Find out which user created local incoming TCP connection inside of application

Question

On Linux, it's possible to filter packets originating on localhost based on the user or group that created them, i.e. who owns the socket:

iptables ... -m owner --uid-owner $USER --gid-owner $GROUP -p tcp ...

But I want to approach it from the point of view of the program, running on localhost and written in C, receiving the packets: I bound to some port, and here comes a new TCP connection / UDP packets. How to find out who sent that?

score 2 · Answer 1 · answered Jul 30 '13 at 11:38

2

Strange use-case, but hey, perhaps something like this could work - but it aint pretty:

Get inode number for the fd returned by accept using fstat.
Read /proc/self/net/tcp
Parse and find the row matching the inode number.
Use the uid of that row.

answered Jul 30 '13 at 11:38

Jahaja

3,222
1
20
11

I need the GID, but this only lists the UID. "Oh yeah, we're boned." How about that netlink thing all the kids seem to use? – user2632999 Jul 30 '13 at 15:47
I guess you should be able to look it up using `getpwuid`. – Jahaja Jul 30 '13 at 16:20

score 1 · Answer 2 · answered Jul 30 '13 at 09:56

1

You can't. You get the remote IP address and port. That's it.

answered Jul 30 '13 at 09:56

user207421

305,947
44
307
483

Find out which user created local incoming TCP connection inside of application

2 Answers2