Skip to content

accept()

Intro

The accept() syscall returns connected file descriptors for a given listening socket.

Description

The accept() syscall enables a process to perform a passive connection, or accept, with a remote peer. The accept() syscall is the accept half of a two-way communication link. It is typically used when a server provides a service over a network. The accept() syscall will block until a connection is accepted.

When accept() is successful, it will create a new file descriptor and store the address of the connecting peer in the sockaddr structure provided by the user.

There are a few edge cases where accept() might fail and return an error. For example, if the program does not have permission to create a new socket descriptor, or the remote peer does not support the protocol in question, accept() may fail. There is also a chance of a race condition in the accept() syscall if it is used without the O_NONBLOCK flag. In a race condition, accept() may return a newly created descriptor, but the remote connection could be dropped before the connection is actually made.

Arguments

  • sockfd: int - Descriptor of the listening socket.
  • addr: struct sockaddr*[U] - Structure used to store the address of the connecting peer.
  • addrlen: int*[U,OPT] - Size of the sockaddr structure.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_accept

Type

KProbe.

Purpose

Used for tracing when a process is attempting to accept a connection.

do_accept

Type

KRetProbe.

Purpose

Used for tracing the return value of the sys_accept syscall, indicating whether or not the accept syscall was successful.

Example Use Case

Using accept() in a server application to allow incoming connections from remote clients.

Issues

accept() is vulnerable to a type of race condition called Time Of Check, Time Of Use (TOCTOU). If accept() is called without the O_NONBLOCK flag, a newly accepted connection descriptor may be returned before the connection is actually made. If the connection is dropped before the connection is made, accept() will return the connection but the user will not be able to use the descriptor.

connect() - Used by the clients in order to connect to a server.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.