filter function support for BPF filters
  PID-based packet filtering support

 include/asm-generic/socket.h      |    4 +
 include/linux/filter.h            |    4 +-
 include/linux/socket.h            |   28 +++
 net/Kconfig                       |   15 ++
 net/Makefile                      |    1 +
 net/core/Makefile                 |    3 +-
 net/core/filter.c                 |    8 +-
 net/core/filter_function.c        |  133 +++++++++++
 net/core/sock.c                   |   23 +-
 net/pidmonitor/Makefile           |    3 +
 net/pidmonitor/db_monitor.c       |  389 ++++++++++++++++++++++++++++++
 net/pidmonitor/db_monitor.h       |   51 ++++
 net/pidmonitor/filter.c           |  476 +++++++++++++++++++++++++++++++++++++
 net/pidmonitor/filter.h           |   31 +++
 net/pidmonitor/pidmonitor.c       |  102 ++++++++
 net/pidmonitor/pidmonitor.h       |   63 +++++
 net/pidmonitor/proc_monitor.c     |  116 +++++++++
 net/pidmonitor/proc_monitor.h     |   23 ++
 net/pidmonitor/syscalls_monitor.c |  423 ++++++++++++++++++++++++++++++++
 net/pidmonitor/syscalls_monitor.h |   31 +++
 net/pidmonitor/task_monitor.c     |   77 ++++++
 net/pidmonitor/task_monitor.h     |   23 ++
 22 files changed, 2023 insertions(+), 4 deletions(-)
 create mode 100644 net/core/filter_function.c
 create mode 100644 net/pidmonitor/Makefile
 create mode 100644 net/pidmonitor/db_monitor.c
 create mode 100644 net/pidmonitor/db_monitor.h
 create mode 100644 net/pidmonitor/filter.c
 create mode 100644 net/pidmonitor/filter.h
 create mode 100644 net/pidmonitor/pidmonitor.c
 create mode 100644 net/pidmonitor/pidmonitor.h
 create mode 100644 net/pidmonitor/proc_monitor.c
 create mode 100644 net/pidmonitor/proc_monitor.h
 create mode 100644 net/pidmonitor/syscalls_monitor.c
 create mode 100644 net/pidmonitor/syscalls_monitor.h
 create mode 100644 net/pidmonitor/task_monitor.c
 create mode 100644 net/pidmonitor/task_monitor.h

-- 
1.7.10.rc3.11.gd8282

next             reply	other threads:[~2012-04-04  9:16 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-04  9:16 Nuno Martins [this message]
2012-04-04  9:16 ` [RFC PATCH 1/2] Multiple filter function support for BPF filters Nuno Martins
2012-04-04  9:16 ` [RFC PATCH 2/2] PID-based packet filtering support Nuno Martins
2012-04-04 17:01   ` chetan loke
2012-04-05  9:41     ` Nuno Martins
2012-04-05 16:29       ` chetan loke
2012-04-04 18:57   ` chetan loke
2012-04-05 10:30     ` Nuno Martins

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1333466900.git.nuno.martins@caixamagica.pt \
    --to=nuno.martins@caixamagica.pt \
    --cc=alfredo.matos@caixamagica.pt \
    --cc=netdev@vger.kernel.org \
    --cc=paulo.trezentos@caixamagica.pt \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).