Skip to content

getpeername

Intro

getpeername - Retrieve the name of the peer connected to the socket.

Description

getpeername is a system call that allows for the retrieval of the name of the peer socket connected to the given socket. Additionally, the system call can return more information about the peer, such as its address family, port, and more. By default, the system call does not check for the validity of the socket descriptor, so it is possible that an error is returned even when the arguments are valid.

Arguments

  • sockfd:int - The file descriptor referring to the socket.
  • addr:struct sockaddr*[U] - A pointer to a buffer where the address of the remote socket is stored.
  • addrlen:int*[U] - A pointer to an integer indicating the size of the addr buffer.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_socketcall

Type

Tracepoint

Purpose

To trace all calls to the socketcall syscall.

Example Use Case

getpeername can be used to determine the address of the peer in a peer to peer networking setup. It can also be used to differentiate between different connection types, such as UDP or TCP.

Issues

getpeername can cause a race condition in a multi-threaded application if the underlying socket is modified while the system call is in progress.

  • accept
  • connect

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.