Open milabs opened 7 years ago
Hello @milabs ,
Totally true. we choose to hook pcap library to hide network connection. The majority of tool used by sys admin are based under pcap library.
It was more KISS to do like this, but the proper way is to relay on /proc and handle every difference we can meet bettwen diferent kernel version and unix system.
Pull request are welcome ! Thank you for giving this feedback, Jagu
Not sure that there will be a good solution based on UM-only code. Kernel matters... Also, keep in mind that procfs
can be mounted on any mount point apart from standard /proc
. In latter case one still can do the following cat /second_proc/net/{raw,raw6,tcp,tcp6,udp,udp6}
and definitely you'll sucks =)
ss output is not handled properly as it doesn't relay on /proc but based on netlink