fd type from number

Rohan Puri rohan.puri15 at gmail.com
Wed Aug 20 05:33:44 EDT 2014


On Tue, Aug 19, 2014 at 10:04 PM, Loris Degioanni <loris at draios.com> wrote:
> Sure, here's some more context.
>
> I'm one of the developers of sysdig (www.sysdig.org), a tool that
> captures system calls and uses them to offer advanced system monitoring.
> One of the features that our diver offers is the tcpdump-derived concept
> of "snaplen": when a system call with a buffer is captured, it's
> possible to choose how many bytes of that buffer are copied to the
> driver capture buffer. This makes it possible to tune buffer utilization
> and CPU usage vs completeness of data.
>
> Since this feature is important and heavily used, I'd like to extend it
> so that the user has per-fd-type snaplen control. A typical use case is:
> "I want 1000 bytes of each socket buffer, because I'm interested in
> looking at protocol activity, but I don't care about files and so I'm ok
> with just 20 bytes from them". In order for this feature to be useful,
> it needs to be very fast: we use tracepoints to capture system calls, so
> we slow down the original process if we take too long.
>
> And since I'm here, let me expand my question. Another useful thing to
> do would be per-filename snaplen. Use case: "I want the whole content of
> reads and writes to files that are in /etc, but I want only 20 bytes
> from any other system call". This would I guess involve unpacking the
> file structure and retrieving the full file name. Is there any way to do
> it safely and efficiently?
>
> Thanks,
> Loris
>
>
> On 8/19/2014 9:02 AM, Valdis.Kletnieks at vt.edu wrote:
>> On Tue, 19 Aug 2014 08:38:24 -0700, Loris Degioanni said:
>>
>>> I'm looking for an efficient way to determine the type of an fd (file,
>>> socket...) given its number, from a kernel module.
>> What problem are you trying to solve here?  There may be a better API for
>> your problem.  So step back - what are you trying to accomplish?
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Hi Loris,

You can get the file type from the fd by doing something like this : -

struct file *file = fget(fd);
if(!file)
        return error;
assert(file->f_inode != NULL);
file_type = (file->f_inode->i_mode & S_IFMT) >> 12;

Also, you can make use of S_IS*(mode) macros, to check for file types.

NOTE: fget() makes use of current process's file_struct.

Regards,
- Rohan



More information about the Kernelnewbies mailing list