Skip to content

tee

Intro

tee - duplicates data from one file descriptor to another

Description

The tee system call duplicates data from one file descriptor to another, useful for streaming data between different programs. Though the main operation is to copy a file descriptor to another, the flags argument allows different additional behavior in the write or read, like avoiding writes to blocking descriptors, or allocating new blocks for output. The len argument also allows control of the length of data to copy, instead of all data from input file descriptor.

Arguments

  • fd_in:int[U] - file descriptor for input
  • fd_out:int[K,U] - file descriptor for output
  • len:size_t[U] - length of data to be copied
  • flags:unsigned int[U, opt] - flags specified additional behavior like avoid writes to blocking descriptors or allocating new blocks for output

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_tee

Type

Kprobe

Purpose

To capture data read and written to the kernel via tee.

Example Use Case

A network packet streaming application that needs to read from the network and write the same data to another program.

Issues

On systems with non-uniform memory architecture, the write to user space may be unaligned and not fit on a page, leading to errors of EFAULT.

  • write
  • read

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.