On Mon, Jul 18, 2016 at 12:09 PM, Peter Chen <peter.feifan.c...@gmail.com> wrote: > Hi, > > I was wondering, if I was in the kernel, and I intercepted a system > call such as read(). Would I be able, from the fd, determine the > whether the fd is (1) a network socket? (2) the IP address and port of > this socket? What are the kernel data structures and functions that > can get these information for me in the kernel? Thanks.
You can use sockfd_lookup() to read the sock structure from a given fd, after than you can call, for example, sock->ops->getname() to read local IP address etc.
