Ioctl

From Hackepedia
Jump to navigationJump to search

Ioctl stands for input/output control. It is used to interface with the kernel via descriptors. Every device, file or socket opened has its own set of ioctl control codes that one can set or gather information to/from the kernel.

Here is an example of a ktrace of an pfctl -ss, it opens the /dev/pf device on descriptor 3 and gets a listing of DIOCGETALTQS and DIOCGETSTATES, the fact that it has GET in the names and not SET is indicative that it is querying information. 

...
27668 pfctl    CALL  open(0x54e000,0,0)
27668 pfctl    NAMI  "/dev/pf"
27668 pfctl    RET   open 3
27668 pfctl    CALL  ioctl(0x3,DIOCGETALTQS,0x7f7ffffd02e0)
27668 pfctl    RET   ioctl 0
27668 pfctl    CALL  ioctl(0x3,DIOCGETSTATES,0x7f7ffffd0350)
27668 pfctl    RET   ioctl 0
...

Like with any syscall it returns 0 on success and -1 on error.

Retrieved from "https://hackepedia.org/?title=Ioctl&oldid=1943"