From 655ee2825121e149a9976e562946892efb20aea1 Mon Sep 17 00:00:00 2001 From: hunt Date: Thu, 7 Apr 2005 21:48:47 +0000 Subject: *** empty log message *** --- runtime/docs/html/shellsnoop_2dtr_8c-source.html | 194 ++++++++++++----------- 1 file changed, 103 insertions(+), 91 deletions(-) (limited to 'runtime/docs/html/shellsnoop_2dtr_8c-source.html') diff --git a/runtime/docs/html/shellsnoop_2dtr_8c-source.html b/runtime/docs/html/shellsnoop_2dtr_8c-source.html index 7391b8ce..bbc55f7e 100644 --- a/runtime/docs/html/shellsnoop_2dtr_8c-source.html +++ b/runtime/docs/html/shellsnoop_2dtr_8c-source.html @@ -4,91 +4,91 @@ -
Main Page | Modules | Data Structures | Directories | File List | Data Fields | Globals | Related Pages
+
Main Page | Modules | Directories | File List | Globals | Related Pages
probes / shellsnoop

dtr.c

00001 #define HASH_TABLE_BITS 8
 00002 #define HASH_TABLE_SIZE (1<<HASH_TABLE_BITS)
 00003 #define BUCKETS 16 /* largest histogram width */
 00004 
-00005 #include "runtime.h"
-00006 #include "io.c"
-00007 #include "map.c"
-00008 #include "copy.c"
-00009 #include "probes.c"
-00010 
-00011 MODULE_DESCRIPTION("SystemTap probe: shellsnoop");
-00012 MODULE_AUTHOR("Martin Hunt <hunt@redhat.com>");
-00013 
-00014 MAP pids, arglist ;
+00005 #define STP_NETLINK_ONLY
+00006 #define STP_NUM_STRINGS 1
+00007 
+00008 #include "runtime.h"
+00009 #include "map.c"
+00010 #include "copy.c"
+00011 #include "probes.c"
+00012 
+00013 MODULE_DESCRIPTION("SystemTap probe: shellsnoop");
+00014 MODULE_AUTHOR("Martin Hunt <hunt@redhat.com>");
 00015 
-00016 int inst_do_execve (char * filename, char __user *__user *argv, char __user *__user *envp, struct pt_regs * regs)
-00017 {
-00018   struct map_node_str *ptr;
-00019 
-00020   /* watch shells only */
-00021   /* FIXME: detect more shells, like csh, tcsh, zsh */
-00022   
-00023   if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh")
-00024       || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh"))
-00025     {
-00026       dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename);
-00027 
-00028       _stp_map_key_long (pids, current->pid);
-00029       _stp_map_set_int64 (pids, 1);
-00030       
-00031       _stp_list_clear (arglist);
-00032       _stp_copy_argv_from_user (arglist, argv);
-00033       foreach (arglist, ptr)
-00034         printk ("%s ", ptr->str);
-00035       printk ("\n");
-00036     }
-00037   jprobe_return();
-00038   return 0;
-00039 }
-00040 
-00041 struct file * inst_filp_open (const char * filename, int flags, int mode)
-00042 {
-00043   _stp_map_key_long (pids, current->pid);
-00044   if (_stp_map_get_int64 (pids))
-00045     dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename);
-00046   
-00047   jprobe_return();
-00048   return 0;
-00049 }
+00016 MAP pids, arglist ;
+00017 
+00018 int inst_do_execve (char * filename, char __user *__user *argv, char __user *__user *envp, struct pt_regs * regs)
+00019 {
+00020   struct map_node_str *ptr;
+00021 
+00022   /* watch shells only */
+00023   /* FIXME: detect more shells, like csh, tcsh, zsh */
+00024   
+00025   if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh")
+00026       || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh"))
+00027     {
+00028       _stp_printf ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename);
+00029 
+00030       _stp_map_key_long (pids, current->pid);
+00031       _stp_map_set_int64 (pids, 1);
+00032       
+00033       _stp_list_clear (arglist);
+00034       _stp_copy_argv_from_user (arglist, argv);
+00035       
+00036       foreach (arglist, ptr)
+00037         _stp_printf ("%s ", ptr->str);
+00038       
+00039       _stp_print_flush();
+00040     }
+00041   jprobe_return();
+00042   return 0;
+00043 }
+00044 
+00045 struct file * inst_filp_open (const char * filename, int flags, int mode)
+00046 {
+00047   _stp_map_key_long (pids, current->pid);
+00048   if (_stp_map_get_int64 (pids))
+00049     _stp_printf ("%d\t%d\t%s\tO %s", current->pid, current->parent->pid, current->comm, filename);
 00050 
-00051 asmlinkage ssize_t inst_sys_read (unsigned int fd, char __user * buf, size_t count)
-00052 {
-00053   _stp_map_key_long (pids, current->pid);
-00054   if (_stp_map_get_int64 (pids))
-00055     dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd);
-00056   
-00057   jprobe_return();
-00058   return 0;
-00059 }
-00060 
-00061 asmlinkage ssize_t inst_sys_write (unsigned int fd, const char __user * buf, size_t count)
-00062 {
-00063   size_t len;
-00064   char str[256];
-00065   _stp_map_key_long (pids, current->pid);
-00066   if (_stp_map_get_int64 (pids))
-00067     {
-00068       if (count < 64) 
-00069         len = count;
-00070       else 
-00071         len = 64;
-00072       len = _stp_strncpy_from_user(str, buf, len);
-00073       if (len < 0) len = 0;
-00074       str[len] = 0;
-00075       dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str);
+00051   _stp_print_flush();
+00052   jprobe_return();
+00053   return 0;
+00054 }
+00055 
+00056 asmlinkage ssize_t inst_sys_read (unsigned int fd, char __user * buf, size_t count)
+00057 {
+00058   _stp_map_key_long (pids, current->pid);
+00059   if (_stp_map_get_int64 (pids))
+00060     _stp_printf ("%d\t%d\t%s\tR %d", current->pid, current->parent->pid, current->comm, fd);
+00061   
+00062   _stp_print_flush();
+00063   jprobe_return();
+00064   return 0;
+00065 }
+00066 
+00067 asmlinkage ssize_t inst_sys_write (unsigned int fd, const char __user * buf, size_t count)
+00068 {
+00069   _stp_map_key_long (pids, current->pid);
+00070   if (_stp_map_get_int64 (pids))
+00071     {
+00072       String str = _stp_string_init (0);
+00073       _stp_string_from_user(str, buf, count);
+00074       _stp_printf ("%d\t%d\t%s\tW %s", current->pid, current->parent->pid, current->comm, str->buf);
+00075       _stp_print_flush();
 00076     }
 00077   
 00078   jprobe_return();
-00079   return 0;
+00079   return 0;
 00080 }
 00081 
-00082 static struct jprobe dtr_probes[] = {
+00082 static struct jprobe dtr_probes[] = {
 00083   {
 00084     .kp.addr = (kprobe_opcode_t *)"do_execve",
 00085     .entry = (kprobe_opcode_t *) inst_do_execve
@@ -104,7 +104,7 @@
 00095   {
 00096     .kp.addr = (kprobe_opcode_t *)"sys_write",
 00097     .entry = (kprobe_opcode_t *) inst_sys_write
-00098   },
+00098   }, 
 00099 };
 00100 
 00101 #define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe))
@@ -113,24 +113,36 @@
 00104 {
 00105   int ret;
 00106 
-00107   pids = _stp_map_new (10000, INT64);
-00108   arglist = _stp_list_new (10, STRING);
+00107   if (_stp_netlink_open() < 0)
+00108     return -1;
 00109 
-00110   ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE);
-00111 
-00112   dlog("instrumentation is enabled...\n");
-00113   return ret;
-00114 }
-00115 
-00116 static void cleanup_dtr(void)
-00117 {
-00118   _stp_unregister_jprobes (dtr_probes, MAX_DTR_ROUTINE);
-00119   _stp_map_del (pids);
-00120   dlog("EXIT\n");
-00121 }
+00110   pids = _stp_map_new (10000, INT64);
+00111   arglist = _stp_list_new (10, STRING);
+00112 
+00113   ret = _stp_register_jprobes (dtr_probes, MAX_DTR_ROUTINE);
+00114 
+00115   _stp_log("instrumentation is enabled... %s\n", __this_module.name);
+00116   return ret;
+00117 }
+00118 
+00119 static void probe_exit (void)
+00120 {
+00121   _stp_unregister_jprobes (dtr_probes, MAX_DTR_ROUTINE);
 00122 
-00123 module_init(init_dtr);
-00124 module_exit(cleanup_dtr);
-00125 MODULE_LICENSE("GPL");
-00126 
+00123   _stp_print ("In probe_exit now.");
+00124   _stp_map_del (pids);
+00125   _stp_print_flush();
+00126 }
+00127 
+00128 
+00129 static void cleanup_dtr(void)
+00130 {
+00131   _stp_netlink_close();
+00132 
+00133 }
+00134 
+00135 module_init(init_dtr);
+00136 module_exit(cleanup_dtr);
+00137 MODULE_LICENSE("GPL");
+00138
-- cgit