summaryrefslogtreecommitdiffstats
path: root/runtime/docs/html/shellsnoop_2dtr_8c-source.html
diff options
context:
space:
mode:
Diffstat (limited to 'runtime/docs/html/shellsnoop_2dtr_8c-source.html')
-rw-r--r--runtime/docs/html/shellsnoop_2dtr_8c-source.html194
1 files changed, 103 insertions, 91 deletions
diff --git a/runtime/docs/html/shellsnoop_2dtr_8c-source.html b/runtime/docs/html/shellsnoop_2dtr_8c-source.html
index 7391b8ce..bbc55f7e 100644
--- a/runtime/docs/html/shellsnoop_2dtr_8c-source.html
+++ b/runtime/docs/html/shellsnoop_2dtr_8c-source.html
@@ -4,91 +4,91 @@
<link href="doxygen.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.4.1 -->
-<div class="qindex"><a class="qindex" href="index.html">Main&nbsp;Page</a> | <a class="qindex" href="modules.html">Modules</a> | <a class="qindex" href="annotated.html">Data&nbsp;Structures</a> | <a class="qindex" href="dirs.html">Directories</a> | <a class="qindex" href="files.html">File&nbsp;List</a> | <a class="qindex" href="functions.html">Data&nbsp;Fields</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related&nbsp;Pages</a></div>
+<div class="qindex"><a class="qindex" href="index.html">Main&nbsp;Page</a> | <a class="qindex" href="modules.html">Modules</a> | <a class="qindex" href="dirs.html">Directories</a> | <a class="qindex" href="files.html">File&nbsp;List</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related&nbsp;Pages</a></div>
<div class="nav">
<a class="el" href="dir_000000.html">probes</a>&nbsp;/&nbsp;<a class="el" href="dir_000001.html">shellsnoop</a></div>
<h1>dtr.c</h1><div class="fragment"><pre class="fragment">00001 <span class="preprocessor">#define HASH_TABLE_BITS 8</span>
00002 <span class="preprocessor"></span><span class="preprocessor">#define HASH_TABLE_SIZE (1&lt;&lt;HASH_TABLE_BITS)</span>
00003 <span class="preprocessor"></span><span class="preprocessor">#define BUCKETS 16 </span><span class="comment">/* largest histogram width */</span>
00004
-00005 <span class="preprocessor">#include "<a class="code" href="runtime_8h.html">runtime.h</a>"</span>
-00006 <span class="preprocessor">#include "<a class="code" href="io_8c.html">io.c</a>"</span>
-00007 <span class="preprocessor">#include "<a class="code" href="map_8c.html">map.c</a>"</span>
-00008 <span class="preprocessor">#include "<a class="code" href="copy_8c.html">copy.c</a>"</span>
-00009 <span class="preprocessor">#include "<a class="code" href="probes_8c.html">probes.c</a>"</span>
-00010
-00011 MODULE_DESCRIPTION(<span class="stringliteral">"SystemTap probe: shellsnoop"</span>);
-00012 MODULE_AUTHOR(<span class="stringliteral">"Martin Hunt &lt;hunt@redhat.com&gt;"</span>);
-00013
-00014 <a class="code" href="structmap__root.html">MAP</a> pids, arglist ;
+00005 <span class="preprocessor">#define STP_NETLINK_ONLY</span>
+00006 <span class="preprocessor"></span><span class="preprocessor">#define STP_NUM_STRINGS 1</span>
+00007 <span class="preprocessor"></span>
+00008 <span class="preprocessor">#include "<a class="code" href="runtime_8h.html">runtime.h</a>"</span>
+00009 <span class="preprocessor">#include "<a class="code" href="map_8c.html">map.c</a>"</span>
+00010 <span class="preprocessor">#include "<a class="code" href="copy_8c.html">copy.c</a>"</span>
+00011 <span class="preprocessor">#include "<a class="code" href="probes_8c.html">probes.c</a>"</span>
+00012
+00013 MODULE_DESCRIPTION(<span class="stringliteral">"SystemTap probe: shellsnoop"</span>);
+00014 MODULE_AUTHOR(<span class="stringliteral">"Martin Hunt &lt;hunt@redhat.com&gt;"</span>);
00015
-00016 <span class="keywordtype">int</span> inst_do_execve (<span class="keywordtype">char</span> * filename, <span class="keywordtype">char</span> __user *__user *argv, <span class="keywordtype">char</span> __user *__user *envp, <span class="keyword">struct</span> pt_regs * regs)
-00017 {
-00018 <span class="keyword">struct </span><a class="code" href="structmap__node__str.html">map_node_str</a> *ptr;
-00019
-00020 <span class="comment">/* watch shells only */</span>
-00021 <span class="comment">/* FIXME: detect more shells, like csh, tcsh, zsh */</span>
-00022
-00023 <span class="keywordflow">if</span> (!strcmp(current-&gt;comm,<span class="stringliteral">"bash"</span>) || !strcmp(current-&gt;comm,<span class="stringliteral">"sh"</span>) || !strcmp(current-&gt;comm, <span class="stringliteral">"zsh"</span>)
-00024 || !strcmp(current-&gt;comm, <span class="stringliteral">"tcsh"</span>) || !strcmp(current-&gt;comm, <span class="stringliteral">"pdksh"</span>))
-00025 {
-00026 <a class="code" href="group__io.html#ga0">dlog</a> (<span class="stringliteral">"%d\t%d\t%d\t%s "</span>, current-&gt;uid, current-&gt;pid, current-&gt;parent-&gt;pid, filename);
-00027
-00028 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
-00029 <a class="code" href="group__maps.html#ga16">_stp_map_set_int64</a> (pids, 1);
-00030
-00031 <a class="code" href="group__lists.html#ga1">_stp_list_clear</a> (arglist);
-00032 <a class="code" href="group__copy.html#ga2">_stp_copy_argv_from_user</a> (arglist, argv);
-00033 <a class="code" href="group__maps.html#ga31">foreach</a> (arglist, ptr)
-00034 printk ("%s ", ptr-&gt;str);
-00035 printk ("\n");
-00036 }
-00037 jprobe_return();
-00038 return 0;
-00039 }
-00040
-00041 struct file * inst_filp_open (const <span class="keywordtype">char</span> * filename, <span class="keywordtype">int</span> flags, <span class="keywordtype">int</span> mode)
-00042 {
-00043 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
-00044 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
-00045 <a class="code" href="group__io.html#ga0">dlog</a> (<span class="stringliteral">"%d\t%d\t%s\tO %s\n"</span>, current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, filename);
-00046
-00047 jprobe_return();
-00048 <span class="keywordflow">return</span> 0;
-00049 }
+00016 <a class="code" href="group__maps.html#ga1">MAP</a> pids, arglist ;
+00017
+00018 <span class="keywordtype">int</span> inst_do_execve (<span class="keywordtype">char</span> * filename, <span class="keywordtype">char</span> __user *__user *argv, <span class="keywordtype">char</span> __user *__user *envp, <span class="keyword">struct</span> pt_regs * regs)
+00019 {
+00020 <span class="keyword">struct </span>map_node_str *ptr;
+00021
+00022 <span class="comment">/* watch shells only */</span>
+00023 <span class="comment">/* FIXME: detect more shells, like csh, tcsh, zsh */</span>
+00024
+00025 <span class="keywordflow">if</span> (!strcmp(current-&gt;comm,<span class="stringliteral">"bash"</span>) || !strcmp(current-&gt;comm,<span class="stringliteral">"sh"</span>) || !strcmp(current-&gt;comm, <span class="stringliteral">"zsh"</span>)
+00026 || !strcmp(current-&gt;comm, <span class="stringliteral">"tcsh"</span>) || !strcmp(current-&gt;comm, <span class="stringliteral">"pdksh"</span>))
+00027 {
+00028 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%d\t%s "</span>, current-&gt;uid, current-&gt;pid, current-&gt;parent-&gt;pid, filename);
+00029
+00030 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
+00031 <a class="code" href="group__maps.html#ga16">_stp_map_set_int64</a> (pids, 1);
+00032
+00033 <a class="code" href="group__lists.html#ga1">_stp_list_clear</a> (arglist);
+00034 <a class="code" href="group__copy.html#ga3">_stp_copy_argv_from_user</a> (arglist, argv);
+00035
+00036 <a class="code" href="group__maps.html#ga32">foreach</a> (arglist, ptr)
+00037 _stp_printf ("%s ", ptr-&gt;str);
+00038
+00039 _stp_print_flush();
+00040 }
+00041 jprobe_return();
+00042 return 0;
+00043 }
+00044
+00045 struct file * inst_filp_open (const <span class="keywordtype">char</span> * filename, <span class="keywordtype">int</span> flags, <span class="keywordtype">int</span> mode)
+00046 {
+00047 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
+00048 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
+00049 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tO %s"</span>, current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, filename);
00050
-00051 asmlinkage ssize_t inst_sys_read (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keywordtype">char</span> __user * buf, size_t count)
-00052 {
-00053 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
-00054 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
-00055 <a class="code" href="group__io.html#ga0">dlog</a> (<span class="stringliteral">"%d\t%d\t%s\tR %d\n"</span>, current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, fd);
-00056
-00057 jprobe_return();
-00058 <span class="keywordflow">return</span> 0;
-00059 }
-00060
-00061 asmlinkage ssize_t inst_sys_write (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keyword">const</span> <span class="keywordtype">char</span> __user * buf, size_t count)
-00062 {
-00063 size_t len;
-00064 <span class="keywordtype">char</span> str[256];
-00065 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
-00066 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
-00067 {
-00068 <span class="keywordflow">if</span> (count &lt; 64)
-00069 len = count;
-00070 else
-00071 len = 64;
-00072 len = _stp_strncpy_from_user(str, buf, len);
-00073 if (len &lt; 0) len = 0;
-00074 str[len] = 0;
-00075 dlog ("%d\t%d\t%s\tW %s\n", current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, str);
+00051 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>();
+00052 jprobe_return();
+00053 <span class="keywordflow">return</span> 0;
+00054 }
+00055
+00056 asmlinkage ssize_t inst_sys_read (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keywordtype">char</span> __user * buf, size_t count)
+00057 {
+00058 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
+00059 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
+00060 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tR %d"</span>, current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, fd);
+00061
+00062 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>();
+00063 jprobe_return();
+00064 <span class="keywordflow">return</span> 0;
+00065 }
+00066
+00067 asmlinkage ssize_t inst_sys_write (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keyword">const</span> <span class="keywordtype">char</span> __user * buf, size_t count)
+00068 {
+00069 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current-&gt;pid);
+00070 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids))
+00071 {
+00072 String str = <a class="code" href="group__string.html#ga2">_stp_string_init</a> (0);
+00073 <a class="code" href="group__copy.html#ga1">_stp_string_from_user</a>(str, buf, count);
+00074 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tW %s"</span>, current-&gt;pid, current-&gt;parent-&gt;pid, current-&gt;comm, str-&gt;buf);
+00075 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>();
00076 }
00077
00078 jprobe_return();
-00079 return 0;
+00079 <span class="keywordflow">return</span> 0;
00080 }
00081
-00082 static struct jprobe dtr_probes[] = {
+00082 <span class="keyword">static</span> <span class="keyword">struct </span>jprobe dtr_probes[] = {
00083 {
00084 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"do_execve"</span>,
00085 .entry = (kprobe_opcode_t *) inst_do_execve
@@ -104,7 +104,7 @@
00095 {
00096 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"sys_write"</span>,
00097 .entry = (kprobe_opcode_t *) inst_sys_write
-00098 },
+00098 },
00099 };
00100
00101 <span class="preprocessor">#define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe))</span>
@@ -113,24 +113,36 @@
00104 {
00105 <span class="keywordtype">int</span> ret;
00106
-00107 pids = <a class="code" href="group__maps.html#ga2">_stp_map_new</a> (10000, INT64);
-00108 arglist = <a class="code" href="group__lists.html#ga0">_stp_list_new</a> (10, STRING);
+00107 <span class="keywordflow">if</span> (<a class="code" href="group__io.html#ga7">_stp_netlink_open</a>() &lt; 0)
+00108 return -1;
00109
-00110 ret = <a class="code" href="probes_8c.html#a2">_stp_register_jprobes</a> (dtr_probes, MAX_DTR_ROUTINE);
-00111
-00112 <a class="code" href="group__io.html#ga0">dlog</a>(<span class="stringliteral">"instrumentation is enabled...\n"</span>);
-00113 <span class="keywordflow">return</span> ret;
-00114 }
-00115
-00116 <span class="keyword">static</span> <span class="keywordtype">void</span> cleanup_dtr(<span class="keywordtype">void</span>)
-00117 {
-00118 <a class="code" href="probes_8c.html#a1">_stp_unregister_jprobes</a> (dtr_probes, MAX_DTR_ROUTINE);
-00119 <a class="code" href="group__maps.html#ga7">_stp_map_del</a> (pids);
-00120 <a class="code" href="group__io.html#ga0">dlog</a>(<span class="stringliteral">"EXIT\n"</span>);
-00121 }
+00110 pids = _stp_map_new (10000, INT64);
+00111 arglist = _stp_list_new (10, STRING);
+00112
+00113 ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE);
+00114
+00115 _stp_log("instrumentation is enabled... %s\n", __this_module.name);
+00116 return ret;
+00117 }
+00118
+00119 static <span class="keywordtype">void</span> probe_exit (<span class="keywordtype">void</span>)
+00120 {
+00121 <a class="code" href="probes_8c.html#a2">_stp_unregister_jprobes</a> (dtr_probes, MAX_DTR_ROUTINE);
00122
-00123 module_init(init_dtr);
-00124 module_exit(cleanup_dtr);
-00125 MODULE_LICENSE(<span class="stringliteral">"GPL"</span>);
-00126
+00123 <a class="code" href="group__print.html#ga11">_stp_print</a> (<span class="stringliteral">"In probe_exit now."</span>);
+00124 <a class="code" href="group__maps.html#ga7">_stp_map_del</a> (pids);
+00125 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>();
+00126 }
+00127
+00128
+00129 <span class="keyword">static</span> <span class="keywordtype">void</span> cleanup_dtr(<span class="keywordtype">void</span>)
+00130 {
+00131 <a class="code" href="group__io.html#ga8">_stp_netlink_close</a>();
+00132
+00133 }
+00134
+00135 module_init(init_dtr);
+00136 module_exit(cleanup_dtr);
+00137 MODULE_LICENSE(<span class="stringliteral">"GPL"</span>);
+00138
</pre></div></body></html>
generated by cgit (git 2.34.1) at 2025-07-31 21:46:51 +0000