// syscalls tapset // Copyright (C) 2005 IBM Corp. // Copyright (C) 2005 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. # time_____________________________________________ /* * asmlinkage long * sys_time(time_t __user * tloc) */ probe kernel.syscall.time = kernel.function("sys_time") { name = "time" t = __uget_num($tloc) } probe kernel.syscall.time.return = kernel.function("sys_time").return { name = "time.return" /* t = __uget_num($tloc) */ } # stime____________________________________________ /* * asmlinkage long * sys_stime(time_t __user *tptr) */ probe kernel.syscall.stime = kernel.function("sys_stime") { name = "stime" t = __uget_num($tptr) } probe kernel.syscall.stime.return = kernel.function("sys_stime").return { name = "stime.return" /* t = __uget_num($tptr) */ } # gettimeofday_____________________________________ /* * asmlinkage long * sys_gettimeofday(struct timeval __user *tv, * struct timezone __user *tz) */ probe kernel.syscall.gettimeofday = kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) } probe kernel.syscall.gettimeofday.return = kernel.function("sys_gettimeofday").return { name = "gettimeofday.return" /* tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) */ } # settimeofday_____________________________________ /* * asmlinkage long * sys_settimeofday(struct timeval __user *tv, * struct timezone __user *tz) */ probe kernel.syscall.settimeofday = kernel.function("sys_settimeofday") { name = "settimeofday" tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) } probe kernel.syscall.settimeofday.return = kernel.function("sys_settimeofday").return { name = "settimeofday.return" /* tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) */ } # adjtimex_________________________________________ /* * asmlinkage long * sys_adjtimex(struct timex __user *txc_p) */ probe kernel.syscall.adjtimex = kernel.function("sys_adjtimex") { name = "adjtimex" buf_modes = __uget_timex_m($txc_p,0) buf_modes_str = _adjtx_mode_str(buf_modes) buf_offset = __uget_timex_m($txc_p,1) buf_freq = __uget_timex_m($txc_p,2) buf_maxerror = __uget_timex_m($txc_p,3) buf_esterror = __uget_timex_m($txc_p,4) buf_status = __uget_timex_m($txc_p,5) buf_constant = __uget_timex_m($txc_p,6) buf_precision = __uget_timex_m($txc_p,7) buf_tolerance = __uget_timex_m($txc_p,8) buf_time_tv_sec = __uget_timex_m($txc_p,9) buf_time_tv_usec = __uget_timex_m($txc_p,10) buf_tick = __uget_timex_m($txc_p,11) } probe kernel.syscall.adjtimex.return = kernel.function("sys_adjtimex").return { name = "adjtimex.return" /* buf_modes = __uget_timex_m($txc_p,0) buf_modes_str = _adjtx_mode_str(buf_modes) buf_offset = __uget_timex_m($txc_p,1) buf_freq = __uget_timex_m($txc_p,2) buf_maxerror = __uget_timex_m($txc_p,3) buf_esterror = __uget_timex_m($txc_p,4) buf_status = __uget_timex_m($txc_p,5) buf_constant = __uget_timex_m($txc_p,6) buf_precision = __uget_timex_m($txc_p,7) buf_tolerance = __uget_timex_m($txc_p,8) buf_time_tv_sec = __uget_timex_m($txc_p,9) buf_time_tv_usec = __uget_timex_m($txc_p,10) buf_tick = __uget_timex_m($txc_p,11) TODO+++++++++++++++++++++++++++++++++++++++++ RETURN VALUE On success, adjtimex returns the clock state: #define TIME_OK 0 clock synchronized #define TIME_INS 1 insert leap second #define TIME_DEL 2 delete leap second #define TIME_OOP 3 leap second in progress #define TIME_WAIT 4 leap second has occurred #define TIME_BAD 5 clock not synchronized NOTE: Once $retval built-in is working it would be nice to export a symbolic name string corresponding to the return value. i.e. clockstate = get_clock_state($retval) */ } # times____________________________________________ /* * asmlinkage long * sys_times(struct tms __user * tbuf) */ probe kernel.syscall.times = kernel.function("sys_times") { name = "times" buf_tms_utime = __uget_tms_m($tbuf,0) buf_tms_stime = __uget_tms_m($tbuf,1) buf_tms_cutime = __uget_tms_m($tbuf,2) buf_tms_cstime = __uget_tms_m($tbuf,3) } probe kernel.syscall.times.return = kernel.function("sys_times").return { name = "times.return" /* buf_tms_utime = __uget_tms_m($tbuf,0) buf_tms_stime = __uget_tms_m($tbuf,1) buf_tms_cutime = __uget_tms_m($tbuf,2) buf_tms_cstime = __uget_tms_m($tbuf,3) */ } # gettid___________________________________________ /* * asmlinkage long * sys_gettid(void) */ probe kernel.syscall.gettid = kernel.function("sys_gettid") { name = "gettid" } probe kernel.syscall.gettid.return = kernel.function("sys_gettid").return { name = "gettid.return" } # nanosleep________________________________________ /* * asmlinkage long * sys_nanosleep(struct timespec __user *rqtp, * struct timespec __user *rmtp) */ probe kernel.syscall.nanosleep = kernel.function("sys_nanosleep") { name = "nanosleep" req_tv_sec = __uget_ts_m($rqtp,0) req_tv_nsec = __uget_ts_m($rqtp,1) rem_tv_sec = __uget_ts_m($rmtp,0) rem_tv_nsec = __uget_ts_m($rmtp,1) } probe kernel.syscall.nanosleep.return = kernel.function("sys_nanosleep").return { name = "nanosleep.return" /* req_tv_sec = __uget_ts_m($rqtp,0) req_tv_nsec = __uget_ts_m($rqtp,1) rem_tv_sec = __uget_ts_m($rmtp,0) rem_tv_nsec = __uget_ts_m($rmtp,1) */ } # alarm____________________________________________ /* * asmlinkage unsigned long * sys_alarm(unsigned int seconds) */ probe kernel.syscall.alarm = kernel.function("sys_alarm") { name = "alarm" seconds = $seconds } probe kernel.syscall.alarm.return = kernel.function("sys_alarm").return { name = "alarm.return" /* seconds = $seconds */ } # getpid___________________________________________ /* * asmlinkage long * sys_getpid(void) */ probe kernel.syscall.getpid = kernel.function("sys_getpid") { name = "getpid" } probe kernel.syscall.getpid.return = kernel.function("sys_getpid").return { name = "getpid.return" } # getppid__________________________________________ /* * asmlinkage long * sys_getppid(void) */ probe kernel.syscall.getppid = kernel.function("sys_getppid") { name = "getppid" } probe kernel.syscall.getppid.return = kernel.function("sys_getppid").return { name = "getppid.return" } # getuid___________________________________________ /* * asmlinkage long * sys_getuid(void) */ probe kernel.syscall.getuid = kernel.function("sys_getuid") { name = "getuid" } probe kernel.syscall.getuid.return = kernel.function("sys_getuid").return { name = "getuid.return" } # geteuid__________________________________________ /* * asmlinkage long * sys_geteuid(void) */ probe kernel.syscall.geteuid = kernel.function("sys_geteuid") { name = "geteuid" } probe kernel.syscall.geteuid.return = kernel.function("sys_geteuid").return { name = "geteuid.return" } # getgid___________________________________________ /* * asmlinkage long * sys_getgid(void) */ probe kernel.syscall.getgid = kernel.function("sys_gid") { name = "getgid" } probe kernel.syscall.getgid.return = kernel.function("sys_gid").return { name = "getgid.return" } # getegid__________________________________________ /* * asmlinkage long * sys_getegid(void) */ probe kernel.syscall.getegid = kernel.function("sys_getegid") { name = "getegid" } probe kernel.syscall.getegid.return = kernel.function("sys_getegid").return { name = "getegid.return" } # getresuid________________________________________ /* asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) */ probe kernel.syscall.getresuid = kernel.function("sys_getresuid") { name = "getresuid" } probe kernel.syscall.getresuid.return = kernel.function("sys_getresuid").return { name = "getresuid.return" /* ruid = $ruid euid = $euid suid = $suid */ } # getresgid________________________________________ /* asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) */ probe kernel.syscall.getresgid = kernel.function("sys_retresgid") { name = "getresgid" } probe kernel.syscall.getresgid.return = kernel.function("sys_retresgid").return { name = "getresgid.return" /* rgid = $rgid egid = $egid sgid = $sgid */ } # getpgid__________________________________________ /* asmlinkage long sys_getpid(void) */ probe kernel.syscall.getpgid = kernel.function("sys_getpgid") { name = "getpgid" } probe kernel.syscall.getpgid.return = kernel.function("sys_getpgid").return { name = "getpgid.return" } # getpgrp__________________________________________ /* asmlinkage long sys_getpgrp(void) */ probe kernel.syscall.getpgrp = kernel.function("sys_getpgrp") { name = "getpgrp" } probe kernel.syscall.getpgrp.return = kernel.function("sys_getpgrp").return { name = "getpgrp.return" } # getsid___________________________________________ /* asmlinkage long sys_getsid(pid_t pid) */ probe kernel.syscall.getsid = kernel.function("sys_getsid") { name = "getsid" pid = $pid } probe kernel.syscall.getsid.return = kernel.function("sys_getsid").return { name = "getsid.return" pid = $pid } # getgroups________________________________________ /* asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) */ probe kernel.syscall.getgroups = kernel.function("sys_getgroups") { name = "getgroups" } probe kernel.syscall.getgroups.return = kernel.function("sys_getgroups").return { name = "getgroups.return" /* SUMMARY int getgroups(int size, gid_t list[]); Up to size supplementary group IDs are returned in list. It is unspecified whether the effective group ID of the calling process is included in the returned list. (Thus, an application should also call getegid(2) and add or remove the resulting value.) If size is zero, list is not modified, but the total number of supplementary group IDs for the process is returned. Note: I do not think SystemTap has support for arrays, this may be able to be delegated to an embedded aux function.... */ } # setregid_________________________________________ /* asmlinkage long sys_setregid(gid_t rgid, gid_t egid) */ probe kernel.syscall.setregid = kernel.function("sys_setregid") { name = "setregid" rgid = $rgid egid = $egid } probe kernel.syscall.setregid.return = kernel.function("sys_setregid").return { name = "setregid.return" rgid = $rgid egid = $egid } # setgid___________________________________________ /* asmlinkage long sys_setgid(gid_t gid) */ probe kernel.syscall.setgid = kernel.function("sys_setgid") { name = "setgid" gid = $gid } probe kernel.syscall.setgid.return = kernel.function("sys_setgid").return { name = "setgid.return" gid = $gid } # setreuid_________________________________________ /* asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) */ probe kernel.syscall.setreuid = kernel.function("sys_setreuid") { name = "setreuid" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid.return = kernel.function("sys_setreuid").return { name = "setreuid.return" ruid = $ruid euid = $euid } # setuid___________________________________________ /* asmlinkage long sys_setuid(uid_t uid) */ probe kernel.syscall.setuid = kernel.function("sys_setuid") { name = "setuid" uid = $uid } probe kernel.syscall.setuid.return = kernel.function("sys_setuid").return { name = "setuid.return" uid = $uid } # setresuid________________________________________ /* asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) */ probe kernel.syscall.setresuid = kernel.function("sys_setresuid") { name = "setresuid" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid.return = kernel.function("sys_setresuid").return { name = "setresuid.return" ruid = $ruid euid = $euid suid = $suid } # setresgid________________________________________ /* asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) */ probe kernel.syscall.setresgid = kernel.function("sys_setresgid") { name = "setresgid" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid.return = kernel.function("sys_setresgid").return { name = "setresgid.return" rgid = $rgid egid = $egid sgid = $sgid } # setfsuid_________________________________________ /* asmlinkage long sys_setfsuid(uid_t uid) */ probe kernel.syscall.setfsuid = kernel.function("sys_setfsuid") { name = "setfsuid" fsuid = $uid } probe kernel.syscall.setfsuid.return = kernel.function("sys_setfsuid").return { name = "setfsuid.return" fsuid = $uid } # setfsgid_________________________________________ /* asmlinkage long sys_setfsgid(gid_t gid) */ probe kernel.syscall.setfsgid = kernel.function("sys_setfsgid") { name = "setfsgid" fsgid = $gid } probe kernel.syscall.setfsgid.return = kernel.function("sys_setfsgid").return { name = "setfsgid.return" fsgid = $gid } # setpgid__________________________________________ /* asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) */ probe kernel.syscall.setpgid = kernel.function("sys_setpgid") { name = "setpgid" pid = $pid pgid = $pgid } probe kernel.syscall.setpgid.return = kernel.function("sys_setpgid").return { name = "setpgid.return" pid = $pid pgid = $pgid } # setsid___________________________________________ /* asmlinkage long sys_setsid(void) */ probe kernel.syscall.setsid = kernel.function("sys_setsid") { name = "setsid" } probe kernel.syscall.setsid.return = kernel.function("sys_setsid").return { name = "setsid.return" } # setgroups________________________________________ /* asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist) */ probe kernel.syscall.setgroups = kernel.function("sys_setgroups") { name = "setgroups" /* SUMMARY (see getgroups for same issue) int setgroups(size_t size, const gid_t *list); Sets the supplementary group IDs for the process. Only the super-user may use this function. Note: I do not think SystemTap has support for arrays, this may be able to be delegated to an embedded aux function.... */ } probe kernel.syscall.setgroups.return = kernel.function("sys_setgroups").return { name = "setgroups.return" /* SUMMARY (see getgroups for same issue) int setgroups(size_t size, const gid_t *list); Sets the supplementary group IDs for the process. Only the super-user may use this function. Note: I do not think SystemTap has support for arrays, this may be able to be delegated to an embedded aux function.... */ } # acct_____________________________________________ /* asmlinkage long sys_acct(const char __user *name) */ probe kernel.syscall.acct = kernel.function("sys_acct") { name = "acct" /* filename = $name */ } probe kernel.syscall.acct.return = kernel.function("sys_acct").return { name = "acct.return" /* filename = $name */ } # capget___________________________________________ /* asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) */ probe kernel.syscall.capget = kernel.function("sys_capget") { name = "capget" version = $header->version target_pid = $header->pid effective = $dataptr->effective permitted = $dataptr->permitted inheritable = $dataptr->inheritable /* DESCRIPTION These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. These system calls are specific to Linux. The portable interfaces are cap_set_proc(3) and cap_get_proc(3). */ } probe kernel.syscall.capget.return = kernel.function("sys_capget").return { name = "capget.return" version = $header->version target_pid = $header->pid effective = $dataptr->effective permitted = $dataptr->permitted inheritable = $dataptr->inheritable /* DESCRIPTION These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. These system calls are specific to Linux. The portable interfaces are cap_set_proc(3) and cap_get_proc(3). */ } # capset___________________________________________ /* asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) */ probe kernel.syscall.capset = kernel.function("sys_capset") { name = "capset" version = $header->version target_pid = $header->pid effective = $data->effective permitted = $data->permitted inheritable = $data->inheritable /* DESCRIPTION These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. These system calls are specific to Linux. The portable interfaces are cap_set_proc(3) and cap_get_proc(3). */ } probe kernel.syscall.capset.return = kernel.function("sys_capset").return { name = "capset.return" version = $header->version target_pid = $header->pid effective = $data->effective permitted = $data->permitted inheritable = $data->inheritable /* DESCRIPTION These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. These system calls are specific to Linux. The portable interfaces are cap_set_proc(3) and cap_get_proc(3). */ } # personality______________________________________ /* asmlinkage long sys_personality(u_long personality) */ probe kernel.syscall.personality = kernel.function("sys_personality") { name = "personality" persona = $personality } probe kernel.syscall.personality.return = kernel.function("sys_personality").return { name = "personality.return" persona = $personality } # sigpending_______________________________________ /* asmlinkage long sys_sigpending(old_sigset_t __user *set) */ probe kernel.syscall.sigpending = kernel.function("do_sigpending") { name = "sigpending" } probe kernel.syscall.sigpending.return = kernel.function("do_sigpending").return { name = "sigpending.return" /* set = $set */ } # sigprocmask______________________________________ /* asmlinkage long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) */ probe kernel.syscall.sigprocmask = kernel.function("sys_sigprocmask") { name = "sigprocmask" how = $how how_str = _sigprocmask_how_str($how) /* set = $set oldset = $oset */ } probe kernel.syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return { name = "sigprocmask.return" how = $how how_str = _sigprocmask_how_str($how) /* set = $set oldset = $oset */ } # getitimer________________________________________ /* asmlinkage long sys_getitimer(int which, struct itimerval __user *value) */ probe kernel.syscall.getitimer = kernel.function("sys_getitimer") { name = "getitimer" which = $which which_str = _itimer_which_str($which) /* value_it_interval_tv_sec = $value->it_interval->tv_sec value_it_interval_tv_usec = $value->it_interval->tv_usec value_it_value_tv_sec = $value->it_value->tv_sec value_it_value_tv_usec = $value->it_value->tv_usec */ } probe kernel.syscall.getitimer.return = kernel.function("sys_getitimer").return { name = "getitimer.return" which = $which which_str = _itimer_which_str($which) /* value_it_interval_tv_sec = $value->it_interval->tv_sec value_it_interval_tv_usec = $value->it_interval->tv_usec value_it_value_tv_sec = $value->it_value->tv_sec value_it_value_tv_usec = $value->it_value->tv_usec */ } # setitimer________________________________________ /* asmlinkage long sys_setitimer(int which, struct itimerval __user *value, struct itimerval __user *ovalue) */ probe kernel.syscall.setitimer = kernel.function("sys_setitimer") { name = "setitimer" which = $which which_str = _itimer_which_str($which) /* value_it_interval_tv_sec = $value->it_interval->tv_sec value_it_interval_tv_usec = $value->it_interval->tv_usec value_it_value_tv_sec = $value->it_value->tv_sec value_it_value_tv_usec = $value->it_value->tv_usec */ } probe kernel.syscall.setitimer.return = kernel.function("sys_setitimer").return { name = "setitimer.return" which = $which which_str = _itimer_which_str($which) /* value_it_interval_tv_sec = $value->it_interval->tv_sec value_it_interval_tv_usec = $value->it_interval->tv_usec value_it_value_tv_sec = $value->it_value->tv_sec value_it_value_tv_usec = $value->it_value->tv_usec ovalue_it_interval_tv_sec = $ovalue->it_interval->tv_sec ovalue_it_interval_tv_usec = $ovalue->it_interval->tv_usec ovalue_it_value_tv_sec = $ovalue->it_value->tv_sec ovalue_it_value_tv_usec = $ovalue->it_value->tv_usec */ } # timer_create_____________________________________ /* asmlinkage long sys_timer_create(clockid_t which_clock, struct sigevent __user *timer_event_spec, timer_t __user * created_timer_id) */ probe kernel.syscall.timer_create = kernel.function("sys_timer_create") { name = "timer_create" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* ...a little unsure about this... typedef struct sigevent { sigval_t sigev_value; int sigev_signo; int sigev_notify; union { int _pad[SIGEV_PAD_SIZE]; int _tid; struct { void (*_function)(sigval_t); void *_attribute; // really pthread_attr_t } _sigev_thread; } _sigev_un; } sigevent_t; */ } probe kernel.syscall.timer_create.return = kernel.function("sys_timer_create").return { name = "timer_create.return" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* ...a little unsure about this... typedef struct sigevent { sigval_t sigev_value; int sigev_signo; int sigev_notify; union { int _pad[SIGEV_PAD_SIZE]; int _tid; struct { void (*_function)(sigval_t); void *_attribute; // really pthread_attr_t } _sigev_thread; } _sigev_un; } sigevent_t; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ created_timer_id = $created_timer_id */ } # timer_gettime____________________________________ /* asmlinkage long sys_timer_gettime(timer_t timer_id, struct itimerspec __user *setting) */ probe kernel.syscall.timer_gettime = kernel.function("sys_timer_gettime") { name = "timer_gettime" timer_id = $timer_id } probe kernel.syscall.timer_gettime.return = kernel.function("sys_timer_gettime").return { name = "timer_gettime.return" timer_id = $timer_id /* setting_it_interval_tv_sec = $setting->it_interval->tv_sec setting_it_interval_tv_usec = $setting->it_interval->tv_usec setting_it_value_tv_sec = $setting->it_value->tv_sec setting_it_value_tv_usec = $setting->it_value->tv_usec */ } # timer_getoverrun_________________________________ /* asmlinkage long sys_timer_getoverrun(timer_t timer_id) */ probe kernel.syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timer_id = $timer_id } probe kernel.syscall.timer_getoverrun.return = kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun.return" timer_id = $timer_id } # timer_settime____________________________________ /* asmlinkage long sys_timer_settime(timer_t timer_id, int flags, const struct itimerspec __user *new_setting, struct itimerspec __user *old_setting) */ probe kernel.syscall.timer_settime = kernel.function("sys_timer_settime") { name = "timer_settime" timer_id = $timer_id flags = $flags /* new_setting_it_interval_tv_sec = $new_setting->it_interval->tv_sec new_setting_it_interval_tv_usec = $new_setting->it_interval->tv_usec */ } probe kernel.syscall.timer_settime.return = kernel.function("sys_timer_settime").return { name = "timer_settime.return" name = "timer_settime" timer_id = $timer_id flags = $flags /* new_setting_it_interval_tv_sec = $new_setting->it_interval->tv_sec new_setting_it_interval_tv_usec = $new_setting->it_interval->tv_usec old_setting_it_interval_tv_sec = $old_setting->it_interval->tv_sec old_setting_it_interval_tv_usec = $old_setting->it_interval->tv_usec */ } # timer_delete_____________________________________ /* asmlinkage long sys_timer_delete(timer_t timer_id) */ probe kernel.syscall.timer_delete = kernel.function("sys_timer_delete") { name = "timer_delete" timer_id = $timer_id } probe kernel.syscall.timer_delete.return = kernel.function("sys_timer_delete").return { name = "timer_delete.return" timer_id = $timer_id } # clock_settime____________________________________ /* asmlinkage long sys_clock_settime(clockid_t which_clock, const struct timespec __user *tp) */ probe kernel.syscall.clock_settime = kernel.function("sys_clock_settime") { name = "clock_settime" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* tp_tv_sec = $tp->tv_sec tp_tv_usec = $tp->tv_usec */ } probe kernel.syscall.clock_settime.return = kernel.function("sys_clock_settime").return { name = "clock_settime.return" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* tp_tv_sec = $tp->tv_sec tp_tv_usec = $tp->tv_usec */ } # clock_gettime____________________________________ /* asmlinkage long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) */ probe kernel.syscall.clock_gettime = kernel.function("sys_clock_gettime") { name = "clock_gettime" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) } probe kernel.syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return { name = "clock_gettime.return" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* tp_tv_sec = $tp->tv_sec tp_tv_usec = $tp->tv_usec */ } # clock_getres_____________________________________ /* asmlinkage long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) */ probe kernel.syscall.clock_getres = kernel.function("sys_clock_getres") { name = "clock_getres" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) } probe kernel.syscall.clock_getres.return = kernel.function("sys_clock_getres").return { name = "clock_getres.return" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) /* tp_tv_sec = $tp->tv_sec tp_tv_usec = $tp->tv_usec */ } # clock_nanosleep__________________________________ /* asmlinkage long sys_clock_nanosleep(clockid_t which_clock, int flags, const struct timespec __user *rqtp, struct timespec __user *rmtp) */ probe kernel.syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) flags = $flags flag_str = "TIMER_ABSTIME" /* rqtp_tv_sec = $rqtp->tv_sec rqtp_tv_usec = $rqtp->tv_usec */ } probe kernel.syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep.return" which_clock = $which_clock which_clock_str = _get_wc_str($which_clock) flags = $flags flag_str = "TIMER_ABSTIME" /* rqtp_tv_sec = $rqtp->tv_sec rqtp_tv_usec = $rqtp->tv_usec rmtp_tv_sec = $rmtp->tv_sec rmtp_tv_usec = $rmtp->tv_usec */ } # nice_____________________________________________ /* asmlinkage long sys_nice(int increment) */ probe kernel.syscall.nice = kernel.function("sys_nice") { name = "nice" inc = $increment } probe kernel.syscall.nice.return = kernel.function("sys_nice").return { name = "nice.return" inc = $increment } # sched_setscheduler_______________________________ /* asmlinkage long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) */ probe kernel.syscall.sched_setscheduler = kernel.function("do_sched_setscheduler") { name = "sched_setscheduler" pid = $pid policy = $policy policy_str = _sched_policy_str($policy) /* p_sched_priority = param->sched_parameter */ } probe kernel.syscall.sched_setscheduler.return = kernel.function("do_sched_setscheduler").return { name = "sched_setscheduler.return" pid = $pid policy = $policy policy_str = _sched_policy_str($policy) /* p_sched_priority = param->sched_parameter */ } # sched_setparam___________________________________ /* asmlinkage long sys_sched_setparam(pid_t pid, struct sched_param __user *param) */ probe kernel.syscall.sched_setparam = kernel.function("do_sched_setscheduler") { name = "sched_setparam" pid = $pid /* p_sched_priority = param->sched_parameter */ } probe kernel.syscall.sched_setparam.return = kernel.function("do_sched_setscheduler").return { name = "sched_setparam.return" pid = $pid /* p_sched_priority = param->sched_parameter */ } # sched_getscheduler_______________________________ /* asmlinkage long sys_sched_getscheduler(pid_t pid) */ probe kernel.syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid } probe kernel.syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler.return" pid = $pid } # sched_getparam___________________________________ /* asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param __user *param) */ probe kernel.syscall.sched_getparam = kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid } probe kernel.syscall.sched_getparam.return = kernel.function("sys_sched_getparam").return { name = "sched_getparam.return" pid = $pid /* p_sched_priority = param->sched_parameter */ } # sched_setaffinity________________________________ /* long sched_setaffinity(pid_t pid, cpumask_t new_mask) */ probe kernel.syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid mask = $new_mask } probe kernel.syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { name = "sched_setaffinity.return" pid = $pid mask = $new_mask } # sched_getaffinity________________________________ /* asmlinkage long sys_sched_getaffinity(pid_t pid, unsigned int len, unsigned long __user *user_mask_ptr) */ probe kernel.syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid len = $len } probe kernel.syscall.sched_getaffinity.return = kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity.return" pid = $pid len = $len /* mask = $user_mask_ptr */ } # sched_yield______________________________________ /* asmlinkage long sys_sched_yield(void) */ probe kernel.syscall.sched_yield = kernel.function("sys_sched_yield") { name = "sched_yield" } probe kernel.syscall.sched_yield.return = kernel.function("sys_sched_yield").return { name = "sched_yield.return" } # sched_get_priority_max___________________________ /* asmlinkage long sys_sched_get_priority_max(int policy) */ probe kernel.syscall.sched_get_priority_max = kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy } probe kernel.syscall.sched_get_priority_max.return = kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max.return" policy = $policy } # sched_get_priority_min___________________________ /* asmlinkage long sys_sched_get_priority_min(int policy) */ probe kernel.syscall.sched_get_priority_min = kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy } probe kernel.syscall.sched_get_priority_min.return = kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min.return" policy = $policy } # sched_rr_get_interval____________________________ /* asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) */ probe kernel.syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid } probe kernel.syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval.return" pid = $pid /* tp_tv_sec = $tp->tv_sec tp_tv_usec = $tp->tv_usec */ } # setpriority______________________________________ /* asmlinkage long sys_setpriority(int which, int who, int niceval) */ probe kernel.syscall.setpriority = kernel.function("sys_setpriority") { name = "setpriority" which = $which which_str = _priority_which_str($which) who = $who prio = $niceval } probe kernel.syscall.setpriority.return = kernel.function("sys_setpriority").return { name = "setpriority.return" which = $which which_str = _priority_which_str($which) who = $who prio = $niceval } # getpriority______________________________________ /* asmlinkage long sys_getpriority(int which, int who) */ probe kernel.syscall.getpriority = kernel.function("sys_getpriority") { name = "getpriority" which = $which which_str = _priority_which_str($which) who = $who } probe kernel.syscall.getpriority.return = kernel.function("sys_getpriority").return { name = "getpriority.return" which = $which which_str = _priority_which_str($which) who = $who } # shutdown_________________________________________ /* asmlinkage long sys_shutdown(int fd, int how) */ probe kernel.syscall.shutdown = kernel.function("sys_shutdown") { name = "shutdown" s = $fd how = $how how_str = _shutdown_how_str($how) } probe kernel.syscall.shutdown.return = kernel.function("sys_shutdown").return { name = "shutdown.return" s = $fd how = $how how_str = _shutdown_how_str($how) } # reboot___________________________________________ /* asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void __user * arg) */ probe kernel.syscall.reboot = kernel.function("sys_reboot") { name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) magic2 = $magic2 magic2_str = _reboot_magic_str($magic2) flag = $cmd flag_str = _reboot_flag_str(flag) /* void __user * arg */ } probe kernel.syscall.reboot.return = kernel.function("sys_reboot").return { name = "reboot.return" magic = $magic1 magic_str = _reboot_magic_str($magic1) magic2 = $magic2 magic2_str = _reboot_magic_str($magic2) flag = $cmd flag_str = _reboot_flag_str(flag) /* void __user * arg */ } # restart_syscall__________________________________ /* asmlinkage long sys_restart_syscall(void) */ probe kernel.syscall.restart_syscall = kernel.function("sys_restart_syscall") { name = "restart_syscall" } probe kernel.syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return { name = "restart_syscall.return" } # exit_____________________________________________ /* asmlinkage long sys_exit(int error_code) */ probe kernel.syscall.exit = kernel.function("do_exit") { name = "exit" %( kernel_v > "2.6.9" %? status = $error_code %) } probe kernel.syscall.exit.return = kernel.function("do_exit").return { name = "exit.return" status = $error_code } # exit_group_______________________________________ /* smlinkage void sys_exit_group(int error_code) */ probe kernel.syscall.exit_group = kernel.function("do_group_exit") { name = "exit_group" %( kernel_v > "2.6.9" %? status = $error_code %) } probe kernel.syscall.exit_group.return = kernel.function("do_group_exit").return { name = "exit_group.return" %( kernel_v > "2.6.9" %? status = $error_code %) } # wait4____________________________________________ /* asmlinkage long sys_wait4(pid_t pid, int __user *stat_addr, int options, struct rusage __user *ru) */ probe kernel.syscall.wait4 = kernel.function("sys_wait4") { name = "wait4" pid = $pid /* status = $stat_addr */ options = $options options_str = _wait4_opt_str($options) } probe kernel.syscall.wait4.return = kernel.function("sys_wait4").return { name = "wait4.return" pid = $pid /* status = $stat_addr */ options = $options options_str = _wait4_opt_str($options) } # waitid___________________________________________ /* asmlinkage long sys_waitid(int which, pid_t pid, struct siginfo __user *infop, int options, struct rusage __user *ru) */ probe kernel.syscall.waitid = kernel.function("sys_waitid") { name = "waitid" which = $which which_str = _waitid_which_str($which) pid = $pid options = $options options_str = _wait4_opt_str($options) } probe kernel.syscall.waitid.return = kernel.function("sys_waitid").return { name = "waitid.return" which = $which which_str = _waitid_which_str($which) pid = $pid options = $options options_str = _wait4_opt_str($options) /* typedef struct siginfo { int si_signo; int si_errno; int si_code; union { int _pad[SI_PAD_SIZE]; // kill() struct { pid_t _pid; // sender's pid __ARCH_SI_UID_T _uid; // sender's uid } _kill; // POSIX.1b timers struct { timer_t _tid; // timer id int _overrun; // overrun count char _pad[sizeof( __ARCH_SI_UID_T) - sizeof(int)]; sigval_t _sigval; // same as below int _sys_private; // not to be passed to user } _timer; // POSIX.1b signals struct { pid_t _pid; // sender's pid __ARCH_SI_UID_T _uid; // sender's uid sigval_t _sigval; } _rt; // SIGCHLD struct { pid_t _pid; // which child __ARCH_SI_UID_T _uid; // sender's uid int _status; // exit code clock_t _utime; clock_t _stime; } _sigchld; // SIGILL, SIGFPE, SIGSEGV, SIGBUS struct { void __user *_addr; // faulting insn/memory ref. #ifdef __ARCH_SI_TRAPNO int _trapno; // TRAP # which caused the signal #endif } _sigfault; // SIGPOLL struct { __ARCH_SI_BAND_T _band; // POLL_IN, POLL_OUT, POLL_MSG int _fd; } _sigpoll; } _sifields; } siginfo_t; */ } # waitpid__________________________________________ /* asmlinkage long sys_wait4(pid_t pid, int __user *stat_addr, int options, struct rusage __user *ru) */ probe kernel.syscall.waitpid = kernel.function("sys_wait4") { name = "waitpid" pid = $pid /* status = $stat_addr */ options = $options options_str = _wait4_opt_str($options) } probe kernel.syscall.waitpid.return = kernel.function("sys_wait4").return { name = "waitpid.return" pid = $pid /* status = $stat_addr */ options = $options options_str = _wait4_opt_str($options) } # set_tid_address__________________________________ /* asmlinkage long sys_set_tid_address(int __user *tidptr) */ probe kernel.syscall.set_tid_address = kernel.function("sys_set_tid_address") { name = "set_tid_address" /* tidptr = $tidptr */ } probe kernel.syscall.set_tid_address.return = kernel.function("sys_set_tid_address").return { name = "set_tid_address.return" /* tidptr = $tidptr */ } # futex____________________________________________ /* asmlinkage long sys_futex(u32 __user *uaddr, int op, int val, struct timespec __user *utime, u32 __user *uaddr2, int val3) */ probe kernel.syscall.futex = kernel.function("sys_futex") { name = "futex" /* uaddr = $uaddr */ op = $op op_str = _futex_op_str($op) val = $val /* utime_tv_sec = $utime->tv_sec utime_tv_usec = $utime->tv_usec uaddr2 = $uaddr2 val3 = $val3 */ } probe kernel.syscall.futex.return = kernel.function("sys_futex").return { name = "futex.return" /* uaddr = $uaddr */ op = $op op_str = _futex_op_str($op) val = $val /* utime_tv_sec = $utime->tv_sec utime_tv_usec = $utime->tv_usec uaddr2 = $uaddr2 val3 = $val3 */ } # init_module______________________________________ /*sys_init_module(void __user *umod, unsigned long len, const char __user *uargs) */ probe kernel.syscall.init_module = kernel.function("sys_init_module") { name = "init_module" /* void __user *umod */ len = $len /* uargs = $uargs */ } probe kernel.syscall.init_module.return = kernel.function("sys_init_module").return { name = "init_module.return" /* void __user *umod */ len = $len /* uargs = $uargs */ } # delete_module____________________________________ /* asmlinkage long sys_delete_module(const char __user *name_user, unsigned int flags) */ probe kernel.syscall.delete_module = kernel.function("sys_delete_module") { /* name = "delete_module" name_user = $name_user */ flags = $flags flags_str = _module_flags_str($flags) } probe kernel.syscall.delete_module.return = kernel.function("sys_delete_module").return { name = "delete_module.return" /* name = "delete_module" name_user = $name_user */ flags = $flags flags_str = _module_flags_str($flags) } # rt_sigprocmask___________________________________ /* asmlinkage long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) */ probe kernel.syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") { name = "rt_sigprocmask" how = $how how_str = _sigprocmask_how_str($how) /* set = $set oset = $oset */ sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigprocmask.return = kernel.function("sys_rt_sigprocmask").return { name = "rt_sigprocmask.return" how = $how how_str = _sigprocmask_how_str($how) /* set = $set oset = $oset */ sigsetsize = $sigsetsize } # rt_sigpending____________________________________ /* asmlinkage long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) */ probe kernel.syscall.rt_sigpending = kernel.function("do_sigpending") { name = "rt_sigpending" sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigpending.return = kernel.function("do_sigpending").return { name = "rt_sigpending.return" /* set = $set */ } # rt_sigtimedwait__________________________________ /* asmlinkage long sys_rt_sigtimedwait(const sigset_t __user *uthese, siginfo_t __user *uinfo, const struct timespec __user *uts, size_t sigsetsize) */ probe kernel.syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" /* set = $uthese uts_tv_sec = $uts->tv_sec uts_tv_usec = $uts->tv_usec */ sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigtimedwait.return = kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait.return" /* set = $uthese info = $uinfo uts_tv_sec = $uts->tv_sec uts_tv_usec = $uts->tv_usec */ sigsetsize = $sigsetsize } # kill_____________________________________________ /* asmlinkage long sys_kill(int pid, int sig) */ probe kernel.syscall.kill = kernel.function("sys_kill") { name = "kill" pid = $pid sig = $sig } probe kernel.syscall.kill.return = kernel.function("sys_kill").return { name = "kill.return" pid = $pid sig = $sig } # tgkill___________________________________________ /* asmlinkage long sys_tgkill(int tgid, int pid, int sig) */ probe kernel.syscall.tgkill = kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid pid = $pid sig = $sig } probe kernel.syscall.tgkill.return = kernel.function("sys_tgkill").return { name = "tgkill.return" tgid = $tgid pid = $pid sig = $sig } # tkill____________________________________________ /* asmlinkage long sys_tkill(int pid, int sig) */ probe kernel.syscall.tkill = kernel.function("sys_tkill") { name = "tkill" pid = $pid sig = $sig } probe kernel.syscall.tkill.return = kernel.function("sys_tkill").return { name = "tkill.return" pid = $pid sig = $sig } # rt_sigqueueinfo__________________________________ /* smlinkage long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) */ probe kernel.syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid sig = $sig /* uinfo = $uinfo */ } probe kernel.syscall.rt_sigqueueinfo.return = kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo.return" pid = $pid sig = $sig /* uinfo = $uinfo */ } # sgetmask_________________________________________ /* sys_sgetmask(void) */ probe kernel.syscall.sgetmask = kernel.function("sys_sgetmask") { name = "sgetmask" } probe kernel.syscall.sgetmask.return = kernel.function("sys_sgetmask").return { name = "sgetmask.return" } # ssetmask_________________________________________ /* asmlinkage long sys_ssetmask(int newmask) */ probe kernel.syscall.ssetmask = kernel.function("sys_ssetmask") { name = "ssetmask" newmask = $newmask } probe kernel.syscall.ssetmask.return = kernel.function("sys_ssetmask").return { name = "ssetmask.return" newmask = $newmask } # signal___________________________________________ /* asmlinkage unsigned long sys_signal(int sig, __sighandler_t handler) */ probe kernel.syscall.signal = kernel.function("sys_signal") { name = "signal" sig = $sig /* I do not think that there is any reason to export this... handler = $handler */ } probe kernel.syscall.signal.return = kernel.function("sys_signal").return { name = "signal.return" sig = $sig /* I do not think that there is any reason to export this... handler = $handler */ } # pause____________________________________________ /* sys_pause(void) */ probe kernel.syscall.pause = kernel.function("sys_pause") { name = "pause" } probe kernel.syscall.pause.return = kernel.function("sys_pause").return { name = "pause.return" } # sync_____________________________________________ /* asmlinkage long sys_sync(void) */ probe kernel.syscall.sync = kernel.function("do_sync") { name = "sync" } probe kernel.syscall.sync.return = kernel.function("do_sync").return { name = "sync.return" } # fsync____________________________________________ /* asmlinkage long sys_fsync(unsigned int fd) */ probe kernel.syscall.fsync = kernel.function("sys_fsync") { name = "fsync" fd = $fd } probe kernel.syscall.fsync.return = kernel.function("sys_fsync").return { name = "fsync.return" fd = $fd } # fdatasync________________________________________ /* asmlinkage long sys_fdatasync(unsigned int fd) */ probe kernel.syscall.fdatasync = kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd } probe kernel.syscall.fdatasync.return = kernel.function("sys_fdatasync").return { name = "fdatasync.return" fd = $fd } # bdflush__________________________________________ /* asmlinkage long sys_bdflush(int func, long data) */ probe kernel.syscall.bdflush = kernel.function("sys_bdflush") { name = "bdflush" func = $func data = $data } probe kernel.syscall.bdflush.return = kernel.function("sys_bdflush").return { name = "bdflush.return" func = $func data = $data } # mount____________________________________________ /* asmlinkage long sys_mount(char __user * dev_name, char __user * dir_name, char __user * type, unsigned long flags, void __user * data) */ probe kernel.syscall.mount = kernel.function("sys_mount") { name = "mount" /* source = $dev_name target = $dir_name filesystemtype = $type void pointers are still being worked out void __user * data */ mountflags = $flags mountflags_str = _mountflags_str($flags) } probe kernel.syscall.mount.return = kernel.function("sys_mount").return { name = "mount.return" /* source = $dev_name target = $dir_name filesystemtype = $type void pointers are still being worked out void __user * data */ mountflags = $flags mountflags_str = _mountflags_str($flags) } # umount___________________________________________ /* asmlinkage long sys_umount(char __user * name, int flags) */ probe kernel.syscall.umount = kernel.function("sys_umount") { name = "umount" /* target = $name */ flags = $flags flags_str = _mountflags_str($flags) } probe kernel.syscall.umount.return = kernel.function("sys_umount").return { name = "umount.return" /* target = $name */ flags = $flags flags_str = _mountflags_str($flags) } # oldumount________________________________________ /* smlinkage long sys_oldumount(char __user * name) */ probe kernel.syscall.oldumount = kernel.function("sys_umount") { name = "oldumount" /* target = $name */ } probe kernel.syscall.oldumount.return = kernel.function("sys_umount").return { name = "oldumount.return" /* target = $name */ } # truncate_________________________________________ /* asmlinkage long sys_truncate(const char __user * path, unsigned long length) */ probe kernel.syscall.truncate = kernel.function("do_sys_truncate") { name = "truncate" /* path = $path */ length = $length } probe kernel.syscall.truncate.return = kernel.function("do_sys_truncate").return { name = "truncate.return" /* path = $path */ length = $length } # ftruncate________________________________________ /* static inline long do_sys_ftruncate(unsigned int fd, loff_t length, int small) */ probe kernel.syscall.ftruncate = kernel.function("do_sys_ftrancate") { name = "ftruncate" fd = $fd length = $length small = $small } probe kernel.syscall.ftruncate.return = kernel.function("do_sys_ftrancate").return { name = "ftruncate.return" fd = $fd length = $length small = $small } # stat_____________________________________________ /* asmlinkage long sys_stat(char __user * filename, struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.stat = kernel.function("sys_stat") { name = "stat" /* filename = $filename */ } probe kernel.syscall.stat.return = kernel.function("sys_stat").return { name = "stat.return" /* filename = $filename buf_st_dev = $statbuf->st_dev buf_st_ino = $statbuf->st_ino buf_st_mode = $statbuf->st_mode buf_st_nlink = $statbuf->st_nlink buf_st_uid = $statbuf->st_uid buf_st_gid = $statbuf->st_gid buf_st_rdev = $statbuf->st_rdev buf_st_size = $statbuf->st_size buf_st_atime = $statbuf->st_atime buf_st_mtime = $statbuf->st_mtime buf_st_ctime = $statbuf->st_ctime */ } # statfs___________________________________________ /* asmlinkage long sys_statfs(const char __user * path, struct statfs __user * buf) */ probe kernel.syscall.statfs = kernel.function("sys_statfs") { name = "statfs" /* path = $path */ } probe kernel.syscall.statfs.return = kernel.function("sys_statfs").return { name = "statfs.return" /* path = $path buf_f_type = $buf->f_type buf_f_bsize = $buf->f_bsize buf_f_blocks = $buf->f_blocks buf_f_bfree = $buf->f_bfree buf_f_bavail = $buf->f_bavail buf_f_files = $buf->f_files buf_f_ffree = $buf->f_ffree buf_f_fsid = $buf->f_fsid buf_f_namelen = $buf->f_namelen buf_f_frsize = $buf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($buf->f_type) */ } # statfs64_________________________________________ /* asmlinkage long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) */ probe kernel.syscall.statfs64 = kernel.function("sys_statfs64") { name = "statfs64" /* path = $path */ sz = $sz } probe kernel.syscall.statfs64.return = kernel.function("sys_statfs64").return { name = "statfs64.return" /* path = $path */ sz = $sz /* buf_f_type = $buf->f_type buf_f_bsize = $buf->f_bsize buf_f_blocks = $buf->f_blocks buf_f_bfree = $buf->f_bfree buf_f_bavail = $buf->f_bavail buf_f_files = $buf->f_files buf_f_ffree = $buf->f_ffree buf_f_fsid = $buf->f_fsid buf_f_namelen = $buf->f_namelen buf_f_frsize = $buf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($buf->f_type) */ } # fstatfs__________________________________________ /* asmlinkage long sys_fstatfs(unsigned int fd, struct statfs __user * buf) */ probe kernel.syscall.fstatfs = kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd } probe kernel.syscall.fstatfs.return = kernel.function("sys_fstatfs").return { name = "fstatfs.return" fd = $fd /* path = $path buf_f_type = $buf->f_type buf_f_bsize = $buf->f_bsize buf_f_blocks = $buf->f_blocks buf_f_bfree = $buf->f_bfree buf_f_bavail = $buf->f_bavail buf_f_files = $buf->f_files buf_f_ffree = $buf->f_ffree buf_f_fsid = $buf->f_fsid buf_f_namelen = $buf->f_namelen buf_f_frsize = $buf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($buf->f_type) */ } # fstatfs64________________________________________ /* asmlinkage long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) */ probe kernel.syscall.fstatfs64 = kernel.function("sys_fstatfs64") { name = "fstatfs64" fd = $fd sz = $sz } probe kernel.syscall.fstatfs64.return = kernel.function("sys_fstatfs64").return { name = "fstatfs64.return" fd = $fd sz = $sz /* path = $path buf_f_type = $buf->f_type buf_f_bsize = $buf->f_bsize buf_f_blocks = $buf->f_blocks buf_f_bfree = $buf->f_bfree buf_f_bavail = $buf->f_bavail buf_f_files = $buf->f_files buf_f_ffree = $buf->f_ffree buf_f_fsid = $buf->f_fsid buf_f_namelen = $buf->f_namelen buf_f_frsize = $buf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($buf->f_type) */ } # lstat____________________________________________ /* asmlinkage long sys_lstat(char __user * filename, struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.lstat = kernel.function("sys_lstat") { name = "lstat" /* file_name = $file_name */ } probe kernel.syscall.lstat.return = kernel.function("sys_lstat").return { name = "lstat.return" /* file_name = $filename buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # fstat____________________________________________ /* asmlinkage long sys_fstat(unsigned int fd, struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.fstat = kernel.function("sys_fstat") { name = "fstat" fd = $fd } probe kernel.syscall.fstat.return = kernel.function("sys_fstat").return { name = "fstat.return" fd = $fd /* buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # newstat__________________________________________ /* asmlinkage long sys_newstat(char __user * filename, struct stat __user * statbuf) */ probe kernel.syscall.newstat = kernel.function("sys_newstat") { name = "newstat" /* filename = $filename */ } probe kernel.syscall.newstat.return = kernel.function("sys_newstat").return { name = "newstat.return" /* filename = $filename buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # newlstat_________________________________________ /* asmlinkage long sys_newlstat(char __user * filename, struct stat __user * statbuf) */ probe kernel.syscall.newlstat = kernel.function("sys_newlstat") { name = "newlstat" /* filename = $filename */ } probe kernel.syscall.newlstat.return = kernel.function("sys_newlstat").return { name = "newlstat.return" /* filename = $filename buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # newfstat_________________________________________ /* asmlinkage long sys_newfstat(unsigned int fd, struct stat __user * statbuf) */ probe kernel.syscall.newfstat = kernel.function("sys_newfstat") { name = "newfstat" fd = $fd } probe kernel.syscall.newfstat.return = kernel.function("sys_newfstat").return { name = "newfstat.return" fd = $fd /* buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # ustat____________________________________________ /* asmlinkage long sys_ustat(unsigned dev, struct ustat __user * ubuf) */ probe kernel.syscall.ustat = kernel.function("sys_ustat") { name = "ustat" dev = $dev } probe kernel.syscall.ustat.return = kernel.function("sys_ustat").return { name = "ustat.return" dev = $dev /* ubuf_f_tfree = $ubuf->f_tfree ubuf_f_tinode = $ubuf->f_tinode */ } # stat64___________________________________________ /* asmlinkage long sys_stat64(char __user * filename, struct stat64 __user * statbuf) */ probe kernel.syscall.stat64 = kernel.function("sys_stat64") { name = "stat64" /* filename = $filename */ } probe kernel.syscall.stat64.return = kernel.function("sys_stat64").return { name = "stat64.return" /* filename = $filename buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # fstat64__________________________________________ /* asmlinkage long sys_fstat64(unsigned long fd, struct stat64 __user * statbuf) */ probe kernel.syscall.fstat64 = kernel.function("sys_fstat64") { name = "fstat64" fd = $fd } probe kernel.syscall.fstat64.return = kernel.function("sys_fstat64").return { name = "fstat64.return" fd = $fd /* buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # lstat64__________________________________________ /* asmlinkage long sys_lstat64(char __user * filename, struct stat64 __user * statbuf) */ probe kernel.syscall.lstat64 = kernel.function("sys_lstat64") { name = "lstat64" /* filename = $filename */ } probe kernel.syscall.lstat64.return = kernel.function("sys_lstat64").return { name = "lstat64.return" /* filename = $filename buf_f_type = $statbuf->f_type buf_f_bsize = $statbuf->f_bsize buf_f_blocks = $statbuf->f_blocks buf_f_bfree = $statbuf->f_bfree buf_f_bavail = $statbuf->f_bavail buf_f_files = $statbuf->f_files buf_f_ffree = $statbuf->f_ffree buf_f_fsid = $statbuf->f_fsid buf_f_namelen = $statbuf->f_namelen buf_f_frsize = $statbuf->f_frsize buf_f_spare == __u32 f_spare[5]; buf_f_type_str = _statfs_f_type_str($statbuf->f_type) */ } # truncate64_______________________________________ /* asmlinkage long sys_truncate64(const char __user * path, loff_t length) */ probe kernel.syscall.truncate64 = kernel.function("do_sys_truncate") { name = "truncate64" /* path = $path */ length = $length } probe kernel.syscall.truncate64.return = kernel.function("do_sys_truncate").return { name = "truncate64.return" /* path = $path */ length = $length } # ftruncate64______________________________________ /* asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length) */ probe kernel.syscall.ftruncate64 = kernel.function("do_sys_ftruncate") { name = "ftruncate64" fd = $fd length = $length } probe kernel.syscall.ftruncate64.return = kernel.function("do_sys_ftruncate").return { name = "ftruncate64.return" fd = $fd length = $length } # setxattr_________________________________________ /* asmlinkage long sys_setxattr(char __user *path, char __user *name, void __user *value, size_t size, int flags)*/ probe kernel.syscall.setxattr = kernel.function("sys_setxattr") { name = "setxattr" /* path = $path name = $name void __user *value */ size = $size flags = $flags } probe kernel.syscall.setxattr.return = kernel.function("sys_setxattr").return { name = "setxattr.return" /* path = $path name = $name void __user *value */ size = $size flags = $flags } # lsetxattr________________________________________ /* asmlinkage long sys_lsetxattr(char __user *path, char __user *name, void __user *value, size_t size, int flags) */ probe kernel.syscall.lsetxattr = kernel.function("sys_lsetxattr") { name = "lsetxattr" /* path = $path name = $name void __user *value */ size = $size flags = $flags } probe kernel.syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { name = "lsetxattr.return" /* path = $path name = $name void __user *value */ size = $size flags = $flags } # fsetxattr________________________________________ /* asmlinkage long sys_fsetxattr(int fd, char __user *name, void __user *value, size_t size, int flags) */ probe kernel.syscall.fsetxattr = kernel.function("sys_fsetxattr") { name = "fsetxattr" fildes = $fd /* name = $name void __user *value */ size = $size flags = $flags } probe kernel.syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { name = "fsetxattr.return" fildes = $fd /* name = $name void __user *value */ size = $size flags = $flags } # getxattr_________________________________________ /* asmlinkage ssize_t sys_getxattr(char __user *path, char __user *name, void __user *value, size_t size) */ probe kernel.syscall.getxattr = kernel.function("sys_getxattr") { name = "getxattr" /* path = $path name = $name void __user *value */ size = $size } probe kernel.syscall.getxattr.return = kernel.function("sys_getxattr").return { name = "getxattr.return" } # lgetxattr________________________________________ /* asmlinkage ssize_t sys_lgetxattr(char __user *path, char __user *name, void __user *value, size_t size) */ probe kernel.syscall.lgetxattr = kernel.function("sys_lgetxattr") { name = "lgetxattr" /* path = $path name = $name void __user *value */ size = $size } probe kernel.syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { name = "lgetxattr.return" /* path = $path name = $name void __user *value */ size = $size } # fgetxattr________________________________________ /* asmlinkage ssize_t sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) */ probe kernel.syscall.fgetxattr = kernel.function("sys_fgetxattr") { name = "fgetxattr" fildes = $fd /* path = $name void __user *value */ size = $size } probe kernel.syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { name = "fgetxattr.return" name = "fgetxattr" fildes = $fd /* path = $name void __user *value */ size = $size } # listxattr________________________________________ /* asmlinkage ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) */ probe kernel.syscall.listxattr = kernel.function("sys_listxattr") { name = "listxattr" /* path = $path */ size = $size } probe kernel.syscall.listxattr.return = kernel.function("sys_listxattr").return { name = "listxattr.return" /* path = $path char __user *list */ size = $size } # llistxattr_______________________________________ /* asmlinkage ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) */ probe kernel.syscall.llistxattr = kernel.function("sys_llistxattr") { name = "llistxattr" /* path = $path */ size = $size } probe kernel.syscall.llistxattr.return = kernel.function("sys_llistxattr").return { name = "llistxattr.return" /* path = $path char __user *list */ size = $size } # flistxattr_______________________________________ /* asmlinkage ssize_t sys_flistxattr(int fd, char __user *list, size_t size) */ probe kernel.syscall.flistxattr = kernel.function("sys_flistxattr") { name = "flistxattr" fildes = $fd size = $size } probe kernel.syscall.flistxattr.return = kernel.function("sys_flistxattr").return { name = "flistxattr.return" fildes = $fd /* char __user *list */ size = $size } # removexattr______________________________________ /* asmlinkage long sys_removexattr(char __user *path, char __user *name) */ probe kernel.syscall.removexattr = kernel.function("sys_removexattr") { name = "removexattr" /* path = $path name = $name */ } probe kernel.syscall.removexattr.return = kernel.function("sys_removexattr").return { name = "removexattr.return" /* path = $path name = $name */ } # lremovexattr_____________________________________ /* asmlinkage long sys_lremovexattr(char __user *path, char __user *name) */ probe kernel.syscall.lremovexattr = kernel.function("sys_lremovexattr") { name = "lremovexattr" /* path = $path name = $name */ } probe kernel.syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { name = "lremovexattr.return" /* path = $path name = $name */ } # fremovexattr_____________________________________ /* asmlinkage long sys_fremovexattr(int fd, char __user *name) */ probe kernel.syscall.fremovexattr = kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd /* name = $name */ } probe kernel.syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { name = "fremovexattr.return" filedes = $fd /* name = $name */ } # brk______________________________________________ /* asmlinkage unsigned long sys_brk(unsigned long brk) */ probe kernel.syscall.brk = kernel.function("sys_brk") { name = "brk" brk = $brk } probe kernel.syscall.brk.return = kernel.function("sys_brk").return { name = "brk.return" brk = $brk } # mprotect_________________________________________ /* asmlinkage long sys_mprotect(unsigned long start, size_t len, unsigned long prot) */ probe kernel.syscall.mprotect = kernel.function("sys_mprotect") { name = "mprotect" addr = $start len = $len prot = $prot prot_str = _mprotect_prot_str($prot) } probe kernel.syscall.mprotect.return = kernel.function("sys_mprotect").return { name = "mprotect.return" addr = $start len = $len prot = $prot prot_str = _mprotect_prot_str($prot) } # mremap___________________________________________ /* asmlinkage unsigned long sys_mremap(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flags, unsigned long new_addr) */ probe kernel.syscall.mremap = kernel.function("sys_mremap") { name = "mremap" old_address = $addr old_size = $old_len new_size = $new_len flags = $flags new_address = $new_addr } probe kernel.syscall.mremap.return = kernel.function("sys_mremap").return { name = "mremap.return" old_address = $addr old_size = $old_len new_size = $new_len flags = $flags new_address = $new_addr } # remap_file_pages_________________________________ /* asmlinkage long sys_remap_file_pages(unsigned long start, unsigned long size, unsigned long __prot, unsigned long pgoff, unsigned long flags)*/ probe kernel.syscall.remap_file_pages = kernel.function("sys_remap_file_pages") { name = "remap_file_pages" start = $start size = $size prot = $__prot pgoff = $pgoff flags = $flags } probe kernel.syscall.remap_file_pages.return = kernel.function("sys_remap_file_pages").return { name = "remap_file_pages.return" start = $start size = $size prot = $__prot pgoff = $pgoff flags = $flags } # msync____________________________________________ /* asmlinkage long sys_msync(unsigned long start, size_t len, int flags)*/ probe kernel.syscall.msync = kernel.function("sys_msync") { name = "msync" start = $start length = $len flags = $flags flags_str = _msync_flag_str($flags) } probe kernel.syscall.msync.return = kernel.function("sys_msync").return { name = "msync.return" start = $start length = $len flags = $flags flags_str = _msync_flag_str($flags) } # fadvise64________________________________________ /* asmlinkage long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) */ probe kernel.syscall.fadvise64 = kernel.function("sys_fadvise64_64") { name = "fadvise64" fs = $fd offset = $offset len = $len advice = $advice /* advice_str = _advise_advice_str($advice) */ } probe kernel.syscall.fadvise64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64.return" fs = $fd offset = $offset len = $len advice = $advice /* advice_str = _advise_advice_str($advice) */ } # fadvise64_64_____________________________________ /* asmlinkage long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) */ probe kernel.syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fs = $fd offset = $offset len = $len advice = $advice /* advice_str = _advise_advice_str($advice) */ } probe kernel.syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64_64.return" fs = $fd offset = $offset len = $len advice = $advice /* advice_str = _advise_advice_str($advice) */ } # munmap___________________________________________ /* asmlinkage long sys_munmap(unsigned long addr, size_t len) */ probe kernel.syscall.munmap = kernel.function("sys_munmap") { name = "munmap" start = $addr length = $len } probe kernel.syscall.munmap.return = kernel.function("sys_munmap").return { name = "munmap.return" start = $addr length = $len } # mlock____________________________________________ /* asmlinkage long sys_mlock(unsigned long start, size_t len) */ probe kernel.syscall.mlock = kernel.function("sys_mlock") { name = "mlock" addr = $start len = $len } probe kernel.syscall.mlock.return = kernel.function("sys_mlock").return { name = "mlock.return" addr = $start len = $len } # munlock__________________________________________ /* asmlinkage long sys_munlock(unsigned long start, size_t len) */ probe kernel.syscall.munlock = kernel.function("sys_munlock") { name = "munlock" addr = $start len = $len } probe kernel.syscall.munlock.return = kernel.function("sys_munlock").return { name = "munlock.return" addr = $start len = $len } # mlockall_________________________________________ /* asmlinkage long sys_mlockall(int flags) */ probe kernel.syscall.mlockall = kernel.function("sys_mlockall") { name = "mlockall" flags = $flags flags_str = _mlockall_flags_str($flags) } probe kernel.syscall.mlockall.return = kernel.function("sys_mlockall").return { name = "mlockall.return" flags = $flags flags_str = _mlockall_flags_str($flags) } # munlockall_______________________________________ /* smlinkage long sys_mlockall(int flags) */ probe kernel.syscall.munlockall = kernel.function("sys_munlockall") { name = "munlockall" flags = $flags flags_str = _mlockall_flags_str($flags) } probe kernel.syscall.munlockall.return = kernel.function("sys_munlockall").return { name = "munlockall.return" flags = $flags flags_str = _mlockall_flags_str($flags) } # madvise__________________________________________ /* asmlinkage long sys_madvise(unsigned long start, size_t len_in, int behavior) */ probe kernel.syscall.madvise = kernel.function("sys_madvise") { name = "madvise" start = $start length = $len_in advice = $behavior advice_str = _madvice_advice_str($behavior) } probe kernel.syscall.madvise.return = kernel.function("sys_madvise").return { name = "madvise.return" start = $start length = $len_in advice = $behavior advice_str = _madvice_advice_str($behavior) } # mincore__________________________________________ /* asmlinkage long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) */ probe kernel.syscall.mincore = kernel.function("sys_mincore") { name = "mincore" start = $start length = $len } probe kernel.syscall.mincore.return = kernel.function("sys_mincore").return { name = "mincore.return" start = $start length = $len /* vec = $vec */ } # pivot_root_______________________________________ /* asmlinkage long sys_pivot_root(const char __user *new_root, const char __user *put_old) */ probe kernel.syscall.pivot_root = kernel.function("sys_pivot_root") { name = "pivot_root" /* new_root = $new_root old_root = $old_root */ } probe kernel.syscall.pivot_root.return = kernel.function("sys_pivot_root").return { name = "pivot_root.return" /* new_root = $new_root old_root = $old_root */ } # chroot___________________________________________ /* asmlinkage long sys_chroot(const char __user * filename) */ probe kernel.syscall.chroot = kernel.function("sys_chroot") { name = "chroot" /* path = $filename */ } probe kernel.syscall.chroot.return = kernel.function("sys_chroot").return { name = "chroot.return" /* path = $filename */ } # mknod____________________________________________ /* asmlinkage long sys_mknod(const char __user * filename, int mode, unsigned dev) */ probe kernel.syscall.mknod = kernel.function("sys_mknod") { name = "mknod" /* pathname = $filename */ mode = $mode mode_str = _mknod_mode_str($mode) dev = $dev } probe kernel.syscall.mknod.return = kernel.function("sys_mknod").return { name = "mknod.return" /* pathname = $filename */ mode = $mode mode_str = _mknod_mode_str($mode) dev = $dev } # link_____________________________________________ /* asmlinkage long sys_link(const char __user * oldname, const char __user * newname) */ probe kernel.syscall.link = kernel.function("sys_link") { name = "link" /* oldpath = $oldname newpath = $newpath */ } probe kernel.syscall.link.return = kernel.function("sys_link").return { name = "link.return" /* oldpath = $oldname newpath = $newpath */ } # symlink__________________________________________ /* asmlinkage long sys_symlink(const char __user * oldname, const char __user * newname) */ probe kernel.syscall.symlink = kernel.function("sys_symlink") { name = "symlink" /* oldpath = $oldname newpath = $newpath */ } probe kernel.syscall.symlink.return = kernel.function("sys_symlink").return { name = "symlink.return" /* oldpath = $oldname newpath = $newpath */ } # unlink___________________________________________ /* asmlinkage long sys_unlink(const char __user * pathname) */ probe kernel.syscall.unlink = kernel.function("sys_unlink") { name = "unlink" /* pathname = $pathname */ } probe kernel.syscall.unlink.return = kernel.function("sys_unlink").return { name = "unlink.return" /* pathname = $pathname */ } # rename___________________________________________ /* asmlinkage long sys_rename(const char __user * oldname, const char __user * newname) */ probe kernel.syscall.rename = kernel.function("sys_rename") { name = "rename" /* oldpath = $oldname newpath = $newname */ } probe kernel.syscall.rename.return = kernel.function("sys_rename").return { name = "rename.return" /* oldpath = $oldname newpath = $newname */ } # chmod____________________________________________ /* asmlinkage long sys_chmod(const char __user * filename, mode_t mode) */ probe kernel.syscall.chmod = kernel.function("sys_chmod") { name = "chmod" /* path = $filename */ mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.chmod.return = kernel.function("sys_chmod").return { name = "chmod.return" /* path = $filename */ mode = $mode mode_str = _sys_open_mode_str($mode) } # fchmod___________________________________________ /* asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) */ probe kernel.syscall.fchmod = kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.fchmod.return = kernel.function("sys_fchmod").return { name = "fchmod.return" fildes = $fd mode = $mode mode_str = _sys_open_mode_str($mode) } # fcntl____________________________________________ /* asmlinkage long sys_fcntl(int fd, unsigned int cmd, unsigned long arg) */ probe kernel.syscall.fcntl = kernel.function("sys_fcntl") { name = "fcntl" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl.return = kernel.function("sys_fcntl").return { name = "fcntl.return" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } # fcntl64__________________________________________ /* asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) */ probe kernel.syscall.fcntl64 = kernel.function("sys_fcntl64") { name = "fcntl64" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl64.return = kernel.function("sys_fcntl64").return { name = "fcntl64.return" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } # dup______________________________________________ /* asmlinkage long sys_dup(unsigned int fildes) */ probe kernel.syscall.dup = kernel.function("sys_dup") { name = "dup" oldfd = $fildes } probe kernel.syscall.dup.return = kernel.function("sys_dup").return { name = "dup.return" oldfd = $fildes } # dup2_____________________________________________ /* asmlinkage long sys_dup2(unsigned int oldfd, unsigned int newfd) */ probe kernel.syscall.dup2 = kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd newfd = $newfd } probe kernel.syscall.dup2.return = kernel.function("sys_dup2").return { name = "dup2.return" oldfd = $oldfd newfd = $newfd } # ioperm___________________________________________ /* asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) */ probe kernel.syscall.ioperm = kernel.function("sys_ioperm") { name = "ioperm" from = $from num = $num turn_on = $turn_on } probe kernel.syscall.ioperm.return = kernel.function("sys_ioperm").return { name = "ioperm.return" from = $from num = $num turn_on = $turn_on } # ioctl____________________________________________ /* asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) */ probe kernel.syscall.ioctl = kernel.function("sys_ioctl") { name = "ioctl" /* d = $fd request = $cmd argp = $arg */ } probe kernel.syscall.ioctl.return = kernel.function("sys_ioctl").return { name = "ioctl.return" /* d = $fd request = $cmd argp = $arg */ } # flock____________________________________________ /* asmlinkage long sys_flock(unsigned int fd, unsigned int cmd) */ probe kernel.syscall.flock = kernel.function("sys_flock") { name = "flock" fd = $fd operation = $cmd operation_str = _flock_cmd_str($cmd) } probe kernel.syscall.flock.return = kernel.function("sys_flock").return { name = "flock.return" fd = $fd operation = $cmd operation_str = _flock_cmd_str($cmd) } # io_setup_________________________________________ /* asmlinkage long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) */ probe kernel.syscall.io_setup = kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events } probe kernel.syscall.io_setup.return = kernel.function("sys_io_setup").return { name = "io_setup.return" maxevents = $nr_events /* ctxp = $ctxp */ } # io_destroy_______________________________________ /* asmlinkage long sys_io_destroy(aio_context_t ctx) */ probe kernel.syscall.io_destroy = kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx } probe kernel.syscall.io_destroy.return = kernel.function("sys_io_destroy").return { name = "io_destroy.return" ctx = $ctx } # io_getevents_____________________________________ /* asmlinkage long sys_io_getevents(aio_context_t ctx_id, long min_nr, long nr, struct io_event __user *events, struct timespec __user *timeout) */ probe kernel.syscall.io_getevents = kernel.function("sys_io_getevents") { name = "io_getevents" ctx_id = $ctx_id min_nr = $min_nr nr = $nr /* timeout_tv_sec = $timeout->tv_sec timeout_tv_usec = $timeout->tv_usec */ } probe kernel.syscall.io_getevents.return = kernel.function("sys_io_getevents").return { name = "io_getevents.return" ctx_id = $ctx_id min_nr = $min_nr nr = $nr /* events_data = $events->data events_obj = $events->obj events_res = $events->res events_res2 = $events->res2 timeout_tv_sec = $timeout->tv_sec timeout_tv_usec = $timeout->tv_usec */ } # io_submit________________________________________ /* asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) */ probe kernel.syscall.io_submit = kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id nr = $nr /* struct iocb __user * __user *iocbpp iocbpp should be an array of nr AIO request blocks */ } probe kernel.syscall.io_submit.return = kernel.function("sys_io_submit").return { name = "io_submit.return" ctx_id = $ctx_id nr = $nr /* struct iocb __user * __user *iocbpp iocbpp should be an array of nr AIO request blocks */ } # io_cancel________________________________________ /* asmlinkage long sys_io_cancel(aio_context_t ctx_id, struct iocb __user *iocb, struct io_event __user *result) */ probe kernel.syscall.io_cancel = kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id /* iocb_aio_data = $iocb->aio_data iocb_aio_key = $iocb->aio_key iocb_aio_reserved1 = $iocb->aio_reserved1 iocb_aio_lio_opcode = $iocb->aio_lio_opcode iocb_aio_reqprio = $iocb->aio_reqprio iocb_aio_fildes = $iocb->aio_fildes iocb_aio_buf = $iocb->aio_buf iocb_aio_nbytes = $iocb->aio_nbytes iocb_aio_offset = $iocb->aio_offset iocb_aio_reserved2 = $iocb->aio_reserved2 iocb_aio_reserved3 = $iocb->aio_reserved3 */ } probe kernel.syscall.io_cancel.return = kernel.function("sys_io_cancel").return { name = "io_cancel.return" ctx_id = $ctx_id /* iocb_aio_data = $iocb->aio_data iocb_aio_key = $iocb->aio_key iocb_aio_reserved1 = $iocb->aio_reserved1 iocb_aio_lio_opcode = $iocb->aio_lio_opcode iocb_aio_reqprio = $iocb->aio_reqprio iocb_aio_fildes = $iocb->aio_fildes iocb_aio_buf = $iocb->aio_buf iocb_aio_nbytes = $iocb->aio_nbytes iocb_aio_offset = $iocb->aio_offset iocb_aio_reserved2 = $iocb->aio_reserved2 iocb_aio_reserved3 = $iocb->aio_reserved3 result_data = $result->data result_obj = $result->obj result_res = $result->res result_res2 = $result->res2 */ } # sendfile_________________________________________ /* asmlinkage ssize_t sys_sendfile(int out_fd, int in_fd, off_t __user *offset, size_t count) */ probe kernel.syscall.sendfile = kernel.function("sys_sendfile") { name = "sendfile" out_fd = $out_fd in_fd = $in_fd /* offset = $offset */ count = $count } probe kernel.syscall.sendfile.return = kernel.function("sys_sendfile").return { name = "sendfile.return" out_fd = $out_fd in_fd = $in_fd /* offset = $offset */ count = $count } # sendfile64_______________________________________ /* asmlinkage ssize_t sys_sendfile64(int out_fd, int in_fd, loff_t __user *offset, size_t count) */ probe kernel.syscall.sendfile64 = kernel.function("sys_sendfile64") { name = "sendfile64" out_fd = $out_fd in_fd = $in_fd /* offset = $offset */ count = $count } probe kernel.syscall.sendfile64.return = kernel.function("sys_sendfile64").return { name = "sendfile64.return" out_fd = $out_fd in_fd = $in_fd /* offset = $offset */ count = $count } # readlink_________________________________________ /* asmlinkage long sys_readlink(const char __user * path, char __user * buf, int bufsiz) */ probe kernel.syscall.readlink = kernel.function("sys_readlink") { name = "readlink" /* path = $path */ bufsiz = $bufsiz } probe kernel.syscall.readlink.return = kernel.function("sys_readlink").return { name = "readlink.return" /* path = $path buf = $buf */ bufsiz = $bufsiz } # creat____________________________________________ /* asmlinkage long sys_creat(const char __user * pathname, int mode) */ probe kernel.syscall.creat = kernel.function("sys_open") { name = "creat" /* pathname = $pathname */ mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.creat.return = kernel.function("sys_open").return { name = "creat.return" /* pathname = $pathname */ mode = $mode mode_str = _sys_open_mode_str($mode) } # open_____________________________________________ /* asmlinkage long sys_open(const char __user * filename, int flags, int mode) */ probe kernel.syscall.open = kernel.function("sys_open") { name = "open" /* pathname = $pathname */ mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.open.return = kernel.function("sys_open").return { name = "open.return" /* pathname = $pathname */ mode = $mode mode_str = _sys_open_mode_str($mode) } # close____________________________________________ /* asmlinkage long sys_close(unsigned int fd) */ probe kernel.syscall.close = kernel.function("sys_close") { name = "close" fd = $fd /* TODO: write _get_fname_from_fd() */ } probe kernel.syscall.close.return = kernel.function("sys_close").return { name = "close.return" fd = $fd /* TODO: write _get_fname_from_fd() */ } # access___________________________________________ /* asmlinkage long sys_access(const char __user * filename, int mode) */ probe kernel.syscall.access = kernel.function("sys_access") { name = "access" /* pathname = $filename */ mode = $mode mode_str = _access_mode_str($mode) } probe kernel.syscall.access.return = kernel.function("sys_access").return { name = "access.return" /* pathname = $filename */ mode = $mode mode_str = _access_mode_str($mode) } # vhangup__________________________________________ /* asmlinkage long sys_vhangup(void) */ probe kernel.syscall.vhangup = kernel.function("sys_vhangup") { name = "vhangup" } probe kernel.syscall.vhangup.return = kernel.function("sys_vhangup").return { name = "vhangup.return" } # chown____________________________________________ /* asmlinkage long sys_chown(const char __user * filename, uid_t user, gid_t group) */ probe kernel.syscall.chown = kernel.function("sys_chown") { name = "chown" /* path = $filename */ owner = $user group = $group } probe kernel.syscall.chown.return = kernel.function("sys_chown").return { name = "chown.return" /* path = $filename */ owner = $user group = $group } # lchown___________________________________________ /* asmlinkage long sys_lchown(const char __user * filename, uid_t user, gid_t group) */ probe kernel.syscall.lchown = kernel.function("sys_lchown") { name = "lchown" /* path = $filename */ owner = $user group = $group } probe kernel.syscall.lchown.return = kernel.function("sys_lchown").return { name = "lchown.return" /* path = $filename */ owner = $user group = $group } # fchown___________________________________________ /* asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) */ probe kernel.syscall.fchown = kernel.function("sys_fchown") { name = "fchown" fd = $fd owner = $user group = $group } probe kernel.syscall.fchown.return = kernel.function("sys_fchown").return { name = "fchown.return" fd = $fd owner = $user group = $group } # chown16__________________________________________ /* asmlinkage long sys_chown16(const char __user * filename, old_uid_t user, old_gid_t group) */ probe kernel.syscall.chown16 = kernel.function("sys_chown") { name = "chown16" /* path = $filename */ owner = $user group = $group } probe kernel.syscall.chown16.return = kernel.function("sys_chown").return { name = "chown16.return" /* path = $filename */ owner = $user group = $group } # lchown16_________________________________________ /* asmlinkage long sys_lchown16(const char __user * filename, old_uid_t user, old_gid_t group) */ probe kernel.syscall.lchown16 = kernel.function("sys_lchown") { name = "lchown16" /* path = $filename */ owner = $user group = $group } probe kernel.syscall.lchown16.return = kernel.function("sys_lchown").return { name = "lchown16.return" /* path = $filename */ owner = $user group = $group } # fchown16_________________________________________ /* asmlinkage long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group) */ probe kernel.syscall.fchown16 = kernel.function("sys_fchown") { name = "fchown16" fd = $fd owner = $user group = $group } probe kernel.syscall.fchown16.return = kernel.function("sys_fchown").return { name = "fchown16.return" fd = $fd owner = $user group = $group } # setregid16_______________________________________ /* asmlinkage long sys_setregid16(old_gid_t rgid, old_gid_t egid) */ probe kernel.syscall.setregid16 = kernel.function("sys_setregid") { name = "setregid16" } probe kernel.syscall.setregid16.return = kernel.function("sys_setregid").return { name = "setregid16.return" } # setgid16_________________________________________ /* asmlinkage long sys_setgid16(old_gid_t gid) */ probe kernel.syscall.setgid16 = kernel.function("sys_setgid") { name = "setgid16" gid = $gid } probe kernel.syscall.setgid16.return = kernel.function("sys_setgid").return { name = "setgid16.return" gid = $gid } # setreuid16_______________________________________ /* asmlinkage long sys_setreuid16(old_uid_t ruid, old_uid_t euid) */ probe kernel.syscall.setreuid16 = kernel.function("sys_setreuid") { name = "setreuid16" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid16.return = kernel.function("sys_setreuid").return { name = "setreuid16.return" ruid = $ruid euid = $euid } # setuid16_________________________________________ /* asmlinkage long sys_setuid16(old_uid_t uid) */ probe kernel.syscall.setuid16 = kernel.function("sys_setuid") { name = "setuid16" uid = $uid } probe kernel.syscall.setuid16.return = kernel.function("sys_setuid").return { name = "setuid16.return" uid = $uid } # setresuid16______________________________________ /* asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) */ probe kernel.syscall.setresuid16 = kernel.function("sys_setresuid") { name = "setresuid16" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid16.return = kernel.function("sys_setresuid").return { name = "setresuid16.return" ruid = $ruid euid = $euid suid = $suid } # getresuid16______________________________________ /* asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) */ probe kernel.syscall.getresuid16 = kernel.function("sys_getresuid") { name = "getresuid16" } probe kernel.syscall.getresuid16.return = kernel.function("sys_getresuid").return { name = "getresuid16.return" /* ruid = $ruid euid = $euid suid = $suid */ } # setresgid16______________________________________ /* asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid) */ probe kernel.syscall.setresgid16 = kernel.function("sys_setresgid") { name = "setresgid16" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid16.return = kernel.function("sys_setresgid").return { name = "setresgid16.return" rgid = $rgid egid = $egid sgid = $sgid } # getresgid16______________________________________ /* asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) */ probe kernel.syscall.getresgid16 = kernel.function("sys_getresgid") { name = "getresgid16" } probe kernel.syscall.getresgid16.return = kernel.function("sys_getresgid").return { name = "getresgid16.return" /* ruid = $ruid euid = $euid suid = $suid */ } # setfsuid16_______________________________________ /* asmlinkage long sys_setfsuid16(old_uid_t uid) */ probe kernel.syscall.setfsuid16 = kernel.function("sys_setfsuid") { name = "setfsuid16" uid = $uid } probe kernel.syscall.setfsuid16.return = kernel.function("sys_setfsuid").return { name = "setfsuid16.return" uid = $uid } # setfsgid16_______________________________________ /* asmlinkage long sys_setfsgid16(old_gid_t gid) */ probe kernel.syscall.setfsgid16 = kernel.function("sys_setfsgid") { name = "setfsgid16" gid = $gid } probe kernel.syscall.setfsgid16.return = kernel.function("sys_setfsgid").return { name = "setfsgid16.return" gid = $gid } # getgroups16______________________________________ /* asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) */ probe kernel.syscall.getgroups16 = kernel.function("sys_getgroups16") { name = "getgroups16" size = $gidsetsize } probe kernel.syscall.getgroups16.return = kernel.function("sys_getgroups16").return { name = "getgroups16.return" /* old_gid_t __user *grouplist */ } # setgroups16______________________________________ /* asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) */ probe kernel.syscall.setgroups16 = kernel.function("sys_setgroups16") { name = "setgroups16" size = $gidsetsize /* old_gid_t __user *grouplist */ } probe kernel.syscall.setgroups16.return = kernel.function("sys_setgroups16").return { name = "setgroups16.return" size = $gidsetsize /* old_gid_t __user *grouplist */ } # getuid16_________________________________________ /* asmlinkage long sys_getuid16(void) */ probe kernel.syscall.getuid16 = kernel.function("sys_getuid16") { name = "getuid16" } probe kernel.syscall.getuid16.return = kernel.function("sys_getuid16").return { name = "getuid16.return" } # geteuid16________________________________________ /* asmlinkage long sys_geteuid16(void) */ probe kernel.syscall.geteuid16 = kernel.function("sys_geteuid16") { name = "geteuid16" } probe kernel.syscall.geteuid16.return = kernel.function("sys_geteuid16").return { name = "geteuid16.return" } # getgid16_________________________________________ /* asmlinkage long sys_getgid16(void) */ probe kernel.syscall.getgid16 = kernel.function("sys_getgid16") { name = "getgid16" } probe kernel.syscall.getgid16.return = kernel.function("sys_getgid16").return { name = "getgid16.return" } # getegid16________________________________________ /* asmlinkage long sys_getegid16(void) */ probe kernel.syscall.getegid16 = kernel.function("sys_getegid16") { name = "getegid16" } probe kernel.syscall.getegid16.return = kernel.function("sys_getegid16").return { name = "getegid16.return" } # utime____________________________________________ /* asmlinkage long sys_utime(char __user * filename, struct utimbuf __user * times) */ probe kernel.syscall.utime = kernel.function("sys_utime") { name = "utime" /* filename = $filename times_actime = $times->actime times_modtime = $times->modtime */ } probe kernel.syscall.utime.return = kernel.function("sys_utime").return { name = "utime.return" /* filename = $filename times_actime = $times->actime times_modtime = $times->modtime */ } # utimes___________________________________________ /* asmlinkage long sys_utimes(char __user * filename, struct timeval __user * utimes) */ probe kernel.syscall.utimes = kernel.function("sys_utimes") { name = "utimes" /* filename = $filename tvp_tv_sec = $utimes->tv_sec tvp_tv_usec = $utimes->tv_usec */ } probe kernel.syscall.utimes.return = kernel.function("sys_utimes").return { name = "utimes.return" /* filename = $filename tvp_tv_sec = $utimes->tv_sec tvp_tv_usec = $utimes->tv_usec */ } # lseek____________________________________________ /* asmlinkage off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) */ probe kernel.syscall.lseek = kernel.function("sys_lseek") { name = "lseek" fildes = $fd offset = $offset whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.lseek.return = kernel.function("sys_lseek").return { name = "lseek.return" fildes = $fd offset = $offset whence = $origin whence_str = _seek_whence_str($origin) } # llseek___________________________________________ /* asmlinkage long sys_llseek(unsigned int fd, unsigned long offset_high, unsigned long offset_low, loff_t __user * result, unsigned int origin) */ probe kernel.syscall.llseek = kernel.function("sys_llseek") { name = "llseek" fd = $fd offset_high = $offset_high offset_low = $offset_low whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.llseek.return = kernel.function("sys_llseek").return { name = "llseek.return" fd = $fd offset_high = $offset_high offset_low = $offset_low /* result = $result */ whence = $origin whence_str = _seek_whence_str($origin) } # read_____________________________________________ /* asmlinkage ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) */ probe kernel.syscall.read = kernel.function("sys_read") { name = "read" fd = $fd count = $count } probe kernel.syscall.read.return = kernel.function("sys_read").return { name = "read.return" fd = $fd /* buf = $buf */ count = $count } # readahead________________________________________ /* asmlinkage ssize_t sys_readahead(int fd, loff_t offset, size_t count) */ probe kernel.syscall.readahead = kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count } probe kernel.syscall.readahead.return = kernel.function("sys_readahead").return { name = "readahead.return" fd = $fd offset = $offset count = $count } # readv____________________________________________ /* asmlinkage ssize_t sys_readv(unsigned long fd, const struct iovec __user *vec, unsigned long vlen) */ probe kernel.syscall.readv = kernel.function("sys_readv") { name = "readv" fd = $fd count = $vlen } probe kernel.syscall.readv.return = kernel.function("sys_readv").return { name = "readv.return" fd = $fd /* void *iov_base vector_iov_base = $vec->iov_base vector_iov_len = $ven->iov_len */ count = $vlen } # write____________________________________________ /* asmlinkage ssize_t sys_write(unsigned int fd, const char __user * buf, size_t count) */ probe kernel.syscall.write = kernel.function("sys_write") { name = "write" fd = $fd /* buf = $buf */ count = $count } probe kernel.syscall.write.return = kernel.function("sys_write").return { name = "write.return" fd = $fd /* buf = $buf */ count = $count } # writev___________________________________________ /* asmlinkage ssize_t sys_writev(unsigned long fd, const struct iovec __user *vec, unsigned long vlen) */ probe kernel.syscall.writev = kernel.function("sys_writev") { name = "writev" fd = $fd /* void *iov_base vector_iov_base = $vec->iov_base vector_iov_len = $vec->iov_len */ count = $vlen } probe kernel.syscall.writev.return = kernel.function("sys_writev").return { name = "writev.return" fd = $fd /* void *iov_base vector_iov_base = $vec->iov_base vector_iov_len = $vec->iov_len */ count = $vlen } # pread64__________________________________________ /* asmlinkage ssize_t sys_pread64(unsigned int fd, char __user *buf, size_t count, loff_t pos) */ probe kernel.syscall.pread64 = kernel.function("sys_pread64") { name = "pread64" fd = $fd count = $count offset = $pos } probe kernel.syscall.pread64.return = kernel.function("sys_pread64").return { name = "pread64.return" fd = $fd /* void *buf buf = $buf */ count = $count offset = $pos } # pwrite64_________________________________________ /* asmlinkage ssize_t sys_pwrite64(unsigned int fd, const char __user *buf, size_t count, loff_t pos) */ probe kernel.syscall.pwrite64 = kernel.function("sys_pwrite64") { name = "pwrite64" fd = $fd /* const void *buf buf = $buf */ count = $count offset = $pos } probe kernel.syscall.pwrite64.return = kernel.function("sys_pwrite64").return { name = "pwrite64.return" fd = $fd /* const void *buf buf = $buf */ count = $count offset = $pos } # getcwd___________________________________________ /* asmlinkage long sys_getcwd(char __user *buf, unsigned long size) */ probe kernel.syscall.getcwd = kernel.function("sys_getcwd") { name = "getcwd" size = $size } probe kernel.syscall.getcwd.return = kernel.function("sys_getcwd").return { name = "getcwd.return" /* buf = $buf */ size = $size } # mkdir____________________________________________ /* asmlinkage long sys_mkdir(const char __user * pathname, int mode) */ probe kernel.syscall.mkdir = kernel.function("sys_mkdir") { name = "mkdir" /* pathname = $pathname */ mode = $mode /* mode_str = _mode_str($mode) */ } probe kernel.syscall.mkdir.return = kernel.function("sys_mkdir").return { name = "mkdir.return" /* pathname = $pathname */ mode = $mode /* mode_str = _mode_str($mode) */ } # chdir____________________________________________ /* asmlinkage long sys_chdir(const char __user * filename) */ probe kernel.syscall.chdir = kernel.function("sys_chdir") { name = "chdir" /* path = $filename */ } probe kernel.syscall.chdir.return = kernel.function("sys_chdir").return { name = "chdir.return" /* path = $filename */ } # fchdir___________________________________________ /* asmlinkage long sys_fchdir(unsigned int fd) */ probe kernel.syscall.fchdir = kernel.function("sys_fchdir") { name = "fchdir" fd = $fd } probe kernel.syscall.fchdir.return = kernel.function("sys_fchdir").return { name = "fchdir.return" fd = $fd } # rmdir____________________________________________ /* asmlinkage long sys_rmdir(const char __user * pathname) */ probe kernel.syscall.rmdir = kernel.function("sys_rmdir") { name = "rmdir" /* pathname = $pathname */ } probe kernel.syscall.rmdir.return = kernel.function("sys_rmdir").return { name = "rmdir.return" /* pathname = $pathname */ } # lookup_dcookie___________________________________ /* asmlinkage long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) */ probe kernel.syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") { name = "lookup_dcookie" cookie = $cookie64 len = $len } probe kernel.syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return { name = "lookup_dcookie.return" cookie = $cookie64 /* buffer = $buf */ len = $len } # quotactl_________________________________________ /* asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr) */ probe kernel.syscall.quotactl = kernel.function("sys_quotactl") { name = "quotactl" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) /* special = $special */ id = $id /* addr = $addr */ } probe kernel.syscall.quotactl.return = kernel.function("sys_quotactl").return { name = "quotactl.return" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) /* special = $special */ id = $id /* addr = $addr */ } # getdents_________________________________________ /* asmlinkage long sys_getdents(unsigned int fd, struct linux_dirent __user * dirent, unsigned int count) */ probe kernel.syscall.getdents = kernel.function("sys_getdents") { name = "getdents" fd = $fd count = $count } probe kernel.syscall.getdents.return = kernel.function("sys_getdents").return { name = "getdents.return" fd = $fd /* dirp_d_ino = $dirent->d_ino dirp_d_off = $dirent->d_off dirp_d_reclen = $dirent->d_reclen dirp_d_name = $dirent->d_name */ count = $count } # getdents64_______________________________________ /* asmlinkage long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) */ probe kernel.syscall.getdents64 = kernel.function("sys_getdents64") { name = "getdents64" fd = $fd count = $count } probe kernel.syscall.getdents64.return = kernel.function("sys_getdents64").return { name = "getdents64.return" fd = $fd /* dirp_d_ino = $dirent->d_ino dirp_d_off = $dirent->d_off dirp_d_reclen = $dirent->d_reclen dirp_d_name = $dirent->d_name */ count = $count } # setsockopt_______________________________________ /* asmlinkage long sys_setsockopt(int fd, int level, int optname, char __user *optval, int optlen) */ probe kernel.syscall.setsockopt = kernel.function("sys_setsockopt") { name = "setsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) /* optval = $optval */ optlen = $optlen } probe kernel.syscall.setsockopt.return = kernel.function("sys_setsockopt").return { name = "setsockopt.return" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) /* optval = $optval */ optlen = $optlen } # getsockopt_______________________________________ /* asmlinkage long sys_getsockopt(int fd, int level, int optname, char __user *optval, int __user *optlen) */ probe kernel.syscall.getsockopt = kernel.function("sys_getsockopt") { name = "getsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) } probe kernel.syscall.getsockopt.return = kernel.function("sys_getsockopt").return { name = "getsockopt.return" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) /* optval = $optval optlen = $optlen */ } # bind_____________________________________________ /* asmlinkage long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) */ probe kernel.syscall.bind = kernel.function("sys_bind") { name = "bind" sockfd = $fd /* my_addr_sa_family = $umyaddr->sa_family my_addr_sa_data = $umyaddr->sa_data This alias requires more extensive research before it will be complete... The rules used in name binding vary between address families. Consult the manual entries in Section 7 for detailed information. For AF_INET see ip(7), for AF_UNIX see unix(7), for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). */ addrlen = $addrlen } probe kernel.syscall.bind.return = kernel.function("sys_bind").return { name = "bind.return" sockfd = $fd /* my_addr_sa_family = $umyaddr->sa_family my_addr_sa_data = $umyaddr->sa_data This alias requires more extensive research before it will be complete... The rules used in name binding vary between address families. Consult the manual entries in Section 7 for detailed information. For AF_INET see ip(7), for AF_UNIX see unix(7), for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). */ } # connect__________________________________________ /* asmlinkage long sys_socket(int family, int type, int protocol) */ probe kernel.syscall.connect = kernel.function("sys_connect") { name = "connect" /* my_addr_sa_family = $umyaddr->sa_family my_addr_sa_data = $umyaddr->sa_data This alias requires more extensive research before it will be complete... The rules used in name binding vary between address families. Consult the manual entries in Section 7 for detailed information. For AF_INET see ip(7), for AF_UNIX see unix(7), for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). */ } probe kernel.syscall.connect.return = kernel.function("sys_connect").return { name = "connect.return" /* my_addr_sa_family = $umyaddr->sa_family my_addr_sa_data = $umyaddr->sa_data This alias requires more extensive research before it will be complete... The rules used in name binding vary between address families. Consult the manual entries in Section 7 for detailed information. For AF_INET see ip(7), for AF_UNIX see unix(7), for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). */ } # accept___________________________________________ /* asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, int __user *upeer_addrlen) */ probe kernel.syscall.accept = kernel.function("sys_accept") { name = "accept" s = $fd /* addr_sa_family = $upeer_sockaddr->sa_family addr_sa_data = $upeer_sockaddr->sa_data addrlen = $upeer_addrlen See above ... */ } probe kernel.syscall.accept.return = kernel.function("sys_accept").return { name = "accept.return" s = $fd /* addr_sa_family = $upeer_sockaddr->sa_family addr_sa_data = $upeer_sockaddr->sa_data addrlen = $upeer_addrlen See above ... */ } # getsockname______________________________________ /* asmlinkage long sys_getsockname(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)*/ probe kernel.syscall.getsockname = kernel.function("sys_getsockname") { name = "getsockname" s = $fd /* name_sa_family = $usockaddr->sa_family name_sa_data = $usockaddr->sa_data namelen = $usockaddr_len See above ... */ } probe kernel.syscall.getsockname.return = kernel.function("sys_getsockname").return { name = "getsockname.return" s = $fd /* name_sa_family = $usockaddr->sa_family name_sa_data = $usockaddr->sa_data namelen = $usockaddr_len See above ... */ } # getpeername______________________________________ /* asmlinkage long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) */ probe kernel.syscall.getpeername = kernel.function("sys_getpeername") { name = "getpeername" s = $fd /* name_sa_family = $usockaddr->sa_family name_sa_data = $usockaddr->sa_data namelen = $usockaddr_len See above ... */ } probe kernel.syscall.getpeername.return = kernel.function("sys_getpeername").return { name = "getpeername.return" /* name_sa_family = $usockaddr->sa_family name_sa_data = $usockaddr->sa_data namelen = $usockaddr_len See above ... */ } # send_____________________________________________ /* asmlinkage long sys_sendto(int fd, void __user * buff, size_t len, unsigned flags, struct sockaddr __user *addr, int addr_len) */ probe kernel.syscall.send = kernel.function("sys_sendto") { name = "send" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) /* to_sa_family = $addr->sa_family to_sa_data = $addr->sa_data tolen = $addr_len */ } probe kernel.syscall.send.return = kernel.function("sys_sendto").return { name = "send.return" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) /* to_sa_family = $addr->sa_family to_sa_data = $addr->sa_data tolen = $addr_len */ } # sendto___________________________________________ /* asmlinkage long sys_sendto(int fd, void __user * buff, size_t len, unsigned flags, struct sockaddr __user *addr, int addr_len) */ probe kernel.syscall.sendto = kernel.function("sys_sendto") { name = "sendto" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) /* to_sa_family = $addr->sa_family to_sa_data = $addr->sa_data tolen = $addr_len */ } probe kernel.syscall.sendto.return = kernel.function("sys_sendto").return { name = "sendto.return" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) /* to_sa_family = $addr->sa_family to_sa_data = $addr->sa_data tolen = $addr_len */ } # sendmsg__________________________________________ /* asmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) */ probe kernel.syscall.sendmsg = kernel.function("sys_sendmsg") { name = "sendmsg" s = $fd /* msg_msg_name = $msg->msg_name msg_msg_namelen = $msg->msg_namelen msg_msg_iov_iov_base = $msg->msg_iov->iovbase msg_msg_iov_iov_len = $msg->msg_iov->iov_len msg_msg_iovlen = $msg->msg_iovlen msg_msg_control = $msg->msg_control msg_msg_corntollen = $msg->msg_controllen msg_msg_flags = $msg->msg_flags */ flags = $flags flags_str = _send_flags_str($flags) } probe kernel.syscall.sendmsg.return = kernel.function("sys_sendmsg").return { name = "sendmsg.return" s = $fd /* msg_msg_name = $msg->msg_name msg_msg_namelen = $msg->msg_namelen msg_msg_iov_iov_base = $msg->msg_iov->iovbase msg_msg_iov_iov_len = $msg->msg_iov->iov_len msg_msg_iovlen = $msg->msg_iovlen msg_msg_control = $msg->msg_control msg_msg_corntollen = $msg->msg_controllen msg_msg_flags = $msg->msg_flags */ flags = $flags flags_str = _send_flags_str($flags) } # recv_____________________________________________ /* asmlinkage long sys_recvfrom(int fd, void __user * ubuf, size_t size, unsigned flags, struct sockaddr __user *addr, int __user *addr_len) */ probe kernel.syscall.recv = kernel.function("sys_recvfrom") { name = "recv" s = $fd len = $size flags = $flags flags_str = _recvflags_str($flags) /* fromlen = $addr_len */ } probe kernel.syscall.recv.return = kernel.function("sys_recvfrom").return { name = "recv.return" s = $fd /* buf = $buf */ len = $size flags = $flags flags_str = _recvflags_str($flags) /* from_sa_family = $addr->sa_family from_sa_data = $addr->sa_data fromlen = $addr_len */ } # recvfrom_________________________________________ /* asmlinkage long sys_recvfrom(int fd, void __user * ubuf, size_t size, unsigned flags, struct sockaddr __user *addr, int __user *addr_len) */ probe kernel.syscall.recvfrom = kernel.function("sys_recvfrom") { name = "recvfrom" s = $fd len = $size flags = $flags flags_str = _recvflags_str($flags) /* fromlen = $addr_len */ } probe kernel.syscall.recvfrom.return = kernel.function("sys_recvfrom").return { name = "recvfrom.return" s = $fd /* buf = $buf */ len = $size flags = $flags flags_str = _recvflags_str($flags) /* from_sa_family = $addr->sa_family from_sa_data = $addr->sa_data fromlen = $addr_len */ } # recvmsg__________________________________________ /* asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned int flags) */ probe kernel.syscall.recvmsg = kernel.function("sys_recvmsg") { name = "recvmsg" s = $fd flags = $flags msg_msg_corntollen = $msg->msg_controllen msg_msg_flags = $msg->msg_flags flags = _recvflags_str($flags) } probe kernel.syscall.recvmsg.return = kernel.function("sys_recvmsg").return { name = "recvmsg.return" s = $fd flags = $flags flags = _recvflags_str($flags) /* msg_msg_name = $msg->msg_name msg_msg_namelen = $msg->msg_namelen msg_msg_iov_iov_base = $msg->msg_iov->iovbase msg_msg_iov_iov_len = $msg->msg_iov->iov_len msg_msg_iovlen = $msg->msg_iovlen msg_msg_control = $msg->msg_control msg_msg_corntollen = $msg->msg_controllen msg_msg_flags = $msg->msg_flags */ } # socket___________________________________________ /* asmlinkage long sys_socket(int family, int type, int protocol) */ probe kernel.syscall.socket = kernel.function("sys_socket") { name = "socket" family = $family family_str = _sock_family_str($family) type = type type_str = _sock_type_str($type) protocol = $protocol } probe kernel.syscall.socket.return = kernel.function("sys_socket").return { name = "socket.return" family = $family family_str = _sock_family_str($family) type = type type_str = _sock_type_str($type) protocol = $protocol } # socketpair_______________________________________ /* asmlinkage long sys_socketpair(int family, int type, int protocol, int __user *usockvec) */ probe kernel.syscall.socketpair = kernel.function("sys_socketpair") { name = "socketpair" family = $family family_str = _sock_family_str($family) type = type type_str = _sock_type_str($type) protocol = $protocol } probe kernel.syscall.socketpair.return = kernel.function("sys_socketpair").return { name = "socketpair.return" family = $family family_str = _sock_family_str($family) type = type type_str = _sock_type_str($type) protocol = $protocol /* ..of course, accessing sv vector will require some embedded C aux function. sv_0 = $usockvec[0] sv_1 = $usockvec[1] */ } # socketcall_______________________________________ /* asmlinkage long sys_socketcall(int call, unsigned long __user *args) */ probe kernel.syscall.socketcall = kernel.function("sys_socketcall") { name = "socketcall" call = $call /* args = $args */ } probe kernel.syscall.socketcall.return = kernel.function("sys_socketcall").return { name = "socketcall.return" call = $call /* args = $args */ } # listen___________________________________________ /* asmlinkage long sys_listen(int fd, int backlog) */ probe kernel.syscall.listen = kernel.function("sys_listen") { name = "listen" s = $fd backlog = $backlog } probe kernel.syscall.listen.return = kernel.function("sys_listen").return { name = "listen.return" s = $fd backlog = $backlog } # poll_____________________________________________ /* asmlinkage long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) */ probe kernel.syscall.poll = kernel.function("sys_poll") { name = "poll" nfds = $nfds timeout = $timout } probe kernel.syscall.poll.return = kernel.function("sys_poll").return { name = "poll.return" /* ufds = nfds size array of struct pollfd struct pollfd { int fd; short events; short revents; }; where revents = #define POLLIN 0x0001 // There is data to read #define POLLPRI 0x0002 // There is urgent data to read #define POLLOUT 0x0004 // Writing now will not block #define POLLERR 0x0008 // Error condition #define POLLHUP 0x0010 // Hung up #define POLLNVAL 0x0020 // Invalid request: fd not open When compiling XPG4.2 source one also has #ifdef _XOPEN_SOURCE #define POLLRDNORM 0x0040 // Normal data may be read #define POLLRDBAND 0x0080 // Priority data may be read #define POLLWRNORM 0x0100 // Writing now will not block #define POLLWRBAND 0x0200 // Priority data may be written #endif Finally, Linux knows about #ifdef _GNU_SOURCE #define POLLMSG 0x0400 #endif */ nfds = $nfds timeout = $timout } # select___________________________________________ /* asmlinkage long sys_select(int n, fd_set __user *inp, fd_set __user *outp, fd_set __user *exp, struct timeval __user *tvp) */ probe kernel.syscall.select = kernel.function("sys_select") { name = "select" n = $n /* readfds = $inp writefds = $outp exceptfds = $exp timeout_tv_sec = $tvp->tv_sec timoute_tv_usec = $tvp->tv_usec */ } probe kernel.syscall.select.return = kernel.function("sys_select").return { name = "select.return" n = $n /* readfds = $inp writefds = $outp exceptfds = $exp timeout_tv_sec = $tvp->tv_sec timoute_tv_usec = $tvp->tv_usec */ } # epoll_create_____________________________________ /* asmlinkage long sys_epoll_create(int size) */ probe kernel.syscall.epoll_create = kernel.function("sys_epoll_create") { name = "epoll_create" size = $size } probe kernel.syscall.epoll_create.return = kernel.function("sys_epoll_create").return { name = "epoll_create.return" size = $size } # epoll_ctl________________________________________ /* asmlinkage long sys_epoll_ctl(int epfd, int op, int fd, struct epoll_event __user *event) */ probe kernel.syscall.epoll_ctl = kernel.function("sys_epoll_ctl") { name = "epoll_ctl" epfd = $epfd op = $op op_str = _opoll_op_str($op) fd = $fd /* event_events = $event->events event_events_str = _epoll_events_str($event->events) event_data_ptr = $event->data->ptr event_data_fd = $event->data->fd event_data_u32 = $event->data->u32 event_data_u64 = $event->data->u64 */ } probe kernel.syscall.epoll_ctl.return = kernel.function("sys_epoll_ctl").return { name = "epoll_ctl.return" epfd = $epfd op = $op op_str = _opoll_op_str($op) fd = $fd /* event_events = $event->events event_events_str = _epoll_events_str($event->events) event_data_ptr = $event->data->ptr event_data_fd = $event->data->fd event_data_u32 = $event->data->u32 event_data_u64 = $event->data->u64 */ } # epoll_wait_______________________________________ /* asmlinkage long sys_epoll_wait(int epfd, struct epoll_event __user *events, int maxevents, int timeout) */ probe kernel.syscall.epoll_wait = kernel.function("sys_epoll_wait") { name = "epoll_wait" epfd = $epfd /* events_events = $events->events events_events_str = _epoll_events_str($events->events) events_data_ptr = $events->data->ptr events_data_fd = $events->data->fd events_data_u32 = $events->data->u32 events_data_u64 = $events->data->u64 */ maxevents = $maxevents timeout = $timeout } probe kernel.syscall.epoll_wait.return = kernel.function("sys_epoll_wait").return { name = "epoll_wait.return" epfd = $epfd /* events_events = $events->events events_events_str = _epoll_events_str($events->events) events_data_ptr = $events->data->ptr events_data_fd = $events->data->fd events_data_u32 = $events->data->u32 events_data_u64 = $events->data->u64 */ maxevents = $maxevents timeout = $timeout } # gethostname______________________________________ /* asmlinkage long sys_gethostname(char __user *name, int len) */ probe kernel.syscall.gethostname = kernel.function("sys_gethostname") { name = "gethostname" len = $len } probe kernel.syscall.gethostname.return = kernel.function("sys_gethostname").return { name = "gethostname.return" /* hostname = $name */ len = $len } # sethostname______________________________________ /* asmlinkage long sys_sethostname(char __user *name, int len) */ probe kernel.syscall.sethostname = kernel.function("sys_sethostname") { name = "sethostname" /* hostname = $name */ len = $len } probe kernel.syscall.sethostname.return = kernel.function("sys_sethostname").return { name = "sethostname.return" /* hostname = $name */ len = $len } # setdomainname____________________________________ /* asmlinkage long sys_setdomainname(char __user *name, int len) */ probe kernel.syscall.setdomainname = kernel.function("sys_setdomainname") { name = "setdomainname" /* hostname = $name */ len = $len } probe kernel.syscall.setdomainname.return = kernel.function("sys_setdomainname").return { name = "setdomainname.return" /* hostname = $name */ len = $len } # newuname_________________________________________ /* asmlinkage long sys_newuname(struct new_utsname __user * name) */ probe kernel.syscall.newuname = kernel.function("sys_newuname") { name = "newuname" /* name_sysname = $name->sysname name_nodename = $name->nodename name_release = $name->release name_version = $name->version name_machine = $name->machine name_domainname = $name->domainname */ } probe kernel.syscall.newuname.return = kernel.function("sys_newuname").return { name = "newuname.return" /* name_sysname = $name->sysname name_nodename = $name->nodename name_release = $name->release name_version = $name->version name_machine = $name->machine name_domainname = $name->domainname */ } # getrlimit________________________________________ /* asmlinkage long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) */ probe kernel.syscall.getrlimit = kernel.function("sys_getrlimit") { name = "getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) } probe kernel.syscall.getrlimit.return = kernel.function("sys_getrlimit").return { name = "getrlimit.return" resource = $resource resource_str = _rlimit_resource_str($resource) /* rlim_rlim_cur = $rlim->rlim_cur rlim_rlim_max = $rlim->rlim_max */ } # old_getrlimit____________________________________ /* asmlinkage long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) */ probe kernel.syscall.old_getrlimit = kernel.function("sys_old_getrlimit") { name = "old_getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) } probe kernel.syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return { name = "old_getrlimit.return" resource = $resource resource_str = _rlimit_resource_str($resource) /* rlim_rlim_cur = $rlim->rlim_cur rlim_rlim_max = $rlim->rlim_max */ } # setrlimit________________________________________ /* asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim) */ probe kernel.syscall.setrlimit = kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) /* rlim_rlim_cur = $rlim->rlim_cur rlim_rlim_max = $rlim->rlim_max */ } probe kernel.syscall.setrlimit.return = kernel.function("sys_setrlimit").return { name = "setrlimit.return" resource = $resource resource_str = _rlimit_resource_str($resource) /* rlim_rlim_cur = $rlim->rlim_cur rlim_rlim_max = $rlim->rlim_max */ } # getrusage________________________________________ /* asmlinkage long sys_getrusage(int who, struct rusage __user *ru) */ probe kernel.syscall.getrusage = kernel.function("sys_getrusage") { name = "getrusage" who = $who who_str = _rusage_who_str($who) /* usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec usage_ru_maxrss = $ru->ru_maxrss usage_ru_ixrss = $ru->ru_ixrss usage_ru_idrss = $ru->ru_idrss usage_ru_isrss = $ru->ru_isrss usage_ru_minflt = $ru->ru_minflt usage_ru_majflt = $ru->ru_majflt usage_ru_nswap = $ru->ru_nswap usage_ru_inblock = $ru->ru_inblock usage_ru_oublock = $ru->ru_oublock usage_ru_msgsnd = $ru->ru_msgsnd usage_ru_msgrcv = $ru->ru_msgrcv usage_ru_nsignals = $ru->ru_nsignals usage_ru_nvcsw = $ru->ru_nvcsw usage_ru_nivcsw = $ru->ru_nivcsw */ } probe kernel.syscall.getrusage.return = kernel.function("sys_getrusage").return { name = "getrusage.return" who = $who who_str = _rusage_who_str($who) /* usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec usage_ru_maxrss = $ru->ru_maxrss usage_ru_ixrss = $ru->ru_ixrss usage_ru_idrss = $ru->ru_idrss usage_ru_isrss = $ru->ru_isrss usage_ru_minflt = $ru->ru_minflt usage_ru_majflt = $ru->ru_majflt usage_ru_nswap = $ru->ru_nswap usage_ru_inblock = $ru->ru_inblock usage_ru_oublock = $ru->ru_oublock usage_ru_msgsnd = $ru->ru_msgsnd usage_ru_msgrcv = $ru->ru_msgrcv usage_ru_nsignals = $ru->ru_nsignals usage_ru_nvcsw = $ru->ru_nvcsw usage_ru_nivcsw = $ru->ru_nivcsw */ } # umask____________________________________________ /* asmlinkage long sys_umask(int mask) */ probe kernel.syscall.umask = kernel.function("sys_umask") { name = "umask" mask = $mask } probe kernel.syscall.umask.return = kernel.function("sys_umask").return { name = "umask.return" mask = $mask } # msgget___________________________________________ /* asmlinkage long sys_msgget (key_t key, int msgflg) */ probe kernel.syscall.msgget = kernel.function("sys_msgget") { name = "msgget" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) } probe kernel.syscall.msgget.return = kernel.function("sys_msgget").return { name = "msgget.return" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) } # msgsnd___________________________________________ /* asmlinkage long sys_msgsnd (int msqid, struct msgbuf __user *msgp, size_t msgsz, int msgflg) */ probe kernel.syscall.msgsnd = kernel.function("sys_msgsnd") { name = "msgsnd" msqid = $msqid /* msgp_mtype = $msgp->mtype msgp_mtext = $msgp->mtext */ msgsz = $msgsz msgflg = $msgflg } probe kernel.syscall.msgsnd.return = kernel.function("sys_msgsnd").return { name = "msgsnd.return" msqid = $msqid /* msgp_mtype = $msgp->mtype msgp_mtext = $msgp->mtext */ msgsz = $msgsz msgflg = $msgflg } # msgrcv___________________________________________ /* asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz, long msgtyp, int msgflg) */ probe kernel.syscall.msgrcv = kernel.function("sys_msgrcv") { name = "msgrcv" msqid = $msqid msgsz = $msgsz msgtyp = $msgtyp msgflg = $msgflg } probe kernel.syscall.msgrcv.return = kernel.function("sys_msgrcv").return { name = "msgrcv.return" msqid = $msqid /* msgp_mtype = $msgp->mtype msgp_mtext = $msgp->mtext */ msgsz = $msgsz msgtyp = $msgtyp msgflg = $msgflg } # msgctl___________________________________________ /* asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) */ probe kernel.syscall.msgctl = kernel.function("sys_msgctl") { name = "msgctl" msqid = $msqid cmd = $cmd /* buf_msg_perm_key = $buf->msg_perm->key buf_msg_perm_uid = $buf->msg_perm->uid buf_msg_perm_gid = $buf->msg_perm->gid buf_msg_perm_cuid = $buf->msg_perm->cuid buf_msg_perm_cgid = $buf->msg_perm->cgid buf_msg_perm_mode = $buf->msg_perm->mode buf_msg_perm_seq = $buf->msg_perm->seq buf_msg_stime = $buf->msg_stime buf_msg_rtime = $buf->msg_rtime buf_msg_ctime = $buf->msg_ctime buf_msg_lcbytes = $buf->msg_lcbytes buf_msg_lqbytes = $buf->msg_lqbytes buf_msg_cbytes = $buf->msg_cbytes buf_msg_qnum = $buf->msg_qnum buf_msg_qbytes = $buf->msg_qbytes buf_msg_lspid = $msg->msg_lspid */ } probe kernel.syscall.msgctl.return = kernel.function("sys_msgctl").return { name = "msgctl.return" msqid = $msqid cmd = $cmd /* buf_msg_perm_key = $buf->msg_perm->key buf_msg_perm_uid = $buf->msg_perm->uid buf_msg_perm_gid = $buf->msg_perm->gid buf_msg_perm_cuid = $buf->msg_perm->cuid buf_msg_perm_cgid = $buf->msg_perm->cgid buf_msg_perm_mode = $buf->msg_perm->mode buf_msg_perm_seq = $buf->msg_perm->seq buf_msg_stime = $buf->msg_stime buf_msg_rtime = $buf->msg_rtime buf_msg_ctime = $buf->msg_ctime buf_msg_lcbytes = $buf->msg_lcbytes buf_msg_lqbytes = $buf->msg_lqbytes buf_msg_cbytes = $buf->msg_cbytes buf_msg_qnum = $buf->msg_qnum buf_msg_qbytes = $buf->msg_qbytes buf_msg_lspid = $msg->msg_lspid */ } # semget___________________________________________ /* asmlinkage long sys_semget (key_t key, int nsems, int semflg) */ probe kernel.syscall.semget = kernel.function("sys_semget") { name = "semget" key = $key nsems = $nsems semflg = $semflg } probe kernel.syscall.semget.return = kernel.function("sys_semget").return { name = "semget.return" key = $key nsems = $nsems semflg = $semflg } # semop____________________________________________ /* asmlinkage long sys_semop (int semid, struct sembuf __user *tsops, unsigned nsops) */ probe kernel.syscall.semop = kernel.function("sys_semtimedop") { name = "semop" semid = $semid /* Each of the nsops elements in the array pointed to by sops */ nsops = $nsops } probe kernel.syscall.semop.return = kernel.function("sys_semtimedop").return { name = "semop.return" semid = $semid /* Each of the nsops elements in the array pointed to by sops */ nsops = $nsops } # semctl___________________________________________ /* asmlinkage long sys_semctl (int semid, int semnum, int cmd, union semun arg) */ probe kernel.syscall.semctl = kernel.function("sys_semctl") { name = "semctl" semid = $semid semnum = $semnum cmd = $cmd /* TODO Implement _semctl_cmd_str() cmd_str = _semctl_cmd_str($cmd) */ } probe kernel.syscall.semctl.return = kernel.function("sys_semctl").return { name = "semctl.return" semid = $semid semnum = $semnum cmd = $cmd /* TODO Implement _semctl_cmd_str() cmd_str = _semctl_cmd_str($cmd) */ } # semtimedop_______________________________________ /* asmlinkage long sys_semtimedop(int semid, struct sembuf __user *tsops, unsigned nsops, const struct timespec __user *timeout) */ probe kernel.syscall.semtimedop = kernel.function("sys_semtimedop") { name = "semtimedop" semid = $semid /* sops_sem_num = $tsops->sem_num sops_sem_op = $tsops->sem_op sops_sem_flg = $tsops->sem_flg */ nsops = $nsops /* timeout_tv_sec = $timeout->tv_sec timeout_tv_nsec = $timeout->tv_nsec */ } probe kernel.syscall.semtimedop.return = kernel.function("sys_semtimedop").return { name = "semtimedop.return" /* sops_sem_num = $tsops->sem_num sops_sem_op = $tsops->sem_op sops_sem_flg = $tsops->sem_flg */ nsops = $nsops /* timeout_tv_sec = $timeout->tv_sec timeout_tv_nsec = $timeout->tv_nsec */ } # shmat____________________________________________ /* asmlinkage long sys_shmat(int shmid, char __user *shmaddr, int shmflg, unsigned long *addr) */ probe kernel.syscall.shmat = kernel.function("sys_shmat") { name = "shmat" shmid = $shmid /* shmaddr = $shmaddr */ shmflg = $shmflg /* addr = $addr */ } probe kernel.syscall.shmat.return = kernel.function("sys_shmat").return { name = "shmat.return" shmid = $shmid /* shmaddr = $shmaddr */ shmflg = $shmflg /* addr = $addr */ } # shmget___________________________________________ /* asmlinkage long sys_shmget (key_t key, size_t size, int shmflg) */ probe kernel.syscall.shmget = kernel.function("sys_shmget") { name = "shmget" key = $key size = $size shmflg = $shmflg } probe kernel.syscall.shmget.return = kernel.function("sys_shmget").return { name = "shmget.return" key = $key size = $size shmflg = $shmflg } # shmdt____________________________________________ /* asmlinkage long sys_shmdt(char __user *shmaddr) */ probe kernel.syscall.shmdt = kernel.function("sys_shmdt") { name = "shmdt" /* shmaddr = $shmaddr */ } probe kernel.syscall.shmdt.return = kernel.function("sys_shmdt").return { name = "shmdt.return" /* shmaddr = $shmaddr */ } # shmctl___________________________________________ /* asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) */ probe kernel.syscall.shmctl = kernel.function("sys_shmctl") { name = "shmctl" shmid = $shmid cmd = $cmd /* buf_shm_perm_key = $buf->shm_perm->key buf_shm_perm_uid = $buf->shm_perm->uid buf_shm_perm_gid = $buf->shm_perm->gid buf_shm_perm_cuid = $buf->shm_perm->cuid buf_shm_perm_cgid = $buf->shm_perm->cgid buf_shm_perm_mode = $buf->shm_perm->mode buf_shm_perm_seq = $buf->shm_perm->seq buf_shm_segsz = $buf->shm_segsz buf_shm_atime = $buf->shm_atime buf_shm_dtime = $buf->shm_dtime buf_shm_ctime = $buf->shm_ctime buf_shm_cpid = $buf->shm_cpid buf_shm_lpid = $buf->shm_lpid buf_shm_nattch = $buf->shm_nattch */ } probe kernel.syscall.shmctl.return = kernel.function("sys_shmctl").return { name = "shmctl.return" shmid = $shmid cmd = $cmd /* buf_shm_perm_key = $buf->shm_perm->key buf_shm_perm_uid = $buf->shm_perm->uid buf_shm_perm_gid = $buf->shm_perm->gid buf_shm_perm_cuid = $buf->shm_perm->cuid buf_shm_perm_cgid = $buf->shm_perm->cgid buf_shm_perm_mode = $buf->shm_perm->mode buf_shm_perm_seq = $buf->shm_perm->seq buf_shm_segsz = $buf->shm_segsz buf_shm_atime = $buf->shm_atime buf_shm_dtime = $buf->shm_dtime buf_shm_ctime = $buf->shm_ctime buf_shm_cpid = $buf->shm_cpid buf_shm_lpid = $buf->shm_lpid buf_shm_nattch = $buf->shm_nattch */ } # mq_open__________________________________________ /* asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, struct mq_attr __user *u_attr) */ probe kernel.syscall.mq_open = kernel.function("sys_mq_open") { name = "mq_open" /* name = u_name */ oflag = $oflag /* TODO implement _mq_open_oflg_str() */ /* oflag_str = _mq_open_oflg_str() */ /* u_attr_mq_flags = $u_attr->mq_flags u_attr_mq_maxmsg = $u_attr->mq_maxmsg u_attr_mq_msgsize = $u_attr->mq_msgsize u_attr_mq_curmsgs = $u_attr->mq_curmsgs */ } probe kernel.syscall.mq_open.return = kernel.function("sys_mq_open").return { name = "mq_open.return" /* name = u_name */ oflag = $oflag /* TODO implement _mq_open_oflg_str() */ /* oflag_str = _mq_open_oflg_str() */ /* u_attr_mq_flags = $u_attr->mq_flags u_attr_mq_maxmsg = $u_attr->mq_maxmsg u_attr_mq_msgsize = $u_attr->mq_msgsize u_attr_mq_curmsgs = $u_attr->mq_curmsgs */ } # mq_unlink________________________________________ /* asmlinkage long sys_mq_unlink(const char __user *u_name) */ probe kernel.syscall.mq_unlink = kernel.function("sys_mq_unlink") { name = "mq_unlink" /* u_name = $u_name */ } probe kernel.syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return { name = "mq_unlink.return" /* u_name = $u_name */ } # mq_timedsend_____________________________________ /* asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedsend = kernel.function("sys_mq_timedsend") { name = "mq_timedsend" mqdes = $mqdes /* msg_ptr = $u_msg_ptr */ msg_len = $msg_len msg_prio = $msg_prio /* abs_timeout_tv_sec = $u_abs_timeout->tv_sec abs_timeout_tv_usec = $u_abs_timeout->tv_usec */ } probe kernel.syscall.mq_timedsend.return = kernel.function("sys_mq_timedsend").return { name = "mq_timedsend.return" mqdes = $mqdes /* msg_ptr = $u_msg_ptr */ msg_len = $msg_len msg_prio = $msg_prio /* abs_timeout_tv_sec = $u_abs_timeout->tv_sec abs_timeout_tv_usec = $u_abs_timeout->tv_usec */ } # mq_timedreceive__________________________________ /* asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedreceive = kernel.function("sys_mq_timedreceive") { name = "mq_timedreceive" mqdes = $mqdes /* msg_ptr = $u_msg_ptr */ msg_len = $msg_len /* msg_prio = $u_msg_prio abs_timout_tv_sec = $u_abs_timeout->tv_sec abs_timout_tv_usec = $u_abs_timeout->tv_usec */ } probe kernel.syscall.mq_timedreceive.return = kernel.function("sys_mq_timedreceive").return { name = "mq_timedreceive.return" mqdes = $mqdes /* msg_ptr = $u_msg_ptr */ msg_len = $msg_len /* msg_prio = $u_msg_prio abs_timout_tv_sec = $u_abs_timeout->tv_sec abs_timout_tv_usec = $u_abs_timeout->tv_usec */ } # mq_notify________________________________________ /* asmlinkage long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) */ probe kernel.syscall.mq_notify = kernel.function("sys_mq_notify") { name = "mq_notify" mqdes = $mqdes /* TODO requires embedded auxf to export typedef struct sigevent { sigval_t sigev_value; int sigev_signo; int sigev_notify; union { int _pad[SIGEV_PAD_SIZE]; int _tid; struct { void (*_function)(sigval_t); void *_attribute; // really pthread_attr_t } _sigev_thread; } _sigev_un; } sigevent_t; */ } probe kernel.syscall.mq_notify.return = kernel.function("sys_mq_notify").return { name = "mq_notify.return" mqdes = $mqdes /* TODO requires embedded auxf to export typedef struct sigevent { sigval_t sigev_value; int sigev_signo; int sigev_notify; union { int _pad[SIGEV_PAD_SIZE]; int _tid; struct { void (*_function)(sigval_t); void *_attribute; // really pthread_attr_t } _sigev_thread; } _sigev_un; } sigevent_t; */ } # mq_getsetattr____________________________________ /* asmlinkage long sys_mq_getsetattr(mqd_t mqdes, const struct mq_attr __user *u_mqstat, struct mq_attr __user *u_omqstat) */ probe kernel.syscall.mq_getsetattr = kernel.function("sys_mq_getsetattr") { name = "mq_getsetattr" mqdes = $mqdes /* u_mqstat_mq_flags = $u_mqstat->mq_flags u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs u_omqstat_mq_flags = $u_omqstat->mq_flags u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs */ } probe kernel.syscall.mq_getsetattr.return = kernel.function("sys_mq_getsetattr").return { name = "mq_getsetattr.return" mqdes = $mqdes /* u_mqstat_mq_flags = $u_mqstat->mq_flags u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs u_omqstat_mq_flags = $u_omqstat->mq_flags u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs */ } # pciconfig_iobase_________________________________ /* asmlinkage long sys_pciconfig_iobase(long which, unsigned long bus, unsigned long dfn) */ probe kernel.syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { name = "pciconfig_iobase" which = $which bus = $bus dfn = $dfn } probe kernel.syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { name = "pciconfig_iobase.return" which = $which bus = $bus dfn = $dfn } # pciconfig_read___________________________________ /* NOTE: This is a nop function: PCI interation is handled at the kernel PCI layer. Not used. */ /* asmlinkage int sys_pciconfig_read(unsigned long bus, unsigned long dfn, unsigned long off, unsigned long len, unsigned char *buf) { return 0; } */ probe kernel.syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { name = "pciconfig_read" bus = $bus dfn = $dfn off = $off len = $len /* buf = $buf */ } probe kernel.syscall.pciconfig_read.return = kernel.function("sys_pciconfig_read").return { name = "pciconfig_read.return" bus = $bus dfn = $dfn off = $off len = $len /* buf = $buf */ } # pciconfig_write__________________________________ /* NOTE: This is a nop function: PCI interation is handled at the kernel PCI layer. Not used. */ /* asmlinkage int sys_pciconfig_write(unsigned long bus, unsigned long dfn, unsigned long off, unsigned long len, unsigned char *buf) */ probe kernel.syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { name = "pciconfig_write" bus = $bus dfn = $dfn off = $off len = $len /* buf = $buf */ } probe kernel.syscall.pciconfig_write.return = kernel.function("sys_pciconfig_write").return { name = "pciconfig_write.return" bus = $bus dfn = $dfn off = $off len = $len /* buf = $buf */ } # prctl____________________________________________ /* asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) */ probe kernel.syscall.prctl = kernel.function("sys_prctl") { name = "prctl" options = $options arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.prctl.return = kernel.function("sys_prctl").return { name = "prctl.return" options = $options arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } # swapon___________________________________________ /* asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags) */ probe kernel.syscall.swapon = kernel.function("sys_swapon") { name = "swapon" /* path = $specialfile */ swapflags = $swapflags } probe kernel.syscall.swapon.return = kernel.function("sys_swapon").return { name = "swapon.return" /* path = $specialfile */ swapflags = $swapflags } # swapoff__________________________________________ /* asmlinkage long sys_swapoff(const char __user * specialfile) */ probe kernel.syscall.swapoff = kernel.function("sys_swapoff") { name = "swapoff" /* path = $specialfile */ } probe kernel.syscall.swapoff.return = kernel.function("sys_swapoff").return { name = "swapoff.return" /* path = $specialfile */ } # sysctl___________________________________________ /* asmlinkage long sys_sysctl(struct __sysctl_args __user *args) */ probe kernel.syscall.sysctl = kernel.function("sys_sysctl") { name = "sysctl" /* args_name = $args->name args_nlen = $args->nlen args_oldval = $args->oldval args_oldlenp = $args->oldlenp args_newval = $args->newval args_newlen = $args->newlen */ } probe kernel.syscall.sysctl.return = kernel.function("sys_sysctl").return { name = "sysctl.return" /* args_name = $args->name args_nlen = $args->nlen args_oldval = $args->oldval args_oldlenp = $args->oldlenp args_newval = $args->newval args_newlen = $args->newlen */ } # sysinfo__________________________________________ /* asmlinkage long sys_sysinfo(struct sysinfo __user *info) */ probe kernel.syscall.sysinfo = kernel.function("sys_sysinfo") { name = "sysinfo" } probe kernel.syscall.sysinfo.return = kernel.function("sys_sysinfo").return { name = "sysinfo.return" info_uptime = $info->uptime /* info_loads_1 = $info->loads[0] info_loads_2 = $info->loads[1] info_loads_3 = $info->loads[2] */ info_totalram = $info->totalram info_freeram = $info->freeram info_sharedram = $info->sharedram info_bufferram = $info->bufferram info_totalswap = $info->totalswap info_freeswap = $info->freeswap info_procs = $info->prcs info_totalhigh = $info->totalhigh info_freehigh = $info->freehigh info_mem_unit = $info->mem_unit } # sysfs____________________________________________ /* asmlinkage long sys_sysfs(int option, unsigned long arg1, unsigned long arg2) */ probe kernel.syscall.sysfs = kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 arg2 = $arg2 } probe kernel.syscall.sysfs.return = kernel.function("sys_sysfs").return { name = "sysfs.return" option = $option arg1 = $arg1 arg2 = $arg2 } # nfsservctl_______________________________________ /* long asmlinkage sys_nfsservctl(int cmd, struct nfsctl_arg __user *arg, void __user *res) */ probe kernel.syscall.nfsservctl = kernel.function("sys_nfsservctl") { name = "nfsservctl" cmd = $cmd /* TODO create embedded auxf to export this stuff ...from the man page...nfsservctl(int cmd, struct nfsctl_arg *argp, union nfsctl_res *resp); struct nfsctl_arg { int ca_version; // safeguard union { struct nfsctl_svc u_svc; struct nfsctl_client u_client; struct nfsctl_export u_export; struct nfsctl_uidmap u_umap; struct nfsctl_fhparm u_getfh; unsigned int u_debug; } u; } union nfsctl_res { struct knfs_fh cr_getfh; unsigned int cr_debug; }; */ } probe kernel.syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return { name = "nfsservctl.return" cmd = $cmd /* TODO create embedded auxf to export this stuff ...from the man page...nfsservctl(int cmd, struct nfsctl_arg *argp, union nfsctl_res *resp); struct nfsctl_arg { int ca_version; // safeguard union { struct nfsctl_svc u_svc; struct nfsctl_client u_client; struct nfsctl_export u_export; struct nfsctl_uidmap u_umap; struct nfsctl_fhparm u_getfh; unsigned int u_debug; } u; } union nfsctl_res { struct knfs_fh cr_getfh; unsigned int cr_debug; }; */ } # syslog___________________________________________ /* asmlinkage long sys_syslog(int type, char __user * buf, int len) */ probe kernel.syscall.syslog = kernel.function("do_syslog") { name = "syslog" type = $type /* bufp = $buf */ len = $len } probe kernel.syscall.syslog.return = kernel.function("do_syslog").return { name = "syslog.return" type = $type /* bufp = $buf */ len = $len } # uselib___________________________________________ /* asmlinkage long sys_uselib(const char __user * library) */ probe kernel.syscall.uselib = kernel.function("sys_uselib") { name = "uselib" /* library = $library */ } probe kernel.syscall.uselib.return = kernel.function("sys_uselib").return { name = "uselib.return" /* library = $library */ } # add_key__________________________________________ /* asmlinkage long sys_add_key(const char __user *_type, const char __user *_description, const void __user *_payload, size_t plen, key_serial_t ringid) */ probe kernel.syscall.add_key = kernel.function("sys_add_key") { name = "add_key" /* type = $_type description = $_description payload = $payload */ plen = $plen ringid = $ringid } probe kernel.syscall.add_key.return = kernel.function("sys_add_key").return { name = "add_key.return" /* type = $_type description = $_description payload = $payload */ plen = $plen ringid = $ringid } # request_key______________________________________ /* asmlinkage long sys_request_key(const char __user *_type, const char __user *_description, const char __user *_callout_info, key_serial_t destringid) */ probe kernel.syscall.request_key = kernel.function("sys_request_key") { name = "request_key" /* type = $_type description = $_description callout_info = $_callout_info */ destringid = $destringid } probe kernel.syscall.request_key.return = kernel.function("sys_request_key").return { name = "request_key.return" /* type = $_type description = $_description callout_info = $_callout_info */ destringid = $destringid } # keyctl___________________________________________ /* asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) */ probe kernel.syscall.keyctl = kernel.function("sys_keyctl") { name = "keyctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.keyctl.return = kernel.function("sys_keyctl").return { name = "keyctl.return" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } # modify_ldt_______________________________________ /* asmlinkage int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount) */ probe kernel.syscall.modify_ldt = kernel.function("sys_modify_ldt") { name = "modify_ldt" func = $func bytecount = $bytecount } probe kernel.syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return { name = "modify_ldt.return" func = $func /* ptr points to a modify_ldt_ldt_s structure and bytecount must equal the size of this structure */ bytecount = $bytecount } # mmap2____________________________________________ /* static inline unsigned long do_mmap2(unsigned long addr, size_t len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long pgoff) */ probe kernel.syscall.mmap2 = kernel.function("do_mmap2") { name = "mmap2" addr = $addr len = $len prot = $prot flags = $flags fd = $fd pgoff = $pgoff } probe kernel.syscall.mmap2.return = kernel.function("do_mmap2").return { name = "mmap2.return" addr = $addr len = $len prot = $prot flags = $flags fd = $fd pgoff = $pgoff } # execve___________________________________________ /* NOTE: arch specific */ /* asmlinkage int sys_execve(struct pt_regs regs) */ probe kernel.syscall.execve = kernel.function("sys_execve") { name = "execve" /* TODO figure this one out filename = $regs->ebx argv[] = $regs->ecx envp[] = $regs->edx */ } probe kernel.syscall.execve.return = kernel.function("sys_execve").return { name = "execve.return" /* ...hmm, if execve() succeedes were in trouble here... TODO figure this one out filename = $regs->ebx argv[] = $regs->ecx envp[] = $regs->edx */ } # clone____________________________________________ /* long do_fork(unsigned long clone_flags, unsigned long stack_start, struct pt_regs *regs, unsigned long stack_size, int __user *parent_tidptr, int __user *child_tidptr) */ probe kernel.syscall.clone = kernel.function("do_fork") { name = "clone" clone_flags = $clone_flags %( kernel_v > "2.6.9" %? start_stack = $start_stack %) /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } probe kernel.syscall.clone.return = kernel.function("do_fork").return { name = "clone.return" clone_flags = $clone_flags start_stack = $start_stack /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } # fork_____________________________________________ probe kernel.syscall.fork = kernel.function("do_fork") { name = "fork" clone_flags = $clone_flags start_stack = $start_stack /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } probe kernel.syscall.fork.return = kernel.function("do_fork").return { name = "fork.return" clone_flags = $clone_flags start_stack = $start_stack /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } # vfork____________________________________________ probe kernel.syscall.vfork = kernel.function("do_fork") { name = "vfork" clone_flags = $clone_flags start_stack = $start_stack /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } probe kernel.syscall.vfork.return = kernel.function("do_fork").return { name = "vfork.return" clone_flags = $clone_flags start_stack = $start_stack /* Export this??? regs = $regs->... */ stack_size = $stack_size /* parent_tid = $parent_tidptr child_tid = $child_tidptr */ } # pipe_____________________________________________ /* asmlinkage int sys_pipe(unsigned long __user * fildes) */ probe kernel.syscall.pipe = kernel.function("sys_pipe") { name = "pipe" } probe kernel.syscall.pipe.return = kernel.function("sys_pipe").return { name = "pipe.return" /* TODO implement embedded auxf to extract these fildes fildes_read = $fildes[0] fildes_write = $fildes[1] */ } # ptrace___________________________________________ /* asmlinkage int sys_ptrace(long request, long pid, long addr, long data) */ probe kernel.syscall.ptrace = kernel.function("sys_ptrace") { name = "ptrace" pid = $pid addr = $addr data = $data } probe kernel.syscall.ptrace.return = kernel.function("sys_ptrace").return { name = "ptrace.return" pid = $pid addr = $addr data = $data } # iopl_____________________________________________ /* asmlinkage long sys_iopl(unsigned long unused) */ probe kernel.syscall.iopl = kernel.function("sys_iopl") { name = "iopl" level = $unused } probe kernel.syscall.iopl.return = kernel.function("sys_iopl").return { name = "iopl.return" level = $unused } # rt_sigaction_____________________________________ /* asmlinkage long sys_rt_sigaction(int sig, const struct sigaction __user *act, struct sigaction __user *oact, size_t sigsetsize, void __user *restorer) */ probe kernel.syscall.rt_sigaction = kernel.function("sys_rt_sigaction") { name = "rt_sigaction" sig = $sig /* act_sa_handler = $act->sa_handler act_sa_mask = $act->sa_mask act_sa_flags = $act->sa_flags act_sa_restorer = $act->sa_restorer */ sigsetsize = $sigsetsize /* restorer = $restorer */ } probe kernel.syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return { name = "rt_sigaction.return" sig = $sig /* act_sa_handler = $act->sa_handler act_sa_mask = $act->sa_mask act_sa_flags = $act->sa_flags act_sa_restorer = $act->sa_restorer oact_sa_handler = $oact->sa_handler oact_sa_mask = $oact->sa_mask oact_sa_flags = $oact->sa_flags oact_sa_restorer = $oact->sa_restorer */ sigsetsize = $sigsetsize /* restorer = $restorer */ } /* AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS */ /* * These functions construct the bitwise-or'd symbolic string * representation of the f param, based on the function arg. */ /* `man 2 open` for more information */ function _sys_open_flag_str(f) { if(f & 8192) bs="O_ASYNC|".bs if(f & 4096) bs="O_SYNC|".bs if(f & 2048) bs="O_NONBLOCK|".bs if(f & 1024) bs="O_APPEND|".bs if(f & 512) bs="O_TRUNC|".bs if(f & 256) bs="O_NDCTTY|".bs if(f & 128) bs="O_EXCL|".bs if(f & 64) bs="O_CREAT|".bs if((f & 3) == 2) bs="O_RDWR|".bs else if((f & 3) == 1) bs="O_WRONLY|".bs else if((f & 3) == 0) bs="O_RDONLY|".bs return substr(bs,0,strlen(bs)-1) } /* `man 2 open` for more information */ function _access_mode_str(m) { if(m & 4) bs="R_OK|".bs if(m & 2) bs="W_OK|".bs if(m & 1) bs="X_OK|".bs if((m & 3) == 0) bs="F_OK|".bs return substr(bs,0,strlen(bs)-1) } /* `man 2 open` for more information */ function _sys_open_mode_str(f) { if((f & 448) == 448) bs="S_IRWXU|".bs else { if(f & 256) bs="S_IRUSR|".bs if(f & 128) bs="S_IWUSR|".bs if(f & 64) bs="S_IXUSR|".bs } if((f & 56) == 56) bs="S_IRWXG|".bs else { if(f & 32) bs="S_IRGRP|".bs if(f & 16) bs="S_IWGRP|".bs if(f & 8) bs="S_IXGRP|".bs } if((f & 7) == 7) bs="S_IRWXO|".bs else { if(f & 4) bs="S_IROTH|".bs if(f & 2) bs="S_IWOTH|".bs if(f & 1) bs="S_IXOTH|".bs } return substr(bs,0,strlen(bs)-1) } /* `man 2 mknod` for more information */ function _mknod_mode_str(mode) { if((mode & 0x8000)==0x8000) return "S_IFREG|"._sys_open_mode_str(mode) if((mode & 0x2000)==0x2000) return "S_IFCHR|"._sys_open_mode_str(mode) if((mode & 0x6000)==0x6000) return "S_IFBLK|"._sys_open_mode_str(mode) if((mode & 0x1000)==0x1000) return "S_IFIFO|"._sys_open_mode_str(mode) if((mode & 0xC000)==0xC000) return "S_IFSOCK|"._sys_open_mode_str(mode) return "" } /* `man flock` for more information */ function _flock_cmd_str(c) { if(c & 1) bs="LOCK_SH|".bs if(c & 2) bs="LOCK_EX|".bs if(c & 8) bs="LOCK_UN|".bs if(c & 4) bs="LOCK_NB|".bs return substr(bs,0,strlen(bs)-1) } /* `man msync` for more information */ function _wait4_opt_str(f) { if(f & 4) bs="MS_SYNC|".bs if(f & 2) bs="MS_INVALIDATE|".bs if(f & 1) bs="MS_ASYNC|".bs return substr(bs,0,strlen(bs)-1) } /* `man wait4` for more information */ function _msync_flag_str(f) { if(f & 0x01000000) bs="WNOWAIT|".bs if(f & 8) bs="WCONTINUED|".bs if(f & 4) bs="WEXITED|".bs if(f & 2) bs="WSTOPPED|".bs if(f & 1) bs="WNOHANG|".bs return substr(bs,0,strlen(bs)-1) } /* `man sendmsg` for more information */ function _send_flags_str(f) { if(f & 0x0001) bs="MSG_OOB|".bs if(f & 0x0080) bs="MSG_EOR|".bs if(f & 0x0004) bs="MSG_DONTROUTE|".bs if(f & 0x0040) bs="MSG_DONTWAIT|".bs if(f & 0x4000) bs="MSG_NOSIGNAL|".bs if(f & 0x0800) bs="MSG_CONFIRM|".bs return substr(bs,0,strlen(bs)-1) } /* `man recv` for more information */ function _recvflags_str(f) { if(f & 1) bs="MSG_OOB|".bs if(f & 2) bs="MSG_PEEK|".bs if(f & 32) bs="MSG_WAITALL|".bs if(f & 256) bs="MSG_TRUNC|".bs if(f & 8192) bs="MSG_ERRQUEUE|".bs return substr(bs,0,strlen(bs)-1) } /* `man mlockall` for more information */ function _mlockall_flags_str(f) { if(f & 2) bs="MCL_CURRENT|".bs if(f & 1) bs="MCL_FUTURE|".bs return substr(bs,0,strlen(bs)-1) } /* * The following functions return the symbolic string * representation of the flag. If the argument doesnt * map to string, an empty string ("") is returned. */ function _module_flags_str(f) { if(f==8192) return "O_ASYNC" if(f==4096) return "O_SYNC" if(f==2048) return "O_NONBLOCK" if(f==1024) return "O_APPEND" if(f==512) return "O_TRUNC" if(f==256) return "O_NDCTTY" if(f==128) return "O_EXCL" if(f==64) return "O_CREAT" if(f==2) return "O_RDWR" if(f==1) return "O_WRONLY" if(f==0) return "O_RDONLY" return "" } function _get_wc_str(wc) { if(wc==0) return "CLOCK_REALTIME" if(wc==1) return "CLOCK_MONOTONIC" if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID" if(wc==3) return "CLOCK_THREAD_CPUTIME_ID" if(wc==4) return "CLOCK_REALTIME_HR" if(wc==5) return "CLOCK_MONOTONIC_HR" return "" } function _sigprocmask_how_str(how) { if(how==0) return "SIG_BLOCK" if(how==1) return "SIG_UNBLOCK" if(how==2) return "SIG_SETMASK" return "" } function _itimer_which_str(which) { if(which==0) return "ITIMER_REAL" if(which==1) return "ITIMER_VIRTUAL" if(which==2) return "ITIMER_PROF" return "" } function _sched_policy_str(policy) { if(policy==0) return "SCHED_OTHER" if(policy==1) return "SCHED_FIFO" if(policy==2) return "SCHED_RR" return "" } function _priority_which_str(which) { if(which==0) return "PRIO_PROCESS" if(which==1) return "PRIO_PGRP" if(which==2) return "PRIO_USER" return "" } function _shutdown_how_str(how) { if(how==0) return "SHUT_RD" if(how==1) return "SHUT_WR" if(how==2) return "SHUT_RDWR" return "" } function _reboot_magic_str(magic) { if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1" if(magic==672274793) return "LINUX_REBOOT_MAGIC2" if(magic==85072278) return "LINUX_REBOOT_MAGIC2A" if(magic==369367448) return "LINUX_REBOOT_MAGIC2B" if(magic==537993216) return "LINUX_REBOOT_MAGIC2C" return "" } function _reboot_flag_str(flag) { if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART" if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT" if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF" if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2" if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON" if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF" return "" } function _waitid_which_str(flag) { if(flag==0) return "P_ALL" if(flag==1) return "P_PID" if(flag==2) return "P_PGID" return "" } function _futex_op_str(op) { if(op==0) return "FUTEX_WAIT" if(op==1) return "FUTEX_WAKE" if(op==2) return "FUTEX_FD" if(op==3) return "FUTEX_REQUEUE" if(op==4) return "FUTEX_CMP_REQUEUE" return "" } function _mountflags_str(op) { if(op==1) return "MS_RDONLY" if(op==2) return "MS_NOSUID" if(op==4) return "MS_NODEV" if(op==8) return "MS_NOEXEC" if(op==16) return "MS_SYNCHRONOUS" if(op==32) return "MS_REMOUNT" if(op==64) return "MS_MANDLOCK" if(op==128) return "S_WRITE" if(op==256) return "S_APPEND" if(op==512) return "S_IMMUTABLE" if(op==1024) return "MS_NOATIME" if(op==2048) return "MS_NODIRATIME" if(op==4096) return "MS_BIND" return "" } function _statfs_f_type_str(f) { if(f==0xadf5) return "ADFS_SUPER_MAGIC" if(f==0xADFF) return "AFFS_SUPER_MAGIC" if(f==0x42465331) return "BEFS_SUPER_MAGIC" if(f==0x1BADFACE) return "BFS_MAGIC" if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER" if(f==0x73757245) return "CODA_SUPER_MAGIC" if(f==0x012FF7B7) return "COH_SUPER_MAGIC" if(f==0x28cd3d45) return "CRAMFS_MAGIC" if(f==0x1373) return "DEVFS_SUPER_MAGIC" if(f==0x00414A53) return "EFS_SUPER_MAGIC" if(f==0x137D) return "EXT_SUPER_MAGIC" if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC" if(f==0xEF53) return "EXT2_SUPER_MAGIC" if(f==0xEF53) return "EXT3_SUPER_MAGIC" if(f==0x4244) return "HFS_SUPER_MAGIC" if(f==0xF995E849) return "HPFS_SUPER_MAGIC" if(f==0x958458f6) return "HUGETLBFS_MAGIC" if(f==0x9660) return "ISOFS_SUPER_MAGIC" if(f==0x72b6) return "JFFS2_SUPER_MAGIC" if(f==0x3153464a) return "JFS_SUPER_MAGIC" if(f==0x137F) return "MINIX_SUPER_MAGIC" if(f==0x138F) return "MINIX_SUPER_MAGIC2" if(f==0x2468) return "MINIX2_SUPER_MAGIC" if(f==0x2478) return "MINIX2_SUPER_MAGIC2" if(f==0x4d44) return "MSDOS_SUPER_MAGIC" if(f==0x564c) return "NCP_SUPER_MAGIC" if(f==0x6969) return "NFS_SUPER_MAGIC" if(f==0x5346544e) return "NTFS_SB_MAGIC" if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC" if(f==0x9fa0) return "PROC_SUPER_MAGIC" if(f==0x002f) return "QNX4_SUPER_MAGIC" if(f==0x52654973) return "REISERFS_SUPER_MAGIC" if(f==0x7275) return "ROMFS_MAGIC" if(f==0x517B) return "SMB_SUPER_MAGIC" if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC" if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC" if(f==0x01021994) return "TMPFS_MAGIC" if(f==0x15013346) return "UDF_SUPER_MAGIC" if(f==0x00011954) return "UFS_MAGIC" if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC" if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC" if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC" if(f==0x58465342) return "XFS_SUPER_MAGIC" if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC" return "" } function _mprotect_prot_str(prot) { if(prot==0x00000000) return "PROT_NONE" if(prot==0x00000001) return "PROT_READ" if(prot==0x00000002) return "PROT_WRITE" if(prot==0x00000004) return "PROT_EXEC" return "" } function _madvice_advice_str(behavior) { if(behavior==0x00000000) return "MADV_NORMAL" if(behavior==0x00000001) return "MADV_RANDOM" if(behavior==0x00000002) return "MADV_SEQUENTIAL" if(behavior==0x00000003) return "MADV_WILLNEED" if(behavior==0x00000004) return "MADV_DONTNEED" return "" } function _fcntl_cmd_str(cmd) { if(cmd==0x00000000) return "F_DUPFD" if(cmd==0x00000001) return "F_GETFD" if(cmd==0x00000002) return "F_SETFD" if(cmd==0x00000003) return "F_GETFL" if(cmd==0x00000004) return "F_SETFL" if(cmd==0x00000005) return "F_GETLK" if(cmd==0x00000006) return "F_SETLK" if(cmd==0x00000007) return "F_SETLKW" if(cmd==0x00000008) return "F_SETOWN" if(cmd==0x00000009) return "F_GETOWN" if(cmd==0x0000000A) return "F_SETSIG" if(cmd==0x0000000B) return "F_GETLK64" if(cmd==0x0000000C) return "F_SETLK64" if(cmd==0x0000000D) return "F_SETLKW64" return "" } function _seek_whence_str(w) { if(w==0x00000000) return "SEEK_SET" if(w==0x00000001) return "SEEK_CUR" if(w==0x00000002) return "SEEK_END" return "" } function _quotactl_cmd_str(cmd) { if(cmd==0x800002) return "Q_QUOTAON" if(cmd==0x800003) return "Q_QUOTAOFF" if(cmd==0x800007) return "Q_GETQUOTA" if(cmd==0x800008) return "Q_SETQUOTA" if(cmd==0x800005) return "Q_GETINFO" if(cmd==0x800006) return "Q_SETINFO" if(cmd==0x800004) return "Q_GETFMT" if(cmd==0x800001) return "Q_SYNC" /* XFS Quota Manager (XQM) Codes */ if(cmd==0x5801) return "Q_XQUOTAON" if(cmd==0x5802) return "Q_XQUOTAOFF" if(cmd==0x5803) return "Q_XGETQUOTA" if(cmd==0x5804) return "Q_XSETQLIM" if(cmd==0x5805) return "Q_XGETQSTAT" if(cmd==0x5806) return "Q_XQUOTARM" return "" } /* see sys/socket.h (for setsockopt) */ function _sockopt_optname_str(opt) { if(opt==1) return "SO_DEBUG" if(opt==2) return "SO_REUSEADDR" if(opt==3) return "SO_TYPE" if(opt==4) return "SO_ERROR" if(opt==5) return "SO_DONTROUTE" if(opt==6) return "SO_BROADCAST" if(opt==7) return "SO_SNDBUF" if(opt==8) return "SO_RCVBUF" if(opt==9) return "SO_KEEPALIVE" if(opt==10) return "SO_OOBINLINE" if(opt==11) return "SO_NO_CHECK" if(opt==12) return "SO_PRIORITY" if(opt==13) return "SO_LINGER" if(opt==14) return "SO_BSDCOMPAT" if(opt==16) return "SO_PASSCRED" if(opt==17) return "SO_PEERCRED" if(opt==18) return "SO_RCVLOWAT" if(opt==19) return "SO_SNDLOWAT" if(opt==20) return "SO_RCVTIMEO" if(opt==21) return "SO_SNDTIMEO" return "" } /* `man 2 setsockopt` for more information */ function _sockopt_level_str(l) { if(l==0) return "IP" if(l==1) return "ICMP" if(l==2) return "IGMP" if(l==3) return "GGP" if(l==4) return "IP-ENCAP" if(l==5) return "ST" if(l==6) return "TCP" if(l==7) return "CBT" if(l==8) return "EGP" if(l==9) return "IGP" if(l==10) return "BBN-RCC-MON" if(l==11) return "NVP-II" if(l==12) return "PUP" if(l==13) return "ARGUS" if(l==14) return "EMCON" if(l==15) return "XNET" if(l==16) return "CHAOS" if(l==17) return "UDP" if(l==18) return "MUX" if(l==19) return "DCN-MEAS" if(l==20) return "HMP" if(l==21) return "PRM" if(l==22) return "XNS-IDP" if(l==23) return "TRUNK-1" if(l==24) return "TRUNK-2" if(l==25) return "LEAF-1" if(l==26) return "LEAF-2" if(l==27) return "RDP" if(l==28) return "IRTP" if(l==29) return "ISO-TP4" if(l==30) return "NETBLT" if(l==31) return "MFE-NSP" if(l==32) return "MERIT-INP" if(l==33) return "SEP" if(l==34) return "3PC" if(l==35) return "IDPR" if(l==36) return "XTP" if(l==37) return "DDP" if(l==38) return "IDPR-CMTP" if(l==39) return "TP++" if(l==40) return "IL" if(l==41) return "IPv6" if(l==42) return "SDRP" if(l==43) return "IPv6-Route" if(l==44) return "IPv6-Frag" if(l==45) return "IDRP" if(l==46) return "RSVP" if(l==47) return "GRE" if(l==48) return "MHRP" if(l==49) return "BNA" if(l==50) return "IPv6-Crypt" if(l==51) return "IPv6-Auth" if(l==52) return "I-NLSP" if(l==53) return "SWIPE" if(l==54) return "NARP" if(l==55) return "MOBILE" if(l==56) return "TLSP" if(l==57) return "SKIP" if(l==58) return "IPv6-ICMP" if(l==59) return "IPv6-NoNxt" if(l==60) return "IPv6-Opts" if(l==62) return "CFTP" if(l==64) return "SAT-EXPAK" if(l==65) return "KRYPTOLAN" if(l==66) return "RVD" if(l==67) return "IPPC" if(l==69) return "SAT-MON" if(l==70) return "VISA" if(l==71) return "IPCV" if(l==72) return "CPNX" if(l==73) return "CPHB" if(l==74) return "WSN" if(l==75) return "PVP" if(l==76) return "BR-SAT-MON" if(l==77) return "SUN-ND" if(l==78) return "WB-MON" if(l==79) return "WB-EXPAK" if(l==80) return "ISO-IP" if(l==81) return "VMTP" if(l==82) return "SECURE-VMTP" if(l==83) return "VINES" if(l==84) return "TTP" if(l==85) return "NSFNET-IGP" if(l==86) return "DGP" if(l==87) return "TCF" if(l==88) return "EIGRP" if(l==89) return "OSPFIGP" if(l==90) return "Sprite-RPC" if(l==91) return "LARP" if(l==92) return "MTP" if(l==93) return "AX.25" if(l==94) return "IPIP" if(l==95) return "MICP" if(l==96) return "SCC-SP" if(l==97) return "ETHERIP" if(l==98) return "ENCAP" if(l==100) return "GMTP" if(l==101) return "IFMP" if(l==102) return "PNNI" if(l==103) return "PIM" if(l==104) return "ARIS" if(l==105) return "SCPS" if(l==106) return "QNX" if(l==107) return "A/N" if(l==108) return "IPComp" if(l==109) return "SNP" if(l==110) return "Compaq-Peer" if(l==111) return "IPX-in-IP" if(l==112) return "VRRP" if(l==113) return "PGM" if(l==115) return "L2TP" if(l==116) return "DDX" if(l==117) return "IATP" if(l==118) return "STP" if(l==119) return "SRP" if(l==120) return "UTI" if(l==121) return "SMP" if(l==122) return "SM" if(l==123) return "PTP" if(l==124) return "ISIS" if(l==125) return "FIRE" if(l==126) return "CRTP" if(l==127) return "CRUDP" if(l==128) return "SSCOPMCE" if(l==129) return "IPLT" if(l==130) return "SPS" if(l==131) return "PIPE" if(l==132) return "SCTP" if(l==133) return "FC" return "" } function _sock_family_str(f) { if(f==0) return "PF_UNSPEC" if(f==1) return "PF_UNIX" if(f==1) return "PF_LOCAL" if(f==2) return "PF_INET" if(f==3) return "PF_AX25" if(f==4) return "PF_IPX" if(f==5) return "PF_APPLETALK" if(f==6) return "PF_NETROM" if(f==7) return "PF_BRIDGE" if(f==8) return "PF_ATMPVC" if(f==9) return "PF_X25" if(f==10) return "PF_INET6" if(f==11) return "PF_ROSE" if(f==12) return "PF_DECnet" if(f==13) return "PF_NETBEUI" if(f==14) return "PF_SECURITY" if(f==15) return "PF_KEY" if(f==16) return "PF_NETLINK" if(f==17) return "PF_PACKET" if(f==18) return "PF_ASH" if(f==19) return "PF_ECONET" if(f==20) return "PF_ATMSVC" if(f==22) return "PF_SNA" if(f==23) return "PF_IRDA" if(f==24) return "PF_PPPOX" if(f==25) return "PF_WANPIPE" if(f==26) return "PF_LLC" if(f==31) return "PF_BLUETOOTH" if(f==32) return "PF_MAX" return "" } function _sock_type_str(t) { if(t==1) return "SOCK_STREAM" if(t==2) return "SOCK_DGRAM" if(t==5) return "SOCK_SEQPACKET" if(t==3) return "SOCK_RAW" if(t==4) return "SOCK_RDM" if(t==10) return "SOCK_PACKET" return "" } function _opoll_op_str(o) { if(o==1) return "EPOLL_CTL_ADD" if(o==3) return "EPOLL_CTL_MOD" if(o==2) return "EPOLL_CTL_DEL" return "" } function _epoll_events_str(e) { if(e==1) return "EPOLLIN" if(e==4) return "EPOLLOUT" if(e==2) return "EPOLLPRI" if(e==8) return "EPOLLERR" if(e==16) return "EPOLLHUP" if(e==-2147483648) return "EPOLLET" if(e==1073741824) return "EPOLLONESHOT" return "" } function _rlimit_resource_str(r) { if(r==-1) return "RLIM_INFINITY" if(r==9) return "RLIMIT_AS" if(r==4) return "RLIMIT_CORE" if(r==0) return "RLIMIT_CPU" if(r==2) return "RLIMIT_DATA" if(r==1) return "RLIMIT_FSIZE" if(r==10) return "RLIMIT_LOCKS" if(r==8) return "RLIMIT_MEMLOCK" if(r==7) return "RLIMIT_NOFILE" if(r==6) return "RLIMIT_NPROC" if(r==5) return "RLIMIT_RSS" if(r==3) return "RLIMIT_STACK" return "" } function _rusage_who_str(w) { if(w==0) return "RUSAGE_SELF" if(w==-1) return "RUSAGE_CHILDREN" return "" }