connect¶

Intro¶

connect() - establish a connection to a remote socket.

Description¶

This system call connects the socket referred to by the file descriptor sockfd to the address specified by addr. It attempts to make a connection to another socket specified by the addr argument. The addrlen argument specifies the size of the address structure pointed to by addr.

The type of socket used is determined by the parameters specified. The addr argument is void which allows for the address to be any type of socket address structure including internet socket address structures.

In addition, the connect system call can allow for the passing of flags that can be used to provide functionality such as non-blocking mode, or address reuse.

Are there any edge-cases, drawbacks or advantages of using it? One drawback of using connect() is that it is vulnerable to TOCTOU (time of check, time of use) attacks. This can occur if the address being connected to is not valid. Also, the socket being connected may be changed by a malicious actor between the time the connect() call is made and when the connection attempt is completed, thus making the connection vulnerable. In addition, connect() only provides unidirectional communication between the two endpoints, which is more vulnerable to attack in certain scenarios.

Arguments¶

sockfd:int[KU] - file descriptor referring to the socket.
addr:struct sockaddr*[KU] - pointer to a socket address structure.
addrlen:int[KU] - length in bytes of the socket address structure pointed to by addr.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_connect¶

Type¶

Kprobe

Purpose¶

To hook the kernel entry point for the connect system call to allow for tracing of all of the system calls arguments.

sock_connect¶

Type¶

Kprobe

Purpose¶

To hook the socket layer implementation of connect to allow for additional tracing of the arguments associated with this system call.

Example Use Case¶

The connect system call can be used to establish a network connection between two clients, such as a chat client. The connect system call could be used to connect the two clients over a TCP/IP connection, and then the two could communicate using the write() and read() system calls.

Issues¶

The connect system call is vulnerable to TOCTOU attacks. This can occur if the address being connected to is not valid. Also, the socket being connected may be changed by a malicious actor between the time the connect() call is made and when the connection attempt is completed, thus making the connection vulnerable.

accept() - used to accept a connection on a socket.
bind() - used to bind a socket to an address.
listen() - used to listen for connections on a socket.
send() - used to send data on a connected socket.
recv() - used to receive data on a connected socket.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.

connect¶

Intro¶

Description¶

Arguments¶

Available Tags¶

Hooks¶

sys_connect¶

Type¶

Purpose¶

sock_connect¶

Type¶

Purpose¶

Example Use Case¶

Issues¶

Related Events¶