1 /* 2 * Copryight 1997 Sean Eric Fagan 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. All advertising materials mentioning features or use of this software 13 * must display the following acknowledgement: 14 * This product includes software developed by Sean Eric Fagan 15 * 4. Neither the name of the author may be used to endorse or promote 16 * products derived from this software without specific prior written 17 * permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #ifndef lint 33 static const char rcsid[] = 34 "$FreeBSD$"; 35 #endif /* not lint */ 36 37 /* 38 * This file has routines used to print out system calls and their 39 * arguments. 40 */ 41 42 #include <sys/mman.h> 43 #include <sys/types.h> 44 #include <sys/socket.h> 45 #include <sys/time.h> 46 #include <sys/un.h> 47 #include <netinet/in.h> 48 #include <arpa/inet.h> 49 50 #include <ctype.h> 51 #include <err.h> 52 #include <fcntl.h> 53 #include <poll.h> 54 #include <signal.h> 55 #include <stdint.h> 56 #include <stdio.h> 57 #include <stdlib.h> 58 #include <string.h> 59 #include <time.h> 60 #include <unistd.h> 61 62 #include "truss.h" 63 #include "extern.h" 64 #include "syscall.h" 65 66 /* 67 * This should probably be in its own file. 68 */ 69 70 struct syscall syscalls[] = { 71 { "fcntl", 1, 3, 72 { { Int, 0 } , { Fcntl, 1 }, { Hex, 2 }}}, 73 { "readlink", 1, 3, 74 { { Name, 0 } , { Readlinkres | OUT, 1 }, { Int, 2 }}}, 75 { "lseek", 2, 3, 76 #ifdef __LP64__ 77 { { Int, 0 }, {Quad, 2 }, { Whence, 3 }}}, 78 #else 79 { { Int, 0 }, {Quad, 2 }, { Whence, 4 }}}, 80 #endif 81 { "linux_lseek", 2, 3, 82 { { Int, 0 }, {Int, 1 }, { Whence, 2 }}}, 83 { "mmap", 2, 6, 84 #ifdef __LP64__ 85 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}, {Mmapflags, 3}, {Int, 4}, {Quad, 5}}}, 86 #else 87 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}, {Mmapflags, 3}, {Int, 4}, {Quad, 6}}}, 88 #endif 89 { "mprotect", 1, 3, 90 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}}}, 91 { "open", 1, 3, 92 { { Name | IN, 0} , { Hex, 1}, {Octal, 2}}}, 93 { "mkdir", 1, 2, 94 { { Name, 0} , {Octal, 1}}}, 95 { "linux_open", 1, 3, 96 { { Name, 0 }, { Hex, 1}, { Octal, 2 }}}, 97 { "close", 1, 1, 98 { { Int, 0 } } }, 99 { "link", 0, 2, 100 { { Name, 0 }, { Name, 1 }}}, 101 { "unlink", 0, 1, 102 { { Name, 0 }}}, 103 { "chdir", 0, 1, 104 { { Name, 0 }}}, 105 { "chroot", 0, 1, 106 { { Name, 0 }}}, 107 { "mknod", 0, 3, 108 { { Name, 0 }, { Octal, 1 }, { Int, 3 }}}, 109 { "chmod", 0, 2, 110 { { Name, 0 }, { Octal, 1 }}}, 111 { "chown", 0, 3, 112 { { Name, 0 }, { Int, 1 }, { Int, 2 }}}, 113 { "mount", 0, 4, 114 { { Name, 0 }, { Name, 1 }, { Int, 2 }, { Ptr, 3 }}}, 115 { "umount", 0, 2, 116 { { Name, 0 }, { Int, 2 }}}, 117 { "fstat", 1, 2, 118 { { Int, 0}, {Ptr | OUT , 1 }}}, 119 { "stat", 1, 2, 120 { { Name | IN, 0 }, { Ptr | OUT, 1 }}}, 121 { "lstat", 1, 2, 122 { { Name | IN, 0 }, { Ptr | OUT, 1 }}}, 123 { "linux_newstat", 1, 2, 124 { { Name | IN, 0 }, { Ptr | OUT, 1 }}}, 125 { "linux_newfstat", 1, 2, 126 { { Int, 0 }, { Ptr | OUT, 1 }}}, 127 { "write", 1, 3, 128 { { Int, 0 }, { String | IN, 1 }, { Int, 2 }}}, 129 { "ioctl", 1, 3, 130 { { Int, 0 }, { Ioctl, 1 }, { Hex, 2 }}}, 131 { "break", 1, 1, { { Hex, 0 }}}, 132 { "exit", 0, 1, { { Hex, 0 }}}, 133 { "access", 1, 2, { { Name | IN, 0 }, { Int, 1 }}}, 134 { "sigaction", 1, 3, 135 { { Signal, 0 }, { Sigaction | IN, 1 }, { Sigaction | OUT, 2 }}}, 136 { "accept", 1, 3, 137 { { Hex, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } }, 138 { "bind", 1, 3, 139 { { Hex, 0 }, { Sockaddr | IN, 1 }, { Int, 2 } } }, 140 { "connect", 1, 3, 141 { { Hex, 0 }, { Sockaddr | IN, 1 }, { Int, 2 } } }, 142 { "getpeername", 1, 3, 143 { { Hex, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } }, 144 { "getsockname", 1, 3, 145 { { Hex, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } }, 146 { "recvfrom", 1, 6, 147 { { Hex, 0 }, { Ptr | IN, 1 }, { Int, 3 }, { Hex, 3 }, { Sockaddr | OUT, 4 }, { Ptr | OUT, 5 } } }, 148 { "sendto", 1, 6, 149 { { Hex, 0 }, { Ptr | IN, 1 }, { Int, 3 }, { Hex, 3 }, { Sockaddr | IN, 4 }, { Ptr | IN, 5 } } }, 150 { "execve", 1, 3, 151 { { Name | IN, 0 }, { StringArray | IN, 1 }, { StringArray | IN, 2 } } }, 152 { "linux_execve", 1, 3, 153 { { Name | IN, 0 }, { StringArray | IN, 1 }, { StringArray | IN, 2 } } }, 154 { "kldload", 0, 1, { { Name | IN, 0 }}}, 155 { "kldunload", 0, 1, { { Int, 0 }}}, 156 { "kldfind", 0, 1, { { Name | IN, 0 }}}, 157 { "kldnext", 0, 1, { { Int, 0 }}}, 158 { "kldstat", 0, 2, { { Int, 0 }, { Ptr, 1 }}}, 159 { "kldfirstmod", 0, 1, { { Int, 0 }}}, 160 { "nanosleep", 0, 1, { { Timespec, 0 }}}, 161 { "select", 1, 5, { { Int, 0 }, { Fd_set, 1 }, { Fd_set, 2 }, { Fd_set, 3 }, { Timeval, 4 }}}, 162 { "poll", 1, 3, { { Pollfd, 0 }, { Int, 1 }, { Int, 2 }}}, 163 { "gettimeofday", 1, 2, { { Timeval | OUT, 0 }, { Ptr, 1 }}}, 164 { "clock_gettime", 1, 2, { { Int, 0 }, { Timeval | OUT, 1 }}}, 165 { "recvfrom", 1, 6, { { Int, 0 }, { Ptr | OUT, 1 }, { Int, 2 }, { Int, 3 }, { Sockaddr | OUT, 4}, {Ptr | OUT, 5}}}, 166 { "getitimer", 1, 2, { { Int, 0 }, { Itimerval | OUT, 2 }}}, 167 { "setitimer", 1, 3, { { Int, 0 }, { Itimerval, 1} , { Itimerval | OUT, 2 }}}, 168 { "utimes", 1, 2, 169 { { Name | IN, 0 }, { Timeval | IN, 1 }}}, 170 { "lutimes", 1, 2, 171 { { Name | IN, 0 }, { Timeval | IN, 1 }}}, 172 { "futimes", 1, 2, 173 { { Int, 0 }, { Timeval | IN, 1 }}}, 174 { "chflags", 1, 2, 175 { { Name | IN, 0 }, { Hex, 1 }}}, 176 { "lchflags", 1, 2, 177 { { Name | IN, 0 }, { Hex, 1 }}}, 178 { "munmap", 1, 2, 179 { { Ptr, 0 }, { Int, 1 }}}, 180 { "read", 1, 3, 181 { { Int, 0}, { String | OUT, 1}, { Int, 2}}}, 182 { "rename", 1, 2, 183 { { Name , 0} , { Name, 1}}}, 184 { "symlink", 1, 2, 185 { { Name , 0} , { Name, 1}}}, 186 { 0, 0, 0, { { 0, 0 }}}, 187 }; 188 189 /* 190 * If/when the list gets big, it might be desirable to do it 191 * as a hash table or binary search. 192 */ 193 194 struct syscall * 195 get_syscall(const char *name) { 196 struct syscall *sc = syscalls; 197 198 if (name == NULL) 199 return (NULL); 200 while (sc->name) { 201 if (!strcmp(name, sc->name)) 202 return sc; 203 sc++; 204 } 205 return NULL; 206 } 207 208 /* 209 * get_struct 210 * 211 * Copy a fixed amount of bytes from the process. 212 */ 213 214 static int 215 get_struct(int procfd, void *offset, void *buf, int len) { 216 217 if (pread(procfd, buf, len, (uintptr_t)offset) != len) 218 return -1; 219 return 0; 220 } 221 222 /* 223 * get_string 224 * Copy a string from the process. Note that it is 225 * expected to be a C string, but if max is set, it will 226 * only get that much. 227 */ 228 229 char * 230 get_string(int procfd, void *offset, int max) { 231 char *buf; 232 int size, len, c, fd; 233 FILE *p; 234 235 if ((fd = dup(procfd)) == -1) 236 err(1, "dup"); 237 if ((p = fdopen(fd, "r")) == NULL) 238 err(1, "fdopen"); 239 buf = malloc( size = (max ? max + 1 : 64 ) ); 240 len = 0; 241 buf[0] = 0; 242 if (fseeko(p, (uintptr_t)offset, SEEK_SET) == 0) { 243 while ((c = fgetc(p)) != EOF) { 244 buf[len++] = c; 245 if (c == 0 || len == max) 246 break; 247 if (len == size) { 248 char *tmp; 249 tmp = realloc(buf, size+64); 250 if (tmp == NULL) { 251 buf[len] = 0; 252 break; 253 } 254 size += 64; 255 buf = tmp; 256 } 257 } 258 buf[len] = 0; 259 } 260 fclose(p); 261 return (buf); 262 } 263 264 265 /* 266 * Remove a trailing '|' in a string, useful for fixup after decoding 267 * a "flags" argument. 268 */ 269 270 void 271 remove_trailing_or(char *str) 272 { 273 274 if (str != NULL && (str = rindex(str, '|')) != NULL && str[1] == '\0') 275 *str = '\0'; 276 } 277 278 /* 279 * print_arg 280 * Converts a syscall argument into a string. Said string is 281 * allocated via malloc(), so needs to be free()'d. The file 282 * descriptor is for the process' memory (via /proc), and is used 283 * to get any data (where the argument is a pointer). sc is 284 * a pointer to the syscall description (see above); args is 285 * an array of all of the system call arguments. 286 */ 287 288 char * 289 print_arg(int fd, struct syscall_args *sc, unsigned long *args, long retval, struct trussinfo *trussinfo) { 290 char *tmp = NULL; 291 int max = 0; 292 293 switch (sc->type & ARG_MASK) { 294 case Hex: 295 asprintf(&tmp, "0x%lx", args[sc->offset]); 296 break; 297 case Octal: 298 asprintf(&tmp, "0%lo", args[sc->offset]); 299 break; 300 case Int: 301 asprintf(&tmp, "%ld", args[sc->offset]); 302 break; 303 case String: 304 max = trussinfo->strsize; 305 if (max == 0) 306 { 307 asprintf(&tmp, "0x%lx", args[sc->offset]); 308 break; 309 } 310 case Name: 311 { 312 char *tmp2; 313 tmp2 = get_string(fd, (void*)args[sc->offset], max ? max + 1 : 0); 314 if (max && memchr(tmp2, '\0', max + 1) == NULL) 315 asprintf(&tmp, "\"%.*s...\"", max, tmp2); 316 else 317 asprintf(&tmp, "\"%s\"", tmp2); 318 free(tmp2); 319 } 320 break; 321 case StringArray: 322 { 323 int num, size, i; 324 char *tmp2; 325 char *string; 326 char *strarray[100]; /* XXX This is ugly. */ 327 328 if (get_struct(fd, (void *)args[sc->offset], (void *)&strarray, 329 sizeof(strarray)) == -1) { 330 err(1, "get_struct %p", (void *)args[sc->offset]); 331 } 332 num = 0; 333 size = 0; 334 335 /* Find out how large of a buffer we'll need. */ 336 while (strarray[num] != NULL) { 337 string = get_string(fd, (void*)strarray[num], 0); 338 size += strlen(string); 339 free(string); 340 num++; 341 } 342 size += 4 + (num * 4); 343 tmp = (char *)malloc(size); 344 tmp2 = tmp; 345 346 tmp2 += sprintf(tmp2, " ["); 347 for (i = 0; i < num; i++) { 348 string = get_string(fd, (void*)strarray[i], 0); 349 tmp2 += sprintf(tmp2, " \"%s\"%c", string, (i+1 == num) ? ' ' : ','); 350 free(string); 351 } 352 tmp2 += sprintf(tmp2, "]"); 353 } 354 break; 355 #ifdef __LP64__ 356 case Quad: 357 asprintf(&tmp, "0x%lx", args[sc->offset]); 358 break; 359 #else 360 case Quad: 361 { 362 unsigned long long ll; 363 ll = *(unsigned long long *)(args + sc->offset); 364 asprintf(&tmp, "0x%llx", ll); 365 break; 366 } 367 #endif 368 case Ptr: 369 asprintf(&tmp, "0x%lx", args[sc->offset]); 370 break; 371 case Readlinkres: 372 { 373 char *tmp2; 374 if (retval == -1) { 375 tmp = strdup(""); 376 break; 377 } 378 tmp2 = get_string(fd, (void*)args[sc->offset], retval); 379 asprintf(&tmp, "\"%s\"", tmp2); 380 free(tmp2); 381 } 382 break; 383 case Ioctl: 384 { 385 const char *temp = ioctlname(args[sc->offset]); 386 if (temp) 387 tmp = strdup(temp); 388 else 389 asprintf(&tmp, "0x%lx", args[sc->offset]); 390 } 391 break; 392 case Timespec: 393 { 394 struct timespec ts; 395 if (get_struct(fd, (void *)args[sc->offset], &ts, sizeof(ts)) != -1) 396 asprintf(&tmp, "{%jd %jd}", (intmax_t)ts.tv_sec, (intmax_t)ts.tv_nsec); 397 else 398 asprintf(&tmp, "0x%lx", args[sc->offset]); 399 } 400 break; 401 case Timeval: 402 { 403 struct timeval tv; 404 if (get_struct(fd, (void *)args[sc->offset], &tv, sizeof(tv)) != -1) 405 asprintf(&tmp, "{%jd %jd}", (intmax_t)tv.tv_sec, (intmax_t)tv.tv_usec); 406 else 407 asprintf(&tmp, "0x%lx", args[sc->offset]); 408 } 409 break; 410 case Itimerval: 411 { 412 struct itimerval itv; 413 if (get_struct(fd, (void *)args[sc->offset], &itv, sizeof(itv)) != -1) 414 asprintf(&tmp, "{%jd %jd, %jd %jd}", 415 (intmax_t)itv.it_interval.tv_sec, 416 (intmax_t)itv.it_interval.tv_usec, 417 (intmax_t)itv.it_value.tv_sec, 418 (intmax_t)itv.it_value.tv_usec); 419 else 420 asprintf(&tmp, "0x%lx", args[sc->offset]); 421 } 422 break; 423 case Pollfd: 424 { 425 /* 426 * XXX: A Pollfd argument expects the /next/ syscall argument to be 427 * the number of fds in the array. This matches the poll syscall. 428 */ 429 struct pollfd *pfd; 430 int numfds = args[sc->offset+1]; 431 int bytes = sizeof(struct pollfd) * numfds; 432 int i, tmpsize, u, used; 433 const int per_fd = 100; 434 435 if ((pfd = malloc(bytes)) == NULL) 436 err(1, "Cannot malloc %d bytes for pollfd array", bytes); 437 if (get_struct(fd, (void *)args[sc->offset], pfd, bytes) != -1) { 438 439 used = 0; 440 tmpsize = 1 + per_fd * numfds + 2; 441 if ((tmp = malloc(tmpsize)) == NULL) 442 err(1, "Cannot alloc %d bytes for poll output", tmpsize); 443 444 tmp[used++] = '{'; 445 for (i = 0; i < numfds; i++) { 446 #define POLLKNOWN_EVENTS \ 447 (POLLIN | POLLPRI | POLLOUT | POLLERR | POLLHUP | POLLNVAL | \ 448 POLLRDNORM |POLLRDBAND | POLLWRBAND | POLLINIGNEOF) 449 450 u = snprintf(tmp + used, per_fd, 451 "%s%d 0x%hx%s%s%s%s%s%s%s%s%s ", 452 i > 0 ? " " : "", 453 pfd[i].fd, 454 pfd[i].events & ~POLLKNOWN_EVENTS, 455 pfd[i].events & POLLIN ? "" : "|IN", 456 pfd[i].events & POLLPRI ? "" : "|PRI", 457 pfd[i].events & POLLOUT ? "" : "|OUT", 458 pfd[i].events & POLLERR ? "" : "|ERR", 459 pfd[i].events & POLLHUP ? "" : "|HUP", 460 pfd[i].events & POLLNVAL ? "" : "|NVAL", 461 pfd[i].events & POLLRDNORM ? "" : "|RDNORM", 462 pfd[i].events & POLLRDBAND ? "" : "|RDBAND", 463 pfd[i].events & POLLWRBAND ? "" : "|WRBAND"); 464 if (u > 0) 465 used += u < per_fd ? u : per_fd; 466 } 467 tmp[used++] = '}'; 468 tmp[used++] = '\0'; 469 } else 470 asprintf(&tmp, "0x%lx", args[sc->offset]); 471 free(pfd); 472 } 473 break; 474 case Fd_set: 475 { 476 /* 477 * XXX: A Fd_set argument expects the /first/ syscall argument to be 478 * the number of fds in the array. This matches the select syscall. 479 */ 480 fd_set *fds; 481 int numfds = args[0]; 482 int bytes = _howmany(numfds, _NFDBITS) * _NFDBITS; 483 int i, tmpsize, u, used; 484 const int per_fd = 20; 485 486 if ((fds = malloc(bytes)) == NULL) 487 err(1, "Cannot malloc %d bytes for fd_set array", bytes); 488 if (get_struct(fd, (void *)args[sc->offset], fds, bytes) != -1) { 489 used = 0; 490 tmpsize = 1 + numfds * per_fd + 2; 491 if ((tmp = malloc(tmpsize)) == NULL) 492 err(1, "Cannot alloc %d bytes for fd_set output", tmpsize); 493 494 tmp[used++] = '{'; 495 for (i = 0; i < numfds; i++) { 496 if (FD_ISSET(i, fds)) { 497 u = snprintf(tmp + used, per_fd, "%d ", i); 498 if (u > 0) 499 used += u < per_fd ? u : per_fd; 500 } 501 } 502 if (tmp[used-1] == ' ') 503 used--; 504 tmp[used++] = '}'; 505 tmp[used++] = '\0'; 506 } else 507 asprintf(&tmp, "0x%lx", args[sc->offset]); 508 free(fds); 509 } 510 break; 511 case Signal: 512 { 513 long sig; 514 515 sig = args[sc->offset]; 516 tmp = strsig(sig); 517 if (tmp == NULL) 518 asprintf(&tmp, "%ld", sig); 519 } 520 break; 521 case Fcntl: 522 { 523 switch (args[sc->offset]) { 524 #define S(a) case a: tmp = strdup(#a); break; 525 S(F_DUPFD); 526 S(F_GETFD); 527 S(F_SETFD); 528 S(F_GETFL); 529 S(F_SETFL); 530 S(F_GETOWN); 531 S(F_SETOWN); 532 S(F_GETLK); 533 S(F_SETLK); 534 S(F_SETLKW); 535 #undef S 536 } 537 if (tmp == NULL) 538 asprintf(&tmp, "0x%lx", args[sc->offset]); 539 } 540 break; 541 542 case Mprot: 543 { 544 545 #define S(a) ((args[sc->offset] & a) ? #a "|" : "") 546 asprintf(&tmp, "(0x%lx)%s%s%s%s", args[sc->offset], 547 S(PROT_NONE), S(PROT_READ), S(PROT_WRITE), S(PROT_EXEC)); 548 #undef S 549 remove_trailing_or(tmp); 550 551 } 552 break; 553 554 case Mmapflags: 555 { 556 #define S(a) ((args[sc->offset] & a) ? #a "|" : "") 557 asprintf(&tmp, "(0x%lx)%s%s%s%s%s%s%s%s", args[sc->offset], 558 S(MAP_ANON), S(MAP_FIXED), S(MAP_HASSEMAPHORE), 559 S(MAP_NOCORE), S(MAP_NOSYNC), S(MAP_PRIVATE), 560 S(MAP_SHARED), S(MAP_STACK)); 561 #undef S 562 563 remove_trailing_or(tmp); 564 } 565 break; 566 567 case Whence: 568 { 569 switch (args[sc->offset]) { 570 #define S(a) case a: tmp = strdup(#a); break; 571 S(SEEK_SET); 572 S(SEEK_CUR); 573 S(SEEK_END); 574 #undef S 575 default: asprintf(&tmp, "0x%lx", args[sc->offset]); break; 576 } 577 } 578 break; 579 case Sockaddr: 580 { 581 struct sockaddr_storage ss; 582 char addr[64]; 583 struct sockaddr_in *lsin; 584 struct sockaddr_in6 *lsin6; 585 struct sockaddr_un *sun; 586 struct sockaddr *sa; 587 char *p; 588 u_char *q; 589 int i; 590 591 if (args[sc->offset] == 0) { 592 asprintf(&tmp, "NULL"); 593 break; 594 } 595 596 /* yuck: get ss_len */ 597 if (get_struct(fd, (void *)args[sc->offset], (void *)&ss, 598 sizeof(ss.ss_len) + sizeof(ss.ss_family)) == -1) 599 err(1, "get_struct %p", (void *)args[sc->offset]); 600 /* 601 * If ss_len is 0, then try to guess from the sockaddr type. 602 * AF_UNIX may be initialized incorrectly, so always frob 603 * it by using the "right" size. 604 */ 605 if (ss.ss_len == 0 || ss.ss_family == AF_UNIX) { 606 switch (ss.ss_family) { 607 case AF_INET: 608 ss.ss_len = sizeof(*lsin); 609 break; 610 case AF_UNIX: 611 ss.ss_len = sizeof(*sun); 612 break; 613 default: 614 /* hurrrr */ 615 break; 616 } 617 } 618 if (get_struct(fd, (void *)args[sc->offset], (void *)&ss, ss.ss_len) 619 == -1) { 620 err(2, "get_struct %p", (void *)args[sc->offset]); 621 } 622 623 switch (ss.ss_family) { 624 case AF_INET: 625 lsin = (struct sockaddr_in *)&ss; 626 inet_ntop(AF_INET, &lsin->sin_addr, addr, sizeof addr); 627 asprintf(&tmp, "{ AF_INET %s:%d }", addr, htons(lsin->sin_port)); 628 break; 629 case AF_INET6: 630 lsin6 = (struct sockaddr_in6 *)&ss; 631 inet_ntop(AF_INET6, &lsin6->sin6_addr, addr, sizeof addr); 632 asprintf(&tmp, "{ AF_INET6 [%s]:%d }", addr, htons(lsin6->sin6_port)); 633 break; 634 case AF_UNIX: 635 sun = (struct sockaddr_un *)&ss; 636 asprintf(&tmp, "{ AF_UNIX \"%s\" }", sun->sun_path); 637 break; 638 default: 639 sa = (struct sockaddr *)&ss; 640 asprintf(&tmp, "{ sa_len = %d, sa_family = %d, sa_data = {%n%*s } }", 641 (int)sa->sa_len, (int)sa->sa_family, &i, 642 6 * (int)(sa->sa_len - ((char *)&sa->sa_data - (char *)sa)), ""); 643 if (tmp != NULL) { 644 p = tmp + i; 645 for (q = (u_char *)&sa->sa_data; q < (u_char *)sa + sa->sa_len; q++) 646 p += sprintf(p, " %#02x,", *q); 647 } 648 } 649 } 650 break; 651 case Sigaction: 652 { 653 struct sigaction sa; 654 char *hand; 655 const char *h; 656 #define SA_KNOWN_FLAGS \ 657 (SA_ONSTACK | SA_RESTART | SA_RESETHAND | SA_NOCLDSTOP | SA_NODEFER | \ 658 SA_NOCLDWAIT | SA_SIGINFO) 659 660 661 if (get_struct(fd, (void *)args[sc->offset], &sa, sizeof(sa)) != -1) { 662 663 asprintf(&hand, "%p", sa.sa_handler); 664 if (sa.sa_handler == SIG_DFL) 665 h = "SIG_DFL"; 666 else if (sa.sa_handler == SIG_IGN) 667 h = "SIG_IGN"; 668 else 669 h = hand; 670 asprintf(&tmp, "{ %s 0x%x%s%s%s%s%s%s%s ss_t }", 671 h, 672 sa.sa_flags & ~SA_KNOWN_FLAGS, 673 sa.sa_flags & SA_ONSTACK ? "" : "|ONSTACK", 674 sa.sa_flags & SA_RESTART ? "" : "|RESTART", 675 sa.sa_flags & SA_RESETHAND ? "" : "|RESETHAND", 676 sa.sa_flags & SA_NOCLDSTOP ? "" : "|NOCLDSTOP", 677 sa.sa_flags & SA_NODEFER ? "" : "|NODEFER", 678 sa.sa_flags & SA_NOCLDWAIT ? "" : "|NOCLDWAIT", 679 sa.sa_flags & SA_SIGINFO ? "" : "|SIGINFO"); 680 free(hand); 681 } else 682 asprintf(&tmp, "0x%lx", args[sc->offset]); 683 684 } 685 break; 686 } 687 return tmp; 688 } 689 690 #define timespecsubt(tvp, uvp, vvp) \ 691 do { \ 692 (vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \ 693 (vvp)->tv_nsec = (tvp)->tv_nsec - (uvp)->tv_nsec; \ 694 if ((vvp)->tv_nsec < 0) { \ 695 (vvp)->tv_sec--; \ 696 (vvp)->tv_nsec += 1000000000; \ 697 } \ 698 } while (0) 699 700 /* 701 * print_syscall 702 * Print (to outfile) the system call and its arguments. Note that 703 * nargs is the number of arguments (not the number of words; this is 704 * potentially confusing, I know). 705 */ 706 707 void 708 print_syscall(struct trussinfo *trussinfo, const char *name, int nargs, char **s_args) { 709 int i; 710 int len = 0; 711 struct timespec timediff; 712 713 if (trussinfo->flags & FOLLOWFORKS) 714 len += fprintf(trussinfo->outfile, "%5d: ", trussinfo->pid); 715 716 if (name != NULL && (!strcmp(name, "execve") || !strcmp(name, "exit"))) { 717 clock_gettime(CLOCK_REALTIME, &trussinfo->after); 718 } 719 720 if (trussinfo->flags & ABSOLUTETIMESTAMPS) { 721 timespecsubt(&trussinfo->after, &trussinfo->start_time, &timediff); 722 len += fprintf(trussinfo->outfile, "%ld.%09ld ", 723 (long)timediff.tv_sec, timediff.tv_nsec); 724 } 725 726 if (trussinfo->flags & RELATIVETIMESTAMPS) { 727 timespecsubt(&trussinfo->after, &trussinfo->before, &timediff); 728 len += fprintf(trussinfo->outfile, "%ld.%09ld ", 729 (long)timediff.tv_sec, timediff.tv_nsec); 730 } 731 732 len += fprintf(trussinfo->outfile, "%s(", name); 733 734 for (i = 0; i < nargs; i++) { 735 if (s_args[i]) 736 len += fprintf(trussinfo->outfile, "%s", s_args[i]); 737 else 738 len += fprintf(trussinfo->outfile, "<missing argument>"); 739 len += fprintf(trussinfo->outfile, "%s", i < (nargs - 1) ? "," : ""); 740 } 741 len += fprintf(trussinfo->outfile, ")"); 742 for (i = 0; i < 6 - (len / 8); i++) 743 fprintf(trussinfo->outfile, "\t"); 744 } 745 746 void 747 print_syscall_ret(struct trussinfo *trussinfo, const char *name, int nargs, 748 char **s_args, int errorp, long retval) 749 { 750 print_syscall(trussinfo, name, nargs, s_args); 751 fflush(trussinfo->outfile); 752 if (errorp) { 753 fprintf(trussinfo->outfile, " ERR#%ld '%s'\n", retval, strerror(retval)); 754 } else { 755 fprintf(trussinfo->outfile, " = %ld (0x%lx)\n", retval, retval); 756 } 757 } 758