Skip to content



sendmsg - send a message to another socket


The sendmsg() system call is used to send a message to another socket on the system. It is used when the message needs to be sent with a socket address, or if you need to specify control information headers. There are a few different control information headers that can be used, such as the SCM_RIGHTS and SCM_CREDENTIALS which are used to supply permissions and credentials. One of the benefits of using sendmsg() is that it can be used to send data between processes without relying on shared memory. Some of the drawbacks are that it requires additional overhead when encoding the control information and it can be quite difficult to debug.


  • sockfd:int - file descriptor of the target socket
  • msg:struct msghdr* - pointer to a struct msghdr containing information on the message buffer, destination address and optional control headers
  • flags:int[OPT] - a bitmask of flags to control the interpretation of the data

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)






Measure time taken to perform the sendmsg() system call

Example Use Case

One example of the use of the sendmsg() event is in applications that need to send data to multiple sockets simultaneously. By sending messages via sendmsg() instead of individual writes to each socket, the overhead of setting up and tearing down connected sockets can be greatly reduced.


One of the common issues with sendmsg() is related to copying buffers to/from userspace. If these operations are done quickly enough, an attacker could exploit time-of-check-time-of-use (TOCTOU) vulnerabilities on the source machine.

  • sendto
  • recvmsg
  • sendfile

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.