From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: nfqueue: Get pid of socket owner Date: Mon, 7 Nov 2016 17:38:32 +0100 Message-ID: <20161107163832.GB24908@breakpoint.cc> References: <71D00C03-A2AD-4836-8F5F-724AECE75DE6@jazznetworks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netfilter-devel@vger.kernel.org To: David Buchmann Return-path: Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:38726 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932474AbcKGQka (ORCPT ); Mon, 7 Nov 2016 11:40:30 -0500 Content-Disposition: inline In-Reply-To: <71D00C03-A2AD-4836-8F5F-724AECE75DE6@jazznetworks.com> Sender: netfilter-devel-owner@vger.kernel.org List-ID: David Buchmann wrote: > I've started work to add support in the nfnetlink_queue kernel module for > sending the pid of the process owning the socket triggering nfqueue, and I > want to add the userspace support in libnetfilter_queue, but before I get > too invested in that work I just want to check whether there are any > objections to such a feature in either the kernel or in the > libnetfilter_queue library? > > https://github.com/wuurrd/linux/commit/79d12e93ca2a28c0939937a5a690943311e4bf6c I think this should just be added to nfqnl_put_sk_uidgid(), and just use the new sk->sk_uid that got added to net-next recently: --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -271,6 +271,10 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) goto nla_put_failure; } read_unlock_bh(&sk->sk_callback_lock); + + if (nla_put_be32(skb, NFQA_PID, htonl(sk->sk_uid))) + return -1; + return 0; As we don't need any locking for this I'd also be fine to just always pass this to userspace regardless of any feature flags.