Skip to content

sendmmsg

Intro

sendmmsg - send multiple messages at once

Description

The sendmmsg() system call is used to send multiple messages on a socket. It takes the parameters: sockfd (an integer file descriptor referring to a socket), msgvec (an array of struct mmsghdr structures, which contain the message payload and flags of each message, as well as an ancillary data buffer and an ancillary data buffer length), vlen (an unsigned integer specifying the size of the array of structures and thus the number of messages sent in one call), and flags (an integer specifying flags applied to each message sent in the call). Sending multiple messages at once allows the user to send multiple messages at once with the same system call instead of having to issue multiple calls for different messages; this reduces the number of system calls issued, increases the efficiency of the program, and does not harm any of the messages' delivery if any fail.

This call may fail if the socket is not connected.

Arguments

  • sockfd:int - The file descriptor of the socket to send the messages on
  • msgvec:struct mmsghdr*[KU] - An array of struct mmsghdr structures which contain the message payload and flags, as well as an ancillary data buffer and an ancillary data buffer length
  • vlen:unsigned int - The size of the array of structures and thus the number of messages sent in one call
  • flags:int - Flags applied to each message sent in the call

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_sendmmsg

Type

kprobes

Purpose

The purpose of this hook is to track calls to this syscall and log the arguments passed to it. This is useful for monitoring the behavior of applications, or determining the source of an error when something goes wrong.

sock_sendmsg

Type

kretprobes

Purpose

The purpose of this hook is to track returns from this syscall and log any errors that occurred. This is useful for debugging applications or analysis of security issues.

Example Use Case

This event could be used to monitor applications for suspicious behavior, by logging calls to this syscall and tracking the arguments passed to it. This could be used, for example, to detect applications that are using excessive amounts of data, or using data in an unlikely way.

Issues

This system call may fail if the socket is not connected.

  • recvmsg - receive messages from a socket
  • recvmmsg - receive multiple messages from a socket
  • recvfrom - receive data from a socket

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.