David Buchmann <david@xxxxxxxxxxxxxxxx> wrote: > I've started work to add support in the nfnetlink_queue kernel module for > sending the pid of the process owning the socket triggering nfqueue, and I > want to add the userspace support in libnetfilter_queue, but before I get > too invested in that work I just want to check whether there are any > objections to such a feature in either the kernel or in the > libnetfilter_queue library? > > https://github.com/wuurrd/linux/commit/79d12e93ca2a28c0939937a5a690943311e4bf6c I think this should just be added to nfqnl_put_sk_uidgid(), and just use the new sk->sk_uid that got added to net-next recently: --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -271,6 +271,10 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk) goto nla_put_failure; } read_unlock_bh(&sk->sk_callback_lock); + + if (nla_put_be32(skb, NFQA_PID, htonl(sk->sk_uid))) + return -1; + return 0; As we don't need any locking for this I'd also be fine to just always pass this to userspace regardless of any feature flags. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html