> > then, something like dtrace or systemtap? IMO you're looking for kinda > combo of kernel mode + user land "sniffer"... the user land sniffer, > in it's very simple form, is by using LD_PRELOAD ... > dtrace seems fine and is similar to ptrace. But then, one would have to enumerate all possible syscalls that the application can issue to read data. For e.g., it could use read(), recvfrom(), recvmsg(), or even syscall(syscall#, args...) I wonder if LD_PRELOAD can be done on a program without shutting it down. ptrace fits the bill here, except for the above problem. Thanks! -- Vimal _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
