From ef30b199413f3316ee82091444bc3e32ba615144 Mon Sep 17 00:00:00 2001 From: guanglei Date: Thu, 9 Nov 2006 12:19:22 +0000 Subject: add options for lket-b2a to control the output data fields of lket.out. make fork/execce trace hooks lket internally and turned on by default. add stoptrace_fork and stoptrace_execve flags for lket to control stopping fork/execve in user scripts. update lket-b2a and lket man page. --- tapset/LKET/Changelog | 7 +++++++ tapset/LKET/hookid_defs.stp | 1 + tapset/LKET/process.stp | 25 ++++++++++++++++--------- 3 files changed, 24 insertions(+), 9 deletions(-) (limited to 'tapset') diff --git a/tapset/LKET/Changelog b/tapset/LKET/Changelog index cbdc3fc7..89e18e48 100644 --- a/tapset/LKET/Changelog +++ b/tapset/LKET/Changelog @@ -1,3 +1,10 @@ +2006-11-09 Li Guanglei + + * process.stp: make fork/execce trace hooks + lket internally and turned on by default. + add stoptrace_fork and stoptrace_execve flags to + control stopping fork/execve in user scripts + 2006-10-31 Li Guanglei * register_event.stp: changes of all event_desc diff --git a/tapset/LKET/hookid_defs.stp b/tapset/LKET/hookid_defs.stp index 1097dfb3..07c43ea7 100755 --- a/tapset/LKET/hookid_defs.stp +++ b/tapset/LKET/hookid_defs.stp @@ -13,6 +13,7 @@ global GROUP_PROCESS, HOOKID_PROCESS_SNAPSHOT, HOOKID_PROCESS_FORK, HOOKID_PROCESS_EXECVE, + stoptrace_exec, stoptrace_fork, /* io scheduler */ GROUP_IOSCHED, diff --git a/tapset/LKET/process.stp b/tapset/LKET/process.stp index be46c4e7..b30dacec 100755 --- a/tapset/LKET/process.stp +++ b/tapset/LKET/process.stp @@ -5,6 +5,9 @@ // Public License (GPL); either version 2, or (at your option) any // later version. +/* the trace hooks defined here are used by lket internally and they + will be turned on by default */ + /* record the newly created process name */ function log_execve_tracedata(var_id:long, var:long) %{ @@ -56,35 +59,39 @@ function process_snapshot() } %} -probe addevent.process - = addevent.process.execve, - addevent.process.fork +probe lket_internal.process { } + +probe lket_internal.process + = lket_internal.process.execve, + lket_internal.process.fork {} /* we should capture both do_execve for 64-bit app and compat_do_execve for 32-bit app */ -probe addevent.process.execve - += _addevent.process.execve +probe lket_internal.process.execve + += _lket_internal.process.execve { update_record() } -probe _addevent.process.execve +probe _lket_internal.process.execve = process.exec { + if(stoptrace_exec==1) next; log_execve_tracedata(HOOKID_PROCESS_EXECVE, $filename) } -probe addevent.process.fork - += _addevent.process.fork +probe lket_internal.process.fork + += _lket_internal.process.fork { update_record() } -probe _addevent.process.fork +probe _lket_internal.process.fork = process.create { + if(stoptrace_fork==1) next; log_fork_tracedata(HOOKID_PROCESS_FORK, $return) } -- cgit