From b7f6cfc54e1d6db1d9475ac9cbeeb8ac0b7dada0 Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Sat, 6 Jun 2009 12:29:51 -0400 Subject: ttyspy.stp: new sample script --- testsuite/systemtap.examples/index.html | 3 ++ testsuite/systemtap.examples/index.txt | 8 +++++ testsuite/systemtap.examples/io/ttyspy.meta | 6 ++++ testsuite/systemtap.examples/io/ttyspy.stp | 46 +++++++++++++++++++++++++ testsuite/systemtap.examples/keyword-index.html | 20 ++++++++++- testsuite/systemtap.examples/keyword-index.txt | 36 +++++++++++++++++++ 6 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 testsuite/systemtap.examples/io/ttyspy.meta create mode 100755 testsuite/systemtap.examples/io/ttyspy.stp (limited to 'testsuite/systemtap.examples') diff --git a/testsuite/systemtap.examples/index.html b/testsuite/systemtap.examples/index.html index e5673138..b2ed3a3a 100644 --- a/testsuite/systemtap.examples/index.html +++ b/testsuite/systemtap.examples/index.html @@ -82,6 +82,9 @@ keywords: IO
  • io/traceio2.stp - Watch I/O Activity on a Particular Device
    keywords: IO

    Print out the executable name and process number as reads and writes to the specified device occur.

    • +
  • io/ttyspy.stp - Monitor tty typing.
    +keywords: IO TTY PER-PROCESS MONITOR
    +

    The ttyspy.stp script uses tty_audit hooks to monitor recent typing activity on the system, printing a scrolling record of recent keystrokes, on a per-tty basis.

  • memory/kmalloc-top - Show Paths to Kernel Malloc (kmalloc) Invocations
    keywords: MEMORY

    The kmalloc-top perl program runs a small systemtap script to collect stack traces for each call to the kmalloc function and counts the time that each stack trace is observed. When kmalloc-top exits it prints out sorted list. The output can be be filtered to print only only the first stack traces (-t) stack traces with more a minimum counts (-m), or exclude certain stack traces (-e).

    • diff --git a/testsuite/systemtap.examples/index.txt b/testsuite/systemtap.examples/index.txt index 4eef904c..91fc66ae 100644 --- a/testsuite/systemtap.examples/index.txt +++ b/testsuite/systemtap.examples/index.txt @@ -129,6 +129,14 @@ keywords: io to the specified device occur. +io/ttyspy.stp - Monitor tty typing. +keywords: io tty per-process monitor + + The ttyspy.stp script uses tty_audit hooks to monitor recent typing + activity on the system, printing a scrolling record of recent + keystrokes, on a per-tty basis. + + memory/kmalloc-top - Show Paths to Kernel Malloc (kmalloc) Invocations keywords: memory diff --git a/testsuite/systemtap.examples/io/ttyspy.meta b/testsuite/systemtap.examples/io/ttyspy.meta new file mode 100644 index 00000000..e29add1b --- /dev/null +++ b/testsuite/systemtap.examples/io/ttyspy.meta @@ -0,0 +1,6 @@ +title: Monitor tty typing. +name: ttyspy.stp +keywords: io tty per-process monitor +description: The ttyspy.stp script uses tty_audit hooks to monitor recent typing activity on the system, printing a scrolling record of recent keystrokes, on a per-tty basis. +test_check: stap -gp4 ttyspy.stp +test_installcheck: stap --skip-badvars -g ttyspy.stp -c "sleep 7" diff --git a/testsuite/systemtap.examples/io/ttyspy.stp b/testsuite/systemtap.examples/io/ttyspy.stp new file mode 100755 index 00000000..c186e0e3 --- /dev/null +++ b/testsuite/systemtap.examples/io/ttyspy.stp @@ -0,0 +1,46 @@ +#! /usr/bin/stap -g +# May also need --skip-badvars + +global activity_time, activity_log + +/* Concatenate head and tail, to a max of @num chars, preferring to keep the tail + (as if it were a recent history buffer). */ +function strcattail:string(head:string,tail:string,num:long) %{ + unsigned taillen = strlen(THIS->tail); + unsigned headlen = strlen(THIS->head); + unsigned maxlen = THIS->num < MAXSTRINGLEN ? THIS->num : MAXSTRINGLEN; + unsigned headkeep = min(maxlen-taillen,headlen); + unsigned headdrop = headlen-headkeep; + + if (headkeep) + strlcpy (THIS->__retvalue, &THIS->head[headdrop], headkeep+1); /* includes \0 */ + strlcat (THIS->__retvalue, THIS->tail, maxlen); +%} + +probe kernel.function("tty_audit_add_data") { + major=$tty->driver->major; + minor=$tty->driver->minor_start + $tty->index; + pgrp=$tty->pgrp %( kernel_v > "2.6.24" %? ->numbers[0]->nr %: %); + data=kernel_string_n($data,$size); + uid=uid() + + activity_time[major,minor,pgrp,uid] = gettimeofday_s(); + activity_log[major,minor,pgrp,uid] + = strcattail(activity_log[major,minor,pgrp,uid],data,40); +} + +probe timer.s(3) { + ansi_clear_screen () + printf("(%3s,%2s,%5s,%5s)\n", "maj","min","pgrp","uid"); + foreach ([x,y,z,u] in activity_time-) { + printf("(%3d,%3d,%5d,%5d) %s\n", x,y,z,u, + text_str(activity_log[x,y,z,u])) + } + + /* delete last record, if older than 60 seconds */ + if (activity_time[x,y,z,u]+60 < gettimeofday_s()) { + delete activity_time[x,y,z,u] + delete activity_log[x,y,z,u] + } +} + diff --git a/testsuite/systemtap.examples/keyword-index.html b/testsuite/systemtap.examples/keyword-index.html index b7f52246..7306c164 100644 --- a/testsuite/systemtap.examples/keyword-index.html +++ b/testsuite/systemtap.examples/keyword-index.html @@ -39,7 +39,7 @@

    Examples by Keyword

    -

    BACKTRACE BUFFER CALLGRAPH CPU DISK FORMAT FREE FUNCTIONS FUTEX GRAPH INTERRUPT IO LOCKING MEMORY NETWORK PER-PROCESS PROCESS PROFILING READ SCHEDULER SIGNALS SIMPLE SLEEP SOCKET SYSCALL TCP TIME TRACE TRACEPOINT TRAFFIC USE WAIT4 WRITE

    +

    BACKTRACE BUFFER CALLGRAPH CPU DISK FORMAT FREE FUNCTIONS FUTEX GRAPH INTERRUPT IO LOCKING MEMORY MONITOR NETWORK PER-PROCESS PROCESS PROFILING READ SCHEDULER SIGNALS SIMPLE SLEEP SOCKET SYSCALL TCP TIME TRACE TRACEPOINT TRAFFIC TTY USE WAIT4 WRITE

    BACKTRACE

    +

    MONITOR

    +

    NETWORK