summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--tapset/LKET/Changelog7
-rwxr-xr-xtapset/LKET/hookid_defs.stp155
-rwxr-xr-xtapset/LKET/iosyscall.stp383
-rwxr-xr-xtapset/LKET/register_event.stp126
4 files changed, 651 insertions, 20 deletions
diff --git a/tapset/LKET/Changelog b/tapset/LKET/Changelog
index 8680b91a..0aff69b6 100644
--- a/tapset/LKET/Changelog
+++ b/tapset/LKET/Changelog
@@ -1,3 +1,10 @@
+2006-06-15 Li Guanglei <guanglei@cn.ibm.com>
+
+ * iosyscall.stp: new event hooks for io related syscalls
+ * hookid_defs.stp: add the necessary IDs for iosyscall event hooks
+ * register_event.stp: add corresponding event register calls
+ of the newly added io syscall event hooks
+
2006-06-09 Li Guanglei <guanglei@cn.ibm.com>
* *.stp: New design of making user able to append extra trace data.
diff --git a/tapset/LKET/hookid_defs.stp b/tapset/LKET/hookid_defs.stp
index 70801484..9f919938 100755
--- a/tapset/LKET/hookid_defs.stp
+++ b/tapset/LKET/hookid_defs.stp
@@ -33,7 +33,61 @@ global
/* network device */
GROUP_NETDEV,
- HOOKID_NETDEV_RECEIVE, HOOKID_NETDEV_TRANSMIT
+ HOOKID_NETDEV_RECEIVE, HOOKID_NETDEV_TRANSMIT,
+
+ /* io related syscall */
+ GROUP_IOSYSCALL,
+
+ HOOKID_IOSYSCALL_OPEN_ENTRY,
+ HOOKID_IOSYSCALL_OPEN_RETURN,
+
+ HOOKID_IOSYSCALL_CLOSE_ENTRY,
+ HOOKID_IOSYSCALL_CLOSE_RETURN,
+
+ HOOKID_IOSYSCALL_READ_ENTRY,
+ HOOKID_IOSYSCALL_READ_RETURN,
+
+ HOOKID_IOSYSCALL_WRITE_ENTRY,
+ HOOKID_IOSYSCALL_WRITE_RETURN,
+
+ HOOKID_IOSYSCALL_READV_ENTRY,
+ HOOKID_IOSYSCALL_READV_RETURN,
+
+ HOOKID_IOSYSCALL_WRITEV_ENTRY,
+ HOOKID_IOSYSCALL_WRITEV_RETURN,
+
+ HOOKID_IOSYSCALL_PREAD64_ENTRY,
+ HOOKID_IOSYSCALL_PREAD64_RETURN,
+
+ HOOKID_IOSYSCALL_PWRITE64_ENTRY,
+ HOOKID_IOSYSCALL_PWRITE64_RETURN,
+
+ HOOKID_IOSYSCALL_READAHEAD_ENTRY,
+ HOOKID_IOSYSCALL_READAHEAD_RETURN,
+
+ HOOKID_IOSYSCALL_SENDFILE_ENTRY,
+ HOOKID_IOSYSCALL_SENDFILE_RETURN,
+
+ HOOKID_IOSYSCALL_SENDFILE64_ENTRY,
+ HOOKID_IOSYSCALL_SENDFILE64_RETURN,
+
+ HOOKID_IOSYSCALL_LSEEK_ENTRY,
+ HOOKID_IOSYSCALL_LSEEK_RETURN,
+
+ HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+ HOOKID_IOSYSCALL_LLSEEK_RETURN,
+
+ HOOKID_IOSYSCALL_SYNC_ENTRY,
+ HOOKID_IOSYSCALL_SYNC_RETURN,
+
+ HOOKID_IOSYSCALL_FSYNC_ENTRY,
+ HOOKID_IOSYSCALL_FSYNC_RETURN,
+
+ HOOKID_IOSYSCALL_FDATASYNC_ENTRY,
+ HOOKID_IOSYSCALL_FDATASYNC_RETURN,
+
+ HOOKID_IOSYSCALL_FLOCK_ENTRY,
+ HOOKID_IOSYSCALL_FLOCK_RETURN
%{
/* used in embedded c codes */
@@ -46,6 +100,7 @@ int _GROUP_TASK = 5;
int _GROUP_SCSI = 6;
int _GROUP_PAGEFAULT = 7;
int _GROUP_NETDEV = 8;
+int _GROUP_IOSYSCALL = 9;
/* hookIDs defined inside each group */
int _HOOKID_REGSYSEVT = 1;
@@ -75,6 +130,54 @@ int _HOOKID_PAGEFAULT = 1;
int _HOOKID_NETDEV_RECEIVE = 1;
int _HOOKID_NETDEV_TRANSMIT = 2;
+int _HOOKID_IOSYSCALL_OPEN_ENTRY = 1;
+int _HOOKID_IOSYSCALL_OPEN_RETURN = 2;
+
+int _HOOKID_IOSYSCALL_CLOSE_ENTRY = 3;
+int _HOOKID_IOSYSCALL_CLOSE_RETURN = 4;
+
+int _HOOKID_IOSYSCALL_READ_ENTRY = 5;
+int _HOOKID_IOSYSCALL_READ_RETURN = 6;
+
+int _HOOKID_IOSYSCALL_WRITE_ENTRY = 7;
+int _HOOKID_IOSYSCALL_WRITE_RETURN = 8;
+
+int _HOOKID_IOSYSCALL_READV_ENTRY = 9;
+int _HOOKID_IOSYSCALL_READV_RETURN = 10;
+
+int _HOOKID_IOSYSCALL_WRITEV_ENTRY = 11;
+int _HOOKID_IOSYSCALL_WRITEV_RETURN = 12;
+
+int _HOOKID_IOSYSCALL_PREAD64_ENTRY = 13;
+int _HOOKID_IOSYSCALL_PREAD64_RETURN = 14;
+
+int _HOOKID_IOSYSCALL_PWRITE64_ENTRY = 15;
+int _HOOKID_IOSYSCALL_PWRITE64_RETURN = 16;
+
+int _HOOKID_IOSYSCALL_READAHEAD_ENTRY = 17;
+int _HOOKID_IOSYSCALL_READAHEAD_RETURN = 18;
+
+int _HOOKID_IOSYSCALL_SENDFILE_ENTRY = 19;
+int _HOOKID_IOSYSCALL_SENDFILE_RETURN = 20;
+
+int _HOOKID_IOSYSCALL_LSEEK_ENTRY = 21;
+int _HOOKID_IOSYSCALL_LSEEK_RETURN = 22;
+
+int _HOOKID_IOSYSCALL_LLSEEK_ENTRY = 23;
+int _HOOKID_IOSYSCALL_LLSEEK_RETURN = 24;
+
+int _HOOKID_IOSYSCALL_SYNC_ENTRY = 25;
+int _HOOKID_IOSYSCALL_SYNC_RETURN = 26;
+
+int _HOOKID_IOSYSCALL_FSYNC_ENTRY = 27;
+int _HOOKID_IOSYSCALL_FSYNC_RETURN = 28;
+
+int _HOOKID_IOSYSCALL_FDATASYNC_ENTRY = 29;
+int _HOOKID_IOSYSCALL_FDATASYNC_RETURN = 30;
+
+int _HOOKID_IOSYSCALL_FLOCK_ENTRY = 31;
+int _HOOKID_IOSYSCALL_FLOCK_RETURN = 32;
+
%}
function hookid_init()
@@ -113,6 +216,56 @@ function hookid_init()
GROUP_NETDEV = 8
HOOKID_NETDEV_RECEIVE = 1
HOOKID_NETDEV_TRANSMIT = 2
+
+ GROUP_IOSYSCALL = 9
+
+ HOOKID_IOSYSCALL_OPEN_ENTRY = 1
+ HOOKID_IOSYSCALL_OPEN_RETURN = 2
+
+ HOOKID_IOSYSCALL_CLOSE_ENTRY = 3
+ HOOKID_IOSYSCALL_CLOSE_RETURN = 4
+
+ HOOKID_IOSYSCALL_READ_ENTRY = 5
+ HOOKID_IOSYSCALL_READ_RETURN = 6
+
+ HOOKID_IOSYSCALL_WRITE_ENTRY = 7
+ HOOKID_IOSYSCALL_WRITE_RETURN = 8
+
+ HOOKID_IOSYSCALL_READV_ENTRY = 9
+ HOOKID_IOSYSCALL_READV_RETURN = 10
+
+ HOOKID_IOSYSCALL_WRITEV_ENTRY = 11
+ HOOKID_IOSYSCALL_WRITEV_RETURN = 12
+
+ HOOKID_IOSYSCALL_PREAD64_ENTRY = 13
+ HOOKID_IOSYSCALL_PREAD64_RETURN = 14
+
+ HOOKID_IOSYSCALL_PWRITE64_ENTRY = 15
+ HOOKID_IOSYSCALL_PWRITE64_RETURN = 16
+
+ HOOKID_IOSYSCALL_READAHEAD_ENTRY = 17
+ HOOKID_IOSYSCALL_READAHEAD_RETURN = 18
+
+ HOOKID_IOSYSCALL_SENDFILE_ENTRY = 19
+ HOOKID_IOSYSCALL_SENDFILE_RETURN = 20
+
+ HOOKID_IOSYSCALL_LSEEK_ENTRY = 21
+ HOOKID_IOSYSCALL_LSEEK_RETURN = 22
+
+ HOOKID_IOSYSCALL_LLSEEK_ENTRY = 23
+ HOOKID_IOSYSCALL_LLSEEK_RETURN = 24
+
+ HOOKID_IOSYSCALL_SYNC_ENTRY = 25
+ HOOKID_IOSYSCALL_SYNC_RETURN = 26
+
+ HOOKID_IOSYSCALL_FSYNC_ENTRY = 27
+ HOOKID_IOSYSCALL_FSYNC_RETURN = 28
+
+ HOOKID_IOSYSCALL_FDATASYNC_ENTRY = 29
+ HOOKID_IOSYSCALL_FDATASYNC_RETURN = 30
+
+ HOOKID_IOSYSCALL_FLOCK_ENTRY = 31
+ HOOKID_IOSYSCALL_FLOCK_RETURN = 32
}
diff --git a/tapset/LKET/iosyscall.stp b/tapset/LKET/iosyscall.stp
new file mode 100755
index 00000000..527aaeeb
--- /dev/null
+++ b/tapset/LKET/iosyscall.stp
@@ -0,0 +1,383 @@
+// Copyright (C) 2006 IBM Corp.
+//
+// This file is part of systemtap, and is free software. You can
+// redistribute it and/or modify it under the terms of the GNU General
+// Public License (GPL); either version 2, or (at your option) any
+// later version.
+
+probe addevent.iosyscall
+ = addevent.iosyscall.entry,
+ addevent.iosyscall.return
+{}
+
+probe addevent.iosyscall.entry
+ += _addevent.iosyscall.entry
+{
+ update_record()
+}
+
+probe addevent.iosyscall.return
+ += _addevent.iosyscall.return
+{
+ update_record()
+}
+
+
+probe _addevent.iosyscall.entry
+ = syscall.open,
+ syscall.close,
+ syscall.read,
+ syscall.write,
+ syscall.readv,
+ syscall.writev,
+ syscall.pread64,
+ syscall.pwrite64,
+ syscall.readahead,
+ syscall.sendfile,
+ syscall.lseek,
+ syscall.llseek,
+ syscall.sync,
+ syscall.fsync,
+ syscall.fdatasync,
+ syscall.flock
+{
+ dummy_c_function() /* used to prevent over-optimization */
+}
+
+probe _addevent.iosyscall.return
+ = syscall.open.return,
+ syscall.close.return,
+ syscall.read.return,
+ syscall.write.return,
+ syscall.readv.return,
+ syscall.writev.return,
+ syscall.pread64.return,
+ syscall.pwrite64.return,
+ syscall.readahead.return,
+ syscall.sendfile.return,
+ syscall.lseek.return,
+ syscall.llseek.return,
+ syscall.sync.return,
+ syscall.fsync.return,
+ syscall.fdatasync.return,
+ syscall.flock.return
+{
+ dummy_c_function() /* used to prevent over-optimization */
+}
+
+
+function dummy_c_function()
+%{
+%}
+
+probe syscall.open
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_open(filename, flags, mode)
+}
+
+probe syscall.open.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_OPEN_RETURN, retstr)
+}
+
+function log_iosyscall_open(filename:string, flags:long, mode:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_OPEN_ENTRY,
+ "%0s%4b%4b", THIS->filename, THIS->flags,
+ THIS->mode);
+%}
+
+function log_iosyscall_return(var_id:long, retstr:string)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%0s", THIS->retstr);
+%}
+
+probe syscall.close
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_close(fd)
+}
+
+probe syscall.close.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_CLOSE_RETURN, retstr)
+}
+
+
+function log_iosyscall_close(fd:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_CLOSE_ENTRY,
+ "%8b", THIS->fd);
+%}
+
+probe syscall.read
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_read_write(HOOKID_IOSYSCALL_READ_ENTRY, fd,
+ buf_uaddr, count)
+}
+
+probe syscall.read.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_READ_RETURN, retstr)
+}
+
+probe syscall.write
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_read_write(HOOKID_IOSYSCALL_WRITE_ENTRY, fd,
+ buf_uaddr, count)
+}
+
+probe syscall.write.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_WRITE_RETURN, retstr)
+}
+
+function log_iosyscall_read_write(var_id:long, fd:long, buf_uaddr:long,
+ count:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b",
+ THIS->fd, THIS->buf_uaddr, THIS->count);
+%}
+
+probe syscall.readv
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_readv_writev(HOOKID_IOSYSCALL_READV_ENTRY,
+ fd, vector_uaddr, count)
+}
+
+probe syscall.readv.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_READV_RETURN, retstr)
+}
+
+probe syscall.writev
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_readv_writev(HOOKID_IOSYSCALL_WRITEV_ENTRY,
+ fd, vector_uaddr, count)
+}
+
+probe syscall.writev.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_WRITEV_RETURN, retstr)
+}
+
+function log_iosyscall_readv_writev(var_id:long, fd:long,
+ vector_uaddr:long, count:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b",
+ THIS->fd, THIS->vector_uaddr, THIS->count);
+%}
+
+probe syscall.pread64
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_pread64_pwrite64(HOOKID_IOSYSCALL_PREAD64_ENTRY,
+ fd, buf_uaddr, count, offset)
+}
+
+probe syscall.pread64.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_PREAD64_RETURN, retstr)
+}
+
+probe syscall.pwrite64
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_pread64_pwrite64(HOOKID_IOSYSCALL_PWRITE64_ENTRY,
+ fd, buf_uaddr, count, offset);
+}
+
+probe syscall.pwrite64.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_PWRITE64_RETURN, retstr)
+}
+
+function log_iosyscall_pread64_pwrite64(var_id:long, fd:long,
+ buf_uaddr:long, count:long, offset:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b%8b",
+ THIS->fd, THIS->buf_uaddr, THIS->count, THIS->offset);
+%}
+
+probe syscall.readahead
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_readahead(fd, offset, count)
+}
+
+probe syscall.readahead.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_READAHEAD_RETURN, retstr)
+}
+
+
+function log_iosyscall_readahead(fd:long, offset:long,count:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_READAHEAD_ENTRY,
+ "%8b%8b%8b", THIS->fd, THIS->offset, THIS->count);
+%}
+
+probe syscall.sendfile
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_sendfile(HOOKID_IOSYSCALL_SENDFILE_ENTRY,
+ out_fd, in_fd, offset_uaddr, count)
+}
+
+probe syscall.sendfile.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_SENDFILE_RETURN, retstr)
+}
+
+function log_iosyscall_sendfile(var_id:long, out_fd:long, in_fd:long,
+ offset_uaddr:long, count:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b%8b",
+ THIS->out_fd, THIS->in_fd, THIS->offset_uaddr,
+ THIS->count);
+%}
+
+probe syscall.lseek
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_lseek(fildes, offset, whence)
+}
+
+probe syscall.lseek.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_LSEEK_RETURN, retstr)
+}
+
+function log_iosyscall_lseek(fd:long, offset:long, whence:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_LSEEK_ENTRY,
+ "%8b%8b%1b", THIS->fd, THIS->offset, THIS->whence);
+%}
+
+probe syscall.llseek
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_llseek(fd, offset_high, offset_low, result_uaddr,
+ whence)
+}
+
+probe syscall.llseek.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_LLSEEK_RETURN, retstr)
+}
+
+function log_iosyscall_llseek(fd:long, offset_high:long, offset_low:long,
+ result_uaddr:long, whence:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+ "%8b%8b%8b%8b%1b", THIS->fd, THIS->offset_high,
+ THIS->offset_low, THIS->result_uaddr, THIS->whence);
+%}
+
+probe syscall.sync
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_sync()
+}
+
+probe syscall.sync.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_SYNC_RETURN, retstr)
+}
+
+function log_iosyscall_sync()
+%{
+ struct timeval tv;
+ do_gettimeofday(&tv);
+#if defined(ASCII_TRACE)
+ _stp_printf("%d%d%d%d%d%d%d%d", _GROUP_IOSYSCALL,
+ _HOOKID_IOSYSCALL_SYNC_ENTRY, tv.tv_sec, tv.tv_usec,
+ current->tgid, current->parent->pid, current->pid,
+ current->thread_info->cpu);
+
+#else
+ _stp_printf("%2b%2n%1b%1b%4b%4b%4b%4b%4b%1b", (_FMT_)0,
+ (_FMT_)_GROUP_IOSYSCALL, (_FMT_)_HOOKID_IOSYSCALL_SYNC_ENTRY,
+ (_FMT_)tv.tv_sec, (_FMT_)tv.tv_usec, (_FMT_)current->tgid,
+ (_FMT_)current->parent->pid, (_FMT_)current->pid,
+ (_FMT_)current->thread_info->cpu);
+#endif
+
+%}
+
+probe syscall.fsync
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_fsync(HOOKID_IOSYSCALL_FSYNC_ENTRY, fd)
+}
+
+probe syscall.fsync.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_FSYNC_RETURN, retstr)
+}
+
+probe syscall.fdatasync
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_fsync(HOOKID_IOSYSCALL_FDATASYNC_ENTRY, fd)
+}
+
+probe syscall.fdatasync.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_FDATASYNC_RETURN, retstr)
+}
+
+function log_iosyscall_fsync(var_id:long, fd:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b", THIS->fd);
+%}
+
+probe syscall.flock
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_flock(fd, operation)
+}
+
+probe syscall.flock.return
+{
+ if(filter_by_pid() == 1 )
+ log_iosyscall_return(HOOKID_IOSYSCALL_FLOCK_RETURN, retstr)
+}
+
+function log_iosyscall_flock(fd:long, operation:long)
+%{
+ _lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_FLOCK_ENTRY,
+ "%8b%4b", THIS->fd, THIS->operation);
+%}
+
+/*
+
+fs:
+newfstat, newlstat, newstat,pipe,poll,select,readlink,rename,rmdir,symlink,,
+truncate,ftruncate,unlink,chmod,chown,dup,dup2,fchdir,fchmod,fchown,fcntl,
+fstatfs,link,mkdir,
+
+aio:
+io_cancel,io_destroy,io_getevents,io_setup,io_submit,
+
+*/
diff --git a/tapset/LKET/register_event.stp b/tapset/LKET/register_event.stp
index 3150bf51..76b6d6f2 100755
--- a/tapset/LKET/register_event.stp
+++ b/tapset/LKET/register_event.stp
@@ -11,7 +11,7 @@ global usr_evt_name, usr_evt_fmt
%{
#define _MAXGROUPID 20
-#define _MAXHOOKID 20
+#define _MAXHOOKID 40
int get_fmtcode(char *fmt)
{
@@ -102,7 +102,8 @@ function register_event(grpid:long, hookid:long, evt_type:long, fmt:string, name
}
if(fmt!=NULL || name != NULL) {
- _stp_warn("unpaired types/names\n");
+ _stp_warn("unpaired types/names, grpid:%d, hookid:%d\n",
+ THIS->grpid, THIS->hookid);
_stp_exit();
}
@@ -117,47 +118,134 @@ function register_event(grpid:long, hookid:long, evt_type:long, fmt:string, name
function register_sys_events()
{
- register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_ENTRY, "STRING", "Syscall")
- register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_RETURN, "STRING", "Syscall")
+ register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_ENTRY, "STRING", "syscall")
+ register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_RETURN, "STRING", "syscall")
register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_SNAPSHOT,
- "INT32:STRING", "PID:PNAME")
+ "INT32:STRING", "pid:pname")
register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_EXECVE,
- "STRING", "PNAME")
+ "STRING", "pname")
register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_FORK,
- "INT32", "PID")
+ "INT32", "pid")
register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_NEXT_REQ,
- "STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+ "STRING:INT8:INT8", "elv_name:major:minor")
+
register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_ADD_REQ,
- "STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+ "STRING:INT8:INT8", "elv_name:major:minor")
+
register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_REMOVE_REQ,
- "STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+ "STRING:INT8:INT8", "elv_name:major:minor")
register_sys_event(GROUP_TASK, HOOKID_TASK_CTXSWITCH,
- "INT32:INT32:INT8", "Prev_PID:Next_PID:Prev_State")
+ "INT32:INT32:INT8", "prev_pid:next_pid:prev_state")
+
register_sys_event(GROUP_TASK, HOOKID_TASK_CPUIDLE,
- "INT32", "CurrPID")
+ "INT32", "cur_pid")
register_sys_event(GROUP_SCSI, HOOKID_SCSI_IOENTRY,
- "INT8:INT8:INT8", "MAJOR:MINOR:SDEV_STATE")
+ "INT8:INT8:INT8", "major:minor:sdev_state")
+
register_sys_event(GROUP_SCSI, HOOKID_SCSI_IO_TO_LLD,
"INT8:INT32:INT8:INT64:INT32:INT64",
- "SDEV_STATE:SCSI_INFO:Data_Dir:Req_Buf:Buf_Len:Cmd_ID")
+ "sdev_state:scsi_info:data_dir:req_buff:buf_len:cmd_id")
+
register_sys_event(GROUP_SCSI, HOOKID_SCSI_IODONE_BY_LLD,
- "INT32:INT8:INT64", "SCSI_INFO:Data_Dir:Cmd_ID")
+ "INT32:INT8:INT64", "scsi_info:data_dir:cmd_id")
+
register_sys_event(GROUP_SCSI, HOOKID_SCSI_IOCOMP_BY_MIDLEVEL,
- "INT32:INT8:INT64:INT32", "SCSI_INFO:Data_Dir:Cmd_ID:Bytes");
+ "INT32:INT8:INT64:INT32", "scsi_info:data_dir:cmd_id:bytes");
register_sys_event(GROUP_PAGEFAULT, HOOKID_PAGEFAULT,
- "INT64:INT8", "ADDR:WRITE")
+ "INT64:INT8", "addr:write")
register_sys_event(GROUP_NETDEV, HOOKID_NETDEV_RECEIVE,
- "STRING:INT32:INT16:INT32", "DEV_NAME:Data_LEN:Protocol:Buff_Size")
+ "STRING:INT32:INT16:INT32", "dev_name:data_len:protocol:buff_size")
+
register_sys_event(GROUP_NETDEV, HOOKID_NETDEV_TRANSMIT,
- "STRING:INT32:INT16:INT32", "DEV_NAME:Data_LEN:Protocol:Buff_Size")
+ "STRING:INT32:INT16:INT32", "dev_name:data_len:protocol:buff_size")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_OPEN_ENTRY,
+ "STRING:INT32:INT32", "filename:flags:mode")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_OPEN_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_CLOSE_ENTRY,
+ "INT64", "fd")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_CLOSE_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READ_ENTRY,
+ "INT64:INT64:INT64", "fd:buff_addr:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READ_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITE_ENTRY,
+ "INT64:INT64:INT64", "fd:buff_addr:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITE_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READV_ENTRY,
+ "INT64:INT64:INT64", "fd:vector_uaddr:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READV_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITEV_ENTRY,
+ "INT64:INT64:INT64", "fd:vector_uaddr:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITEV_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PREAD64_ENTRY,
+ "INT64:INT64:INT64:INT64", "fd:buff_uaddr:count:offset")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PREAD64_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PWRITE64_ENTRY,
+ "INT64:INT64:INT64:INT64", "fd:buff_uaddr:count:offset")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PWRITE64_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READAHEAD_ENTRY,
+ "INT64:INT64:INT64", "fd:offset:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READAHEAD_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SENDFILE_ENTRY,
+ "INT64:INT64:INT64:INT64", "out_fd:in_fd:offset_uaddr:count")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SENDFILE_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LSEEK_ENTRY,
+ "INT64:INT64:INT8", "fd:offset:whence")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LSEEK_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+ "INT64:INT64:INT64:INT64:INT8b",
+ "fd:offset_high:offset_low:result_uaddr:whence")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LLSEEK_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SYNC_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FSYNC_ENTRY,
+ "INT64", "fd")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FSYNC_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FDATASYNC_ENTRY,
+ "INT64", "fd")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FDATASYNC_RETURN,
+ "STRING", "return")
+
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FLOCK_ENTRY,
+ "INT64:INT32", "fd:operation")
+ register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FLOCK_RETURN,
+ "STRING", "return")
}
+
probe register_event = begin
{
hookid_init()
generated by cgit (git 2.34.1) at 2025-08-06 22:21:23 +0000