tracedump
single application IP packet sniffer
|
#include <stdbool.h>
#include <stdint.h>
#include <sys/socket.h>
#include <linux/net.h>
#include <netinet/in.h>
#include <sys/user.h>
#include <libpjf/lib.h>
#include "tracedump.h"
Go to the source code of this file.
Enumerations | |
enum | arg_type { AT_LAST = 0, AT_VALUE, AT_MEM_IN, AT_MEM_INOUT } |
Argument type used in _inject_socketcall. More... | |
Functions | |
void | inject_escape_socketcall (struct tracedump *td, struct pid *sp) |
Circumvent an on-going socketcall. | |
void | inject_restore_socketcall (struct tracedump *td, struct pid *sp) |
Cancel inject_escape_socketcall() effects. | |
int32_t | inject_socketcall (struct tracedump *td, struct pid *sp, uint32_t sc_code,...) |
Inject socketcall() into running process. | |
static int | inject_autobind (struct tracedump *td, struct pid *sp, int fd) |
Inject bind(fd, {AF_INET, INADDR_ANY, .port = 0}, 16) | |
static int | inject_getsockname_in (struct tracedump *td, struct pid *sp, int fd, struct sockaddr_in *sa) |
Inject getsockname(fd, sa, 16) | |
static int | inject_getsockopt (struct tracedump *td, struct pid *sp, int fd, int level, int optname, void *optval, socklen_t *optlen) |
Inject getsockopt() |
enum arg_type |
Inject bind(fd, {AF_INET, INADDR_ANY, .port = 0}, 16)
Definition at line 59 of file inject.h.
Referenced by handle_socket().
Circumvent an on-going socketcall.
Implemented by calling socketcall with an invalid subcode, which will result in an -EINVAL. This will put the traced process in normal state, ie. executing the code under EIP, which is required for the inject_*() functions to work properly.
Definition at line 133 of file inject.c.
Referenced by handle_socket().
static int inject_getsockname_in | ( | struct tracedump * | td, |
struct pid * | sp, | ||
int | fd, | ||
struct sockaddr_in * | sa | ||
) | [inline, static] |
Inject getsockname(fd, sa, 16)
-2 | socket not AF_INET |
Definition at line 76 of file inject.h.
Referenced by handle_socket().
Cancel inject_escape_socketcall() effects.
This function will execute the whole socketcall until it finishes
Definition at line 151 of file inject.c.
Referenced by handle_socket().
Inject socketcall() into running process.
Supports variable list of arguments to socketcall(), each may be of different kind
td | tracedump root |
pid | process id |
sc_code | socketcall subcode (see include/linux/net.h) |
varg1 | enum arg_type |
varg2 | uint32_t: memory size or a value |
varg3 | OPTIONAL void *: address of the memory |
... | |
1,0,1 |
Definition at line 16 of file inject.c.
Referenced by inject_autobind(), inject_getsockname_in(), and inject_getsockopt().