Hi all,
I need to put a hook on a syscall so I can monitor the usage
of sockets. I'm trying to do so without having to recompile
the kernel (eg by using modules). Can anyone give me a hint
on how to achieve this?
(Please, replies to my email to, not only to the list. I
haven't subscribed to the list because I can't afford to
receive 300+ emails a day)
Thanks in advance,
Bruno
* Bruno Castro da Silva ([email protected]) wrote:
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?
You can't (and don't want to) hook syscalls in any current kernels. Check
out the socket level hooks in the LSM framework.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
You can use kprobes to do it. Chech out the dprobes project website:
http://www-124.ibm.com/linux/projects/dprobes/
Be sure to look at the kprobes patch.
On Tue 23 September 2003 11:27 pm, Bruno Castro da Silva wrote:
> Hi all,
>
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?
>
> (Please, replies to my email to, not only to the list. I
> haven't subscribed to the list because I can't afford to
> receive 300+ emails a day)
>
>
> Thanks in advance,
>
> Bruno
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Richard J Moore
IBM Linux Technology Centre
On Tue, Sep 23, 2003 at 08:27:53PM -0300, Bruno Castro da Silva wrote:
> Hi all,
>
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?
What exactly are you trying to do? do you need it to be done on a
system wide level (socket in general) or per application (a specific
socket)?
If it's per socket, just use strace. No kernel hacking
required(TM). If it's system wide, apart from the other options
mentioned in this thread, you can also use syscalltrack
(http://syscalltrack.sf.net). Depending on what you want to do, it may
or may not be the best tool for the job. Note that it doesn't support
2.5 yet, but we're working on it.
Cheers,
Muli
--
Muli Ben-Yehuda
http://www.mulix.org