merge Linux code upstream into mainline

[pabs3]

It would be great if this patch could be merged upstream so that people could use tcpdump or wireshark and correlate output with processes.

There are a lot of advantages to having the code in Linux mainline and some guidance for doing that available here:

https://kernelnewbies.org/UpstreamMerge

There is a request for adding this feature to wireshark, but without support in Linux mainline, the only option that works with most versions of Linux is a very hacky and buggy /proc scanning based option.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1184

[thinrope]

I just found out about this project...
I don't see any live forks, one of the latest commits talks about kernel 3.19.0...
Anybody tried it on latest (4.15.x) or similar?
Any distro packaging it currently?

[pabs3]

I don't think anyone is working on porting this to modern versions of Linux.

I haven't see any distro packaging it, probably due to the ancient Linux requirements.

I think the only way forward here is if someone takes the existing patches, ports them to the current version of Linux and gets them integrated upstream.

[hashstat]

This project has indeed been abandoned and the odds of it being accepted upstream without some major rework are slim.

There was once talk of providing similar functionality through the Linux Security Module framework, which may already provide the appropriate hooks for performing packet-process correlation. I would look there and if something doesn't already exist, that is the most likely place to build from and would be more likely be accepted upstream.