accept() syscall returns connected file descriptors for a given listening socket.
accept() syscall enables a process to perform a passive connection, or accept, with a remote peer. The
accept() syscall is the accept half of a two-way communication link. It is typically used when a server provides a service over a network. The
accept() syscall will block until a connection is accepted.
accept() is successful, it will create a new file descriptor and store the address of the connecting peer in the sockaddr structure provided by the user.
There are a few edge cases where
accept() might fail and return an error. For example, if the program does not have permission to create a new socket descriptor, or the remote peer does not support the protocol in question,
accept() may fail. There is also a chance of a race condition in the
accept() syscall if it is used without the
O_NONBLOCK flag. In a race condition,
accept() may return a newly created descriptor, but the remote connection could be dropped before the connection is actually made.
int- Descriptor of the listening socket.
U] - Structure used to store the address of the connecting peer.
OPT] - Size of the sockaddr structure.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Used for tracing when a process is attempting to accept a connection.
Used for tracing the return value of the
sys_accept syscall, indicating whether or not the accept syscall was successful.
Example Use Case¶
accept() in a server application to allow incoming connections from remote clients.
accept() is vulnerable to a type of race condition called Time Of Check, Time Of Use (TOCTOU). If
accept() is called without the
O_NONBLOCK flag, a newly accepted connection descriptor may be returned before the connection is actually made. If the connection is dropped before the connection is made,
accept() will return the connection but the user will not be able to use the descriptor.
connect() - Used by the clients in order to connect to a server.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.