sockets - Linux protocol handler to get packets and processes associated to them -

-

hi linux networking experts, trying tool monitor sockets created each process, , bandwidth used each process. poll information /proc, miss short-lived sockets created , destroyed between poll cycles.

the idea create kernel module registers protocol handler networking subsystem, handler function called each packet received. in handler wanted socket associated sk_buff, , process opened socket. processes waiting socket, go through wait queue socket , check tasks in list. wrote this:

#include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/string.h> #include <linux/fs.h> #include <linux/types.h> #include <linux/kdev_t.h> #include <linux/netdevice.h> #include <linux/skbuff.h> #include <linux/slab.h> #include <net/datalink.h> #include <net/inet_hashtables.h> #include <net/tcp.h> #include <net/inet_common.h> #include <linux/list.h> #include <linux/ip.h>   module_license("gpl"); module_description("xxx"); module_author("xxxx");  int prot_handler(struct sk_buff *, struct net_device *, struct packet_type *, struct net_device *);  static struct packet_type handler_packet_type __read_mostly = {     .type = cpu_to_be16(eth_p_ip),     .func = prot_handler, };  int prot_handler(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) {     const struct iphdr *iph;     const struct tcphdr *th;     struct sock *sk;     struct socket_wq *wq;     wait_queue_head_t *q;     struct task_struct * task;      //printk(kern_alert "got sk_buff.\n");     iph = ip_hdr(skb);     th = tcp_hdr(skb);     sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,                        iph->saddr, th->source,                        iph->daddr, ntohs(th->dest),                        skb->skb_iif);      /* __inet_lookup_skb crashing. might because skb_steal_sock?       *       * __inet_lookup_skb:      *     skb_steal_sock      *     __inet_lookup      *          __inet_lookup_established      *          __inet_lookup_listener         */     if (!sk)         return 0;      //printk(kern_alert "found active sock.\n");      // code mimics sock_def_readable      rcu_read_lock();     wq = rcu_dereference(sk->sk_wq);     q = &wq->wait;     if (wq_has_sleeper(wq)) {         // code mimics __wake_up_common         wait_queue_t *curr, *next;         list_for_each_entry_safe(curr, next, &q->task_list, task_list) {             task = curr->private;             if (task && task->pid != 0)                 printk(kern_alert "got packet process id: %d\n", task->pid);         }     }        }     }     rcu_read_unlock();      return 0; }  static int __init dev_init(void) {     printk(kern_alert "registering protocol handler network stack.\n");     dev_add_pack(&handler_packet_type);     return 0; }  static void __exit dev_exit(void) {     printk(kern_alert "removing protocol handler.\n");     dev_remove_pack(&handler_packet_type); }  module_init(dev_init); module_exit(dev_exit);

when load module, , started ssh session system test it. handler gets called when type on remote system, pid printed doesn't correlate expect. , handler doesn't called. think there might race condition ip_rcv.

apr 22 10:20:56 ol71node1 kernel: got packet process id: 13927307 apr 22 10:20:56 ol71node1 kernel: got packet process id: 13927307 apr 22 10:20:56 ol71node1 kernel: got packet process id: 13927307

can point how this, if use case doesn't make lot of sense?

thanks in advance.


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more