Skip to content

socket

Intro

socket - create an endpoint for communication

Description

The socket() system call creates an endpoint for communication and returns a file descriptor that refers to that endpoint. It takes three arguments: domain, type, and protocol. These arguments define the properties of the communication protocol.

The domain argument specifies a communication domain within which communication will take place. This argument specifies the protocol of the socket created and the type of address to be used.

The type argument specifies the communications style and is typically one of SOCK_STREAM, SOCK_DGRAM, or SOCK_SEQPACKET.

The protocol argument ranges from 0 to 255 and specifies the particular protocol to be used with the socket. Common values are IPPROTO_TCP, IPPROTO_UDP, IPPROTO_ICMP, and IPPROTO_IGMP.

Edge-cases, drawbacks or advantages of using socket() could include: * Socket connection-less datagrams are faster than connection-oriented messages. * Socket connections are reliable and do not incur the same signal latency as connection-less datagrams. * Socket connection-oriented streams can provide reliable transmission of data at a higher bandwidth than datagrams, but the signal latency is greater.

Arguments

  • domain:int[K] - The domain argument specifies the communication domain within which communication will take place.
  • type:int[K] - The type argument specifies the communications style and is typically one of SOCK_STREAM, SOCK_DGRAM, or SOCK_SEQPACKET.
  • protocol:int[K] - The protocol argument specifies the particular protocol to be used with the socket between 0 and 255.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_socket

Type

KProbes

Purpose

To monitor the usage of the socket system call.

Example Use Case

The socket() system call can be used when creating a network service. For example, a web server can be created by creating a socket, binding it to an address, and listening for connections.

Issues

socket() system call can be vulnerable to TOCTOU (time of check, time of use) issues.

  • socketpair() - create a pair of connected sockets
  • accept() - accept a connection on a socket
  • bind() - bind a name to a socket

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.