Re: saddr value in connect()
On May 5, 2014, at 3:26 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
saddr is a hex encoded blob that is a struct sockaddr.
I’m writing my own parsing code to add Linux analysis to my Mac-based BSM audit analysis
tools, so I might be asking some “out of left field” questions from time to time. I’ve
been working my way through decoding things like the sockaddr hex blob.
> …
Its a socket address structure. It may or may not be null terminated
depending on the socket type.
> ...
Its other fields in struct sockaddr.
> ...
That would be an abstract af_unix socket.
With that info I did a little more digging and found a lot of this information in
$ man 7 unix
Thanks!
Todd
Attachments:
- attachment.html (text/html — 2.1 KB)