tee¶
Intro¶
tee - duplicates data from one file descriptor to another
Description¶
The tee system call duplicates data from one file descriptor to another, useful for streaming data between different programs. Though the main operation is to copy a file descriptor to another, the flags argument allows different additional behavior in the write or read, like avoiding writes to blocking descriptors, or allocating new blocks for output. The len argument also allows control of the length of data to copy, instead of all data from input file descriptor.
Arguments¶
fd_in
:int
[U] - file descriptor for inputfd_out
:int
[K,U] - file descriptor for outputlen
:size_t
[U] - length of data to be copiedflags
:unsigned int
[U, opt] - flags specified additional behavior like avoid writes to blocking descriptors or allocating new blocks for output
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- OPT - Optional argument - might not always be available (passed with null value)
Hooks¶
sys_tee¶
Type¶
Kprobe
Purpose¶
To capture data read and written to the kernel via tee.
Example Use Case¶
A network packet streaming application that needs to read from the network and write the same data to another program.
Issues¶
On systems with non-uniform memory architecture, the write to user space may be unaligned and not fit on a page, leading to errors of EFAULT.
Related Events¶
- write
- read
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.