diff options
Diffstat (limited to 'runtime/docs/html/shellsnoop_2dtr_8c-source.html')
-rw-r--r-- | runtime/docs/html/shellsnoop_2dtr_8c-source.html | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/runtime/docs/html/shellsnoop_2dtr_8c-source.html b/runtime/docs/html/shellsnoop_2dtr_8c-source.html deleted file mode 100644 index bbc55f7e..00000000 --- a/runtime/docs/html/shellsnoop_2dtr_8c-source.html +++ /dev/null @@ -1,148 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> -<title>SystemTap: probes/shellsnoop/dtr.c Source File</title> -<link href="doxygen.css" rel="stylesheet" type="text/css"> -</head><body> -<!-- Generated by Doxygen 1.4.1 --> -<div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="modules.html">Modules</a> | <a class="qindex" href="dirs.html">Directories</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related Pages</a></div> -<div class="nav"> -<a class="el" href="dir_000000.html">probes</a> / <a class="el" href="dir_000001.html">shellsnoop</a></div> -<h1>dtr.c</h1><div class="fragment"><pre class="fragment">00001 <span class="preprocessor">#define HASH_TABLE_BITS 8</span> -00002 <span class="preprocessor"></span><span class="preprocessor">#define HASH_TABLE_SIZE (1<<HASH_TABLE_BITS)</span> -00003 <span class="preprocessor"></span><span class="preprocessor">#define BUCKETS 16 </span><span class="comment">/* largest histogram width */</span> -00004 -00005 <span class="preprocessor">#define STP_NETLINK_ONLY</span> -00006 <span class="preprocessor"></span><span class="preprocessor">#define STP_NUM_STRINGS 1</span> -00007 <span class="preprocessor"></span> -00008 <span class="preprocessor">#include "<a class="code" href="runtime_8h.html">runtime.h</a>"</span> -00009 <span class="preprocessor">#include "<a class="code" href="map_8c.html">map.c</a>"</span> -00010 <span class="preprocessor">#include "<a class="code" href="copy_8c.html">copy.c</a>"</span> -00011 <span class="preprocessor">#include "<a class="code" href="probes_8c.html">probes.c</a>"</span> -00012 -00013 MODULE_DESCRIPTION(<span class="stringliteral">"SystemTap probe: shellsnoop"</span>); -00014 MODULE_AUTHOR(<span class="stringliteral">"Martin Hunt <hunt@redhat.com>"</span>); -00015 -00016 <a class="code" href="group__maps.html#ga1">MAP</a> pids, arglist ; -00017 -00018 <span class="keywordtype">int</span> inst_do_execve (<span class="keywordtype">char</span> * filename, <span class="keywordtype">char</span> __user *__user *argv, <span class="keywordtype">char</span> __user *__user *envp, <span class="keyword">struct</span> pt_regs * regs) -00019 { -00020 <span class="keyword">struct </span>map_node_str *ptr; -00021 -00022 <span class="comment">/* watch shells only */</span> -00023 <span class="comment">/* FIXME: detect more shells, like csh, tcsh, zsh */</span> -00024 -00025 <span class="keywordflow">if</span> (!strcmp(current->comm,<span class="stringliteral">"bash"</span>) || !strcmp(current->comm,<span class="stringliteral">"sh"</span>) || !strcmp(current->comm, <span class="stringliteral">"zsh"</span>) -00026 || !strcmp(current->comm, <span class="stringliteral">"tcsh"</span>) || !strcmp(current->comm, <span class="stringliteral">"pdksh"</span>)) -00027 { -00028 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%d\t%s "</span>, current->uid, current->pid, current->parent->pid, filename); -00029 -00030 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current->pid); -00031 <a class="code" href="group__maps.html#ga16">_stp_map_set_int64</a> (pids, 1); -00032 -00033 <a class="code" href="group__lists.html#ga1">_stp_list_clear</a> (arglist); -00034 <a class="code" href="group__copy.html#ga3">_stp_copy_argv_from_user</a> (arglist, argv); -00035 -00036 <a class="code" href="group__maps.html#ga32">foreach</a> (arglist, ptr) -00037 _stp_printf ("%s ", ptr->str); -00038 -00039 _stp_print_flush(); -00040 } -00041 jprobe_return(); -00042 return 0; -00043 } -00044 -00045 struct file * inst_filp_open (const <span class="keywordtype">char</span> * filename, <span class="keywordtype">int</span> flags, <span class="keywordtype">int</span> mode) -00046 { -00047 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current->pid); -00048 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) -00049 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tO %s"</span>, current->pid, current->parent->pid, current->comm, filename); -00050 -00051 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>(); -00052 jprobe_return(); -00053 <span class="keywordflow">return</span> 0; -00054 } -00055 -00056 asmlinkage ssize_t inst_sys_read (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keywordtype">char</span> __user * buf, size_t count) -00057 { -00058 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current->pid); -00059 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) -00060 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tR %d"</span>, current->pid, current->parent->pid, current->comm, fd); -00061 -00062 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>(); -00063 jprobe_return(); -00064 <span class="keywordflow">return</span> 0; -00065 } -00066 -00067 asmlinkage ssize_t inst_sys_write (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keyword">const</span> <span class="keywordtype">char</span> __user * buf, size_t count) -00068 { -00069 <a class="code" href="group__maps.html#ga13">_stp_map_key_long</a> (pids, current->pid); -00070 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) -00071 { -00072 String str = <a class="code" href="group__string.html#ga2">_stp_string_init</a> (0); -00073 <a class="code" href="group__copy.html#ga1">_stp_string_from_user</a>(str, buf, count); -00074 <a class="code" href="group__print.html#ga3">_stp_printf</a> (<span class="stringliteral">"%d\t%d\t%s\tW %s"</span>, current->pid, current->parent->pid, current->comm, str->buf); -00075 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>(); -00076 } -00077 -00078 jprobe_return(); -00079 <span class="keywordflow">return</span> 0; -00080 } -00081 -00082 <span class="keyword">static</span> <span class="keyword">struct </span>jprobe dtr_probes[] = { -00083 { -00084 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"do_execve"</span>, -00085 .entry = (kprobe_opcode_t *) inst_do_execve -00086 }, -00087 { -00088 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"filp_open"</span>, -00089 .entry = (kprobe_opcode_t *) inst_filp_open -00090 }, -00091 { -00092 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"sys_read"</span>, -00093 .entry = (kprobe_opcode_t *) inst_sys_read -00094 }, -00095 { -00096 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"sys_write"</span>, -00097 .entry = (kprobe_opcode_t *) inst_sys_write -00098 }, -00099 }; -00100 -00101 <span class="preprocessor">#define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe))</span> -00102 <span class="preprocessor"></span> -00103 <span class="keyword">static</span> <span class="keywordtype">int</span> init_dtr(<span class="keywordtype">void</span>) -00104 { -00105 <span class="keywordtype">int</span> ret; -00106 -00107 <span class="keywordflow">if</span> (<a class="code" href="group__io.html#ga7">_stp_netlink_open</a>() < 0) -00108 return -1; -00109 -00110 pids = _stp_map_new (10000, INT64); -00111 arglist = _stp_list_new (10, STRING); -00112 -00113 ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE); -00114 -00115 _stp_log("instrumentation is enabled... %s\n", __this_module.name); -00116 return ret; -00117 } -00118 -00119 static <span class="keywordtype">void</span> probe_exit (<span class="keywordtype">void</span>) -00120 { -00121 <a class="code" href="probes_8c.html#a2">_stp_unregister_jprobes</a> (dtr_probes, MAX_DTR_ROUTINE); -00122 -00123 <a class="code" href="group__print.html#ga11">_stp_print</a> (<span class="stringliteral">"In probe_exit now."</span>); -00124 <a class="code" href="group__maps.html#ga7">_stp_map_del</a> (pids); -00125 <a class="code" href="group__print.html#ga2">_stp_print_flush</a>(); -00126 } -00127 -00128 -00129 <span class="keyword">static</span> <span class="keywordtype">void</span> cleanup_dtr(<span class="keywordtype">void</span>) -00130 { -00131 <a class="code" href="group__io.html#ga8">_stp_netlink_close</a>(); -00132 -00133 } -00134 -00135 module_init(init_dtr); -00136 module_exit(cleanup_dtr); -00137 MODULE_LICENSE(<span class="stringliteral">"GPL"</span>); -00138 -</pre></div></body></html> |