Hi Javier, > > If you want to do it in the kernel, you can write a loadable kernel > module to register netfilter hooks and obtain the socket buffers > (sk_buff). Thanks. If you see my earlier posts, I didn't want netfilter/pcap because they give me access to packets. I would like access to the stream of data that is read by the application using read()/recvmsg()/etc syscalls. @all: thanks for the help; I think I've figured out how to do it. I manually traced the system call to see which one would be called ultimately, for read on a socket. It turns out that skb_copy_datagram_iovec(..) is called ultimately (fn defn: http://lxr.free-electrons.com/source/net/ipv4/tcp.c#L1668). I could hook onto this function using kprobes and get the data that is read. Thanks! -- Vimal _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
