Linux Today: Linux News On Internet Time.





More on LinuxToday


The Proc Connector and Socket Filters

Feb 11, 2011, 08:04 (0 Talkback[s])
(Other stories by Scott James Remnant)

WEBINAR:
On-Demand

Full Text Search: The Key to Better Natural Language Queries for NoSQL in Node.js


"The proc connector is one of those interesting kernel features that most people rarely come across, and even more rarely find documentation on. Likewise the socket filter. This is a shame, because they're both really quite useful interfaces that might serve a variety of purposes if they were better documented.

"The proc connector allows you to receive notification of process events such fork and exec calls, as well as changes to a process's uid, gid or sid (session id). These are provided through a socket-based interface by reading instances of struct proc_event defined in the kernel header.

#include

"The interface is built on the more generic connector API, which itself is built on the generic netlink API. These interfaces add some complexity as they are intended to provide bi-directional communication between the kernel and userspace; the connector API appears to have been largely forgotten as newer such socket interfaces simply declare their own first-class socket classes. So we need the headers for those too."

Complete Story

Related Stories: