xref: /illumos-gate/usr/src/cmd/vscan/vscand/vscan.d (revision 533affcbc7fc4d0c8132976ea454aaa715fe2307)
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28 #pragma D option flowindent
29 */
30 
31 /*
32  *** vscan kernel pseudo driver ***
33  */
34 
35 /*
36  * vscan_svc.c
37  */
38 sdt:vscan::vscan-req-counts
39 {
40 	printf("%s reql: %d, node: %d, taskq: %d",
41 	    stringof(arg0),
42 	    ((vscan_svc_counts_t *)arg1)->vsc_reql,
43 	    ((vscan_svc_counts_t *)arg1)->vsc_node,
44 	    ((vscan_svc_counts_t *)arg1)->vsc_tq);
45 }
46 
47 sdt:vscan::vscan-svc-state-violation
48 {
49 	printf("%d %s", arg0,
50 		arg0 == 0 ? "UNCONFIG" :
51 		arg0 == 1 ? "IDLE" :
52 		arg0 == 2 ? "ENABLED" :
53 		arg0 == 3 ? "DISABLED" : "UNKNOWN");
54 }
55 
56 sdt:vscan::vscan-scan-timeout
57 {
58 	printf("idx: %d, seqnum: %d - %s",
59 	    ((vscan_req_t *)arg0)->vsr_idx,
60 		((vscan_req_t *)arg0)->vsr_seqnum,
61 		stringof(((vscan_req_t *)arg0)->vsr_vp->v_path));
62 }
63 
64 sdt:vscan::vscan-scan-file
65 {
66 	printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync");
67 }
68 
69 sdt:vscan::vscan-exempt-filesize
70 {
71 	printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW");
72 }
73 
74 sdt:vscan::vscan-type-match
75 {
76 	printf("ext: %s matched: %s", stringof(arg0), stringof(arg1));
77 }
78 
79 sdt:vscan::vscan-exempt-filetype
80 {
81 	printf("%s EXEMPT", stringof(arg0));
82 }
83 
84 sdt:vscan::vscan-getattr
85 {
86 	printf("%s, m: %d, q: %d, scanstamp: %s",
87 		stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path),
88 		((vscan_svc_node_t *)arg0)->vsn_modified,
89 		((vscan_svc_node_t *)arg0)->vsn_quarantined,
90 		stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
91 }
92 
93 sdt:vscan::vscan-setattr
94 {
95 	/* XAT_AV_QUARANTINED */
96 	printf("%s", (arg1 & 0x400) == 0 ? "" :
97 	    ((vscan_svc_node_t *)arg0)->vsn_quarantined ? "q: 1, " : "q: 0, ");
98 
99 	/* XAT_AV_MODIFIED */
100 	printf("%s", (arg1 & 0x800) == 0 ? "" :
101 	    ((vscan_svc_node_t *)arg0)->vsn_modified ? "m: 1, " : "m: 0, ");
102 
103 	/* XAT_AV_SCANSTAMP */
104 	printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: ");
105 	printf("%s", (arg1 & 0x1000) == 0 ? "" :
106 	    stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
107 }
108 
109 
110 sdt:vscan::vscan-mtime-changed
111 {
112 	printf("%s",
113 		stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path));
114 }
115 
116 
117 sdt:vscan::vscan-result
118 {
119 	printf("idx: %d, seqnum: %d, VS_STATUS_%s - VS_ACCESS_%s",
120 		arg0, arg1,
121 	    arg2 == 0 ? "UNDEFINED" :
122 	    arg2 == 1 ? "NO_SCAN" :
123 	    arg2 == 2 ? "ERROR" :
124 	    arg2 == 3 ? "CLEAN" :
125 	    arg2 == 4 ? "INFECTED" :
126 	    arg2 == 5 ? "SCANNING" : "XXX unknown",
127 	    arg3 == 0 ? "UNDEFINED" :
128 	    arg3 == 1 ? "ALLOW" : "DENY");
129 }
130 
131 /* insert request into request list */
132 fbt:vscan:vscan_svc_reql_insert:entry
133 {
134 	printf("%s", stringof(args[0]->v_path));
135 }
136 fbt:vscan:vscan_svc_reql_insert:return
137 /args[1] != 0/
138 {
139 	printf("seqnum %d %s", args[1]->vsr_seqnum,
140 	    stringof(args[1]->vsr_vp->v_path));
141 }
142 fbt:vscan:vscan_svc_reql_insert:return
143 /args[1] == 0/
144 {
145 	printf("request list full");
146 }
147 /* insert request into scan table */
148 fbt:vscan:vscan_svc_insert_req:entry
149 {
150 	printf("seqnum: %d - %s",
151 	    args[0]->vsr_seqnum, stringof(args[0]->vsr_vp->v_path));
152 }
153 fbt:vscan:vscan_svc_insert_req:return
154 {
155 	printf("idx: %d", args[1]);
156 }
157 /* remove request from request list and  scan table and delete it*/
158 fbt:vscan:vscan_svc_delete_req:entry
159 {
160 	printf("idx: %d, seqnum: %d - %s",
161 	    args[0]->vsr_idx, args[0]->vsr_seqnum,
162 		stringof(args[0]->vsr_vp->v_path));
163 }
164 
165 fbt:vscan:vscan_svc_delete_req:return,
166 fbt:vscan:vscan_svc_reql_handler:entry,
167 fbt:vscan:vscan_svc_reql_handler:return
168 {
169 }
170 
171 fbt:vscan:vscan_svc_taskq_callback:entry,
172 fbt:vscan:vscan_svc_do_scan:entry
173 {
174 	printf("idx: %d, seqnum: %d - %s",
175 	    ((vscan_req_t *)(args[0]))->vsr_idx,
176 		((vscan_req_t *)(args[0]))->vsr_seqnum,
177 		stringof(((vscan_req_t *)(args[0]))->vsr_vp->v_path));
178 }
179 fbt:vscan:vscan_svc_scan_complete:entry
180 {
181 	printf("idx: %d, seqnum: %d, state: %s - %s",
182 	    args[0]->vsr_idx, args[0]->vsr_seqnum,
183 		args[0]->vsr_state == 0 ? "INIT" :
184 		args[0]->vsr_state == 1 ? "QUEUED" :
185 		args[0]->vsr_state == 2 ? "IN_PROGRESS" :
186 		args[0]->vsr_state == 3 ? "SCANNING" :
187 		args[0]->vsr_state == 4 ? "ASYNC_COMPLETE" :
188 		args[0]->vsr_state == 5 ? "COMPLETE" : "UNKNOWN",
189 		stringof(args[0]->vsr_vp->v_path));
190 }
191 
192 fbt:vscan:vscan_svc_taskq_callback:return,
193 fbt:vscan:vscan_svc_do_scan:return,
194 fbt:vscan:vscan_svc_scan_complete:return
195 {
196 }
197 
198 sdt:vscan::vscan-abort
199 {
200 	printf("idx: %d, seqnum: %d - %s",
201 	    ((vscan_req_t *)(arg0))->vsr_idx,
202 		((vscan_req_t *)(arg0))->vsr_seqnum,
203 		stringof(((vscan_req_t *)(arg0))->vsr_vp->v_path));
204 }
205 
206 fbt:vscan:vscan_svc_enable:entry,
207 fbt:vscan:vscan_svc_enable:return,
208 fbt:vscan:vscan_svc_disable:entry,
209 fbt:vscan:vscan_svc_disable:return,
210 fbt:vscan:vscan_svc_configure:entry,
211 fbt:vscan:vscan_svc_configure:return
212 {
213 }
214 
215 /*
216  * vscan_door.c
217  */
218 fbt:vscan:vscan_door_open:entry,
219 fbt:vscan:vscan_door_open:return,
220 fbt:vscan:vscan_door_close:entry,
221 fbt:vscan:vscan_door_close:return
222 {
223 }
224 
225 fbt:vscan:vscan_door_scan_file:entry
226 {
227 	printf("idx: %d, seqnum: %d - %s",
228 	    args[0]->vsr_idx, args[0]->vsr_seqnum, args[0]->vsr_path);
229 }
230 fbt:vscan:vscan_door_scan_file:return
231 {
232 	printf("VS_STATUS_%s",
233 	    args[1] == 0 ? "UNDEFINED" :
234 	    args[1] == 1 ? "NO_SCAN" :
235 	    args[1] == 2 ? "ERROR" :
236 	    args[1] == 3 ? "CLEAN" :
237 	    args[1] == 4 ? "INFECTED" :
238 	    args[1] == 5 ? "SCANNING" : "XXX unknown");
239 }
240 
241 
242 /*
243  * vscan_drv.c
244  */
245 sdt:vscan::vscan-drv-state-violation
246 {
247 	printf("%d %s", arg0,
248 		arg0 == 0 ? "UNCONFIG" :
249 		arg0 == 1 ? "IDLE" :
250 		arg0 == 2 ? "CONNECTED" :
251 		arg0 == 3 ? "ENABLED" :
252 		arg0 == 4 ? "DELAYED_DISABLE" : "UNKNOWN");
253 }
254 
255 sdt:vscan::vscan-minor-node
256 {
257 	printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error");
258 }
259 
260 /* unprivileged vscan driver access attempt */
261 sdt:vscan::vscan-priv
262 /arg0 != 0/
263 {
264 	printf("vscan driver access attempt by unprivileged process");
265 }
266 
267 /* daemon-driver synchronization */
268 sdt:vscan::vscan-reconnect
269 {
270 }
271 
272 fbt:vscan:vscan_drv_open:entry
273 / *(int *)args[0] == 0/
274 {
275 	printf("vscan daemon attach");
276 }
277 
278 fbt:vscan:vscan_drv_close:entry
279 / (int)args[0] == 0/
280 {
281 	printf("vscan daemon detach");
282 }
283 
284 fbt:vscan:vscan_drv_ioctl:entry
285 / (int)args[0] == 0/
286 {
287 	printf("vscan daemon ioctl %d %s", args[1],
288 		args[1] == 1 ? "ENABLE" :
289 		args[1] == 2 ? "DISABLE" :
290 		args[1] == 3 ? "CONFIG" :
291 		args[1] == 4 ? "RESULT" :
292 		args[1] == 5 ? "MAX FILES" : "unknown");
293 }
294 
295 fbt:vscan:vscan_drv_delayed_disable:entry,
296 fbt:vscan:vscan_drv_delayed_disable:return,
297 fbt:vscan:vscan_drv_attach:entry,
298 fbt:vscan:vscan_drv_detach:entry
299 {
300 }
301 
302 fbt:vscan:vscan_drv_attach:return,
303 fbt:vscan:vscan_drv_detach:return
304 {
305 	printf("%s", args[1] ? "DDI_FAILURE" : "DDI_SUCCESS");
306 }
307 
308 fbt:vscan:vscan_drv_in_use:return
309 {
310 	printf("%s", args[1] ? "TRUE" : "FALSE");
311 }
312 
313 
314 /* file access */
315 
316 /*
317 fbt:vscan:vscan_drv_open:entry
318 / *(int *)args[0] != 0/
319 {
320 	printf("%d", *(int *)args[0]);
321 }
322 
323 fbt:vscan:vscan_drv_close:entry,
324 fbt:vscan:vscan_drv_read:entry
325 / (int)args[0] != 0/
326 {
327 	printf("%d", (int)args[0]);
328 }
329 */
330 
331 
332 /*
333  *** vscan daemon - vscand ***
334  */
335 
336 pid$target::vs_svc_init:entry
337 {
338 	printf("Max concurrent scan requests from kernel: %d", arg1);
339 }
340 
341 pid$target::vs_svc_init:return
342 {
343 }
344 
345 
346 pid$target::vs_door_scan_req:entry,
347 pid$target::vs_svc_scan_file:entry,
348 pid$target::vs_svc_queue_scan_req:entry,
349 pid$target::vs_svc_async_scan:entry,
350 pid$target::vs_eng_scanstamp_current:entry,
351 pid$target::vs_icap_scan_file:entry
352 {
353 }
354 
355 pid$target::vs_svc_queue_scan_req:return,
356 pid$target::vs_svc_async_scan:return
357 {
358 }
359 
360 pid$target::vs_svc_scan_file:return
361 {
362 	printf("VS_STATUS_%s",
363 	    arg1 == 0 ? "UNDEFINED" :
364 	    arg1 == 1 ? "NO_SCAN" :
365 	    arg1 == 2 ? "ERROR" :
366 	    arg1 == 3 ? "CLEAN" :
367 	    arg1 == 4 ? "INFECTED" :
368 	    arg1 == 5 ? "SCANNING" : "XXX unknown");
369 }
370 
371 pid$target::vs_eng_scanstamp_current:return
372 {
373 	printf("%sCURRENT", arg1 == 0 ? "NOT " : "");
374 }
375 
376 pid$target::vs_icap_scan_file:return
377 {
378 	printf("%d VS_RESULT_%s", (int)arg1,
379 	    (int)arg1 == 0 ? "UNDEFINED" :
380 	    (int)arg1 == 1 ? "CLEAN" :
381 	    (int)arg1 == 2 ? "CLEANED" :
382 	    (int)arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR");
383 }
384 
385 pid$target::vs_stats_set:entry
386 {
387 	printf("%s", (arg0 == 1) ? "CLEAN" :
388 		(arg0 == 2) ? "CLEANED" :
389 		(arg0 == 3) ? "QUARANTINE" : "ERROR");
390 }
391 
392 pid$target::vs_stats_set:return
393 {
394 }
395 
396 /* get engine connection */
397 pid$target::vs_eng_get:entry,
398 pid$target::vs_eng_connect:entry,
399 pid$target::vs_eng_release:entry,
400 pid$target::vs_eng_release:return
401 {
402 }
403 pid$target::vs_eng_get:return,
404 pid$target::vs_eng_connect:return
405 {
406 	printf("%s", arg1 == 0 ? "success" : "error");
407 }
408 
409 /* engine errors */
410 pid$target::vs_eng_set_error:entry
411 / arg1 == 1 /
412 {
413 	printf("scan engine error");
414 }
415 
416 /* configuration */
417 pid$target::vscand_cfg_init:entry,
418 pid$target::vscand_cfg_fini:entry,
419 pid$target::vscand_cfg_init:return,
420 pid$target::vscand_cfg_fini:return,
421 pid$target::vscand_cfg_handler:entry,
422 pid$target::vscand_cfg_handler:return
423 {
424 }
425 
426 pid$target::vscand_dtrace_gen:entry
427 {
428 	printf("maxsize: %s action: %s\n",
429 		copyinstr(arg0), (arg1 == 1) ? "allow" : "deny");
430 	printf("types: %s\n", copyinstr(arg2));
431 	printf("log: %s\n", copyinstr(arg3));
432 }
433 pid$target::vscand_dtrace_eng:entry
434 {
435 	printf("\n%s %s \nhost: %s \nport: %d \nmax connections: %d\n",
436 		copyinstr(arg0), (arg1 == 1) ? "enabled" : "disabled",
437 		copyinstr(arg2), arg3, arg4);
438 }
439 
440 
441 
442 /* shutdown */
443 pid$target::vscand_sig_handler:entry
444 {
445 	printf("received signal %d", arg0);
446 }
447 pid$target::vscand_sig_handler:return,
448 pid$target::vscand_fini:entry,
449 pid$target::vscand_fini:return,
450 pid$target::vscand_kernel_disable:entry,
451 pid$target::vscand_kernel_disable:return,
452 pid$target::vscand_kernel_unbind:entry,
453 pid$target::vscand_kernel_unbind:return,
454 pid$target::vscand_kernel_result:entry,
455 pid$target::vscand_kernel_result:return,
456 pid$target::vs_svc_terminate:entry,
457 pid$target::vs_svc_terminate:return,
458 pid$target::vs_eng_fini:entry,
459 pid$target::vs_eng_fini:return,
460 pid$target::vs_eng_close_connections:entry,
461 pid$target::vs_eng_close_connections:return
462 {
463 }
464 
465 /* vs_icap.c */
466 
467 /* trace entry and exit (inc status) */
468 pid$target::vs_icap_option_request:entry,
469 pid$target::vs_icap_send_option_req:entry,
470 pid$target::vs_icap_read_option_resp:entry,
471 pid$target::vs_icap_respmod_request:entry,
472 pid$target::vs_icap_may_preview:entry,
473 pid$target::vs_icap_send_preview:entry,
474 pid$target::vs_icap_send_respmod_hdr:entry,
475 pid$target::vs_icap_read_respmod_resp:entry
476 {
477 }
478 
479 pid$target::vs_icap_option_request:return,
480 pid$target::vs_icap_send_option_req:return,
481 pid$target::vs_icap_read_option_resp:return,
482 pid$target::vs_icap_respmod_request:return,
483 pid$target::vs_icap_send_preview:return,
484 pid$target::vs_icap_send_respmod_hdr:return,
485 pid$target::vs_icap_read_respmod_resp:return
486 {
487 	printf("%s", (int)arg1 < 0 ? "error" : "success");
488 }
489 
490 pid$target::vs_icap_may_preview:return
491 {
492 	printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE");
493 }
494 
495 /* trace failures only  - these functions return -1 on failure */
496 pid$target::vs_icap_read_resp_code:return,
497 pid$target::vs_icap_read_hdr:return,
498 pid$target::vs_icap_send_termination:return,
499 pid$target::vs_icap_write:return,
500 pid$target::vs_icap_set_scan_result:return,
501 pid$target::vs_icap_read_encap_hdr:return,
502 pid$target::vs_icap_read_encap_data:return,
503 pid$target::vs_icap_read_resp_body:return,
504 pid$target::vs_icap_read_body_chunk:return,
505 pid$target::vs_icap_read:return,
506 pid$target::vs_icap_readline:return,
507 pid$target::vs_icap_send_chunk:return,
508 pid$target::gethostname:return
509 /(int)arg1 == -1/
510 {
511 	printf("error");
512 }
513 
514 /* trace failures only  - these functions return 1 on success */
515 pid$target::vs_icap_opt_value:return,
516 pid$target::vs_icap_opt_ext:return,
517 pid$target::vs_icap_resp_infection:return,
518 pid$target::vs_icap_resp_virus_id:return,
519 pid$target::vs_icap_resp_violations:return,
520 pid$target::vs_icap_resp_violation_rec:return,
521 pid$target::vs_icap_resp_istag:return,
522 pid$target::vs_icap_resp_encap:return
523 /arg1 != 1/
524 {
525 	printf("error");
526 }
527 
528 pid$target::write:return,
529 pid$target::read:return,
530 pid$target::open:return,
531 pid$target::calloc:return
532 /arg1 <= 0/
533 {
534 	printf("error");
535 }
536 /*
537 pid$target::recv:return,
538 */
539