fd type from number

[loris@draios.com (Loris Degioanni)]

On 8/20/2014 2:33 AM, Rohan Puri wrote:
> On Tue, Aug 19, 2014 at 10:04 PM, Loris Degioanni <loris@draios.com> wrote:
>> Sure, here's some more context.
>>
>> I'm one of the developers of sysdig (www.sysdig.org), a tool that
>> captures system calls and uses them to offer advanced system monitoring.
>> One of the features that our diver offers is the tcpdump-derived concept
>> of "snaplen": when a system call with a buffer is captured, it's
>> possible to choose how many bytes of that buffer are copied to the
>> driver capture buffer. This makes it possible to tune buffer utilization
>> and CPU usage vs completeness of data.
>>
>> Since this feature is important and heavily used, I'd like to extend it
>> so that the user has per-fd-type snaplen control. A typical use case is:
>> "I want 1000 bytes of each socket buffer, because I'm interested in
>> looking at protocol activity, but I don't care about files and so I'm ok
>> with just 20 bytes from them". In order for this feature to be useful,
>> it needs to be very fast: we use tracepoints to capture system calls, so
>> we slow down the original process if we take too long.
>>
>> And since I'm here, let me expand my question. Another useful thing to
>> do would be per-filename snaplen. Use case: "I want the whole content of
>> reads and writes to files that are in /etc, but I want only 20 bytes
>> from any other system call". This would I guess involve unpacking the
>> file structure and retrieving the full file name. Is there any way to do
>> it safely and efficiently?
>>
>> Thanks,
>> Loris
>>
>>
>> On 8/19/2014 9:02 AM, Valdis.Kletnieks at vt.edu wrote:
>>> On Tue, 19 Aug 2014 08:38:24 -0700, Loris Degioanni said:
>>>
>>>> I'm looking for an efficient way to determine the type of an fd (file,
>>>> socket...) given its number, from a kernel module.
>>> What problem are you trying to solve here?  There may be a better API for
>>> your problem.  So step back - what are you trying to accomplish?
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies at kernelnewbies.org
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> Hi Loris,
>
> You can get the file type from the fd by doing something like this : -
>
> struct file *file = fget(fd);
> if(!file)
>          return error;
> assert(file->f_inode != NULL);
> file_type = (file->f_inode->i_mode & S_IFMT) >> 12;
>
> Also, you can make use of S_IS*(mode) macros, to check for file types.
>
> NOTE: fget() makes use of current process's file_struct.
>
> Regards,
> - Rohan

Thanks Rohan,
and for kernels more recent than 3.14 I assume I need to use fdget 
instead of fget, right?

Loris