From d2f4d7286629da6e9f1b844beefb141a4d3ef2c3 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 10 Dec 2008 20:39:45 +0100 Subject: PR6866: First pass at translating addresses to symbol names through vma. --- tapset/ChangeLog | 7 +++++++ tapset/context-symbols.stp | 8 ++++++++ tapset/context-unwind.stp | 3 ++- 3 files changed, 17 insertions(+), 1 deletion(-) (limited to 'tapset') diff --git a/tapset/ChangeLog b/tapset/ChangeLog index 626ad67b..30634bcc 100644 --- a/tapset/ChangeLog +++ b/tapset/ChangeLog @@ -1,3 +1,10 @@ +2008-12-10 Mark Wielaard + + * context-symbols.stp: Define STP_NEED_TASK_FINDER_VMA. + (symbolname): New function. + * context-unwind.stp (caller): Pass current task to + _stp_symbol_snprint. + 2008-12-09 Frank Ch. Eigler PR 6961. diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index 79645f4f..fbb51767 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -11,6 +11,9 @@ #ifndef STP_NEED_SYMBOL_DATA #define STP_NEED_SYMBOL_DATA 1 #endif +#ifndef STP_NEED_TASK_FINDER_VMA +#define STP_NEED_TASK_FINDER_VMA 1 +#endif %} /** @@ -93,3 +96,8 @@ function probemod:string () %{ /* pure */ THIS->__retvalue[0] = '\0'; } %} + +function symbolname:string (addr:long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current); +%} diff --git a/tapset/context-unwind.stp b/tapset/context-unwind.stp index 4c5ed34b..59d111ee 100644 --- a/tapset/context-unwind.stp +++ b/tapset/context-unwind.stp @@ -51,7 +51,8 @@ function backtrace:string () %{ /* pure */ function caller:string() %{ /* pure */ if (CONTEXT->pi) _stp_symbol_snprint( THIS->__retvalue, MAXSTRINGLEN, - (unsigned long)_stp_ret_addr_r(CONTEXT->pi)); + (unsigned long)_stp_ret_addr_r(CONTEXT->pi), + current); else strlcpy(THIS->__retvalue,"unknown",MAXSTRINGLEN); %} -- cgit From 3a5153c5590a89d6c0b70fc2c13554190b8c3be8 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Mon, 15 Dec 2008 18:04:36 +0100 Subject: context-symbols.stp (probefunc): Call _stp_symbol_snprint with current task. --- tapset/ChangeLog | 5 +++++ tapset/context-symbols.stp | 5 +---- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'tapset') diff --git a/tapset/ChangeLog b/tapset/ChangeLog index 30634bcc..d1d2064c 100644 --- a/tapset/ChangeLog +++ b/tapset/ChangeLog @@ -1,3 +1,8 @@ +2008-12-15 Mark Wielaard + + * context-symbols.stp (probefunc): Call _stp_symbol_snprint with + current task. + 2008-12-10 Mark Wielaard * context-symbols.stp: Define STP_NEED_TASK_FINDER_VMA. diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index fbb51767..bd9a93b9 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -11,9 +11,6 @@ #ifndef STP_NEED_SYMBOL_DATA #define STP_NEED_SYMBOL_DATA 1 #endif -#ifndef STP_NEED_TASK_FINDER_VMA -#define STP_NEED_TASK_FINDER_VMA 1 -#endif %} /** @@ -66,7 +63,7 @@ function probefunc:string () %{ /* pure */ #else ((unsigned long)REG_IP(CONTEXT->regs) >= (unsigned long)PAGE_OFFSET)) { #endif - _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs)); + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs), current); if (THIS->__retvalue[0] == '.') /* powerpc symbol has a dot*/ strlcpy(THIS->__retvalue,THIS->__retvalue + 1,MAXSTRINGLEN); } else { -- cgit From ae65abfb3d6c807f63adb11c060b1ca56b779c02 Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Wed, 1 Apr 2009 17:20:05 -0400 Subject: PR10020 sys_sigaltstack param change The new code uses a %( kernel_v < "2.6.29" %) conditional to look at the passed pt_regs instead of named *bx parameters. A more general solution will be needed at some point. --- tapset/i686/syscalls.stp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tapset') diff --git a/tapset/i686/syscalls.stp b/tapset/i686/syscalls.stp index 8e69f622..2a89c19d 100644 --- a/tapset/i686/syscalls.stp +++ b/tapset/i686/syscalls.stp @@ -119,7 +119,7 @@ probe syscall.set_zone_reclaim.return = # probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { name = "sigaltstack" - ussp = %( kernel_vr < "2.6.25" %? $ebx %: $bx %) + ussp = %( kernel_vr < "2.6.25" %? $ebx %: %( kernel_vr < "2.6.29" %? $bx %: $regs->bx %) %) argstr = sprintf("%p", ussp) } probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { -- cgit From b2b336288ce9e92a21efe7dcd314f604bc97be29 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Thu, 2 Apr 2009 18:42:38 +0200 Subject: PR6580: Implement symname, symdata and modname context functions. This adds a couple of the suggested context/stack revamp functions from PR6580. In particular it replaces the symbolname() function that sneaked in with the pr6866 branch merge with the suggested symname(). * runtime/sym.c (_stp_mod_sec_lookup): Make section optional. (_stp_symbol_snprint): Provide a way to get optional module info. * tapset/context-symbols.stp: Replace symbolname() with symname(), add modname() and symdata(). (probemod): Implement pc based fallback. * tapset/context-unwind.stp (caller): Adjust for _stp_symbol_snprint change. * testsuite/systemtap.context/usymbols.exp: Use new symname. * testsuite/buildok/modname.stp: New test. * testsuite/buildok/symdata.stp: Likewise. * testsuite/buildok/symname.stp: Likewise. --- tapset/context-symbols.stp | 60 ++++++++++++++++++++++++++++++++++++++++------ tapset/context-unwind.stp | 2 +- 2 files changed, 54 insertions(+), 8 deletions(-) (limited to 'tapset') diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index 4c200aa8..66d9fea2 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -66,7 +66,7 @@ function probefunc:string () %{ /* pure */ #else ((unsigned long)REG_IP(CONTEXT->regs) >= (unsigned long)PAGE_OFFSET)) { #endif - _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs), current); + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs), current, 0); if (THIS->__retvalue[0] == '.') /* powerpc symbol has a dot*/ strlcpy(THIS->__retvalue,THIS->__retvalue + 1,MAXSTRINGLEN); } else { @@ -89,13 +89,59 @@ function probemod:string () %{ /* pure */ while (*ptr != '"' && --len && *ptr) *dst++ = *ptr++; *dst = 0; - } else { - /* XXX: need a PC- and symbol-table-based fallback. */ - THIS->__retvalue[0] = '\0'; - } + } else if (CONTEXT->regs) { + struct _stp_module *m; + m = _stp_mod_sec_lookup (REG_IP(CONTEXT->regs), current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "", MAXSTRINGLEN); + } else + strlcpy (THIS->__retvalue, "", MAXSTRINGLEN); %} -function symbolname:string (addr:long) %{ /* pure */ +/** + * sfunction modname - Return the kernel module name loaded at the address. + * @addr: The address. + * + * Description: Returns the module name associated with the given + * address if known. If not known it will return the string "". + * If the address was not in a kernel module, but in the kernel itself, + * then the string "kernel" will be returned. + */ +function modname:string (addr: long) %{ /* pure */ + struct _stp_module *m; + m = _stp_mod_sec_lookup (THIS->addr, current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "", MAXSTRINGLEN); +%} + +/** + * sfunction symname - Return the symbol associated with the given address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function symname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 0); +%} + +/** + * sfunction symdata - Return the symbol and module offset for the address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known, plus the module name (between brackets) and + * the offset inside the module, plus the size of the symbol function. + * If any element is not known it will be ommitted and if the symbol name + * is unknown it will return the hex string for the given address. + */ +function symdata:string (addr: long) %{ /* pure */ _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, - current); + current, 1); %} diff --git a/tapset/context-unwind.stp b/tapset/context-unwind.stp index a976f8b6..b3d19e29 100644 --- a/tapset/context-unwind.stp +++ b/tapset/context-unwind.stp @@ -57,7 +57,7 @@ function caller:string() %{ /* pure */ if (CONTEXT->pi) _stp_symbol_snprint( THIS->__retvalue, MAXSTRINGLEN, (unsigned long)_stp_ret_addr_r(CONTEXT->pi), - current); + current, 0); else strlcpy(THIS->__retvalue,"unknown",MAXSTRINGLEN); %} -- cgit From 08dc41a50c508544bc18d384a65a137056a98195 Mon Sep 17 00:00:00 2001 From: Eugene Teo Date: Fri, 3 Apr 2009 23:18:14 +0800 Subject: Improvements to errno tapset This adds an errno_p() function that will return an absolute errno if it is valid, or zero if it is not. It also simplifies the if statement in the errno_str() function. --- tapset/errno.stp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'tapset') diff --git a/tapset/errno.stp b/tapset/errno.stp index eda9bff1..011ff7e2 100644 --- a/tapset/errno.stp +++ b/tapset/errno.stp @@ -345,12 +345,20 @@ static const int Maxerrno = sizeof(errlist)/sizeof(char *); function errno_str:string (err:long) %{ /* pure */ long e = THIS->err; - if (e < 0 && e > -Maxerrno && errlist[-e]) - strlcpy (THIS->__retvalue, errlist[-e], MAXSTRINGLEN); - else if (e > 0 && e < Maxerrno && errlist[e]) + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) strlcpy (THIS->__retvalue, errlist[e], MAXSTRINGLEN); %} +function errno_p:long (err:long) %{ /* pure */ + long e = THIS->err; + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) + THIS->__retvalue = e; + else + THIS->__retvalue = 0; +%} + %{ static long _stp_returnval(struct pt_regs *regs) { if (regs) { -- cgit From 8e6c3aa3d61109b0276e96cdbc9ffdde60a5ac0a Mon Sep 17 00:00:00 2001 From: Eugene Teo Date: Fri, 3 Apr 2009 23:46:43 +0800 Subject: New ANSI escape sequences tapset This adds a new tapset for ANSI escape sequences. It is based on an existing tapset that was written by Masami Hiramatsu for the stapgames project. This also adds a version of ansi_color.stp script that displays other attributes other than the bold effect. --- tapset/ansi.stp | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 tapset/ansi.stp (limited to 'tapset') diff --git a/tapset/ansi.stp b/tapset/ansi.stp new file mode 100644 index 00000000..0152fb37 --- /dev/null +++ b/tapset/ansi.stp @@ -0,0 +1,70 @@ +# ANSI escape sequences tapset +# Copyright (C) 2009 Red Hat, Inc., Eugene Teo +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# Based on some previous work done by Masami Hiramatsu for stapgames. +# Reference: http://en.wikipedia.org/wiki/ANSI_escape_code +# + +function ansi_clear_screen() { + print("\033[1;1H\033[J") +} + +# Foreground colors | Background colors +# Black 30 | Black 40 +# Blue 34 | Red 41 +# Green 32 | Green 42 +# Cyan 36 | Yellow 43 +# Red 31 | Blue 44 +# Purple 35 | Magenta 45 +# Brown 33 | Cyan 46 +# Light Gray 37 | White 47 +function ansi_set_color(fg:long) { + printf("\033[%dm", fg) +} + +function ansi_set_color2(fg:long, bg:long) { + printf("\033[%d;%dm", bg, fg) +} + +# All attributes off 0 +# Intensity: Bold 1 +# Underline: Single 4 +# Blink: Slow 5 +# Blink: Rapid 6 +# Image: Negative 7 +function ansi_set_color3(fg:long, bg:long, attr:long) { + attr_str = attr ? sprintf(";%dm", attr) : "m" + printf("\033[%d;%d%s", bg, fg, attr_str) +} + +function ansi_reset_color() { + ansi_set_color3(0, 0, 0) +} + +function ansi_new_line() { + printf("\12") +} + +function ansi_cursor_move(x:long, y:long) { + printf("\033[%d;%dH", y, x) +} + +function ansi_cursor_hide() { + print("\033[>5I") +} + +function ansi_cursor_save() { + print("\033[s") +} + +function ansi_cursor_restore() { + print("\033[u") +} + +function ansi_cursor_show() { + print("\033[>5h") +} -- cgit From fc204b30292a3a5f1aa602171dc44d937cb2c20f Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Tue, 7 Apr 2009 12:25:53 +0200 Subject: Create usymname and usymdata variant that trigger STP_NEED_VMA_TRACKER. * tapset/context-symbols.stp (syname, symdata): Pass NULL for kernel address. * tapset/ucontext-symbols.stp: New file defining usymname and usymdata. * testsuite/systemtap.context/usymbols.exp: Use usymname, remove STP_NEED_VMA_TRACKER hack. * testsuite/buildok/usymdata.stp: New test. * testsuite/buildok/usymname.stp: Likewise. --- tapset/context-symbols.stp | 4 ++-- tapset/ucontext-symbols.stp | 52 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 tapset/ucontext-symbols.stp (limited to 'tapset') diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index 66d9fea2..783f1b7b 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -128,7 +128,7 @@ function modname:string (addr: long) %{ /* pure */ */ function symname:string (addr: long) %{ /* pure */ _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, - current, 0); + NULL, 0); %} /** @@ -143,5 +143,5 @@ function symname:string (addr: long) %{ /* pure */ */ function symdata:string (addr: long) %{ /* pure */ _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, - current, 1); + NULL, 1); %} diff --git a/tapset/ucontext-symbols.stp b/tapset/ucontext-symbols.stp new file mode 100644 index 00000000..3813a8bf --- /dev/null +++ b/tapset/ucontext-symbols.stp @@ -0,0 +1,52 @@ +// User context symbols tapset +// Copyright (C) 2009 Red Hat Inc. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +// +// User context symbol functions provide additional information about +// addresses from an application. These functions can provide +// information about the user space map (library) that the event occured or +// the function symbol of an address. +// + +%{ +#ifndef STP_NEED_SYMBOL_DATA +#define STP_NEED_SYMBOL_DATA 1 +#endif +#ifndef STP_NEED_VMA_TRACKER +#define STP_NEED_VMA_TRACKER 1 +#endif +%} + +/** + * sfunction usymname - Return the symbol of an address in the current task. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function usymname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 0); +%} + +/** + * sfunction usymdata - Return the symbol and module offset of an address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address in the current task if known, plus the module name + * (between brackets) and the offset inside the module (shared library), + * plus the size of the symbol function. If any element is not known it + * will be ommitted and if the symbol name is unknown it will return the + * hex string for the given address. + */ +function usymdata:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 1); +%} -- cgit From 48cde708db9e1662047def94c2dfd7ffe28aa765 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 8 Apr 2009 10:59:27 +0200 Subject: Add uaddr() context tapset function. * tapset/context.stp (uaddr): New sfunction. * testsuite/buildok/uaddr.stp: New test. --- tapset/context.stp | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'tapset') diff --git a/tapset/context.stp b/tapset/context.stp index 9f4be0e6..36d68c8d 100644 --- a/tapset/context.stp +++ b/tapset/context.stp @@ -11,6 +11,11 @@ //provide information such as a backtrace to where the event occured and the current register values for the //processor. // + +%{ +#include +%} + /** * sfunction print_regs - Print a register dump. */ @@ -227,3 +232,23 @@ function stack_unused:long () %{ /* pure */ THIS->__retvalue = (long)&a & (THREAD_SIZE-1); %} +/** + * sfunction uaddr - User space address of current running task. + * + * Description: Returns the address in userspace that the current + * task was at when the probe occured. When the current running task + * isn't a user space thread, or the address cannot be found, zero + * is returned. + */ +function uaddr:long () %{ /* pure */ + int64_t addr = 0; + if (current->mm) + { + struct pt_regs *uregs; + uregs = task_pt_regs(current); + if (uregs) + addr = (int64_t) REG_IP(uregs); + } + THIS->__retvalue = addr; +%} + -- cgit From d5cd287f7860df8752f93de93fcd1cc68884d56b Mon Sep 17 00:00:00 2001 From: David Smith Date: Thu, 9 Apr 2009 12:06:05 -0500 Subject: Uses when available. 2009-04-09 David Smith * buildrun.cxx (compile_pass): Compile autoconf test for . * runtime/autoconf-asm-syscall.c: New "autoconf" test the presence of . * runtime/syscall.h: If exists, use it. Otherwise, use our private copy of the functions for each architecture. (syscall_get_nr): Renamed from __stp_user_syscall_nr(). (syscall_get_return_value): Renamed from __stp_user_syscall_return_value(). (syscall_get_arguments): Renamed from __stp_user_syscall_arg(). * runtime/task_finder.c (__stp_utrace_task_finder_target_syscall_exit): Uses new syscall.h functions. * tapset/utrace.stp: Ditto. --- tapset/utrace.stp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'tapset') diff --git a/tapset/utrace.stp b/tapset/utrace.stp index 34cb32c5..00f427e6 100644 --- a/tapset/utrace.stp +++ b/tapset/utrace.stp @@ -6,13 +6,15 @@ %} function _utrace_syscall_nr:long () %{ - THIS->__retvalue = __stp_user_syscall_nr(CONTEXT->regs); /* pure */ + THIS->__retvalue = syscall_get_nr(current, CONTEXT->regs); /* pure */ %} function _utrace_syscall_arg:long (n:long) %{ - THIS->__retvalue = *__stp_user_syscall_arg(current, CONTEXT->regs, (int)THIS->n); /* pure */ + unsigned long arg = 0; /* pure */ + syscall_get_arguments(current, CONTEXT->regs, (int)THIS->n, 1, &arg); + THIS->__retvalue = arg; %} function _utrace_syscall_return:long () %{ - THIS->__retvalue = *__stp_user_syscall_return_value(current, CONTEXT->regs); /* pure */ + THIS->__retvalue = syscall_get_return_value(current, CONTEXT->regs); /* pure */ %} -- cgit From 5e868ddd8263d2f7b61a702891252cc2bacb1c07 Mon Sep 17 00:00:00 2001 From: Andre Detsch Date: Tue, 14 Apr 2009 14:23:59 -0300 Subject: Add new TCP and IP functions This patch adds some basic functions to the IP and TCP tapsets. Mainly, it's possible to get the iphdr and tcphdr from a sk_buff structure. As a consequence, a TCP probe called tcp.receive() was created and is probed every time a TCP packet is received, and a lot of useful fields is available, as the TCP flags. Also a small example that works like tcpdump for received TCP packets was created. This patch was tested on x86 and ppc machines, on 2.6.18 kernel and also on mainline one. Signed-off-by: Breno Leitao Signed-off-by: Andre Detsch Signed-off-by: Josh Stone --- tapset/ip.stp | 46 ++++++++++++++++++++++++++++ tapset/tcp.stp | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+) (limited to 'tapset') diff --git a/tapset/ip.stp b/tapset/ip.stp index 1e2e263c..299d88d2 100644 --- a/tapset/ip.stp +++ b/tapset/ip.stp @@ -7,6 +7,10 @@ // // Based on previous work done by Arnaldo Carvalho de Melo +%{ +#include +%} + /** * sfunction ip_ntop - returns a string representation from an integer IP number * @addr: the ip represented as an integer @@ -30,3 +34,45 @@ function __ip_sock_daddr:long (sock:long) { return @cast(sock, "inet_sock")->daddr } + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} diff --git a/tapset/tcp.stp b/tapset/tcp.stp index bb96b0cb..2c5dce7e 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -15,6 +15,7 @@ #include #include #include +#include %} // Get retransmission timeout in usecs. RTO is initialized from default @@ -78,6 +79,70 @@ function __tcp_sock_dport:long (sock:long){ return @cast(sock, "inet_sock")->dport } +/* returns the TCP header for recent (<2.6.21) kernel */ +function __get_skb_tcphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_transport_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header))); + #else + THIS->__retvalue = (long)kread(&(skb->transport_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* returns the TCP header for a given sk_buff structure */ +function __get_skb_tcphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + tcphdr = @cast(skb, "sk_buff")->h->raw + return tcphdr +%: + return __get_skb_tcphdr_new(skb) +%) +} + +/* returns TCP URG flag for a given sk_buff structure */ +function __tcp_skb_urg:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->urg +} + +/* returns TCP ACK flag for a given sk_buff structure */ +function __tcp_skb_ack:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->ack +} + +/* returns TCP PSH flag for a given sk_buff structure */ +function __tcp_skb_psh:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->psh +} + +/* returns TCP RST flag for a given sk_buff structure */ +function __tcp_skb_rst:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->rst +} + +/* returns TCP SYN flag for a given sk_buff structure */ +function __tcp_skb_syn:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->syn +} + +/* returns TCP FIN flag for a given sk_buff structure */ +function __tcp_skb_fin:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->fin +} + +/* returns TCP source port for a given sk_buff structure */ +function __tcp_skb_sport:long (tcphdr){ + return ntohs(@cast(tcphdr, "tcphdr")->source) +} + +/* returns TCP destination port for a given sk_buff structure */ +function __tcp_skb_dport:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->dest +} + /* return the TCP source port for a given sock */ function __tcp_sock_sport:long (sock:long){ return @cast(sock, "inet_sock")->sport @@ -300,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return { ret = $return } +/** + * probe tcp.receive - Called when a TCP packet is received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port + * @urg: TCP URG flag + * @ack: TCP ACK flag + * @psh: TCP PSH flag + * @rst: TCP RST flag + * @syn: TCP SYN flag + * @fin: TCP FIN flag + */ +probe tcp.receive = kernel.function("tcp_v4_rcv") { + iphdr = __get_skb_iphdr($skb) + saddr = ip_ntop(__ip_skb_saddr(iphdr)) + daddr = ip_ntop(__ip_skb_daddr(iphdr)) + protocol = __ip_skb_proto(iphdr) + + tcphdr = __get_skb_tcphdr($skb) + dport = __tcp_skb_dport(tcphdr) + sport = __tcp_skb_sport(tcphdr) + urg = __tcp_skb_urg(tcphdr) + ack = __tcp_skb_ack(tcphdr) + psh = __tcp_skb_psh(tcphdr) + rst = __tcp_skb_rst(tcphdr) + syn = __tcp_skb_syn(tcphdr) + fin = __tcp_skb_fin(tcphdr) +} -- cgit From 1f65cc4ffd1bd362b10d7f07d1cb9c4e7de68027 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 12:34:12 -0700 Subject: PR9953: split up the two process.* tapsets The overlapping process.* tapsets are now separated. Those probe points documented in stapprobes(3stap) remain the same. Those that were formerly in stapprobes.process(3stap) have been renamed to kprocess, to reflect their kernel perspective on processes. --- tapset/DEVGUIDE | 6 +-- tapset/kprocess.stp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tapset/process.stp | 115 ---------------------------------------------------- 3 files changed, 118 insertions(+), 118 deletions(-) create mode 100644 tapset/kprocess.stp delete mode 100644 tapset/process.stp (limited to 'tapset') diff --git a/tapset/DEVGUIDE b/tapset/DEVGUIDE index e6bc3fb8..693521a8 100644 --- a/tapset/DEVGUIDE +++ b/tapset/DEVGUIDE @@ -59,8 +59,8 @@ For example, process execs can occur in either the do_execve() or the compat_do_execve() functions. The following alias inserts probes at the beginning of those functions: -probe process.exec = kernel.function("do_execve"), - kernel.function("compat_do_execve") { +probe kprocess.exec = kernel.function("do_execve"), + kernel.function("compat_do_execve") { < probe body > } @@ -87,7 +87,7 @@ process is retrieved by calling task_pid() and passing it the task_struct pointer. In this case, the auxiliary function is an embedded C function that's defined in the task tapset (task.stp). -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) } diff --git a/tapset/kprocess.stp b/tapset/kprocess.stp new file mode 100644 index 00000000..316e03ce --- /dev/null +++ b/tapset/kprocess.stp @@ -0,0 +1,115 @@ +// kernel process tapset +// Copyright (C) 2006 Intel Corporation. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. +// +// This family of probe points is used to probe process-related activities. +// + +function _IS_ERR:long(ptr:long) %{ /* pure */ + THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); +%} + + +/** + * probe kprocess.create - Fires whenever a new process is successfully created + * @new_pid: The PID of the newly created process + * + * Context: + * Parent of the created process. + * + * Fires whenever a new process is successfully created, either as a result of + * fork (or one of its syscall variants), or a new kernel thread. + */ +probe kprocess.create = kernel.function("copy_process").return { + task = $return + if (_IS_ERR(task)) next + new_pid = task_pid(task) +} + + +/** + * probe kprocess.start - Starting new process + * + * Context: + * Newly created process. + * + * Fires immediately before a new process begins execution. + * + */ +probe kprocess.start = kernel.function("schedule_tail") { } + + +/** + * probe kprocess.exec - Attempt to exec to a new program + * @filename: The path to the new executable + * + * Context: + * The caller of exec. + * + * Fires whenever a process attempts to exec to a new program. + */ +probe kprocess.exec = + kernel.function("do_execve"), + kernel.function("compat_do_execve") ? +{ + filename = kernel_string($filename) +} + + +/** + * probe kprocess.exec_complete - Return from exec to a new program + * @errno: The error number resulting from the exec + * @success: A boolean indicating whether the exec was successful + * + * Context: + * On success, the context of the new executable. + * On failure, remains in the context of the caller. + * + * Fires at the completion of an exec call. + */ +probe kprocess.exec_complete = + kernel.function("do_execve").return, + kernel.function("compat_do_execve").return ? +{ + errno = $return + success = (errno >= 0) +} + + +/** + * probe kprocess.exit - Exit from process + * @code: The exit code of the process + * + * Context: + * The process which is terminating. + * + * Fires when a process terminates. This will always be followed by a + * kprocess.release, though the latter may be delayed if the process waits in a + * zombie state. + */ +probe kprocess.exit = kernel.function("do_exit") { + code = $code +} + + +/** + * probe kprocess.release - Process released + * @task: A task handle to the process being released + * @pid: PID of the process being released + * + * Context: + * The context of the parent, if it wanted notification of this process' + * termination, else the context of the process itself. + * + * Fires when a process is released from the kernel. This always follows a + * kprocess.exit, though it may be delayed somewhat if the process waits in a + * zombie state. + */ +probe kprocess.release = kernel.function("release_task") { + task = $p + pid = $p->pid; +} diff --git a/tapset/process.stp b/tapset/process.stp deleted file mode 100644 index e39f740a..00000000 --- a/tapset/process.stp +++ /dev/null @@ -1,115 +0,0 @@ -// process tapset -// Copyright (C) 2006 Intel Corporation. -// -// This file is part of systemtap, and is free software. You can -// redistribute it and/or modify it under the terms of the GNU General -// Public License (GPL); either version 2, or (at your option) any -// later version. -// -// This family of probe points is used to probe process-related activities. -// - -function _IS_ERR:long(ptr:long) %{ /* pure */ - THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); -%} - - -/** - * probe process.create - Fires whenever a new process is successfully created - * @new_pid: The PID of the newly created process - * - * Context: - * Parent of the created process. - * - * Fires whenever a new process is successfully created, either as a result of - * fork (or one of its syscall variants), or a new kernel thread. - */ -probe process.create = kernel.function("copy_process").return { - task = $return - if (_IS_ERR(task)) next - new_pid = task_pid(task) -} - - -/** - * probe process.start - Starting new process - * - * Context: - * Newly created process. - * - * Fires immediately before a new process begins execution. - * - */ -probe process.start = kernel.function("schedule_tail") { } - - -/** - * probe process.exec - Attempt to exec to a new program - * @filename: The path to the new executable - * - * Context: - * The caller of exec. - * - * Fires whenever a process attempts to exec to a new program. - */ -probe process.exec = - kernel.function("do_execve"), - kernel.function("compat_do_execve") ? -{ - filename = kernel_string($filename) -} - - -/** - * probe process.exec_complete - Return from exec to a new program - * @errno: The error number resulting from the exec - * @success: A boolean indicating whether the exec was successful - * - * Context: - * On success, the context of the new executable. - * On failure, remains in the context of the caller. - * - * Fires at the completion of an exec call. - */ -probe process.exec_complete = - kernel.function("do_execve").return, - kernel.function("compat_do_execve").return ? -{ - errno = $return - success = (errno >= 0) -} - - -/** - * probe process.exit - Exit from process - * @code: The exit code of the process - * - * Context: - * The process which is terminating. - * - * Fires when a process terminates. This will always be followed by a - * process.release, though the latter may be delayed if the process waits in a - * zombie state. - */ -probe process.exit = kernel.function("do_exit") { - code = $code -} - - -/** - * probe process.release - Process released - * @task: A task handle to the process being released - * @pid: PID of the process being released - * - * Context: - * The context of the parent, if it wanted notification of this process' - * termination, else the context of the process itself. - * - * Fires when a process is released from the kernel. This always follows a - * process.exit, though it may be delayed somewhat if the process waits in a - * zombie state. - */ -probe process.release = kernel.function("release_task") { - task = $p - pid = $p->pid; -} -- cgit