linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: syscall hook
  2003-09-23 23:27 syscall hook Bruno Castro da Silva
@ 2003-09-23 23:24 ` Chris Wright
  2003-09-24  1:01 ` Richard J Moore
  2003-09-24  7:11 ` Muli Ben-Yehuda
  2 siblings, 0 replies; 5+ messages in thread
From: Chris Wright @ 2003-09-23 23:24 UTC (permalink / raw)
  To: Bruno Castro da Silva; +Cc: linux-kernel

* Bruno Castro da Silva (sysware@portoweb.com.br) wrote:
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?

You can't (and don't want to) hook syscalls in any current kernels.  Check
out the socket level hooks in the LSM framework.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

^ permalink raw reply	[flat|nested] 5+ messages in thread
* syscall hook
@ 2003-09-23 23:27 Bruno Castro da Silva
  2003-09-23 23:24 ` Chris Wright
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Bruno Castro da Silva @ 2003-09-23 23:27 UTC (permalink / raw)
  To: linux-kernel

Hi all,

I need to put a hook on a syscall so I can monitor the usage
of sockets. I'm trying to do so without having to recompile
the kernel (eg by using modules). Can anyone give me a hint
on how to achieve this?

(Please, replies to my email to, not only to the list. I
haven't subscribed to the list because I can't afford to
receive 300+ emails a day)


Thanks in advance,

Bruno

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: syscall hook
  2003-09-23 23:27 syscall hook Bruno Castro da Silva
  2003-09-23 23:24 ` Chris Wright
@ 2003-09-24  1:01 ` Richard J Moore
  2003-09-24  7:11 ` Muli Ben-Yehuda
  2 siblings, 0 replies; 5+ messages in thread
From: Richard J Moore @ 2003-09-24  1:01 UTC (permalink / raw)
  To: sysware, linux-kernel

You can use kprobes to do it. Chech out the dprobes project website: 
http://www-124.ibm.com/linux/projects/dprobes/

Be sure to look at the kprobes patch.


On Tue 23 September 2003 11:27 pm, Bruno Castro da Silva wrote:
> Hi all,
>
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?
>
> (Please, replies to my email to, not only to the list. I
> haven't subscribed to the list because I can't afford to
> receive 300+ emails a day)
>
>
> Thanks in advance,
>
> Bruno
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
Richard J Moore
IBM Linux Technology Centre

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: syscall hook
  2003-09-23 23:27 syscall hook Bruno Castro da Silva
  2003-09-23 23:24 ` Chris Wright
  2003-09-24  1:01 ` Richard J Moore
@ 2003-09-24  7:11 ` Muli Ben-Yehuda
  2 siblings, 0 replies; 5+ messages in thread
From: Muli Ben-Yehuda @ 2003-09-24  7:11 UTC (permalink / raw)
  To: Bruno Castro da Silva; +Cc: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 877 bytes --]

On Tue, Sep 23, 2003 at 08:27:53PM -0300, Bruno Castro da Silva wrote:
> Hi all,
> 
> I need to put a hook on a syscall so I can monitor the usage
> of sockets. I'm trying to do so without having to recompile
> the kernel (eg by using modules). Can anyone give me a hint
> on how to achieve this?

What exactly are you trying to do? do you need it to be done on a
system wide level (socket in general) or per application (a specific
socket)?

If it's per socket, just use strace. No kernel hacking
required(TM). If it's system wide, apart from the other options
mentioned in this thread, you can also use syscalltrack
(http://syscalltrack.sf.net). Depending on what you want to do, it may
or may not be the best tool for the job. Note that it doesn't support
2.5 yet, but we're working on it. 

Cheers, 
Muli 
-- 
Muli Ben-Yehuda
http://www.mulix.org


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* syscall hook
@ 2003-09-23 23:26 Bruno Castro da Silva
  0 siblings, 0 replies; 5+ messages in thread
From: Bruno Castro da Silva @ 2003-09-23 23:26 UTC (permalink / raw)
  To: linux-kernel

Hi all,

I need to put a hook on a syscall so I can monitor the usage
of sockets. I'm trying to do so without having to recompile
the kernel (eg by using modules). Can anyone give me a hint
on how to achieve this?


Thanks in advance,

Bruno

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-09-24  7:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-23 23:27 syscall hook Bruno Castro da Silva
2003-09-23 23:24 ` Chris Wright
2003-09-24  1:01 ` Richard J Moore
2003-09-24  7:11 ` Muli Ben-Yehuda
  -- strict thread matches above, loose matches on Subject: below --
2003-09-23 23:26 Bruno Castro da Silva

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).