Hi, I am looking for some help. I am trying to intercept packet using netfilter hooks (NF_IP_LOCAL_OUT) and using source port and destination port from SK_BUFF, to figure out which processes are using it but I am unable to do so.
I am only concerned about packets which are sent and received locally. Therefore, I looked into __udp4_lib_rcv (net/ipv4/udp.c) to see how packet is assigned to socket and from socket to infer which process is using it (For receiver). I called udp4_lib_lookup_skb from netfilter hook but it causes kernel null pointer deference. For sender, I was thinking to add sending process pid to sk_buff's secmark. Is this the correct way to do or is there any other way? kindly point me to resources which will help me achieve my goal. Thanks, Rakesh
