sendto¶
Intro¶
sendto - send a message on a socket
Description¶
The sendto() system call is used to send a message to a socket. The message is specified by a pointer to a buffer buf, and is specified to be of a length len. The flags argument specifies the type of message transmission.
The dest_addr argument is a pointer to a socket address structure, which contains the address of the receiving socket. The addrlen argument specifies the size of this structure.
If the socket is connection-oriented, the address of the target socket is already specified, and dest_addr should be NULL. If the socket is not connection-oriented, the address of the target socket must be specified and addrlen must be set to its size.
Arguments¶
sockfd
:int
[U] - file descriptor for the socket (returned from socket call).buf
:void*
[U] - pointer to the message buffer to be sent.len
:size_t
[U] - length of the message to be sent.flags
:int
[U] - message transmission flags.dest_addr
:struct sockaddr*
[U] - pointer to a socket address structure containing the target socket address.addrlen
:int
[U] - size of the socket address structure.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Hooks¶
sys_sendto¶
Type¶
KProbe
Purpose¶
Tracking the flow of messages sent via sockets.
Example Use Case¶
When debugging an application, one could hook sendto system call to monitor the flow of messages being sent from the application.
Issues¶
None.
Related Events¶
- recvfrom
- sendmsg
- recvmsg
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.