On 4/20/06, Mikado <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> linux-os (Dick Johnson) wrote:
> > This must be a trick question. Linux is not VAX/VMS. There is no
> > swapper process. Check in /proc. Processes start at 1. Even
> > kernel threads have PIDs greater than 1.
>
> Linux really has swapper process ;)
>
> > Portions of the kernel networking code operate detached. The code
> > gets the CPU from a timer queue or from an interrupt. When an
> > connection is attempted, the process attempting the connection
> > is either waiting, with its CPU time being used, or put to
> > sleep, while the timer queue's CPU time is being used. The
> > SYN/ACK handshake is handled during this time, therefore it
> > is possible to find who is attempting that connection. Netstat
> > gets that information from /proc/net and multiple socket
> > calls.
>
> I'm writing kernel module that hooks into netfilter code. I can catch
> packet's information and its owner process. The first SYN packet of
> handshaking belongs to real user-space socket/process. After timeout,
> several SYN packets are generated by kernel-space swapper process (PID
> 0) Is there anyway to find out the relationship between them in
> _kernel_space_ (module context).
>
I would recommend walking the list of sockets, and see what process(es) own
the socket that is bound to that quad (host IP, port; foreigh IP, port).
A better design might just be to hook connect(), but think hard on that one. If
you do it, your module cannot be removed.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]