Project Home
Project Home		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
Networking/Discussion/Technology/process identification inside io-pkt pfil hook/List of Posts
Forum Topic - process identification inside io-pkt pfil hook: (4 Items)
   
Update
atish bhowmick(deleted)
04/08/2014 4:47 AM
post109839
process identification inside io-pkt pfil hook   
I have a packet filter implemented using the pfil interface which I am mounting into the io-pkt . In both the input and 
output hooks , how do I extract information with regards to process identification whoever is making this connection 
request ?

the hooks have signature : hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir)

how can i get the pid or any relevant process information about the process who is making the network calls which 
results in transmission of packet ?

Any information / sample code would be useful .

TIA
Atish
Nick Reilly
04/08/2014 8:33 AM
post109844
Re: process identification inside io-pkt pfil hook   
You can't tell which process is associated with the packet. The hooks are right down at a low layer in the network stack
, way below where the socket and process mapping is available.
atish bhowmick(deleted)
04/09/2014 6:12 AM
post109865
Re: process identification inside io-pkt pfil hook   
Does any of the native utilities on QNX such as tcpdump or the Packet Filter (pf) module (which acts like an ipfilter , 
firewall & NAT) capture and display the process id information with respect to a specific packet captured  ? If they do 
how ?

Basically now that I have captured all the tcp/ip header info from the packet mbuf such as ip , port , I am trying to 
find a way to trace back this packet to the process/application  who initiated the request .

TIA
Atish
Nick Reilly
04/23/2014 12:20 PM
post109998
Re: process identification inside io-pkt pfil hook   
The short answer is that you cannot. None of the utilities like tcpdump or pf provide this capability.

About the only thing you can do is see who has file descriptors open to io-pkt (like the output of "pidin fds"), but 
that doesn't stop someone from hand crafting a packet, writing it to io-pkt and closing before you go and look. You 
would have to do kernel tracing and catch who is writing to io-pkt.

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems