On Wed, 2 Nov 2005 Peter.Muller@xxxxxx wrote:
I'm using libipq to filter packets in userspace. Is there a way provided by
the API of libipq to get the PID of the process the packet is going to or
coming from?
No.
Isn't even an API within the kernel to tell this.. There is no mapping
between packet and process within the kernel, the two concepts are too far
apart. On locally generated packets you can get down to which socket the
packet was sent on, but that is about it.
Once upon a time there was the "owners" match in iptables capable of
matching on pid or even application name, but this capability has been
removed from there as it was not really working. Only worked on
Uni-processor boxes (no SMP) and only in very restricted conditions even
then..
Regards
Henrik
