From 544df6c63ac624a15c497f006352957d9952a2a7 Mon Sep 17 00:00:00 2001 From: smh Date: Mon, 26 May 2014 23:44:09 +0000 Subject: MFC r264881 Add Linux socket call decoding to truss Sponsored by: Multiplay --- usr.bin/truss/syscall.h | 44 +++++++++++++++++++++++++- usr.bin/truss/syscalls.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 1 deletion(-) (limited to 'usr.bin') diff --git a/usr.bin/truss/syscall.h b/usr.bin/truss/syscall.h index b0d3461..58520aa 100644 --- a/usr.bin/truss/syscall.h +++ b/usr.bin/truss/syscall.h @@ -40,7 +40,8 @@ enum Argtype { None = 1, Hex, Octal, Int, Name, Ptr, Stat, Ioctl, Quad, Fd_set, Sigaction, Fcntl, Mprot, Mmapflags, Whence, Readlinkres, Umtx, Sigset, Sigprocmask, Kevent, Sockdomain, Socktype, Open, Fcntlflag, Rusage, BinString, Shutdown, Resource, Rlimit, Timeval2, - Pathconf, Rforkflags, ExitStatus, Waitoptions, Idtype, Procctl }; + Pathconf, Rforkflags, ExitStatus, Waitoptions, Idtype, Procctl, + LinuxSockArgs }; #define ARG_MASK 0xff #define OUT 0x100 @@ -64,6 +65,47 @@ struct syscall { struct syscall *get_syscall(const char*); char *print_arg(struct syscall_args *, unsigned long*, long, struct trussinfo *); + +/* + * Linux Socket defines + */ +#define LINUX_SOCKET 1 +#define LINUX_BIND 2 +#define LINUX_CONNECT 3 +#define LINUX_LISTEN 4 +#define LINUX_ACCEPT 5 +#define LINUX_GETSOCKNAME 6 +#define LINUX_GETPEERNAME 7 +#define LINUX_SOCKETPAIR 8 +#define LINUX_SEND 9 +#define LINUX_RECV 10 +#define LINUX_SENDTO 11 +#define LINUX_RECVFROM 12 +#define LINUX_SHUTDOWN 13 +#define LINUX_SETSOCKOPT 14 +#define LINUX_GETSOCKOPT 15 +#define LINUX_SENDMSG 16 +#define LINUX_RECVMSG 17 + +#define PAD_(t) (sizeof(register_t) <= sizeof(t) ? \ + 0 : sizeof(register_t) - sizeof(t)) + +#if BYTE_ORDER == LITTLE_ENDIAN +#define PADL_(t) 0 +#define PADR_(t) PAD_(t) +#else +#define PADL_(t) PAD_(t) +#define PADR_(t) 0 +#endif + +typedef int l_int; +typedef uint32_t l_ulong; + +struct linux_socketcall_args { + char what_l_[PADL_(l_int)]; l_int what; char what_r_[PADR_(l_int)]; + char args_l_[PADL_(l_ulong)]; l_ulong args; char args_r_[PADR_(l_ulong)]; +}; + void print_syscall(struct trussinfo *, const char *, int, char **); void print_syscall_ret(struct trussinfo *, const char *, int, char **, int, long, struct syscall *); diff --git a/usr.bin/truss/syscalls.c b/usr.bin/truss/syscalls.c index 06c2511..585a8fa 100644 --- a/usr.bin/truss/syscalls.c +++ b/usr.bin/truss/syscalls.c @@ -100,6 +100,10 @@ static struct syscall syscalls[] = { .args = { { Rforkflags, 0 } } }, { .name = "getegid", .ret_type = 1, .nargs = 0 }, { .name = "geteuid", .ret_type = 1, .nargs = 0 }, + { .name = "linux_readlink", .ret_type = 1, .nargs = 3, + .args = { { Name, 0 } , { Name | OUT, 1 }, { Int, 2 }}}, + { .name = "linux_socketcall", .ret_type = 1, .nargs = 2, + .args = { { Int, 0 } , { LinuxSockArgs, 1 }}}, { .name = "getgid", .ret_type = 1, .nargs = 0 }, { .name = "getpid", .ret_type = 1, .nargs = 0 }, { .name = "getpgid", .ret_type = 1, .nargs = 1, @@ -117,6 +121,8 @@ static struct syscall syscalls[] = { .args = { { Int, 0 }, { Int, 1 }, { Whence, 2 } } }, { .name = "mmap", .ret_type = 2, .nargs = 6, .args = { { Ptr, 0 }, { Int, 1 }, { Mprot, 2 }, { Mmapflags, 3 }, { Int, 4 }, { Quad, 5 + QUAD_ALIGN } } }, + { .name = "linux_mkdir", .ret_type = 1, .nargs = 2, + .args = { { Name | IN, 0} , {Int, 1}}}, { .name = "mprotect", .ret_type = 1, .nargs = 3, .args = { { Ptr, 0 }, { Int, 1 }, { Mprot, 2 } } }, { .name = "open", .ret_type = 1, .nargs = 3, @@ -141,6 +147,8 @@ static struct syscall syscalls[] = { .args = { { Name, 0 }, { Octal, 1 } } }, { .name = "chown", .ret_type = 0, .nargs = 3, .args = { { Name, 0 }, { Int, 1 }, { Int, 2 } } }, + { .name = "linux_stat64", .ret_type = 1, .nargs = 3, + .args = { { Name | IN, 0 }, { Ptr | OUT, 1 }, { Ptr | IN, 1 }}}, { .name = "mount", .ret_type = 0, .nargs = 4, .args = { { Name, 0 }, { Name, 1 }, { Int, 2 }, { Ptr, 3 } } }, { .name = "umount", .ret_type = 0, .nargs = 2, @@ -153,6 +161,8 @@ static struct syscall syscalls[] = { .args = { { Name | IN, 0 }, { Stat | OUT, 1 } } }, { .name = "linux_newstat", .ret_type = 1, .nargs = 2, .args = { { Name | IN, 0 }, { Ptr | OUT, 1 } } }, + { .name = "linux_access", .ret_type = 1, .nargs = 2, + .args = { { Name, 0 }, { Int, 1 }}}, { .name = "linux_newfstat", .ret_type = 1, .nargs = 2, .args = { { Int, 0 }, { Ptr | OUT, 1 } } }, { .name = "write", .ret_type = 1, .nargs = 3, @@ -776,6 +786,76 @@ print_arg(struct syscall_args *sc, unsigned long *args, long retval, asprintf(&tmp, "0x%lx", args[sc->offset]); break; } + case LinuxSockArgs: + { + struct linux_socketcall_args largs; + if (get_struct(pid, (void *)args[sc->offset], (void *)&largs, + sizeof(largs)) == -1) { + err(1, "get_struct %p", (void *)args[sc->offset]); + } + const char *what; + char buf[30]; + + switch (largs.what) { + case LINUX_SOCKET: + what = "LINUX_SOCKET"; + break; + case LINUX_BIND: + what = "LINUX_BIND"; + break; + case LINUX_CONNECT: + what = "LINUX_CONNECT"; + break; + case LINUX_LISTEN: + what = "LINUX_LISTEN"; + break; + case LINUX_ACCEPT: + what = "LINUX_ACCEPT"; + break; + case LINUX_GETSOCKNAME: + what = "LINUX_GETSOCKNAME"; + break; + case LINUX_GETPEERNAME: + what = "LINUX_GETPEERNAME"; + break; + case LINUX_SOCKETPAIR: + what = "LINUX_SOCKETPAIR"; + break; + case LINUX_SEND: + what = "LINUX_SEND"; + break; + case LINUX_RECV: + what = "LINUX_RECV"; + break; + case LINUX_SENDTO: + what = "LINUX_SENDTO"; + break; + case LINUX_RECVFROM: + what = "LINUX_RECVFROM"; + break; + case LINUX_SHUTDOWN: + what = "LINUX_SHUTDOWN"; + break; + case LINUX_SETSOCKOPT: + what = "LINUX_SETSOCKOPT"; + break; + case LINUX_GETSOCKOPT: + what = "LINUX_GETSOCKOPT"; + break; + case LINUX_SENDMSG: + what = "LINUX_SENDMSG"; + break; + case LINUX_RECVMSG: + what = "LINUX_RECVMSG"; + break; + default: + sprintf(buf, "%d", largs.what); + what = buf; + break; + } + asprintf(&tmp, "(0x%lx)%s, 0x%lx", args[sc->offset], what, (long unsigned int)largs.args); + break; + } case Pollfd: { /* * XXX: A Pollfd argument expects the /next/ syscall argument -- cgit v1.1