Here an event directly from auditd for connect() system call (syscall=42) with
port number 0.
Do you think connect() system call still can be called with port number 0?
type=SYSCALL msg=audit(1459301607.178:35720095): arch=c03e syscall=42
success=yes exit=0 a0=2c a1=7f1fbe8f81f0 a2=10 a3=0 i
On Thursday, March 31, 2016 08:54:30 AM Kangkook Jee wrote:
> but, last three one didn’t
>
> $ ~/bin/sock_decode 020036447A64
> 020036447A64: sa_family: 2 addr: 1685734454, port: 0 (0)
> $ ~/bin/sock_decode 02003644ECD0
> 02003644ECD
We can use kthread_run instead of kthread_create+wake_up_process for
creating the thread.
We do not need to set the task state to TASK_RUNNING after schedule(),
the process is in that state already.
And we do not need to set the state to TASK_INTERRUPTIBLE when not
doing schedule() as we set the
I checked out with strings that I provided from the previous email.
The first 3 ones gave me proper port numbers.
$ ~/bin/sock_decode 02358A0F6C0B
02358A0F6C0B: sa_family: 2 addr: 191631242, port: 53 (13568)
$ ~/bin/sock_decode 026F8A0FA509
Dear Steve,
Thanks a lot for your quick response.
Would you tell me from what saddr fields that you get the port number value
‘779’?
This might indicate my code to extract the field might be wrong. Would you also
inform me what is the correct way to decode saddr string?
Thanks again!
Regard
