Getting the original question "I need to determine in the driver which sockets were intercepted by the User Space library." there are actually several functions.
First, you need to know that ALL existing connections are stored in the global hash table - "tcp_hashinfo", and you can find the address in / proc / kallsyms.
The main function is not __inet_lookup_skb (), which is called __inet_lookup (), and is broken into __inet_lookup_established () (looking for any matching connectors that were installed) and __inet_lookup_listener () (I was looking for an open listener, but have not established a connection yet).
The main inputs required for searching are source / destination ports and IP address information if the return pointer found is "struct sock *" on the socket.
IPv6 has the same name and the same logic.
The function (__inet_lookup_skb ()) is declared as a "static string" - it cannot be found from / proc / kallsyms, and none of the drivers see it because it is compiled inline. But there is no problem for this, as it will call two other functions - inet_lookup_listener () and inet_lookup_established (), which are NOT compiled inline. Symbols for it are exported, so you can use it from the kernel module.
It is important that reading this hashinfo table is a critical operation - several processors can read and write at the same time, and that is why locking is performed at the beginning / end of functions while reading, do not allow it to change while reading. Since it is difficult to access these RCU locks, even if they are global in nature, do not re-implement these functions, just reuse them.