Re: [XenAccess-devel] network packet
Status: Beta
Brought to you by:
bdpayne
Menu
▾
▴
Re: [XenAccess-devel] network packet
|
From: Bryan D. P. <br...@th...> - 2007-01-21 19:45:03
|
First, let's consider how to solve this problem locally (without XenAccess, from within the domU). You could need to identify the source port of the network connection and then use the command "netstat -nalp" (as root) to locate the process associated with that source port. So, we know that the necessary information exists, which is always a good thing :-) Now, the question is where is this information located in memory. I don't know off the top of my head, but it must be in the kernel memory somewhere (a guess because you must be root to view the information from the command line). So, your first step is to identify it's location. Next, you can use XenAccess to view that memory. So the entire procedure looks something like this: 0) All of this can happen in dom0 1) Watch for the network traffic that interests you 2) Note the source port for this network traffic, along with the source IP address 3) Use the source IP address to identify the domain id (you could also get the domain ID by tapping the network traffic from within the netback driver, avoiding the need for this lookup, but requiring kernel programming) 4) Use XenAccess to look into the domain's memory to find the process using the source port in question While I haven't done this, I believe that it should work just fine. Of course, the trick is figuring out where to look in the domU memory space. If you find that location, please post back to the list as it sounds like a generally useful piece of memory to access :-) Cheers, bryan On Jan 21, 2007, at 2:27 PM, Sanjam Garg wrote: > Hi > > I wanted to identify the process in domU generating a > particular packet from a kernel module in dom0, > identified by the code running on the packets passing > through a hook function. > > I have seen the process-list.c example, and understand > how the listing is done but do not have the idea how > to figure which of these processes generated the > packet. > > How can I do that? > > Sanjam - Bryan D. Payne Graduate Student, Computer Science Georgia Tech Information Security Center http://www.bryanpayne.org |
