Skip to content

epoll_ctl_old

Intro

epoll_ctl_old - Used to control the interest list used by an epoll instance.

Description

The epoll_ctl_old call tries to add or remove an epoll instance (also referred to as "epollfd") to an interest list. It is used to tell the kernel which events should be monitored for a given file descriptor.It is the older version of the epoll_ctl system call and is used to control the interest list used by an epoll instance.

The epoll_ctl_old call can be used to register a file descriptor for events that were previously not handled by epoll. It can also be used to update an existing file descriptor with its previous events (e.g.,masking out events that were previously enabled).

When an epoll instance is created, it is initialised with an empty interest list. Events are then registered using the epoll_ctl_old call. After registering, the epoll instance can start monitoring for events with the epoll_wait call.

The epoll_ctl_old call has two different flags which can be used to control the behavior of the call: * EPOLL_CTL_ADD - adds a given file descriptor to the interest list of the epoll instance. * EPOLL_CTL_DEL - removes a given file descriptor from the epoll instance.

The epoll_ctl_old call can also take a third argument which is a pointer to an epoll_event structure. This argument is used to specify which events are monitored for a given file descriptor.

Arguments

  • epfd:int[K] - File descriptor of epoll instance.
  • op:int[K] - Operation that is requested.
  • event:struct epoll_event *[KU] - Structure that contains event to be monitored.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)

Hooks

epoll_ctl_old

Type

Kprobes

Purpose

To monitor epoll_ctl_old calls and the arguments they take.

Example Use Case

A use case for epoll_ctl_old could be for a security monitoring application that wants to monitor for certain file descriptor events. This application could use epoll_ctl_old to register the file descriptor associated with the event it wants to monitor and to then use epoll_wait to wait for events.

Issues

There are no known issues with epoll_ctl_old.

  • epoll_wait
  • epoll_create

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.