1 #!/usr/sbin/dtrace -s 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #pragma D option flowindent 30 31 /* 32 *** vscan kernel pseudo driver *** 33 */ 34 35 /* vscan_svc.c */ 36 sdt:vscan::vscan-scan-file 37 { 38 printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync"); 39 } 40 41 sdt:vscan::vscan-exempt-filesize 42 { 43 printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW"); 44 } 45 46 sdt:vscan::vscan-type-match 47 { 48 printf("ext: %s matched: %s", stringof(arg0), stringof(arg1)); 49 } 50 51 sdt:vscan::vscan-exempt-filetype 52 { 53 printf("%s EXEMPT", stringof(arg0)); 54 } 55 56 sdt:vscan::vscan-wait-scan 57 { 58 printf("%s (%d) waiters: %d", 59 stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path), 60 arg1, ((vscan_file_t *)arg0)->vsf_wait_count); 61 } 62 63 sdt:vscan::vscan-wait-slot 64 { 65 printf("%s", stringof(arg0)); 66 } 67 68 sdt:vscan::vscan-insert 69 { 70 printf("idx: %d - %s", arg1, stringof(arg0)); 71 } 72 73 sdt:vscan::vscan-release 74 { 75 printf("idx: %d - %s", arg1, stringof(arg0)); 76 } 77 78 sdt:vscan::vscan-getattr 79 { 80 printf("%s, m: %d, q: %d, scanstamp: %s", 81 stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path), 82 ((vscan_file_t *)arg0)->vsf_modified, 83 ((vscan_file_t *)arg0)->vsf_quarantined, 84 stringof(((vscan_file_t *)arg0)->vsf_scanstamp)); 85 } 86 87 sdt:vscan::vscan-setattr 88 { 89 /* XAT_AV_QUARANTINED */ 90 printf("%s", (arg1 & 0x400) == 0 ? "" : 91 ((vscan_file_t *)arg0)->vsf_quarantined ? "q: 1, " : "q: 0, "); 92 93 /* XAT_AV_MODIFIED */ 94 printf("%s", (arg1 & 0x800) == 0 ? "" : 95 ((vscan_file_t *)arg0)->vsf_modified ? "m: 1, " : "m: 0, "); 96 97 /* XAT_AV_SCANSTAMP */ 98 printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: "); 99 printf("%s", (arg1 & 0x1000) == 0 ? "" : 100 stringof(((vscan_file_t *)arg0)->vsf_scanstamp)); 101 } 102 103 104 sdt:vscan::vscan-mtime-changed 105 { 106 printf("%s", 107 stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path)); 108 } 109 110 111 sdt:vscan::vscan-result 112 { 113 printf("VS_STATUS_%s - VS_ACCESS_%s", 114 arg0 == 0 ? "UNDEFINED" : 115 arg0 == 1 ? "NO_SCAN" : 116 arg0 == 2 ? "ERROR" : 117 arg0 == 3 ? "CLEAN" : 118 arg0 == 4 ? "INFECTED" : "XXX unknown", 119 arg1 == 0 ? "UNDEFINED" : 120 arg1 == 1 ? "ALLOW" : "DENY"); 121 } 122 123 124 fbt:vscan:vscan_svc_enable:entry, 125 fbt:vscan:vscan_svc_enable:return, 126 fbt:vscan:vscan_svc_disable:entry, 127 fbt:vscan:vscan_svc_disable:return, 128 fbt:vscan:vscan_svc_configure:entry, 129 fbt:vscan:vscan_svc_configure:return, 130 fbt:vscan:vscan_svc_exempt_filetype:entry, 131 fbt:vscan:vscan_svc_scan_file:return, 132 fbt:vscan:vscan_svc_taskq_callback:entry, 133 fbt:vscan:vscan_svc_taskq_callback:return, 134 fbt:vscan:vscan_svc_do_scan:return 135 { 136 } 137 138 /* 139 fbt:vscan:vscan_svc_match_ext:entry 140 { 141 printf("ext: %s, check: %s", stringof(args[1]), stringof(args[0])); 142 } 143 144 fbt:vscan:vscan_svc_match_ext:return 145 { 146 } 147 */ 148 149 /* vscan_door.c */ 150 fbt:vscan:vscan_door_scan_file:entry 151 { 152 printf("%s (%d)", args[0]->vsr_path, args[0]->vsr_id); 153 } 154 fbt:vscan:vscan_door_scan_file:return 155 { 156 printf("%s", args[1] == 0 ? "success" : "error"); 157 } 158 159 /* vscan_drv.c */ 160 161 sdt:vscan::vscan-minor-node 162 { 163 printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error"); 164 } 165 166 /* 167 * unprivileged vscan driver access attempt 168 */ 169 sdt:vscan::vscan-priv 170 /arg0 != 0/ 171 { 172 printf("vscan driver access attempt by unprivileged process"); 173 } 174 175 /* 176 * daemon-driver synchronization 177 */ 178 fbt:vscan:vscan_drv_open:entry 179 / *(int *)args[0] == 0/ 180 { 181 printf("vscan daemon attach"); 182 } 183 184 fbt:vscan:vscan_drv_close:entry 185 / (int)args[0] == 0/ 186 { 187 printf("vscan daemon detach"); 188 } 189 190 fbt:vscan:vscan_drv_ioctl:entry 191 / (int)args[0] == 0/ 192 { 193 printf("vscan daemon ioctl %d %s", args[1], 194 args[1] == 1 ? "ENABLE" : 195 args[1] == 2 ? "DISABLE" : 196 args[1] == 4 ? "CONFIG" : "unknown"); 197 } 198 199 fbt:vscan:vscan_drv_delayed_disable:entry, 200 fbt:vscan:vscan_drv_delayed_disable:return 201 { 202 } 203 204 sdt:vscan::vscan-reconnect 205 { 206 } 207 208 /* 209 fbt:vscan:vscan_drv_attach:entry, 210 fbt:vscan:vscan_drv_attach:return, 211 fbt:vscan:vscan_drv_detach:entry, 212 fbt:vscan:vscan_drv_detach:return 213 { 214 } 215 216 fbt:vscan:vscan_drv_in_use:return, 217 fbt:vscan:vscan_svc_in_use:return 218 { 219 printf("%s", args[1] ? "in use" : "not in use"); 220 } 221 */ 222 223 224 /* 225 * file access 226 */ 227 228 /* 229 fbt:vscan:vscan_drv_open:entry 230 / *(int *)args[0] != 0/ 231 { 232 printf("%d", *(int *)args[0]); 233 } 234 235 fbt:vscan:vscan_drv_close:entry, 236 fbt:vscan:vscan_drv_read:entry 237 / (int)args[0] != 0/ 238 { 239 printf("%d", (int)args[0]); 240 } 241 */ 242 243 244 /* 245 *** vscan daemon - vscand *** 246 */ 247 248 pid$target::vs_door_scan_req:entry, 249 pid$target::vs_svc_scan_file:entry, 250 pid$target::vs_eng_scanstamp_current:entry, 251 pid$target::vs_icap_scan_file:entry 252 { 253 } 254 255 pid$target::vs_svc_scan_file:return 256 { 257 printf("VS_STATUS_%s", 258 arg1 == 0 ? "UNDEFINED" : 259 arg1 == 1 ? "NO_SCAN" : 260 arg1 == 2 ? "ERROR" : 261 arg1 == 3 ? "CLEAN" : 262 arg1 == 4 ? "INFECTED" : "XXX unknown"); 263 } 264 265 pid$target::vs_eng_scanstamp_current:return 266 { 267 printf("%sCURRENT", arg1 == 0 ? "NOT " : ""); 268 } 269 270 pid$target::vs_icap_scan_file:return 271 { 272 printf("%ld VS_RESULT_%s", arg1, 273 arg1 == 0 ? "UNDEFINED" : 274 arg1 == 1 ? "CLEAN" : 275 arg1 == 2 ? "CLEANED" : 276 arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR"); 277 } 278 279 pid$target::vs_stats_set:entry 280 { 281 printf("%s", (arg0 == 1) ? "CLEAN" : 282 (arg0 == 2) ? "CLEANED" : 283 (arg0 == 3) ? "QUARANTINE" : "ERROR"); 284 } 285 286 pid$target::vs_stats_set:return 287 { 288 } 289 290 /* get engine connection */ 291 pid$target::vs_eng_get:entry, 292 pid$target::vs_eng_connect:entry 293 { 294 } 295 pid$target::vs_eng_get:return, 296 pid$target::vs_eng_connect:return 297 { 298 printf("%s", arg1 == 0 ? "success" : "error"); 299 } 300 301 /* engine errors */ 302 pid$target::vs_eng_set_error:entry 303 / arg1 == 1 / 304 { 305 printf("scan engine %d error", arg0 + 1); 306 } 307 308 /* shutdown */ 309 pid$target::vscand_sig_handler:entry 310 { 311 printf("received signal %d", arg0); 312 } 313 pid$target::vscand_sig_handler:return, 314 pid$target::vscand_fini:entry, 315 pid$target::vscand_fini:return, 316 pid$target::vscand_kernel_disable:entry, 317 pid$target::vscand_kernel_disable:return, 318 pid$target::vscand_kernel_unbind:entry, 319 pid$target::vscand_kernel_unbind:return, 320 pid$target::vs_eng_fini:entry, 321 pid$target::vs_eng_fini:return, 322 pid$target::vs_eng_close_connections:entry, 323 pid$target::vs_eng_close_connections:return 324 { 325 } 326 327 /* vs_icap.c */ 328 329 /* trace entry and exit (inc status) */ 330 pid$target::vs_icap_option_request:entry, 331 pid$target::vs_icap_send_option_req:entry, 332 pid$target::vs_icap_read_option_resp:entry, 333 pid$target::vs_icap_respmod_request:entry, 334 pid$target::vs_icap_may_preview:entry, 335 pid$target::vs_icap_send_preview:entry, 336 pid$target::vs_icap_send_respmod_hdr:entry, 337 pid$target::vs_icap_read_respmod_resp:entry 338 { 339 } 340 341 pid$target::vs_icap_option_request:return, 342 pid$target::vs_icap_send_option_req:return, 343 pid$target::vs_icap_read_option_resp:return, 344 pid$target::vs_icap_respmod_request:return, 345 pid$target::vs_icap_send_preview:return, 346 pid$target::vs_icap_send_respmod_hdr:return, 347 pid$target::vs_icap_read_respmod_resp:return 348 { 349 printf("%s", arg1 < 0 ? "error" : "success"); 350 } 351 352 pid$target::vs_icap_may_preview:return 353 { 354 printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE"); 355 } 356 357 /* trace failures only - these functions return -1 on failure */ 358 pid$target::vs_icap_read_resp_code:return, 359 pid$target::vs_icap_read_hdr:return, 360 pid$target::vs_icap_send_termination:return, 361 pid$target::vs_icap_write:return, 362 pid$target::vs_icap_set_scan_result:return, 363 pid$target::vs_icap_read_encap_hdr:return, 364 pid$target::vs_icap_read_encap_data:return, 365 pid$target::vs_icap_read_resp_body:return, 366 pid$target::vs_icap_read_body_chunk:return, 367 pid$target::vs_icap_read:return, 368 pid$target::vs_icap_readline:return, 369 pid$target::vs_icap_send_chunk:return, 370 pid$target::gethostname:return 371 /arg1 < 0/ 372 { 373 printf("error"); 374 } 375 376 /* trace failures only - these functions return 1 on success */ 377 pid$target::vs_icap_opt_value:return, 378 pid$target::vs_icap_opt_ext:return, 379 pid$target::vs_icap_resp_infection:return, 380 pid$target::vs_icap_resp_virus_id:return, 381 pid$target::vs_icap_resp_violations:return, 382 pid$target::vs_icap_resp_violation_rec:return, 383 pid$target::vs_icap_resp_istag:return, 384 pid$target::vs_icap_resp_encap:return 385 /arg1 != 1/ 386 { 387 printf("error"); 388 } 389 390 pid$target::write:return, 391 pid$target::read:return, 392 pid$target::recv:return, 393 pid$target::open:return, 394 pid$target::calloc:return 395 /arg1 <= 0/ 396 { 397 printf("error"); 398 } 399