Hi again, get the process id associated to a packet

Hi again, get the process id associated to a packet

[ilninno]

Hello again, im the insistent newbie :)

Im trying to get packet pid (process identifier) but netfilter and
nfnetlink functions aren't very clear:

I saw a reference to packed pid in:

 struct nlmsghdr
{
	__u32		nlmsg_len;	/* Length of message including header */
	__u16		nlmsg_type;	/* Message content */
	__u16		nlmsg_flags;	/* Additional flags */
	__u32		nlmsg_seq;	/* Sequence number */
	__u32		nlmsg_pid;	/* Sending process port ID */
};

but isnt easy to get struct nlmsghdr from netfilter packet, i saw some
could be but im not sure:

extern struct nlmsghdr *nfnl_get_msg_first(struct nfnl_handle *h,
					   const unsigned char *buf,
					   size_t len);

I don't know what is buf and len, i saw library code with ddd but
description is very short and i dont know how can i get buf and what
is exactly. Please someone can help me to get packet's pid? I tried
using netstat (-ntap | grep sourceport and destination ip)  but is too
slow.

Thanks for your time and sorry for my english.

Re: Hi again, get the process id associated to a packet

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 1226 bytes --]

Hi,

Le lundi 05 janvier 2009 à 01:43 +0100, ilninno a écrit :
> Hello again, im the insistent newbie :)
> 
> Im trying to get packet pid (process identifier) but netfilter and
> nfnetlink functions aren't very clear:
> 
> I saw a reference to packed pid in:
> 
>  struct nlmsghdr
> {
> 	__u32		nlmsg_len;	/* Length of message including header */
> 	__u16		nlmsg_type;	/* Message content */
> 	__u16		nlmsg_flags;	/* Additional flags */
> 	__u32		nlmsg_seq;	/* Sequence number */
> 	__u32		nlmsg_pid;	/* Sending process port ID */
> };

You won't find the process id information in the kernel to userspace
message. The list of available fields is available in the
(linux_)nfnetlink_queue.h file:

https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=blob;f=include/libnetfilter_queue/linux_nfnetlink_queue.h;h=191b094b4ae071dddefb50d04b2c08b6fcadd488;hb=HEAD#l35

By the way, you will find some libnetfilter_queue documentation here:
http://www.nufw.org/doc/libnetfilter_queue/

PS: for your privately send question (please avoid this), you can't bind
two programs to the same queue.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Hi again, get the process id associated to a packet

[Jan Engelhardt]

On Monday 2009-01-05 02:23, Eric Leblond wrote:
>
>By the way, you will find some libnetfilter_queue documentation here:
>http://www.nufw.org/doc/libnetfilter_queue/

By the way, I notice that nfq_errno is not thread-safe.

Re: Hi again, get the process id associated to a packet

[ilninno]

Hi again!

then i will try using /proc/net/tcp to get the process associated, thanks


2009/1/5 Jan Engelhardt <jengelh@medozas.de>:
>
> On Monday 2009-01-05 02:23, Eric Leblond wrote:
>>
>>By the way, you will find some libnetfilter_queue documentation here:
>>http://www.nufw.org/doc/libnetfilter_queue/
>
> By the way, I notice that nfq_errno is not thread-safe.
>