diff options
Diffstat (limited to 'runtime/docs/html/shellsnoop_2dtr_8c-source.html')
| -rw-r--r-- | runtime/docs/html/shellsnoop_2dtr_8c-source.html | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/runtime/docs/html/shellsnoop_2dtr_8c-source.html b/runtime/docs/html/shellsnoop_2dtr_8c-source.html new file mode 100644 index 00000000..7f6aa12c --- /dev/null +++ b/runtime/docs/html/shellsnoop_2dtr_8c-source.html @@ -0,0 +1,138 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> +<title>SystemTap: probes/shellsnoop/dtr.c Source File</title> +<link href="doxygen.css" rel="stylesheet" type="text/css"> +</head><body> +<!-- Generated by Doxygen 1.4.1 --> +<div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="annotated.html">Data Structures</a> | <a class="qindex" href="dirs.html">Directories</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="functions.html">Data Fields</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related Pages</a></div> +<div class="nav"> +<a class="el" href="dir_000000.html">probes</a> / <a class="el" href="dir_000001.html">shellsnoop</a></div> +<h1>dtr.c</h1><div class="fragment"><pre class="fragment">00001 <span class="preprocessor">#define HASH_TABLE_BITS 8</span> +00002 <span class="preprocessor"></span><span class="preprocessor">#define HASH_TABLE_SIZE (1<<HASH_TABLE_BITS)</span> +00003 <span class="preprocessor"></span><span class="preprocessor">#define BUCKETS 16 </span><span class="comment">/* largest histogram width */</span> +00004 +00005 <span class="preprocessor">#include "runtime.h"</span> +00006 <span class="preprocessor">#include "io.c"</span> +00007 <span class="preprocessor">#include "<a class="code" href="map_8c.html">map.c</a>"</span> +00008 <span class="preprocessor">#include "copy.c"</span> +00009 <span class="preprocessor">#include "probes.c"</span> +00010 +00011 MODULE_DESCRIPTION(<span class="stringliteral">"SystemTap probe: shellsnoop"</span>); +00012 MODULE_AUTHOR(<span class="stringliteral">"Martin Hunt <hunt@redhat.com>"</span>); +00013 +00014 <a class="code" href="structmap__root.html">MAP</a> pids, arglist ; +00015 +00016 <span class="keywordtype">int</span> inst_do_execve (<span class="keywordtype">char</span> * filename, <span class="keywordtype">char</span> __user *__user *argv, <span class="keywordtype">char</span> __user *__user *envp, <span class="keyword">struct</span> pt_regs * regs) +00017 { +00018 <span class="keyword">struct </span>map_node_str *ptr; +00019 +00020 <span class="comment">/* watch shells only */</span> +00021 <span class="comment">/* FIXME: detect more shells, like csh, tcsh, zsh */</span> +00022 +00023 <span class="keywordflow">if</span> (!strcmp(current->comm,<span class="stringliteral">"bash"</span>) || !strcmp(current->comm,<span class="stringliteral">"sh"</span>) || !strcmp(current->comm, <span class="stringliteral">"zsh"</span>) +00024 || !strcmp(current->comm, <span class="stringliteral">"tcsh"</span>) || !strcmp(current->comm, <span class="stringliteral">"pdksh"</span>)) +00025 { +00026 dlog (<span class="stringliteral">"%d\t%d\t%d\t%s "</span>, current->uid, current->pid, current->parent->pid, filename); +00027 +00028 <a class="code" href="map_8c.html#a14">_stp_map_key_long</a> (pids, current->pid); +00029 <a class="code" href="map_8c.html#a17">_stp_map_set_int64</a> (pids, 1); +00030 +00031 <a class="code" href="map_8c.html#a26">_stp_list_clear</a> (arglist); +00032 _stp_copy_argv_from_user (arglist, argv); +00033 <a class="code" href="map_8h.html#a8">foreach</a> (arglist, ptr) +00034 printk ("%s ", ptr->str); +00035 printk ("\n"); +00036 } +00037 jprobe_return(); +00038 return 0; +00039 } +00040 +00041 struct file * inst_filp_open (const <span class="keywordtype">char</span> * filename, <span class="keywordtype">int</span> flags, <span class="keywordtype">int</span> mode) +00042 { +00043 <a class="code" href="map_8c.html#a14">_stp_map_key_long</a> (pids, current->pid); +00044 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) +00045 dlog (<span class="stringliteral">"%d\t%d\t%s\tO %s\n"</span>, current->pid, current->parent->pid, current->comm, filename); +00046 +00047 jprobe_return(); +00048 <span class="keywordflow">return</span> 0; +00049 } +00050 +00051 asmlinkage ssize_t inst_sys_read (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keywordtype">char</span> __user * buf, size_t count) +00052 { +00053 <a class="code" href="map_8c.html#a14">_stp_map_key_long</a> (pids, current->pid); +00054 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) +00055 dlog (<span class="stringliteral">"%d\t%d\t%s\tR %d\n"</span>, current->pid, current->parent->pid, current->comm, fd); +00056 +00057 jprobe_return(); +00058 <span class="keywordflow">return</span> 0; +00059 } +00060 +00061 asmlinkage ssize_t inst_sys_write (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> fd, <span class="keyword">const</span> <span class="keywordtype">char</span> __user * buf, size_t count) +00062 { +00063 size_t len; +00064 <span class="keywordtype">char</span> str[256]; +00065 <a class="code" href="map_8c.html#a14">_stp_map_key_long</a> (pids, current->pid); +00066 <span class="keywordflow">if</span> (_stp_map_get_int64 (pids)) +00067 { +00068 <span class="keywordflow">if</span> (count < 64) +00069 len = count; +00070 else +00071 len = 64; +00072 len = _stp_strncpy_from_user(str, buf, len); +00073 if (len < 0) len = 0; +00074 str[len] = 0; +00075 dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str); +00076 } +00077 +00078 jprobe_return(); +00079 return 0; +00080 } +00081 +00082 static struct jprobe dtr_probes[] = { +00083 { +00084 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"do_execve"</span>, +00085 .entry = (kprobe_opcode_t *) inst_do_execve +00086 }, +00087 { +00088 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"filp_open"</span>, +00089 .entry = (kprobe_opcode_t *) inst_filp_open +00090 }, +00091 { +00092 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"sys_read"</span>, +00093 .entry = (kprobe_opcode_t *) inst_sys_read +00094 }, +00095 { +00096 .kp.addr = (kprobe_opcode_t *)<span class="stringliteral">"sys_write"</span>, +00097 .entry = (kprobe_opcode_t *) inst_sys_write +00098 }, +00099 }; +00100 +00101 <span class="preprocessor">#define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe))</span> +00102 <span class="preprocessor"></span> +00103 <span class="keyword">static</span> <span class="keywordtype">int</span> init_dtr(<span class="keywordtype">void</span>) +00104 { +00105 <span class="keywordtype">int</span> ret; +00106 +00107 pids = <a class="code" href="map_8c.html#a3">_stp_map_new</a> (10000, INT64); +00108 arglist = <a class="code" href="map_8c.html#a25">_stp_list_new</a> (10, STRING); +00109 +00110 ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE); +00111 +00112 dlog(<span class="stringliteral">"instrumentation is enabled...\n"</span>); +00113 <span class="keywordflow">return</span> ret; +00114 } +00115 +00116 <span class="keyword">static</span> <span class="keywordtype">void</span> cleanup_dtr(<span class="keywordtype">void</span>) +00117 { +00118 _stp_unregister_jprobes (dtr_probes, MAX_DTR_ROUTINE); +00119 <a class="code" href="map_8c.html#a8">_stp_map_del</a> (pids); +00120 dlog(<span class="stringliteral">"EXIT\n"</span>); +00121 } +00122 +00123 module_init(init_dtr); +00124 module_exit(cleanup_dtr); +00125 MODULE_LICENSE(<span class="stringliteral">"GPL"</span>); +00126 +</pre></div><hr size="1"><address style="align: right;"><small> +Generated on Tue Mar 22 00:32:02 2005 for SystemTap.</small></body> +</html> |