-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbsdrwsnoop
executable file
·123 lines (103 loc) · 3.37 KB
/
bsdrwsnoop
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/sh
# FreeBSD compatible version of rwsnoop DTrace script. (c) 2012 Alexander Zhuravlev
# License: CDDL
# Based on code from http://www.brendangregg.com/DTrace/rwsnoop (c) 2005 Brendan Gregg.
OPT_FILTER_NAME=0
OPT_FILTERED_NAME=.
OPT_FILTER_PID=0
OPT_FILTERED_PID=0
HAS_FILTER=0
SCRIPT_PATH=/tmp/dtrace.bsdrwsnoop
trap 'rm -f $SCRIPT_PATH' 0
USAGE="
Usage: bsdrwsnoop [-h] [-n name] [-p pid]\n
-n name # log events from the specified process name only\n
-p PID # log events from the specified PID only\n"
while getopts n:p:h OPT; do
case $OPT in
h)
echo -e "$USAGE";
exit 0;
;;
n)
OPT_FILTER_NAME=1
OPT_FILTERED_NAME=$OPTARG
HAS_FILTER=1
;;
p)
OPT_FILTER_PID=1
OPT_FILTERED_PID=$OPTARG
HAS_FILTER=1
;;
\?)
echo -e "$USAGE" >&2
exit 1
esac
done
shift $((OPTIND - 1))
cat > $SCRIPT_PATH <<EOF
inline int OPT_FILTER_PID = $OPT_FILTER_PID;
inline int OPT_FILTERED_PID = $OPT_FILTERED_PID;
inline int OPT_FILTER_NAME = $OPT_FILTER_NAME;
inline string OPT_FILTERED_NAME = "$OPT_FILTERED_NAME";
inline int HAS_FILTER = $HAS_FILTER;
#pragma D option quiet
#pragma D option dynvarsize=64m
#pragma D option bufsize=16m
#pragma D option switchrate=10hz
dtrace:::BEGIN
{
printf("%5s %6s %-12s %1s %7s %4s %5s %s\n", "UID", "PID", "CMD", "D", "BYTES", "FD", "FTYPE", "FILE");
}
syscall::*read:entry,
syscall::*write:entry
/pid != \$pid/
{
self->ok = HAS_FILTER ? 0 : 1;
(OPT_FILTER_NAME == 1 && OPT_FILTERED_NAME == strstr(OPT_FILTERED_NAME, execname)) ? self->ok = 1 : 1;
(OPT_FILTER_NAME == 1 && execname == strstr(execname, OPT_FILTERED_NAME)) ? self->ok = 1 : 1;
(OPT_FILTER_PID == 1 && OPT_FILTERED_PID == pid) ? self->ok = 1 : 1;
self->fd = self->ok ? arg0 : 0;
}
syscall::*read:return
/self->ok/
{
self->rw = "R";
self->size = arg0;
}
syscall::*write:entry
/self->ok/
{
self->rw = "W";
self->size = arg2;
}
syscall::*read:return,
syscall::*write:entry
/self->ok/
{
self->fd != NULL ? self->fd : 0;
self->fp = self->fd != 0 ? curthread->td_proc->p_fd->fd_ofiles[self->fd].fde_file : 0;
self->fp != NULL ? self->fp : 0;
self->vp = self->fp != 0 ? self->fp->f_vnode : 0;
self->vp != NULL ? self->vp : 0;
/* get file path information: http://forums.freebsd.org/showthread.php?t=32649 */
this->ncp = self->vp != 0 ? (&(self->vp->v_cache_dst) != NULL ? self->vp->v_cache_dst.tqh_first : 0) : 0;
this->ncp =! NULL ? this->ncp : 0;
this->ncp->nc_name != NULL ? this->ncp->nc_name : 0;
this->fi_name = this->ncp != 0 ? (this->ncp->nc_name != 0 ? stringof(this->ncp->nc_name) : "<unknown>") : "-";
this->v_type = self->vp != 0 ? self->vp->v_type : 0;
this->v_type != NULL ? this->v_type : 0;
printf("%5d %6d %-12.12s %1s %7d %4d %5d %s\n", uid, pid, execname, self->rw, (int)self->size, (int)self->fd, this->v_type, this->fi_name);
/* Resource cleanup */
self->ok = 0;
self->fd = 0;
self->fp = 0;
self->vp = 0;
self->rw = 0;
self->size = 0;
this->ncp = 0;
this->fi_name = 0;
this->v_type = 0;
}
EOF
/usr/sbin/dtrace -s $SCRIPT_PATH