diff options
| author | Stan Cox <scox@redhat.com> | 2008-05-29 14:46:38 -0400 |
|---|---|---|
| committer | Stan Cox <scox@redhat.com> | 2008-05-29 14:46:38 -0400 |
| commit | c39d889155d4c9365bd27691d22a92c447ced976 (patch) | |
| tree | 64b56069b0435ac09564ba983bea154a9747bcbe /runtime/probes/shellsnoop/README | |
| parent | ef63732e82dd7979dcf608ba6ed4528e150b47ac (diff) | |
| download | systemtap-steved-c39d889155d4c9365bd27691d22a92c447ced976.tar.gz systemtap-steved-c39d889155d4c9365bd27691d22a92c447ced976.tar.xz systemtap-steved-c39d889155d4c9365bd27691d22a92c447ced976.zip | |
SW5106 Remove old map and histogram formatting code
Diffstat (limited to 'runtime/probes/shellsnoop/README')
| -rw-r--r-- | runtime/probes/shellsnoop/README | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/runtime/probes/shellsnoop/README b/runtime/probes/shellsnoop/README deleted file mode 100644 index 70b5e614..00000000 --- a/runtime/probes/shellsnoop/README +++ /dev/null @@ -1,73 +0,0 @@ -/** @dir shellsnoop -Snoops on what commands are being run by shells. - -This is a translation of on an old dtr probe. It demonstrates maps, -lists, and how to use _stp_copy_argv_from_user() and _stp_strncpy_from_user(). - -Original dtr source: - -\verbatim -# shellsnoop.probe - snoop shell execution as it occurs. -# clone of dtrace shellsnoop example - -global { - long @pids[long]; -} - -probe do_execve:entry { - char __user *vstr; - char str[256]; - int len; - - /* watch shells only */ - /* FIXME: detect more shells, like csh, tcsh, zsh */ - - if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh") - || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh")) - { - dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename); - @pids[current->pid] = 1; - - /* print out argv, ignoring argv[0] */ - if (argv) argv++; - while (argv != NULL) - { - if (get_user (vstr, argv)) - break; - if (!vstr) - break; - len = dtr_strncpy_from_user(str, vstr, 256); - str[len] = 0; - printk ("%s ", str); - argv++; - } - printk ("\n"); - } -} - -# use filp_open because copy_from_user not needed there -probe filp_open:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename); -} - -probe sys_read:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd); -} - -probe sys_write:entry { - size_t len; - char str[256]; - if (@pids[current->pid]) - { - if (count < 64) len = count; - else len = 64; - if (len = dtr_strncpy_from_user(str, buf, len)) { - str[len] = 0; - dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str); - } - } -} -\endverbatim -*/ |