1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
global
/* register event */
GROUP_REGEVT,
HOOKID_REGSYSEVT,
HOOKID_REGUSREVT,
/* syscall */
GROUP_SYSCALL,
HOOKID_SYSCALL_ENTRY, HOOKID_SYSCALL_RETURN,
/* process creation */
GROUP_PROCESS,
HOOKID_PROCESS_SNAPSHOT, HOOKID_PROCESS_FORK,
HOOKID_PROCESS_EXECVE,
/* io scheduler */
GROUP_IOSCHED,
HOOKID_IOSCHED_NEXT_REQ, HOOKID_IOSCHED_ADD_REQ,
HOOKID_IOSCHED_REMOVE_REQ,
/* task dispatching */
GROUP_TASK,
HOOKID_TASK_CTXSWITCH, HOOKID_TASK_CPUIDLE,
/* scsi */
GROUP_SCSI,
HOOKID_SCSI_IOENTRY, HOOKID_SCSI_IO_TO_LLD,
HOOKID_SCSI_IODONE_BY_LLD, HOOKID_SCSI_IOCOMP_BY_MIDLEVEL,
/* page fault */
GROUP_PAGEFAULT,
HOOKID_PAGEFAULT,
/* network device */
GROUP_NETDEV,
HOOKID_NETDEV_RECEIVE, HOOKID_NETDEV_TRANSMIT
%{
/* used in embedded c codes */
/* Group ID Definitions */
int _GROUP_REGEVT = 1;
int _GROUP_SYSCALL = 2;
int _GROUP_PROCESS = 3;
int _GROUP_IOSCHED = 4;
int _GROUP_TASK = 5;
int _GROUP_SCSI = 6;
int _GROUP_PAGEFAULT = 7;
int _GROUP_NETDEV = 8;
/* hookIDs defined inside each group */
int _HOOKID_REGSYSEVT = 1;
int _HOOKID_REGUSREVT = 2;
int _HOOKID_SYSCALL_ENTRY = 1;
int _HOOKID_SYSCALL_RETURN = 2;
int _HOOKID_PROCESS_SNAPSHOT = 1;
int _HOOKID_PROCESS_EXECVE = 2;
int _HOOKID_PROCESS_FORK = 3;
int _HOOKID_IOSCHED_NEXT_REQ = 1;
int _HOOKID_IOSCHED_ADD_REQ = 2;
int _HOOKID_IOSCHED_REMOVE_REQ = 3;
int _HOOKID_TASK_CTXSWITCH = 1;
int _HOOKID_TASK_CPUIDLE = 2;
int _HOOKID_SCSI_IOENTRY = 1;
int _HOOKID_SCSI_IO_TO_LLD = 2;
int _HOOKID_SCSI_IODONE_BY_LLD = 3;
int _HOOKID_SCSI_IOCOMP_BY_MIDLEVEL = 4;
int _HOOKID_PAGEFAULT = 1;
int _HOOKID_NETDEV_RECEIVE = 1;
int _HOOKID_NETDEV_TRANSMIT = 2;
%}
function hookid_init()
{
GROUP_REGEVT = 1
HOOKID_REGSYSEVT = 1
HOOKID_REGUSREVT = 2
GROUP_SYSCALL = 2
HOOKID_SYSCALL_ENTRY = 1
HOOKID_SYSCALL_RETURN = 2
GROUP_PROCESS = 3
HOOKID_PROCESS_SNAPSHOT = 1
HOOKID_PROCESS_EXECVE = 2
HOOKID_PROCESS_FORK = 3
GROUP_IOSCHED = 4
HOOKID_IOSCHED_NEXT_REQ = 1
HOOKID_IOSCHED_ADD_REQ = 2
HOOKID_IOSCHED_REMOVE_REQ = 3
GROUP_TASK = 5
HOOKID_TASK_CTXSWITCH = 1
HOOKID_TASK_CPUIDLE = 2
GROUP_SCSI = 6
HOOKID_SCSI_IOENTRY = 1
HOOKID_SCSI_IO_TO_LLD = 2
HOOKID_SCSI_IODONE_BY_LLD = 3
HOOKID_SCSI_IOCOMP_BY_MIDLEVEL = 4
GROUP_PAGEFAULT = 7
HOOKID_PAGEFAULT = 1
GROUP_NETDEV = 8
HOOKID_NETDEV_RECEIVE = 1
HOOKID_NETDEV_TRANSMIT = 2
}
probe begin
{
hookid_init()
lket_trace_init()
register_sys_events()
write_events_desc()
process_snapshot()
}
|
