diff options
Diffstat (limited to 'testsuite/systemtap.examples/io')
| -rw-r--r-- | testsuite/systemtap.examples/io/ttyspy.meta | 6 | ||||
| -rwxr-xr-x | testsuite/systemtap.examples/io/ttyspy.stp | 46 |
2 files changed, 52 insertions, 0 deletions
diff --git a/testsuite/systemtap.examples/io/ttyspy.meta b/testsuite/systemtap.examples/io/ttyspy.meta new file mode 100644 index 00000000..e29add1b --- /dev/null +++ b/testsuite/systemtap.examples/io/ttyspy.meta @@ -0,0 +1,6 @@ +title: Monitor tty typing. +name: ttyspy.stp +keywords: io tty per-process monitor +description: The ttyspy.stp script uses tty_audit hooks to monitor recent typing activity on the system, printing a scrolling record of recent keystrokes, on a per-tty basis. +test_check: stap -gp4 ttyspy.stp +test_installcheck: stap --skip-badvars -g ttyspy.stp -c "sleep 7" diff --git a/testsuite/systemtap.examples/io/ttyspy.stp b/testsuite/systemtap.examples/io/ttyspy.stp new file mode 100755 index 00000000..c186e0e3 --- /dev/null +++ b/testsuite/systemtap.examples/io/ttyspy.stp @@ -0,0 +1,46 @@ +#! /usr/bin/stap -g +# May also need --skip-badvars + +global activity_time, activity_log + +/* Concatenate head and tail, to a max of @num chars, preferring to keep the tail + (as if it were a recent history buffer). */ +function strcattail:string(head:string,tail:string,num:long) %{ + unsigned taillen = strlen(THIS->tail); + unsigned headlen = strlen(THIS->head); + unsigned maxlen = THIS->num < MAXSTRINGLEN ? THIS->num : MAXSTRINGLEN; + unsigned headkeep = min(maxlen-taillen,headlen); + unsigned headdrop = headlen-headkeep; + + if (headkeep) + strlcpy (THIS->__retvalue, &THIS->head[headdrop], headkeep+1); /* includes \0 */ + strlcat (THIS->__retvalue, THIS->tail, maxlen); +%} + +probe kernel.function("tty_audit_add_data") { + major=$tty->driver->major; + minor=$tty->driver->minor_start + $tty->index; + pgrp=$tty->pgrp %( kernel_v > "2.6.24" %? ->numbers[0]->nr %: %); + data=kernel_string_n($data,$size); + uid=uid() + + activity_time[major,minor,pgrp,uid] = gettimeofday_s(); + activity_log[major,minor,pgrp,uid] + = strcattail(activity_log[major,minor,pgrp,uid],data,40); +} + +probe timer.s(3) { + ansi_clear_screen () + printf("(%3s,%2s,%5s,%5s)\n", "maj","min","pgrp","uid"); + foreach ([x,y,z,u] in activity_time-) { + printf("(%3d,%3d,%5d,%5d) %s\n", x,y,z,u, + text_str(activity_log[x,y,z,u])) + } + + /* delete last record, if older than 60 seconds */ + if (activity_time[x,y,z,u]+60 < gettimeofday_s()) { + delete activity_time[x,y,z,u] + delete activity_log[x,y,z,u] + } +} + |