socket.makefile & AF_UNIX

Jamie Saker w0jrs at firepole.com
Fri Dec 10 11:20:08 EST 2004 

I think I'm overlooking something assumed in socket's makefile method. 
Googling several hours and digging thru the python reference didn't help - I 
think I'm overlooking an assumption between Python and UNIX socket objects 
neither is explicitely discussing. I think my mknod 

In the makefile operation on socket (pydoc socket.socket.makefile... using 
AF_UNIX, allowing you to create a file object to correspond to a socket) I've 
got an sample program (goal: open up unix file socket object for snort's 
alert_unixsock output mode to dump to. later, take data written into file 
object and process) as follows:

#######################################3
#!/usr/bin/python
## socketfile.py
## for socket file object to collect snort data via alert_unixsock output
"""makes file interface to socket. demo application takes data written to file 
and prints it."""

from socket import *
import os

FILE = 'snort_alert'
#FILE = '/dev/log'

if not os.path.exists(FILE):
    print "Creating file..."
    os.mknod(FILE)

s = socket(AF_UNIX, SOCK_DGRAM)
# SOCK_DGRAM for UDP compatibility with /dev/log - errors
# on SOCK_STREAM reference for /dev/log

s.connect(FILE)

f = s.makefile('rw')

while 1:
    print "Data: %s" % f.readline(1024)
    f.flush()
#######################################3

If I guess correctly, socket.makefile might be wanting to use a block or 
character file, which I may not be setting up properly. pydoc on os.mknod 
refers to os.makedev which is even sparser on explanation. Part of the reason 
for my guess is that:

- permissions on my snort_alert file don't look right:
-rw-------  1 sysadmin users 0 Dec 10 02:58 snort_alert

compared to:
srw-rw-rw-  1 root root 0 Dec 10 01:14 /dev/log=

And when I use /dev/log instead (which exists), it connects to the file object 
and runs (though snort does not want to dump to /dev/log and the limitations 
of the alert_unixsock output method limit it to /var/log/snort/snort_alert 
only).  Any thoughts from the socket savvy would be *greatly* appreciated!

Jamie

More information about the Python-list mailing list