shutdown¶
Intro¶
shutdown - Request that a connection be shut down
Description¶
The shutdown call requests that a given connection be severed. The how argument
specifies the way in which the connection should be shut down:
* 0 - No more receives.
* 1 - No more sends.
Adding 2 to the above values (2 and 3) requests that the connection also be
terminated and that the resources associated with the connection be released.
This call can be used to perform a half-closed shutdown, in which one side of the connection is open for sending data and the other side is closed for receiving data.
Arguments¶
sockfd:int- The file descriptor associated with the socket.how:int- Defines how to shutdown connection.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Hooks¶
shutdown¶
Type¶
Kprobes + Kretprobes
Purpose¶
Monitor the connection resources associated with a socket and detect anomalies.
Example Use Case¶
The shutdown event can be used to monitor socket connections and detect resource leaks at the same time. This is especially useful when debugging applications that create multiple network connections in order to verify that the required resources are released when the connection is severed.
Issues¶
There are some issues with using the shutdown syscall due to the fact
that it requires the application to have access to the socket associated
with the connection. This means that any applications that do not have
permission to access this socket will be unable to shut down the
connection.
Related Events¶
- connect
- close
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.