Update to use relayfs, new I/O.

4 files changed, 75 insertions, 23 deletions

diff --git a/runtime/probes/shellsnoop/Makefile b/runtime/probes/shellsnoop/Makefile
index 8fff0dc4..12a0f65f 100644
--- a/runtime/probes/shellsnoop/Makefile
+++ b/runtime/probes/shellsnoop/Makefile
@@ -3,7 +3,7 @@
 #
 # make -C path/to/kernel/src M=`pwd` modules STP_RUNTIME=path_to_systemtap_rt
 
-CFLAGS += -I $(STP_RUNTIME) -D KALLSYMS_LOOKUP_NAME=$(KALLSYMS_LOOKUP_NAME) \
+CFLAGS += -I $(STP_RUNTIME) -I $(STP_RUNTIME)/relayfs -D KALLSYMS_LOOKUP_NAME=$(KALLSYMS_LOOKUP_NAME) \
 	-D KALLSYMS_LOOKUP=$(KALLSYMS_LOOKUP)
 obj-m := dtr.o
 
diff --git a/runtime/probes/shellsnoop/build b/runtime/probes/shellsnoop/build
index 3713f08a..fb344b37 100755
--- a/runtime/probes/shellsnoop/build
+++ b/runtime/probes/shellsnoop/build
@@ -4,10 +4,11 @@ KVERSION=`uname -r`
 echo $KVERSION
 KALLSYMS_LOOKUP_NAME=`grep " kallsyms_lookup_name" /boot/System.map-$KVERSION |awk '{print $1}'`
 KALLSYMS_LOOKUP=`grep " kallsyms_lookup$" /boot/System.map-$KVERSION |awk '{print $1}'`
+KTA=`grep "__kernel_text_address" /boot/System.map-$KVERSION |awk '{print $1}'`
 
 make V=1 -C /lib/modules/`uname -r`/build M=`pwd` modules \
 	KALLSYMS_LOOKUP_NAME=0x$KALLSYMS_LOOKUP_NAME \
-	KALLSYMS_LOOKUP=0x$KALLSYMS_LOOKUP \
+	KALLSYMS_LOOKUP=0x$KALLSYMS_LOOKUP  KTA=0x$KTA\
 	STP_RUNTIME=`pwd`/../..
 
 
diff --git a/runtime/probes/shellsnoop/dtr.c b/runtime/probes/shellsnoop/dtr.c
index 92b3221f..e529b054 100644
--- a/runtime/probes/shellsnoop/dtr.c
+++ b/runtime/probes/shellsnoop/dtr.c
@@ -2,8 +2,10 @@
 #define HASH_TABLE_SIZE (1<<HASH_TABLE_BITS)
 #define BUCKETS 16 /* largest histogram width */
 
+#define STP_NETLINK_ONLY
+#define STP_NUM_STRINGS 1
+
 #include "runtime.h"
-#include "io.c"
 #include "map.c"
 #include "copy.c"
 #include "probes.c"
@@ -23,16 +25,18 @@ int inst_do_execve (char * filename, char __user *__user *argv, char __user *__u
   if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh")
       || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh"))
     {
-      dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename);
+      _stp_printf ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename);
 
       _stp_map_key_long (pids, current->pid);
       _stp_map_set_int64 (pids, 1);
       
       _stp_list_clear (arglist);
       _stp_copy_argv_from_user (arglist, argv);
+      
       foreach (arglist, ptr)
-	printk ("%s ", ptr->str);
-      printk ("\n");
+	_stp_printf ("%s ", ptr->str);
+      
+      _stp_print_flush();
     }
   jprobe_return();
   return 0;
@@ -42,8 +46,9 @@ struct file * inst_filp_open (const char * filename, int flags, int mode)
 {
   _stp_map_key_long (pids, current->pid);
   if (_stp_map_get_int64 (pids))
-    dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename);
-  
+    _stp_printf ("%d\t%d\t%s\tO %s", current->pid, current->parent->pid, current->comm, filename);
+
+  _stp_print_flush();
   jprobe_return();
   return 0;
 }
@@ -52,27 +57,22 @@ asmlinkage ssize_t inst_sys_read (unsigned int fd, char __user * buf, size_t cou
 {
   _stp_map_key_long (pids, current->pid);
   if (_stp_map_get_int64 (pids))
-    dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd);
+    _stp_printf ("%d\t%d\t%s\tR %d", current->pid, current->parent->pid, current->comm, fd);
   
+  _stp_print_flush();
   jprobe_return();
   return 0;
 }
 
 asmlinkage ssize_t inst_sys_write (unsigned int fd, const char __user * buf, size_t count)
 {
-  size_t len;
-  char str[256];
   _stp_map_key_long (pids, current->pid);
   if (_stp_map_get_int64 (pids))
     {
-      if (count < 64) 
-	len = count;
-      else 
-	len = 64;
-      len = _stp_strncpy_from_user(str, buf, len);
-      if (len < 0) len = 0;
-      str[len] = 0;
-      dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str);
+      String str = _stp_string_init (0);
+      _stp_string_from_user(str, buf, count);
+      _stp_printf ("%d\t%d\t%s\tW %s", current->pid, current->parent->pid, current->comm, str->buf);
+      _stp_print_flush();
     }
   
   jprobe_return();
@@ -95,7 +95,7 @@ static struct jprobe dtr_probes[] = {
   {
     .kp.addr = (kprobe_opcode_t *)"sys_write",
     .entry = (kprobe_opcode_t *) inst_sys_write
-  },
+  }, 
 };
 
 #define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe))
@@ -104,20 +104,32 @@ static int init_dtr(void)
 {
   int ret;
 
+  if (_stp_netlink_open() < 0)
+    return -1;
+
   pids = _stp_map_new (10000, INT64);
   arglist = _stp_list_new (10, STRING);
 
   ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE);
 
-  dlog("instrumentation is enabled...\n");
+  _stp_log("instrumentation is enabled... %s\n", __this_module.name);
   return ret;
 }
 
-static void cleanup_dtr(void)
+static void probe_exit (void)
 {
   _stp_unregister_jprobes (dtr_probes, MAX_DTR_ROUTINE);
+
+  _stp_print ("In probe_exit now.");
   _stp_map_del (pids);
-  dlog("EXIT\n");
+  _stp_print_flush();
+}
+
+
+static void cleanup_dtr(void)
+{
+  _stp_netlink_close();
+
 }
 
 module_init(init_dtr);
diff --git a/runtime/probes/shellsnoop/stp b/runtime/probes/shellsnoop/stp
new file mode 100755
index 00000000..d10fcaab
--- /dev/null
+++ b/runtime/probes/shellsnoop/stp
@@ -0,0 +1,39 @@
+#!/bin/bash
+if [ -n "$1" ]
+then
+    modulename=$1
+else
+    echo "Usage: stp modulename"
+    exit
+fi
+
+RELAYFS=`lsmod | grep relayfs |awk '{print $1}'`
+if [ "$RELAYFS" != "relayfs" ] 
+then
+	/sbin/insmod ../../relayfs/relayfs.ko
+fi
+
+if [ ! -d "/mnt/relay" ]
+then
+    mkdir /mnt/relay
+fi
+
+MOUNT=`mount | grep relayfs |awk '{print $1}'`
+if [ "$MOUNT" != "relayfs" ]
+then
+	mount -t relayfs relayfs /mnt/relay
+fi
+
+/sbin/insmod $modulename
+
+# print to screen only, 4 8K buffers
+#../../stpd/stpd -p -b 8192 -n 4 
+
+# print to screen and log to files, 4 8K buffers
+../../stpd/stpd -b 8192 -n 4 
+
+# no screen or log
+#../../stpd/stpd -q -b 8192 -n 4 
+
+# stpd will remove module when it exits
+#/sbin/rmmod $modulename