Page MenuHomeFreeBSD
Files F142846628

D10006.id27563.diff
No OneTemporary
Actions

D10006.id27563.diff
View Options

Index: ObsoleteFiles.inc
===================================================================
--- ObsoleteFiles.inc
+++ ObsoleteFiles.inc
@@ -38,6 +38,10 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20170418: remove DTrace scripts made obsolete by dwatch(8)
+OLD_FILES+=usr/share/dtrace/watch_execve
+OLD_FILES+=usr/share/dtrace/watch_kill
+OLD_FILES+=usr/share/dtrace/watch_vop_remove
# 20170322: rename <x> to <x>_test to match the FreeBSD test suite name scheme
OLD_FILES+=usr/tests/usr.bin/col/col
OLD_FILES+=usr/tests/usr.bin/diff/diff
Index: cddl/usr.sbin/dwatch/Makefile
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/Makefile
@@ -0,0 +1,15 @@
+# $FreeBSD$
+
+.include <src.opts.mk>
+
+SUBDIR= libexec
+
+.if ${MK_EXAMPLES} != "no"
+SUBDIR+= examples
+.endif
+
+SCRIPTS= dwatch
+
+MAN= dwatch.8
+
+.include <bsd.prog.mk>
Index: cddl/usr.sbin/dwatch/dwatch
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/dwatch
@@ -0,0 +1,667 @@
+#!/bin/sh
+#-
+# Copyright (c) 2014-2017 Devin Teske
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+############################################################ IDENT(1)
+#
+# $Title: Watch processes as they enter a particular DTrace probe $
+# $FreeBSD$
+#
+############################################################ CONFIGURATION
+
+#
+# DTrace pragma settings
+#
+DTRACE_PRAGMA="
+ option quiet
+ option dynvarsize=16m
+ option switchrate=10hz
+" # END-QUOTE
+
+#
+# Profiles
+#
+: ${DWATCH_PROFILES_PATH="/usr/libexec/dwatch:/usr/local/libexec/dwatch"}
+
+############################################################ GLOBALS
+
+pgm="${0##*/}" # Program basename
+
+#
+# Command-line arguments
+#
+PROBE=
+PROFILE=
+
+#
+# Command-line options
+#
+COUNT=0 # -c count
+CUSTOM_DETAILS= # -D code
+CUSTOM_TEST= # -t test
+DEBUG= # -d
+EVENT=entry # -e name
+FILTER= # -f regex
+GROUP= # -g group
+JID= # -j jail
+LIST= # -l
+MAX_ARGS=64 # -m num
+MAX_DEPTH=64 # -n num
+PID= # -p pid
+QUIET= # -q
+USER= # -u user
+VERBOSE= # -v
+
+#
+# Global exit status
+#
+SUCCESS=0
+FAILURE=1
+
+#
+# Miscellaneous
+#
+ACTIONS=
+EVENT_DETAILS=
+EVENT_TAG='printf("%d.%d %s[%d]: ",
+ this->uid0, this->gid0, execname, this->pid0);'
+EVENT_TEST=
+FILE=
+ID=2
+RGID=
+RUID=
+SUDO=
+export SUDO_PROMPT="[sudo] Password:"
+
+############################################################ FUNCTIONS
+
+usage()
+{
+ local optfmt="\t%-9s %s\n"
+ exec >&2
+ [ "$*" ] && printf "%s: %s\n" "$pgm" "$*"
+ printf "Usage: %s [OPTIONS] [provider:[module:]]function | profile\n" \
+ "$pgm"
+ printf " %s -l [-e name] [pattern]\n" "$pgm"
+ printf "OPTIONS:\n"
+ printf "$optfmt" "-c count" \
+ "Exit after count matching entries (Default 0 for disabled)."
+ printf "$optfmt" "-D code" \
+ "DTrace code for event details. If \`-', read from stdin."
+ printf "$optfmt" "-d" \
+ "Debug. Send dtrace(1) script to stdout instead of executing."
+ printf "$optfmt" "-e name" \
+ "Event name for given probe function (Default \`$EVENT')."
+ printf "$optfmt" "-f regex" \
+ "Filter. Only show blocks matching awk(1) regular expression."
+ printf "$optfmt" "-g group" \
+ "Group filter. Only show processes matching group name/gid."
+ printf "$optfmt" "-h" \
+ "Help. Display syntax and available profiles then exit."
+ printf "$optfmt" "-j jail" \
+ "Jail filter. Only show processes matching jail name/jid."
+ printf "$optfmt" "-l" \
+ "List available probe points on standard output and exit."
+ printf "$optfmt" "-m num" \
+ "Maximum number of arguments to display (Default $MAX_ARGS)."
+ printf "$optfmt" "-n num" \
+ "Maximum directory depth to display (Default $MAX_DEPTH)."
+ printf "$optfmt" "-P" \
+ "Disable loading of profiles from DWATCH_PROFILES_PATH."
+ printf "$optfmt" "-p pid" \
+ "Process id filter. Only show processes with matching pid."
+ printf "$optfmt" "-q" \
+ "Quiet. Hide informational messages and errors from dtrace(1)."
+ printf "$optfmt" "-t test" \
+ "Test clause (predicate) to limit events (Default none)."
+ printf "$optfmt" "-u user" \
+ "User filter. Only show processes matching user name/uid."
+ printf "$optfmt" "-v" \
+ "Verbose. Show parent, grandparent, and ancestor of process."
+
+ # Build a list of profiles available
+ local profiles
+ profiles=$( { IFS=:
+ for dir in $DWATCH_PROFILES_PATH; do
+ [ -d "$dir" ] || continue
+ for path in $dir/*; do
+ [ -f "$path" ] || continue
+ name="${path##*/}"
+ [ "$name" = "${name%%[!0-9A-Za-z_-]*}" ] ||
+ continue
+ echo $name
+ done
+ done
+ } | sort -u )
+
+ # Get the longest profile name
+ local longest_profile_name
+ longest_profile_name=$( echo "$profiles" |
+ awk -v N=0 '(L = length($0)) > N { N = L } END { print N }' )
+
+ # Get the width of the terminal
+ local max_size="$( stty size 2> /dev/null )"
+ : ${max_size:=24 80}
+ local max_width="${max_size#*[$IFS]}"
+
+ # Determine how many columns we can display
+ local x=$longest_profile_name ncols=1
+ x=$(( $x + 8 )) # Accommodate leading tab character
+ x=$(( $x + 3 + $longest_profile_name )) # Preload end of next column
+ while [ $x -lt $max_width ]; do
+ ncols=$(( $ncols + 1 ))
+ x=$(( $x + 3 + $longest_profile_name ))
+ done
+
+ printf "PROFILES:\n"
+ echo "$profiles" |
+ awk -v ncols=$ncols -v colsize=$longest_profile_name '
+ BEGIN { row_item[1] = "" }
+ function print_row()
+ {
+ printf "\t%-*s", colsize, row_item[1]
+ for (i = 2; i <= cur_col; i++)
+ printf " %-*s", colsize, row_item[i]
+ printf "\n"
+ }
+ {
+ n++
+ cur_col = (( n - 1 ) % ncols ) + 1
+ row_item[cur_col] = $0
+ if ( cur_col == ncols ) print_row()
+ }
+ END { if (cur_col < ncols) print_row() }'
+
+ exit $FAILURE
+}
+
+pproc()
+{
+ local proc="curthread->td_proc"
+ [ $1 -gt 0 ] && proc="this->proc->p_pptr"
+
+ awk 'NR > 1 && $0 { $0 = "\t" $0 } 1' <<-EOFPREAMBLE
+ this->proc = $proc;
+ this->pid$1 = this->proc->p_pid;
+ this->uid$1 = this->proc->p_ucred->cr_uid;
+ this->gid$1 = this->proc->p_ucred->cr_rgid;
+ this->jid$1 = this->proc->p_ucred->cr_prison->pr_id;
+ this->p_args = this->proc ? this->proc->p_args : 0;
+ this->ar_length = this->p_args ? this->p_args->ar_length : 0;
+ this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
+
+ this->arg${1}_0 = this->ar_length > 0 ?
+ this->ar_args : stringof(this->proc->p_comm);
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ EOFPREAMBLE
+
+ awk -v P=$1 -v MAX_ARGS=$MAX_ARGS '
+ $0 { $0 = "\t" $0 }
+ buf = buf $0 "\n" { }
+ END {
+ while (++N <= MAX_ARGS) {
+ $0 = buf
+ gsub(/P/, P)
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFARGS
+ this->argP_N = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ EOFARGS
+
+ awk '$0 = "\t" $0' <<-EOFPROC
+ this->arg${1}_$(( $MAX_ARGS + 1 )) = this->ar_length > 0 ? "..." : "";
+ EOFPROC
+}
+
+pproc_dump()
+{
+ local OPTIND=1 OPTARG flag
+ local nl=1 verbose=
+
+ while getopts nv flag; do
+ case "$flag" in
+ n) nl= ;;
+ v) verbose=1 ;;
+ esac
+ done
+ shift $(( $OPTIND - 1 ))
+
+ [ "$verbose" ] && awk -v P=$1 '
+ $0 { $0 = "\t" $0 }
+ buf = buf $0 "\n" { }
+ END {
+ $0 = buf
+ gsub(/S/, P < 3 ? sprintf("%" 7-2*(P+1) "s", "") : "")
+ gsub(/B/, P < 3 ? "\\" : "")
+ print
+ }
+ ' <<-EOFPREAMBLE
+ printf(" SB-+= %05d %d.%d %s",
+ this->pid$1, this->uid$1, this->gid$1, this->arg${1}_0);
+ EOFPREAMBLE
+
+ awk -v P=$1 -v MAX_ARGS=$MAX_ARGS '
+ $0 { $0 = "\t" $0 }
+ buf = buf $0 "\n" { }
+ END {
+ while (++N <= MAX_ARGS) {
+ $0 = buf
+ if (N == 1) sub(/^\t/, "")
+ gsub(/P/, P)
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFARGS
+ printf("%s%s", this->argP_N != "" ? " " : "", this->argP_N);
+ EOFARGS
+
+ if [ "$nl" ]; then
+ awk '$0 = "\t" $0' <<-EOFTAIL
+ printf("%s", this->arg${1}_0 != "" ? "\\n" : "");
+ EOFTAIL
+ fi
+}
+
+############################################################ MAIN
+
+#
+# Process command-line options
+#
+while getopts c:D:de:f:g:hj:lm:n:Pp:qt:u:v flag; do
+ case "$flag" in
+ c) COUNT="$OPTARG" ;;
+ D) CUSTOM_DETAILS=1 EVENT_DETAILS="$OPTARG" ;;
+ d) DEBUG=1 ;;
+ e) EVENT="$OPTARG" ;;
+ f) FILTER="$OPTARG" ;;
+ g) GROUP="$OPTARG" ;;
+ h) usage ;; # NOTREACHED
+ j) JID="$OPTARG" ;;
+ l) LIST=1 ;;
+ m) MAX_ARGS="$OPTARG" ;;
+ n) MAX_DEPTH="$OPTARG" ;;
+ P) DWATCH_PROFILES_PATH= ;;
+ p) PID="$OPTARG" ;;
+ q) QUIET=1 ;;
+ t) CUSTOM_TEST="$OPTARG" EVENT_TEST="$OPTARG" ;;
+ u) USER="$OPTARG" ;;
+ v) VERBOSE=1 ;;
+ *) usage # NOTREACHED
+ esac
+done
+shift $(( $OPTIND - 1 ))
+
+# If we're running as root, no need for sudo(8)
+[ "$( id -u )" != 0 ] && type sudo > /dev/null 2>&1 && SUDO=sudo
+
+#
+# List probes if `-l' was given
+#
+if [ "$LIST" ]; then
+ eval $SUDO dtrace -l ${QUIET:+2> /dev/null} |
+ awk -v pattern="$1" -v name="$EVENT" '$NF == name &&
+ !_[$0 = $2 ":" (NF > 4 ? $3 : "") ":" $--NF]++ &&
+ $0 ~ pattern'
+ exit
+fi
+
+#
+# Validate number of arguments
+#
+[ $# -gt 0 ] || usage "missing probe/profile argument" # NOTREACHED
+
+#
+# Validate `-c count' option argument
+#
+case "$COUNT" in
+"") usage "-c option requires a number argument" ;; # NOTREACHED
+*[!0-9]*) usage "-c argument must be a number" ;; # NOTREACHED
+esac
+
+#
+# Validate `-g group' option argument
+#
+case "$GROUP" in
+"") : fall through ;;
+*[!0-9]*)
+ if ! RGID=$( getent group | awk -F: -v group="$GROUP" '
+ $1 == group { print $3; exit found=1 }
+ END { exit !found }
+ ' ); then
+ echo "$pgm: No such group: $GROUP" >&2
+ exit $FAILURE
+ fi
+ ;;
+*) RGID=$GROUP
+esac
+
+#
+# Validate `-m num' option argument
+#
+case "$MAX_ARGS" in
+"") usage "-m option requires a number argument" ;; # NOTREACHED
+*[!0-9]*) usage "-m argument must be a number" ;; # NOTREACHED
+esac
+
+#
+# Validate `-n num' option argument
+#
+case "$MAX_DEPTH" in
+"") usage "-n option requires a number argument" ;; # NOTREACHED
+*[!0-9]*) usage "-n argument must be a number" ;; # NOTREACHED
+esac
+
+#
+# Validate `-j jail' option argument
+#
+case "$JID" in
+"") : fall through ;;
+*[!0-9]*) JID=$( jls -j "$JID" jid ) || exit ;;
+esac
+
+#
+# Validate `-p pid' option argument
+#
+case "$PID" in
+"") : fall through ;;
+*[!0-9]*) usage "-p option requires a number argument" ;; # NOTREACHED
+esac
+
+#
+# Validate `-u user' option argument
+#
+case "$USER" in
+"") : fall through ;;
+*[!0-9]*)
+ if ! RUID=$( id -u "$USER" 2> /dev/null ); then
+ echo "$pgm: No such user: $USER" >&2
+ exit $FAILURE
+ fi
+ ;;
+*) RUID=$USER
+esac
+
+#
+# Load kernel module(s) if necessary
+#
+if type kldstat > /dev/null 2>&1; then
+ eval kldstat -qm dtrace ${QUIET:+2> /dev/null} ||
+ $SUDO kldload dtraceall ||
+ exit
+fi
+
+#
+# Read event code from stdin if `-' is the argument to `-D code' option
+#
+[ "$CUSTOM_DETAILS" -a "$EVENT_DETAILS" = "-" ] && EVENT_DETAILS=$( cat )
+
+#
+# Default event details
+#
+[ "$CUSTOM_DETAILS" ] || EVENT_DETAILS="
+ printf(\"%s\", this->arg0_0);
+ $( pproc_dump -n 0 )
+" # END-QUOTE
+
+#
+# If argument is not fully qualified probe (e.g., one that contains ":"), check
+# for a profile by that name, otherwise try to expand the probe name.
+#
+PROBE="$1"
+case "$PROBE" in
+*[![:alnum:]_-]*) : fall through ;;
+*)
+ FILE=$PROBE
+ P=$( eval $SUDO dtrace -ln $PROBE:entry ${QUIET:+2> /dev/null} | awk '
+ $NF == "entry" { print $2 "::" $(NF-1); exit found++ }
+ END { exit !found }
+ ' ) && PROBE=$P
+
+ oldIFS="$IFS" IFS=:
+ for dir in $DWATCH_PROFILES_PATH; do
+ [ -d "$dir" ] || continue
+ [ -f "$dir/$FILE" ] || continue
+ PROFILE="$FILE"
+ . "$dir/$FILE"
+ : ${EVENT:=entry}
+ break
+ done
+ IFS="$oldIFS"
+esac
+
+#
+# Jail tests
+#
+if [ "$JID" ]; then
+ prison_id="curthread->td_proc->p_ucred->cr_prison->pr_id"
+ EVENT_TEST="$prison_id == $JID${CUSTOM_TEST:+ && ($CUSTOM_TEST)}"
+fi
+
+#
+# Header for watched probe entry
+#
+[ "$PROFILE" ] || case "$PROBE" in
+*:execve)
+ EVENT=return
+ EVENT_TEST="execname != this->caller_execname${EVENT_TEST:+ &&
+ ($EVENT_TEST)}${CUSTOM_TEST:+ &&
+ ($CUSTOM_TEST)}"
+ EVENT_TAG='printf("%d.%d %s[%d]: ",
+ this->uid1, this->gid1, this->caller_execname, this->pid1);'
+ ;;
+esac
+
+#
+# DTrace script
+#
+# If `-d' is given, script is sent to stdout for debugging
+# If `-c count", `-f regex', `-g group', or `-u user' is given, run script with
+# dtrace and send output to awk(1) post-processor (making sure to preserve the
+# exit code returned by dtrace invocation). Otherwise, simply run script with
+# dtrace and then exit.
+#
+{
+ if [ "$DEBUG" ]; then
+ # Send script to stdout
+ cat
+ exit
+ fi
+ if ! [ $COUNT -gt 0 -o "$FILTER$JID$PID$USER$GROUP" ]; then
+ # Run script without pipe to awk post-processor
+ eval $SUDO dtrace -s /dev/stdin ${QUIET:+2> /dev/null}
+ exit
+ fi
+
+ if [ ! "$QUIET" ]; then
+ msg="dtrace:"
+ [ "$COUNT" -a $COUNT -gt 0 ] && msg="$msg count: $COUNT"
+ [ "$FILTER" ] && msg="$msg filter: $FILTER"
+ [ "$JID" ] && msg="$msg jid: $JID"
+ [ "$PID" ] && msg="$msg pid: $PID"
+ [ "$USER" ] && msg="$msg user: $USER"
+ [ "$GROUP" ] && msg="$msg group: $GROUP"
+ [ "$CUSTOM_TEST" ] && msg="$msg test: $CUSTOM_TEST"
+ echo "$msg" >&2
+ fi
+
+ # Send script output to post-processor for filtering
+ exec 3>&1 4>&2
+ status=$( exec 5>&1; (
+ trap 'echo $? >&5' EXIT
+ eval $SUDO dtrace -s /dev/stdin ${QUIET:+2> /dev/null}
+ ) 2>&4 | $SUDO awk \
+ -v count="$COUNT" \
+ -v filter="$FILTER" \
+ -v gid=$RGID \
+ -v pid=$PID \
+ -v quiet=$QUIET \
+ -v uid=$RUID \
+ -v tty=$( ps -o tty= -p $$ ) \
+ -v verbose=$VERBOSE \
+ ' # Start awk(1) post-processor
+ ############################################# BEGIN
+ BEGIN {
+ num = "[[:digit:]]+"
+ fmt = sprintf("(%s|%s) ", "\\n +\\\\?-\\+= %s %s\\.%s",
+ "^[^\\n]* %s\\.%s [^\\[]*\\[%s\\]:")
+ pidfilter = sprintf(fmt, pid, num, num, num, num, pid)
+ uidfilter = sprintf(fmt, num, uid, num, uid, num, num)
+ gidfilter = sprintf(fmt, num, num, gid, num, gid, num)
+ }
+ ############################################# FUNCTIONS
+ function dump() {
+ lines = block
+ block = ""
+ if (pid != "" && lines !~ pidfilter) return
+ if (uid != "" && lines !~ uidfilter) return
+ if (gid != "" && lines !~ gidfilter) return
+ if (filter != "" && lines !~ filter) return
+ if (lines) print lines
+ fflush()
+ ++matches
+ }
+ ############################################# MAIN
+ { block = (block ? block "\n" : block) $0 }
+ !verbose { dump() }
+ $0 ~ sprintf("^%6s\\\\-\\+= %s ", "", num) { dump() }
+ count && matches >= count { exit }
+ ############################################# END
+ END {
+ dump()
+ system(sprintf("pkill -t %s dtrace %s", tty,
+ quiet ? "2> /dev/null" : ""))
+ }
+ ' >&3 )
+ exit $status
+
+} <<EOF
+#!/usr/sbin/dtrace -s
+/* -
+ * Copyright (c) 2014-2017 Devin Teske <dteske@FreeBSD.org>
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \`\`AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * \$Title: dtrace(1) script to log process(es) entering $PROBE $
+ * \$FreeBSD$
+ */
+
+$( echo "$DTRACE_PRAGMA" | awk '
+ !/^[[:space:]]*(#|$)/, sub(/^[[:space:]]*/, "#pragma D ")||1
+' )
+
+/*********************************************************/
+
+syscall::execve:entry /* probe ID 1 */
+{
+ this->caller_execname = execname;
+}
+${ACTIONS:+
+/*********************************************************/
+
+$ACTIONS}
+/*********************************************************/
+
+$PROBE:$EVENT${EVENT_TEST:+ /$EVENT_TEST/} /* probe ID $ID */
+{
+ /*
+ * Examine process, parent process, and grandparent process details
+ */
+
+ /******************* CURPROC *******************/
+
+ $( pproc 0 )
+
+ /******************* PPARENT *******************/
+
+ $( if [ "$VERBOSE" ]; then pproc 1; else echo "
+ this->proc = this->proc->p_pptr;
+ this->pid1 = this->proc->p_pid;
+ this->uid1 = this->proc->p_ucred->cr_uid;
+ this->gid1 = this->proc->p_ucred->cr_rgid;
+ this->jid1 = this->proc->p_ucred->cr_prison->pr_id;
+ "; fi )
+
+ /******************* GPARENT *******************/
+
+ $( [ "$VERBOSE" ] && pproc 2 )
+
+ /******************* APARENT *******************/
+
+ $( [ "$VERBOSE" ] && pproc 3 )
+
+ /***********************************************/
+
+ /*
+ * Print process, parent, grandparent, and ancestor details
+ */
+
+ printf("%Y ", walltimestamp);
+ $EVENT_TAG;
+ $EVENT_DETAILS;
+ printf("\\n");
+
+ $( if [ "$VERBOSE" ]; then
+ pproc_dump -v 3
+ pproc_dump -v 2
+ pproc_dump -v 1
+ pproc_dump -v 0
+ fi )
+}
+EOF
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/dwatch.8
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/dwatch.8
@@ -0,0 +1,311 @@
+.\" Copyright (c) 2014-2017 Devin Teske
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd Apr 19, 2017
+.Dt DWATCH 8
+.Os
+.Sh NAME
+.Nm dwatch
+.Nd Watch processes as they enter a particular DTrace probe
+.Sh SYNOPSIS
+.Nm
+.Op OPTIONS
+[provider:[module:]]function | profile
+.Nm
+.Fl l
+.Op Fl e Ar name
+.Op pattern
+.Sh DESCRIPTION
+The
+.Nm
+utility uses
+.Xr dtrace 1
+to display information when DTrace hits a given probe event name.
+The following options are available:
+.Bl -tag -width "-c count"
+.It Fl c Ar count
+Exit after
+.Ar count
+matching entries
+.Pq Default 0 for disabled .
+.It Fl D Ar code
+DTrace code for event details.
+If `-', read from stdin.
+This allows you to customize what is printed after the date/time and user info.
+By default,
+the name and arguments of the program entering the probe are shown.
+.It Fl d
+Debug.
+Send
+.Xr dtrace 1
+script to stdout instead of executing.
+.It Fl e Ar name
+Event name for given probe function
+.Pq Default Ql Li entry .
+.It Fl f Ar regex
+Filter.
+Only show blocks matching
+.Xr awk 1
+regular expression.
+.It Fl g Ar group
+Group filter.
+Only show processes matching
+.Ar group
+name/gid.
+.It Fl h
+Help.
+Display syntax and available profiles then exit.
+.It Fl j Ar jail
+Jail filter. Only show processes matching jail name/jid.
+.It Fl l
+List available probe points on standard output and exit.
+.It Fl m Ar num
+Maximum number of arguments to display
+.Pq Default 64 .
+.It Fl n Ar num
+Maximum directory depth to display
+.Pq Default 64 .
+.It Fl P
+Disable loading of profiles from DWATCH_PROFILES_PATH.
+Same as setting DWATCH_PROFILES_PATH to NULL.
+.It Fl p Ar pid
+Process id filter.
+Only show processes with matching pid.
+.It Fl q
+Quiet.
+Hide informational messages and errors from dtrace(1).
+.It Fl t Ar test
+Test clause
+.Pq predicate
+to limit events
+.Pq Default none .
+.It Fl u Ar user
+User filter.
+Only show processes matching
+.Ar user
+name/uid.
+.It Fl v
+Verbose.
+Show parent,
+grandparent,
+and ancestor of process.
+.El
+.Pp
+Either the name of a
+.Xr dwatch 8
+profile
+.Pq available with Ql Nm Fl h
+or
+.Xr dtrace 1
+probe
+.Po
+available with
+.Ql Nm Fl l
+in the format of
+.Ql Li "[provider:[module:]]function"
+.Pc
+must be given as the first/only non-option argument.
+.Pp
+If given an argument consisting of only alpha-numeric,
+underscore,
+and/or hyphen characters,
+.Xr dwatch 8
+checks for a profile by that name in the colon-separated list of directories in
+.Ev DWATCH_PROFILES_PATH
+.Pq unless given Ql Fl P .
+If no profile is found,
+.Xr dwatch 8
+tries to expand the probe name using the following
+.Xr dtrace 1
+command:
+.Pp
+.Bl -tag -width indent+
+.It ""
+dtrace -ln <probe>:entry
+.El
+.Pp
+For example, if given a probe of
+.Dq Li foo ,
+.Xr dwatch 8
+will execute
+.Ql Li dtrace -ln foo:entry
+and take the first probe available.
+.Pp
+The default event name of
+.Ql Li entry
+can be changed using
+.Ql Fl e Ar name .
+.Pp
+Each time a process enters the given probe,
+the date/time of entry,
+name/id of process,
+and
+.Pq if no profile and not given Ql Fl D Ar code
+the process name and arguments are printed.
+.Pp
+If the probe is
+.Ql Li execve
+the full name and arguments of the forked child-process are instead shown.
+.Sh PROFILES
+Profiles customize the data printed during events.
+Profiles are loaded from a colon-separated list of directories in
+.Ev DWATCH_PROFILES_PATH .
+Below is an incomplete list of profiles with basic descriptions:
+.Pp
+.Bl -tag -width "vop_readdir"
+.It chmod
+Print arguments being passed to chmod(2)
+.It fchmod
+Print arguments being passed to fchmod(2)
+.It fchmodat
+Print arguments being passed to fchmodat(2)
+.It kill
+Print arguments being passed to kill(2)
+.It lchmod
+Print arguments being passed to lchmod(2)
+.It nanosleep
+Print arguments being passed to lchmod(2)
+.It vop_create
+Print filesystem paths being created by VOP_CREATE(9)
+.It vop_lookup
+Print filesystem paths being looked-up by VOP_LOOKUP(9)
+.It vop_mkdir
+Print directory paths being created by VOP_MKDIR(9)
+.It vop_mknod
+Print device node paths being created by VOP_MKNOD(9)
+.It vop_readdir
+Print directory paths being read by VOP_READDIR(9)
+.It vop_remove
+Print filesystem paths being removed by VOP_REMOVE(9)
+.It vop_rename
+Print filesystem paths being renamed by VOP_RENAME(9)
+.It vop_rmdir
+Print directory paths being removed by VOP_RMDIR(9)
+.It vop_symlink
+Print symlink paths being created by VOP_SYMLINK(9)
+.El
+.Sh EXAMPLES
+Below are some simple examples of how to use
+.Nm
+to watch system activity:
+.Pp
+.Nm
+.Fl c Ar 1
+kill
+.Dl Display the first call to Xr kill 2 and then exit.
+.Pp
+.Nm
+.Fl D Ar 'printf("%i", arg1)'
+zfs_sync
+.Dl Print argument one being passed to each call to zfs_sync().
+.Pp
+.Nm
+.Fl d
+fsync
+.Dl "Do not" execute Xr dtrace 1 but display script on stdout and exit.
+.Pp
+.Nm
+.Fl e Ar on-cpu
+sched::
+.Dl Watch processes entering system CPU scheduler.
+.Pp
+.Nm
+.Fl f Ar '(mk|rm)dir'
+execve
+.Dl Display processes matching either Do Li mkdir Dc or Do Li rmdir Dc .
+.Pp
+.Nm
+.Fl g Ar wheel
+execve
+.Dl Display only processes belonging to wheel super-group.
+.Pp
+.Nm
+.Fl j Ar 0
+execve
+.Dl Ignore jails, displaying only base system processes.
+.Pp
+.Nm
+.Fl j Ar myjail
+execve
+.Dl Display only processes running inside the jail named Ql Li myjail .
+.Pp
+.Nm
+.Fl l Ar 'read$'
+.Dl List available probes ending in Dq Li read .
+.Pp
+.Nm
+.Fl P
+vop_create
+.Dl Disable profiles causing default information to be displayed.
+.Pp
+.Nm
+.Fl p 1234
+execve
+.Dl Watch processes forked by pid 1234 .
+.Pp
+.Nm
+.Fl q
+.Fl t Ar 'arg2<10'
+.Fl D Ar 'printf("%d",arg2)'
+write
+.Dl Display processes calling Xr write 2 with Do nbytes Dc less than 10 .
+.Pp
+.Nm
+.Fl u Ar root
+execve
+.Dl Display only processes belonging to the root super-user.
+.Pp
+.Nm
+.Fl v
+execve
+.Dl Show process tree for each command as it is executed.
+.Pp
+.Nm
+.Fl v Fl p Ar 1234
+execve
+.Dl Watch processes forked by pid 1234 or children thereof .
+.Sh ENVIRONMENT VARIABLES
+The following environment variables affect the execution of
+.Nm :
+.Bl -tag -width "DWATCH_PROFILES_PATH"
+.It Ev DWATCH_PROFILES_PATH
+If DWATCH_PROFILES_PATH is set,
+.Nm
+will search for profiles in the colon-separated list of directories
+instead of the default
+.Ql Li /usr/libexec/dwatch:/usr/local/libexec/dwatch .
+If set to NULL, no profiles will be loaded.
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh SEE ALSO
+.Xr dtrace 1
+.Sh HISTORY
+.Nm
+first appeared in
+.Fx 12.0-CURRENT .
+.Sh AUTHORS
+.An Devin Teske Aq Mt dteske@FreeBSD.org
Index: cddl/usr.sbin/dwatch/examples/Makefile
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/examples/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+FILESDIR= ${SHAREDIR}/examples/dwatch
+FILES= profile_template
+
+.include <bsd.prog.mk>
Index: cddl/usr.sbin/dwatch/examples/profile_template
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/examples/profile_template
@@ -0,0 +1,64 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) profile for XXX entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# XXX
+#
+############################################################ PROBE
+
+# Optional: For profiles, dwatch(8) initializes this to the first probe found
+# by `dtrace -ln $PROFILE:entry' where $PROFILE is the basename of this file.
+# You can override this to `[provider:[module:]]function' as needed.
+
+#PROBE=
+
+############################################################ ACTIONS
+
+# Optional actions to be performed before hitting the final print action
+
+#exec 9<<EOF
+#EOF
+#ACTIONS=$( cat <&9 )
+#ID=
+
+############################################################ EVENT ACTION
+
+# The default value is simply `entry'. This is paired with $PROBE and can be
+# customized to include clauses for the final print action which must be true
+# before the print action will run.
+
+#EVENT=
+
+############################################################ EVENT TAG
+
+# The EVENT_TAG is run inside the print action after the timestamp has been
+# printed. By default, `UID.GID CMD[PID]: ' of the process is printed.
+
+#exec 9<<EOF
+#EOF
+#EVENT_TAG=$( cat <&9 )
+
+############################################################ EVENT DETAILS
+
+# The DETAILS are run after the EVENT_TAG and by default, the program name and
+# arguments of the process hitting the EVENT action are shown. This can be
+# customized to call-specific information because the `-v' flag of dwatch(8)
+# can provide detailed process information for the EVENT action on lines below
+# the DETAILS.
+#
+# NB: Should produce a single-line and not print a trailing newline.
+
+#exec 9<<EOF
+# printf("XXX");
+#EOF
+#DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/Makefile
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/Makefile
@@ -0,0 +1,21 @@
+# $FreeBSD$
+
+FILESDIR= ${LIBEXECDIR}/dwatch
+FILES= chmod \
+ fchmod \
+ fchmodat \
+ kill \
+ nanosleep \
+ vop_create \
+ vop_readdir \
+ vop_rename \
+ vop_symlink
+
+LINKS= ${LIBEXECDIR}/dwatch/chmod ${LIBEXECDIR}/dwatch/lchmod
+LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mkdir
+LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mknod
+LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_remove
+LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_rmdir
+LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_lookup
+
+.include <bsd.prog.mk>
Index: cddl/usr.sbin/dwatch/libexec/chmod
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/chmod
@@ -0,0 +1,28 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for chmod(2) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print arguments being passed to chmod(2) [or similar]
+#
+############################################################ PROBE
+
+PROBE=syscall::$PROFILE
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ this->path = (string)copyinstr(arg0);
+ printf("$PROFILE(path \"%s\", mode %04o)",
+ this->path, (mode_t)arg1);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/fchmod
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/fchmod
@@ -0,0 +1,26 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for fchmod(2) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print arguments being passed to fchmod(2) [or similar]
+#
+############################################################ PROBE
+
+PROBE=syscall::$PROFILE
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ printf("$PROFILE(fd %i, mode %04o)", (int)arg0, (mode_t)arg1);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/fchmodat
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/fchmodat
@@ -0,0 +1,28 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for fchmodat(2) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print arguments being passed to fchmodat(2) [or similar]
+#
+############################################################ PROBE
+
+PROBE=syscall::$PROFILE
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ this->path = (string)copyinstr(arg1);
+ printf("$PROFILE(fd %i, path \"%s\", mode %04o, flag %i)",
+ (int)arg0, this->path, (mode_t)arg2, (int)arg3);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/kill
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/kill
@@ -0,0 +1,28 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for kill(2) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print arguments being passed to kill(2) [or similar]
+#
+############################################################ PROBE
+
+PROBE=syscall::$PROFILE
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ printf("$PROFILE(pid %d, sig %u)",
+ (pid_t)arg0 > 0 ? arg0 : arg0 == -1 ? -1 : arg0 * -1,
+ (int)arg1);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/nanosleep
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/nanosleep
@@ -0,0 +1,30 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for nanosleep(2) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print arguments being passed to nanosleep(2) [or similar]
+#
+############################################################ PROBE
+
+PROBE=syscall::$PROFILE
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ this->rqtp = (struct timespec *)copyin(arg0, sizeof(struct timespec));
+ this->rmtp = (struct timespec *)copyin(arg1, sizeof(struct timespec));
+ printf("$PROFILE(rqtp {%ds, %dns}, rmtp {%ds, %dns})",
+ this->rqtp->tv_sec, this->rqtp->tv_nsec,
+ this->rmtp->tv_sec, this->rmtp->tv_nsec);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/vop_create
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/vop_create
@@ -0,0 +1,147 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for VOP_CREATE(9) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print filesystem paths being operated-on by VOP_CREATE(9) [or similar]
+# NB: All paths are shown even if error prevents operation.
+#
+############################################################ PROBE
+
+PROBE=vfs:vop:$PROFILE
+
+############################################################ ACTIONS
+
+exec 9<<EOF
+$PROBE:entry /* probe ID 2 */
+{
+ this->vp = (struct vnode *)arg0;
+ this->ncp = this->vp != NULL ?
+ this->vp->v_cache_dst.tqh_first : 0;
+ this->fi_name = args[1] ? (
+ args[1]->a_cnp != NULL ?
+ stringof(args[1]->a_cnp->cn_nameptr) : ""
+ ) : "";
+ this->mount = this->vp != NULL ?
+ this->vp->v_mount : NULL; /* ptr to vfs we are in */
+ this->fi_fs = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_fstypename) : "";
+ this->fi_mount = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_mntonname) : "";
+ this->d_name = args[0]->v_cache_dd != NULL ?
+ stringof(args[0]->v_cache_dd->nc_name) : "";
+}
+
+$PROBE:entry /this->vp == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == "" ||
+ this->fi_name == ""/ /* probe ID 3 */
+{
+ this->ncp = 0;
+}
+
+/*********************************************************/
+
+$PROBE:entry /this->ncp/ /* probe ID 4 (depth 1) */
+{
+ this->dvp = this->ncp->nc_dvp != NULL ? (
+ this->ncp->nc_dvp != NULL ?
+ this->ncp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->name1 = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->name1 == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == "" ||
+ this->name1 == "/" || this->name1 == ""/ /* probe ID 5 */
+{
+ this->dvp = 0;
+}
+
+/*********************************************************/
+
+/*
+ * BEGIN Pathname-depth iterators
+ */
+
+$( awk -v ID=6 -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (DEPTH = 2; DEPTH <= MAX_DEPTH; DEPTH++) {
+ $0 = buf
+ gsub(/DEPTH/, DEPTH)
+ gsub(/IDNUM/, ID++)
+ sub(/\n$/, "")
+ print
+ }
+ }
+' <<EOFDEPTH
+$PROBE:entry /this->dvp/ /* probe ID IDNUM (depth DEPTH) */
+{
+ this->dvp = this->dvp->nc_dvp != NULL ? (
+ this->dvp->nc_dvp != NULL ?
+ this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->nameDEPTH = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+EOFDEPTH
+)
+
+/*
+ * END Pathname-depth iterators
+ */
+EOF
+ACTIONS=$( cat <&9 )
+ID=$(( $MAX_DEPTH + 5 ))
+
+############################################################ EVENT ACTION
+
+EVENT="entry /this->fi_mount != 0/"
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ /*
+ * Print full path
+ * NB: Up-to but not including the parent directory (printed below)
+ */
+ printf("%s%s", this->fi_mount, this->fi_mount != 0 ? (
+ this->fi_mount == "/" ? "" : "/"
+ ) : "/");
+ $( awk -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (N = MAX_DEPTH; N > 0; N--) {
+ $0 = (N < MAX_DEPTH ? "\t" : "") buf
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFDEPTH
+ printf("%s%s", this->name = this->nameN, this->name != "" ? "/" : "");
+ EOFDEPTH
+ )
+
+ /* Print the parent directory name */
+ this->name = this->d_name != 0 ? this->d_name : "";
+ printf("%s%s", this->name, this->name != "" ? "/" : "");
+
+ /* Print the entry name */
+ this->name = this->fi_name != 0 ? this->fi_name : "";
+ printf("%s", this->name);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/vop_readdir
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/vop_readdir
@@ -0,0 +1,138 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for VOP_READDIR(9) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print directory paths being read by VOP_READDIR(9) [or similar]
+# NB: All paths are shown even if error prevents their reading.
+#
+############################################################ PROBE
+
+PROBE=vfs:vop:$PROFILE
+
+############################################################ ACTIONS
+
+exec 9<<EOF
+$PROBE:entry /* probe ID 2 */
+{
+ this->vp = (struct vnode *)arg0;
+ this->ncp = this->vp != NULL ?
+ this->vp->v_cache_dst.tqh_first : 0;
+ this->mount = this->vp != NULL ?
+ this->vp->v_mount : NULL; /* ptr to vfs we are in */
+ this->fi_fs = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_fstypename) : "";
+ this->fi_mount = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_mntonname) : "";
+ this->d_name = args[0]->v_cache_dd != NULL ?
+ stringof(args[0]->v_cache_dd->nc_name) : "";
+}
+
+$PROBE:entry /this->vp == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == ""/ /* probe ID 3 */
+{
+ this->ncp = 0;
+}
+
+/*********************************************************/
+
+$PROBE:entry /this->ncp/ /* probe ID 4 (depth 1) */
+{
+ this->dvp = this->ncp->nc_dvp != NULL ? (
+ this->ncp->nc_dvp != NULL ?
+ this->ncp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->name1 = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->name1 == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == "" ||
+ this->name1 == "/" || this->name1 == ""/ /* probe ID 5 */
+{
+ this->dvp = 0;
+}
+
+/*********************************************************/
+
+/*
+ * BEGIN Pathname-depth iterators
+ */
+
+$( awk -v ID=6 -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (DEPTH = 2; DEPTH <= MAX_DEPTH; DEPTH++) {
+ $0 = buf
+ gsub(/DEPTH/, DEPTH)
+ gsub(/IDNUM/, ID++)
+ sub(/\n$/, "")
+ print
+ }
+ }
+' <<EOFDEPTH
+$PROBE:entry /this->dvp/ /* probe ID IDNUM (depth DEPTH) */
+{
+ this->dvp = this->dvp->nc_dvp != NULL ? (
+ this->dvp->nc_dvp != NULL ?
+ this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->nameDEPTH = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+EOFDEPTH
+)
+
+/*
+ * END Pathname-depth iterators
+ */
+EOF
+ACTIONS=$( cat <&9 )
+ID=$(( $MAX_DEPTH + 5 ))
+
+############################################################ EVENT ACTION
+
+EVENT="entry /this->fi_mount != 0/"
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ /*
+ * Print full path
+ * NB: Up-to but not including the parent directory (printed below)
+ */
+ printf("%s%s", this->fi_mount, this->fi_mount != 0 ? (
+ this->fi_mount == "/" ? "" : "/"
+ ) : "/");
+ $( awk -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (N = MAX_DEPTH; N > 0; N--) {
+ $0 = (N < MAX_DEPTH ? "\t" : "") buf
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFDEPTH
+ printf("%s%s", this->name = this->nameN, this->name != "" ? "/" : "");
+ EOFDEPTH
+ )
+
+ /* Print the parent directory name */
+ this->name = this->d_name != 0 ? this->d_name : "";
+ printf("%s%s", this->name, this->name != "" ? "/" : "");
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/vop_rename
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/vop_rename
@@ -0,0 +1,234 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for VOP_RENAME(9) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print filesystem paths being renamed by VOP_RENAME(9) [or similar]
+# NB: All paths are shown even if error prevents their rename.
+#
+############################################################ PROBE
+
+PROBE=vfs:vop:$PROFILE
+
+############################################################ ACTIONS
+
+exec 9<<EOF
+$PROBE:entry /* probe ID 2 */
+{
+ this->fvp = args[1] ? args[1]->a_fdvp : NULL;
+ this->fncp = this->fvp != NULL ?
+ this->fvp->v_cache_dst.tqh_first : 0;
+ this->ffi_name = args[1] ? (
+ args[1]->a_fcnp != NULL ?
+ stringof(args[1]->a_fcnp->cn_nameptr) : ""
+ ) : "";
+ this->fmount = this->fvp != NULL ?
+ this->fvp->v_mount : NULL; /* ptr to vfs we are in */
+ this->ffi_fs = this->fmount != NULL ?
+ stringof(this->fmount->mnt_stat.f_fstypename) : "";
+ this->ffi_mount = this->fmount != NULL ?
+ stringof(this->fmount->mnt_stat.f_mntonname) : "";
+ this->fd_name = args[0]->v_cache_dd != NULL ?
+ stringof(args[0]->v_cache_dd->nc_name) : "";
+
+ this->tvp = args[1] ? args[1]->a_tdvp : NULL;
+ this->tncp = this->tvp != NULL ?
+ this->tvp->v_cache_dst.tqh_first : 0;
+ this->tfi_name = args[1] ? (
+ args[1]->a_tcnp != NULL ?
+ stringof(args[1]->a_tcnp->cn_nameptr) : ""
+ ) : "";
+ this->tmount = this->tvp != NULL ?
+ this->tvp->v_mount : NULL; /* ptr to vfs we are in */
+ this->tfi_fs = this->tmount != NULL ?
+ stringof(this->tmount->mnt_stat.f_fstypename) : "";
+ this->tfi_mount = this->tmount != NULL ?
+ stringof(this->tmount->mnt_stat.f_mntonname) : "";
+ this->td_name = this->tvp != NULL ? (
+ this->tvp->v_cache_dd != NULL ?
+ stringof(this->tvp->v_cache_dd->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->fvp == 0 || this->ffi_fs == 0 ||
+ this->ffi_fs == "devfs" || this->ffi_fs == "" ||
+ this->ffi_name == ""/ /* probe ID 3 */
+{
+ this->fncp = 0;
+}
+
+$PROBE:entry /this->tvp == 0 || this->tfi_fs == 0 ||
+ this->tfi_fs == "devfs" || this->tfi_fs == "" ||
+ this->tfi_name == ""/ /* probe ID 4 */
+{
+ this->tncp = 0;
+}
+
+/*********************************************************/
+
+$PROBE:entry /this->fncp/ /* probe ID 5 (depth 1) */
+{
+ this->fdvp = this->fncp->nc_dvp != NULL ? (
+ this->fncp->nc_dvp != NULL ?
+ this->fncp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->fname1 = this->fdvp != 0 ? (
+ this->fdvp->nc_name != 0 ? stringof(this->fdvp->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->tncp/ /* probe ID 6 (depth 1) */
+{
+ this->tdvp = this->tncp->nc_dvp != NULL ? (
+ this->tncp->nc_dvp != NULL ?
+ this->tncp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->tname1 = this->tdvp != 0 ? (
+ this->tdvp->nc_name != 0 ? stringof(this->tdvp->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->fname1 == 0 || this->ffi_fs == 0 ||
+ this->ffi_fs == "devfs" || this->ffi_fs == "" ||
+ this->fname1 == "/" || this->fname1 == ""/ /* probe ID 7 */
+{
+ this->fdvp = 0;
+}
+
+$PROBE:entry /this->tname1 == 0 || this->tfi_fs == 0 ||
+ this->tfi_fs == "devfs" || this->tfi_fs == "" ||
+ this->tname1 == "/" || this->tname1 == ""/ /* probe ID 8 */
+{
+ this->tdvp = 0;
+}
+
+/*********************************************************/
+
+/*
+ * BEGIN Pathname-depth iterators
+ */
+
+$( awk -v ID=9 -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (DEPTH = 2; DEPTH <= MAX_DEPTH; DEPTH++) {
+ $0 = buf
+ gsub(/DEPTH/, DEPTH)
+ gsub(/IDNUM1/, ID)
+ gsub(/IDNUM2/, ID + 1)
+ sub(/\n$/, "")
+ print
+ ID = ID + 2
+ }
+ }
+' <<EOFDEPTH
+$PROBE:entry /this->fdvp/ /* probe ID IDNUM1 (depth DEPTH) */
+{
+ this->fdvp = this->fdvp->nc_dvp != NULL ? (
+ this->fdvp->nc_dvp != NULL ?
+ this->fdvp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->fnameDEPTH = this->fdvp != 0 ? (
+ this->fdvp->nc_name != 0 ? stringof(this->fdvp->nc_name) : ""
+ ) : "";
+}
+$PROBE:entry /this->tdvp/ /* probe ID IDNUM2 (depth DEPTH) */
+{
+ this->tdvp = this->tdvp->nc_dvp != NULL ? (
+ this->tdvp->nc_dvp != NULL ?
+ this->tdvp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->tnameDEPTH = this->tdvp != 0 ? (
+ this->tdvp->nc_name != 0 ? stringof(this->tdvp->nc_name) : ""
+ ) : "";
+}
+
+EOFDEPTH
+)
+
+/*
+ * END Pathname-depth iterators
+ */
+EOF
+ACTIONS=$( cat <&9 )
+ID=$(( $MAX_DEPTH + 8 ))
+
+############################################################ EVENT ACTION
+
+EVENT="entry /this->ffi_mount != 0 && this->tfi_mount != 0/"
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ /*
+ * Print 'from' full path
+ * NB: Up-to but not including the parent directory (printed below)
+ */
+ printf("%s%s", this->ffi_mount, this->ffi_mount != 0 ? (
+ this->ffi_mount == "/" ? "" : "/"
+ ) : "/");
+ $( awk -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (N = MAX_DEPTH; N > 0; N--) {
+ $0 = (N < MAX_DEPTH ? "\t" : "") buf
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFDEPTH
+ printf("%s%s", this->fname = this->fnameN, this->fname != "" ? "/" : "");
+ EOFDEPTH
+ )
+
+ /* Print the 'from' parent directory name */
+ this->fname = this->fd_name != 0 ? this->fd_name : "";
+ printf("%s%s", this->fname, this->fname != "" ? "/" : "");
+
+ /* Print the 'from' entry name */
+ this->fname = this->ffi_name != 0 ? this->ffi_name : "";
+ printf("%s", this->fname);
+
+ printf(" -> ");
+
+ /*
+ * Print 'to' full path
+ * NB: Up-to but not including the parent directory (printed below)
+ */
+ printf("%s%s", this->tfi_mount, this->tfi_mount != 0 ? (
+ this->tfi_mount == "/" ? "" : "/"
+ ) : "/");
+ $( awk -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (N = MAX_DEPTH; N > 0; N--) {
+ $0 = (N < MAX_DEPTH ? "\t" : "") buf
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFDEPTH
+ printf("%s%s", this->tname = this->tnameN, this->tname != "" ? "/" : "");
+ EOFDEPTH
+ )
+
+ /* Print the 'to' parent directory name */
+ this->tname = this->td_name != 0 ? this->td_name : "";
+ printf("%s%s", this->tname, this->tname != "" ? "/" : "");
+
+ /* Print the 'to' entry name */
+ this->tname = this->tfi_name != 0 ? this->tfi_name : "";
+ printf("%s", this->tname);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: cddl/usr.sbin/dwatch/libexec/vop_symlink
===================================================================
--- /dev/null
+++ cddl/usr.sbin/dwatch/libexec/vop_symlink
@@ -0,0 +1,151 @@
+# -*- tab-width: 4 -*- ;; Emacs
+# vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
+############################################################ IDENT(1)
+#
+# $Title: dwatch(8) module for VOP_SYMLINK(9) [or similar] entry $
+# $Copyright: 2014-2017 Devin Teske. All rights reserved. $
+# $FreeBSD$
+#
+############################################################ DESCRIPTION
+#
+# Print symlink paths being created by VOP_SYMLINK(9) [or similar]
+# NB: All paths are shown even if error prevents their creation.
+#
+############################################################ PROBE
+
+PROBE=vfs:vop:$PROFILE
+
+############################################################ ACTIONS
+
+exec 9<<EOF
+$PROBE:entry /* probe ID 2 */
+{
+ this->vp = (struct vnode *)arg0;
+ this->ncp = this->vp != NULL ?
+ this->vp->v_cache_dst.tqh_first : 0;
+ this->target = args[1] ? args[1]->a_target : "";
+ this->fi_name = args[1] ? (
+ args[1]->a_cnp != NULL ?
+ stringof(args[1]->a_cnp->cn_nameptr) : ""
+ ) : "";
+ this->mount = this->vp != NULL ?
+ this->vp->v_mount : NULL; /* ptr to vfs we are in */
+ this->fi_fs = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_fstypename) : "";
+ this->fi_mount = this->mount != NULL ?
+ stringof(this->mount->mnt_stat.f_mntonname) : "";
+ this->d_name = args[0]->v_cache_dd != NULL ?
+ stringof(args[0]->v_cache_dd->nc_name) : "";
+}
+
+$PROBE:entry /this->vp == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == "" ||
+ this->fi_name == ""/ /* probe ID 3 */
+{
+ this->ncp = 0;
+}
+
+/*********************************************************/
+
+$PROBE:entry /this->ncp/ /* probe ID 4 (depth 1) */
+{
+ this->dvp = this->ncp->nc_dvp != NULL ? (
+ this->ncp->nc_dvp != NULL ?
+ this->ncp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->name1 = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+$PROBE:entry /this->name1 == 0 || this->fi_fs == 0 ||
+ this->fi_fs == "devfs" || this->fi_fs == "" ||
+ this->name1 == "/" || this->name1 == ""/ /* probe ID 5 */
+{
+ this->dvp = 0;
+}
+
+/*********************************************************/
+
+/*
+ * BEGIN Pathname-depth iterators
+ */
+
+$( awk -v ID=6 -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (DEPTH = 2; DEPTH <= MAX_DEPTH; DEPTH++) {
+ $0 = buf
+ gsub(/DEPTH/, DEPTH)
+ gsub(/IDNUM/, ID++)
+ sub(/\n$/, "")
+ print
+ }
+ }
+' <<EOFDEPTH
+$PROBE:entry /this->dvp/ /* probe ID IDNUM (depth DEPTH) */
+{
+ this->dvp = this->dvp->nc_dvp != NULL ? (
+ this->dvp->nc_dvp != NULL ?
+ this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
+ ) : 0;
+ this->nameDEPTH = this->dvp != 0 ? (
+ this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
+ ) : "";
+}
+
+EOFDEPTH
+)
+
+/*
+ * END Pathname-depth iterators
+ */
+EOF
+ACTIONS=$( cat <&9 )
+ID=$(( $MAX_DEPTH + 5 ))
+
+############################################################ EVENT ACTION
+
+EVENT="entry /this->fi_mount != 0/"
+
+############################################################ EVENT DETAILS
+
+exec 9<<EOF
+ /*
+ * Print full path
+ * NB: Up-to but not including the parent directory (printed below)
+ */
+ printf("%s%s", this->fi_mount, this->fi_mount != 0 ? (
+ this->fi_mount == "/" ? "" : "/"
+ ) : "/");
+ $( awk -v MAX_DEPTH=$MAX_DEPTH '
+ buf = buf $0 "\n" { }
+ END {
+ for (N = MAX_DEPTH; N > 0; N--) {
+ $0 = (N < MAX_DEPTH ? "\t" : "") buf
+ gsub(/N/, N)
+ sub(/\n$/, "")
+ print
+ }
+ }
+ ' <<-EOFDEPTH
+ printf("%s%s", this->name = this->nameN, this->name != "" ? "/" : "");
+ EOFDEPTH
+ )
+
+ /* Print the parent directory name */
+ this->name = this->d_name != 0 ? this->d_name : "";
+ printf("%s%s", this->name, this->name != "" ? "/" : "");
+
+ /* Print the entry name */
+ this->name = this->fi_name != 0 ? this->fi_name : "";
+ printf("%s", this->name);
+
+ /* Print the target */
+ printf(" -> %s", this->target);
+EOF
+EVENT_DETAILS=$( cat <&9 )
+
+################################################################################
+# END
+################################################################################
Index: etc/mtree/BSD.usr.dist
===================================================================
--- etc/mtree/BSD.usr.dist
+++ etc/mtree/BSD.usr.dist
@@ -124,6 +124,8 @@
..
bsdinstall
..
+ dwatch
+ ..
hyperv
..
lpr
Index: share/dtrace/Makefile
===================================================================
--- share/dtrace/Makefile
+++ share/dtrace/Makefile
@@ -17,10 +17,7 @@
tcpdebug \
tcpstate \
tcptrack \
- udptrack \
- watch_execve \
- watch_kill \
- watch_vop_remove
+ udptrack
SCRIPTSDIR= ${SHAREDIR}/dtrace
Index: share/dtrace/watch_execve
===================================================================
--- share/dtrace/watch_execve
+++ /dev/null
@@ -1,227 +0,0 @@
-#!/usr/sbin/dtrace -s
-/* -
- * Copyright (c) 2014 Devin Teske <dteske@FreeBSD.org>
- * All rights reserved.
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Title: dtrace(1) script to log process(es) entering syscall::execve $
- * $FreeBSD$
- */
-
-#pragma D option quiet
-#pragma D option dynvarsize=16m
-#pragma D option switchrate=10hz
-
-/*********************************************************/
-
-syscall::execve:entry /* probe ID 1 */
-{
- this->caller_execname = execname;
-}
-
-/*********************************************************/
-
-syscall::execve:return /execname != this->caller_execname/ /* probe ID 2 */
-{
- /*
- * Examine process, parent process, and grandparent process details
- */
-
- /******************* CURPROC *******************/
-
- this->proc = curthread->td_proc;
- this->pid0 = this->proc->p_pid;
- this->uid0 = this->proc->p_ucred->cr_uid;
- this->gid0 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc->p_args;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg0_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* PPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid1 = this->proc->p_pid;
- this->uid1 = this->proc->p_ucred->cr_uid;
- this->gid1 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg1_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* GPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid2 = this->proc->p_pid;
- this->uid2 = this->proc->p_ucred->cr_uid;
- this->gid2 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg2_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* APARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid3 = this->proc->p_pid;
- this->uid3 = this->proc->p_ucred->cr_uid;
- this->gid3 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg3_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_4 = this->ar_length > 0 ? "..." : "";
-
- /***********************************************/
-
- /*
- * Print process, parent, and grandparent details
- */
-
- printf("%Y %s[%d]: ", timestamp + 1406598400000000000,
- this->caller_execname, this->pid1);
- printf("%s", this->arg0_0);
- printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
- printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
- printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
- printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
- printf("\n");
-
- printf(" -+= %05d %d.%d %s",
- this->pid3, this->uid3, this->gid3, this->arg3_0);
- printf("%s%s", this->arg3_1 != "" ? " " : "", this->arg3_1);
- printf("%s%s", this->arg3_2 != "" ? " " : "", this->arg3_2);
- printf("%s%s", this->arg3_3 != "" ? " " : "", this->arg3_3);
- printf("%s%s", this->arg3_4 != "" ? " " : "", this->arg3_4);
- printf("%s", this->arg3_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid2, this->uid2, this->gid2, this->arg2_0);
- printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1);
- printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2);
- printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3);
- printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4);
- printf("%s", this->arg2_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid1, this->uid1, this->gid1, this->arg1_0);
- printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1);
- printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2);
- printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3);
- printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4);
- printf("%s", this->arg1_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid0, this->uid0, this->gid0, this->arg0_0);
- printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
- printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
- printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
- printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
- printf("%s", this->arg0_0 != "" ? "\n" : "");
-}
Index: share/dtrace/watch_kill
===================================================================
--- share/dtrace/watch_kill
+++ /dev/null
@@ -1,232 +0,0 @@
-#!/usr/sbin/dtrace -s
-/* -
- * Copyright (c) 2014-2016 Devin Teske <dteske@FreeBSD.org>
- * All rights reserved.
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Title: dtrace(1) script to log process(es) entering syscall::kill $
- * $FreeBSD$
- */
-
-#pragma D option quiet
-#pragma D option dynvarsize=16m
-#pragma D option switchrate=10hz
-
-/*********************************************************/
-
-syscall::execve:entry /* probe ID 1 */
-{
- this->caller_execname = execname;
-}
-
-/*********************************************************/
-
-syscall::kill:entry /* probe ID 2 */
-{
- this->pid_to_kill = (pid_t)arg0;
- this->kill_signal = (int)arg1;
-
- /*
- * Examine process, parent process, and grandparent process details
- */
-
- /******************* CURPROC *******************/
-
- this->proc = curthread->td_proc;
- this->pid0 = this->proc->p_pid;
- this->uid0 = this->proc->p_ucred->cr_uid;
- this->gid0 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc->p_args;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg0_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* PPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid1 = this->proc->p_pid;
- this->uid1 = this->proc->p_ucred->cr_uid;
- this->gid1 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg1_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* GPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid2 = this->proc->p_pid;
- this->uid2 = this->proc->p_ucred->cr_uid;
- this->gid2 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg2_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* APARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid3 = this->proc->p_pid;
- this->uid3 = this->proc->p_ucred->cr_uid;
- this->gid3 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg3_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg3_4 = this->ar_length > 0 ? "..." : "";
-
- /***********************************************/
-
- /*
- * Print process, parent, and grandparent details
- */
-
- printf("%Y %s[%d]: ", timestamp + 1406598400000000000,
- this->caller_execname, this->pid1);
- printf("%s", this->arg0_0);
- printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
- printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
- printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
- printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
- printf(" (sending signal %u to pid %u)",
- this->kill_signal, this->pid_to_kill);
- printf("\n");
-
- printf(" -+= %05d %d.%d %s",
- this->pid3, this->uid3, this->gid3, this->arg3_0);
- printf("%s%s", this->arg3_1 != "" ? " " : "", this->arg3_1);
- printf("%s%s", this->arg3_2 != "" ? " " : "", this->arg3_2);
- printf("%s%s", this->arg3_3 != "" ? " " : "", this->arg3_3);
- printf("%s%s", this->arg3_4 != "" ? " " : "", this->arg3_4);
- printf("%s", this->arg3_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid2, this->uid2, this->gid2, this->arg2_0);
- printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1);
- printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2);
- printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3);
- printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4);
- printf("%s", this->arg2_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid1, this->uid1, this->gid1, this->arg1_0);
- printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1);
- printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2);
- printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3);
- printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4);
- printf("%s", this->arg1_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid0, this->uid0, this->gid0, this->arg0_0);
- printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
- printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
- printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
- printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
- printf("%s", this->arg0_0 != "" ? "\n" : "");
-}
Index: share/dtrace/watch_vop_remove
===================================================================
--- share/dtrace/watch_vop_remove
+++ /dev/null
@@ -1,476 +0,0 @@
-#!/usr/sbin/dtrace -s
-/* -
- * Copyright (c) 2014 Devin Teske <dteske@FreeBSD.org>
- * All rights reserved.
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Title: dtrace(1) script to log process(es) entering vfs::vop_remove $
- * $FreeBSD$
- */
-
-#pragma D option quiet
-#pragma D option dynvarsize=16m
-#pragma D option switchrate=10hz
-
-/*********************************************************/
-
-vfs::vop_remove:entry /* probe ID 1 */
-{
- this->vp = (struct vnode *)arg0;
- this->ncp = &(this->vp->v_cache_dst) != NULL ?
- this->vp->v_cache_dst.tqh_first : 0;
- this->fi_name = args[1] ? (
- args[1]->a_cnp != NULL ?
- stringof(args[1]->a_cnp->cn_nameptr) : ""
- ) : "";
- this->mount = this->vp->v_mount; /* ptr to vfs we are in */
- this->fi_fs = this->mount != 0 ?
- stringof(this->mount->mnt_stat.f_fstypename) : "";
- this->fi_mount = this->mount != 0 ?
- stringof(this->mount->mnt_stat.f_mntonname) : "";
- this->d_name = args[0]->v_cache_dd != NULL ?
- stringof(args[0]->v_cache_dd->nc_name) : "";
-}
-
-vfs::vop_remove:entry /this->vp == 0 || this->fi_fs == 0 ||
- this->fi_fs == "devfs" || this->fi_fs == "" ||
- this->fi_name == ""/ /* probe ID 2 */
-{
- this->ncp = 0;
-}
-
-/*********************************************************/
-
-vfs::vop_remove:entry /this->ncp/ /* probe ID 3 (depth 1) */
-{
- this->dvp = this->ncp->nc_dvp != NULL ? (
- &(this->ncp->nc_dvp->v_cache_dst) != NULL ?
- this->ncp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name1 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->name1 == 0 || this->fi_fs == 0 ||
- this->fi_fs == "devfs" || this->fi_fs == "" ||
- this->name1 == "/" || this->name1 == ""/ /* probe ID 4 */
-{
- this->dvp = 0;
-}
-
-/*********************************************************/
-
-/*
- * BEGIN Pathname-depth iterators (copy/paste as many times as-desired)
- */
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 5 (depth 2) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name2 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 6 (depth 3) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name3 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 7 (depth 4) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name4 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 8 (depth 5) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name5 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 9 (depth 6) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name6 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 10 (depth 7) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name7 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 11 (depth 8) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name8 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 12 (depth 9) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name9 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 13 (depth 10) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name10 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 14 (depth 11) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name11 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 15 (depth 12) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name12 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 16 (depth 13) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name13 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 17 (depth 14) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name14 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 18 (depth 15) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name15 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 19 (depth 16) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name16 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 20 (depth 17) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name17 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 21 (depth 18) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name18 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 22 (depth 19) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name19 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-vfs::vop_remove:entry /this->dvp/ /* probe ID 23 (depth 20) */
-{
- this->dvp = this->dvp->nc_dvp != NULL ? (
- &(this->dvp->nc_dvp->v_cache_dst) != NULL ?
- this->dvp->nc_dvp->v_cache_dst.tqh_first : 0
- ) : 0;
- this->name20 = this->dvp != 0 ? (
- this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : ""
- ) : "";
-}
-
-/*
- * END Pathname-depth iterators
- */
-
-/*********************************************************/
-
-vfs::vop_remove:entry /this->fi_mount != 0/ /* probe ID 24 */
-{
- printf("%Y %s[%d]: ", timestamp + 1406598400000000000, execname, pid);
-
- /*
- * Print full path of file to delete
- * NB: Up-to but not including the parent directory (printed below)
- */
- printf("%s%s", this->fi_mount, this->fi_mount != 0 ? (
- this->fi_mount == "/" ? "" : "/"
- ) : "/");
- printf("%s%s", this->name = this->name20, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name19, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name18, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name17, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name16, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name15, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name14, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name13, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name12, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name11, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name10, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name9, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name8, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name7, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name6, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name5, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name4, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name3, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name2, this->name != "" ? "/" : "");
- printf("%s%s", this->name = this->name1, this->name != "" ? "/" : "");
-
- /* Print the parent directory name */
- this->name = this->d_name != 0 ? this->d_name : "";
- printf("%s%s", this->name, this->name != "" ? "/" : "");
-
- /* Print the entry name */
- this->name = this->fi_name != 0 ? this->fi_name : "";
- printf("%s", this->name);
-
- printf("\n");
-
- /*
- * Examine process, parent process, and grandparent process details
- */
-
- /******************* CURPROC *******************/
-
- this->proc = curthread->td_proc;
- this->pid0 = this->proc->p_pid;
- this->uid0 = this->proc->p_ucred->cr_uid;
- this->gid0 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc->p_args;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg0_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg0_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* PPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid1 = this->proc->p_pid;
- this->uid1 = this->proc->p_ucred->cr_uid;
- this->gid1 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg1_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg1_4 = this->ar_length > 0 ? "..." : "";
-
- /******************* GPARENT *******************/
-
- this->proc = this->proc->p_pptr;
- this->pid2 = this->proc->p_pid;
- this->uid2 = this->proc->p_ucred->cr_uid;
- this->gid2 = this->proc->p_ucred->cr_rgid;
- this->p_args = this->proc ? this->proc->p_args : 0;
- this->ar_length = this->p_args ? this->p_args->ar_length : 0;
- this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
-
- this->arg2_0 = this->ar_length > 0 ?
- this->ar_args : stringof(this->proc->p_comm);
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_1 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_2 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_3 = this->ar_length > 0 ? this->ar_args : "";
- this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
- this->ar_args += this->len;
- this->ar_length -= this->len;
-
- this->arg2_4 = this->ar_length > 0 ? "..." : "";
-
- /***********************************************/
-
- /*
- * Print process, parent, and grandparent details
- */
-
- printf(" -+= %05d %d.%d %s",
- this->pid2, this->uid2, this->gid2, this->arg2_0);
- printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1);
- printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2);
- printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3);
- printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4);
- printf("%s", this->arg2_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid1, this->uid1, this->gid1, this->arg1_0);
- printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1);
- printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2);
- printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3);
- printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4);
- printf("%s", this->arg1_0 != "" ? "\n" : "");
-
- printf(" \-+= %05d %d.%d %s",
- this->pid0, this->uid0, this->gid0, this->arg0_0);
- printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
- printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
- printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
- printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
- printf("%s", this->arg0_0 != "" ? "\n" : "");
-}

File Metadata

Mime Type
text/plain
Expires
Sun, Jan 25, 3:23 AM (51 m, 58 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27923306
Default Alt Text
D10006.id27563.diff (90 KB)

Event Timeline