I'm using libnetfilter_conntrack to monitor network sessions in c++. The only thing that is missing is the PID that created the session (socket).
Currently what i'm doing is get the inode of the session from /proc/net/tcp and then go over /proc//fd to search the process that own this socket inode.
This is very inefficient and if the process is very short, i will not get it in time.
Is there a better way of doing this from userspace? If not, is possible to build a simple kernel module that will translate inode to pid more efficiently?
