* listen & accept sycalls not present in b32 ?
@ 2015-01-13 20:13 hsultan
2015-01-15 17:15 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: hsultan @ 2015-01-13 20:13 UTC (permalink / raw)
To: linux-audit
On Ubuntu 14.04 LTS I get :
sudo auditctl -a exit,always -F arch=b32 -S listen -S connect
Syscall name unknown: listen
however with b64 it works
Same with the accept syscall.
Is that expected ? How can I grab the 32bit calls then ?
Thanks,
Hassan
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: listen & accept sycalls not present in b32 ?
2015-01-13 20:13 listen & accept sycalls not present in b32 ? hsultan
@ 2015-01-15 17:15 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2015-01-15 17:15 UTC (permalink / raw)
To: linux-audit; +Cc: hsultan
On Tuesday, January 13, 2015 12:13:16 PM hsultan@thefroid.net wrote:
> sudo auditctl -a exit,always -F arch=b32 -S listen -S connect
> Syscall name unknown: listen
>
> however with b64 it works
>
> Same with the accept syscall.
>
> Is that expected ? How can I grab the 32bit calls then ?
This is expected. The 32 bit ABI for x86 is very old. For whatever reason,
they decided that dedicating a syscall to each networking call was
unreasonable and its all done through the socketcall(2) system call. To audit
those calls, you would have to look up the define for each one
include/linux/net.h
and use that number for arg0.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-01-15 17:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-13 20:13 listen & accept sycalls not present in b32 ? hsultan
2015-01-15 17:15 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).