[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

type=SOCKADDR record missing for socketcall(accept)?



Steve,

On a machine running Rawhide, I'm studying the output produced by
ausearch for the socketcall system call.  I noticed that a
socketcall(bind) and socketcall(connect) event contain a record of
type=SOCKADDR, but I cannot see one for a system call event associated
with socketcall(accept).  Recording the sockaddr of an accepted socket
is important for cross platform information flow analysis.

John

$ uname -a
Linux drawlight.mitre.org 2.6.15-1.2032.2.3_FC5.lspp.12smp #1 SMP Fri Mar 10 15\:44:23 EST 2006 i686 i686 i386 GNU/Linux


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]