Trace back from a TCP-connection to initiating process possible ?

Trace back from a TCP-connection to initiating process possible ?

Post by Thomas Buennema » Thu, 18 Jun 1992 17:46:31



For doing a 'per-user'-accounting of TCP/IP-connections passing our
gateway to 'the world' I need to trace back from detected connections to
the processes which initiated them.
The only known and tried way was to read the 'protocol-control-blocks'
of the current connections from kernel and extract the socket via the
socket-pointer in this structure. The receive/send-queues of the socket
contain a process-pointer which allows access to a 'process-table'-entry
with all needed information (UID,SUID,PID...).
This works fine at telnet- and X-connections, but doesn't work at ftp and
other types of tcp-connections (why not ?).
So there has to be a better way, does anybody know one ???
Any hints are wellcome :-)
 
 
 

1. passing of TCP-connection to a child process possible?

Is it possible to pass a TCP-Connection to a child process if it shares
the fathers' data segment?

I have a rather simple job, which could be done parallel to
the main routine, so I just want to fork a child process, which calles
a function to do the job and then exits.

for example:

   int s;

   s = socket ( AF_INET, SOCK_STREAM, 0 );
   connect ( s, addr, 0 );

   switch ( pid = fork() ) {

      case 0:  do_io_on_socket ( s );
               exit(1);
               break;

      default:  do_something_else();

   }

Will this work?

Thanks for any suggestions.


2. UNIX Version of IPCONFIG

3. Tracing a TCP port back to a process?

4. Strange problem with Win98 SE and Samba.[seems to be solved?]

5. How I trace back SIGSEGV etc. (was: Re: SIGSEGV trace)

6. Xterm breaks more?

7. Tracing TCP/IP packets from NIC to TCP

8. How to do that with Apache

9. 50 thousand TCP connections on Solaris 2.0/SVR4 - is it possible?

10. PPP-Back to back connection. HELP.

11. Back-to-Back connection

12. ppp: howto trace connection speed /connection time?

13. Correlation of TCP/IP connections to processes