Skip to content

socketpair

Intro

socketpair - creates an unnamed pair of connected sockets

Description

The socketpair() system call creates a pair of connected anonymous unix domain sockets, which can be used in place of a pipe(2) to handle data exchange between processes. It is similar to socket(2), but differs in that it creates two connected sockets, rather than just one. It is typically used by programs that need to pass a file descriptor over a unix domain socket. The domain argument specifies a communications domain in which the sockets are to be created. The sockets may be used to pass file descriptors referring to any type of file descriptor.

Arguments

  • domain:int[K] - the communications domain in which the sockets are to be created; currently supported domains are AF_UNIX, AF_INET, AF_INET6.
  • type:int[K] - specifies the type of sockets created to be either SOCK_STREAM or SOCK_DGRAM.
  • protocol:int[K] - specifies a particular protocol to be used with the sockets. Normally only a single protocol exists to support a particular socket type within a given domain.
  • sv:int[2][K] - used to return two file descriptors referring to the newly created sockets.

Available Tags

  • K - Originated from kernel-space.

Hooks

socketpair

Type

Kprobe

Purpose

Hooks the socketpair syscall in order to monitor its use in applications.

Example Use Case

socketpair() is commonly used to create communication between two processes. It can be used by shell commands such as pipe, which use socketpair to create a pipe between two processes, or by applications that need to pass a file descriptor over a unix domain socket.

Issues

None

  • connect
  • socket
  • accept

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.