xref: /illumos-gate/usr/src/cmd/vscan/vscand/vscan.d (revision 924db11bd45e384ed350190cc9fc0f9ea85e21dd)
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #pragma D option flowindent
30 
31 /*
32  *** vscan kernel pseudo driver ***
33  */
34 
35 /* vscan_svc.c */
36 sdt:vscan::vscan-scan-file
37 {
38 	printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync");
39 }
40 
41 sdt:vscan::vscan-exempt-filesize
42 {
43 	printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW");
44 }
45 
46 sdt:vscan::vscan-type-match
47 {
48 	printf("ext: %s matched: %s", stringof(arg0), stringof(arg1));
49 }
50 
51 sdt:vscan::vscan-exempt-filetype
52 {
53 	printf("%s EXEMPT", stringof(arg0));
54 }
55 
56 sdt:vscan::vscan-wait-scan
57 {
58 	printf("%s (%d) waiters: %d",
59 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path),
60 		arg1, ((vscan_file_t *)arg0)->vsf_wait_count);
61 }
62 
63 sdt:vscan::vscan-wait-slot
64 {
65 	printf("%s",
66 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path));
67 }
68 
69 sdt:vscan::vscan-insert
70 {
71 	printf("idx: %d - %s", arg1, stringof(arg0));
72 }
73 
74 sdt:vscan::vscan-release
75 {
76 	printf("idx: %d - %s", arg1, stringof(arg0));
77 }
78 
79 sdt:vscan::vscan-attr
80 {
81 	printf("%s, m: %d, q: %d, scanstamp: %s",
82 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path),
83 		((vscan_file_t *)arg0)->vsf_modified,
84 		((vscan_file_t *)arg0)->vsf_quarantined,
85 		stringof(((vscan_file_t *)arg0)->vsf_scanstamp));
86 }
87 
88 
89 fbt:vscan:vscan_svc_configure:entry,
90 fbt:vscan:vscan_svc_configure:return,
91 fbt:vscan:vscan_svc_exempt_filetype:entry,
92 fbt:vscan:vscan_svc_scan_file:return,
93 fbt:vscan:vscan_svc_taskq_callback:entry,
94 fbt:vscan:vscan_svc_taskq_callback:return,
95 fbt:vscan:vscan_svc_do_scan:return
96 {
97 }
98 
99 /*
100 fbt:vscan:vscan_svc_match_ext:entry
101 {
102 	printf("ext: %s, check: %s", stringof(args[1]), stringof(args[0]));
103 }
104 
105 fbt:vscan:vscan_svc_match_ext:return
106 {
107 }
108 */
109 
110 /* vscan_door.c */
111 fbt:vscan:vscan_door_scan_file:entry
112 {
113 	printf("%s (%d)", args[0]->vsr_path, args[0]->vsr_id);
114 }
115 fbt:vscan:vscan_door_scan_file:return
116 {
117 }
118 
119 /* vscan_drv.c */
120 
121 /*
122  * unprivileged vscan driver access attempt
123  */
124 sdt:vscan::vscan-priv
125 /arg0 != 0/
126 {
127 	printf("vscan driver access attempt by unprivileged process");
128 }
129 
130 /*
131  * daemon-driver synchronization
132  */
133 fbt:vscan:vscan_drv_open:entry
134 / *(int *)args[0] == 0/
135 {
136 	printf("vscan daemon attach");
137 }
138 
139 fbt:vscan:vscan_drv_close:entry
140 / (int)args[0] == 0/
141 {
142 	printf("vscan daemon detach");
143 }
144 
145 fbt:vscan:vscan_drv_ioctl:entry
146 / (int)args[0] == 0/
147 {
148 	printf("vscan daemon ioctl %d", args[1]);
149 }
150 
151 
152 /*
153  * file access
154  */
155 
156 /*
157 fbt:vscan:vscan_drv_open:entry
158 / *(int *)args[0] != 0/
159 {
160 	printf("%d", *(int *)args[0]);
161 }
162 
163 fbt:vscan:vscan_drv_close:entry,
164 fbt:vscan:vscan_drv_read:entry
165 / (int)args[0] != 0/
166 {
167 	printf("%d", (int)args[0]);
168 }
169 */
170 
171 
172 
173 
174 /*
175  *** vscan daemon - vscand ***
176  */
177 
178 pid$target::vs_door_scan_req:entry,
179 pid$target::vs_svc_scan_file:entry,
180 pid$target::vs_eng_scanstamp_current:entry,
181 pid$target::vs_icap_scan_file:entry
182 {
183 }
184 
185 pid$target::vs_svc_scan_file:return
186 {
187 	printf("%s",
188 	    arg1 == 0 ? "scan required" :
189 	    arg1 == 1 ? "ALLOW" :
190 	    arg1 == 2 ? "DENY" : "UNKNOWN");
191 }
192 
193 pid$target::vs_eng_scanstamp_current:return
194 {
195 	printf("%sCURRENT", arg1 == 0 ? "NOT " : "");
196 }
197 
198 pid$target::vs_icap_scan_file:return
199 {
200 	printf("%ld %s", arg1, arg1 == 0 ? "VSCAN_UNDEFINED" :
201 	    arg1 == 1 ? "VSCAN_CLEAN" :
202 	    arg1 == 2 ? "VSCAN_CLEANED" :
203 	    arg1 == 3 ? "VSCAN_FORBIDDEN" : "VSCAN_(SE)_ERROR");
204 }
205 
206 pid$target::vs_stats_set:entry
207 {
208 	printf("%s", (arg0 == 1) ? "CLEAN" :
209 		(arg0 == 2) ? "CLEANED" :
210 		(arg0 == 3) ? "QUARANTINE" : "SCAN ERROR");
211 }
212 
213 pid$target::vs_stats_set:return
214 {
215 }
216 
217 /* get engine connection */
218 pid$target::vs_eng_get:entry,
219 pid$target::vs_eng_connect:entry
220 {
221 }
222 pid$target::vs_eng_get:return,
223 pid$target::vs_eng_connect:return
224 {
225 	printf("%s", arg1 == 0 ? "success" : "error");
226 }
227 
228 /* engine errors */
229 pid$target::vs_eng_set_error:entry
230 / arg1 == 1 /
231 {
232 	printf("scan engine %d error", arg0 + 1);
233 }
234 
235 /* shutdown */
236 pid$target::vscand_sig_handler:entry
237 {
238 	printf("received signal %d", arg0);
239 }
240 pid$target::vscand_sig_handler:return,
241 pid$target::vscand_fini:entry,
242 pid$target::vscand_fini:return,
243 pid$target::vscand_kernel_disable:entry,
244 pid$target::vscand_kernel_disable:return,
245 pid$target::vscand_kernel_unbind:entry,
246 pid$target::vscand_kernel_unbind:return,
247 pid$target::vs_eng_fini:entry,
248 pid$target::vs_eng_fini:return,
249 pid$target::vs_eng_close_connections:entry,
250 pid$target::vs_eng_close_connections:return
251 {
252 }
253 
254 /* vs_icap.c */
255 
256 /* trace entry and exit (inc status) */
257 pid$target::vs_icap_option_request:entry,
258 pid$target::vs_icap_send_option_req:entry,
259 pid$target::vs_icap_read_option_resp:entry,
260 pid$target::vs_icap_respmod_request:entry,
261 pid$target::vs_icap_may_preview:entry,
262 pid$target::vs_icap_send_preview:entry,
263 pid$target::vs_icap_send_respmod_hdr:entry,
264 pid$target::vs_icap_read_respmod_resp:entry
265 {
266 }
267 
268 pid$target::vs_icap_option_request:return,
269 pid$target::vs_icap_send_option_req:return,
270 pid$target::vs_icap_read_option_resp:return,
271 pid$target::vs_icap_respmod_request:return,
272 pid$target::vs_icap_send_preview:return,
273 pid$target::vs_icap_send_respmod_hdr:return,
274 pid$target::vs_icap_read_respmod_resp:return
275 {
276 	printf("%s", arg1 < 0 ? "error" : "success");
277 }
278 
279 pid$target::vs_icap_may_preview:return
280 {
281 	printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE");
282 }
283 
284 /* trace failures only  - these functions return -1 on failure */
285 pid$target::vs_icap_read_resp_code:return,
286 pid$target::vs_icap_read_hdr:return,
287 pid$target::vs_icap_send_termination:return,
288 pid$target::vs_icap_write:return,
289 pid$target::vs_icap_set_scan_result:return,
290 pid$target::vs_icap_read_encap_hdr:return,
291 pid$target::vs_icap_read_encap_data:return,
292 pid$target::vs_icap_read_resp_body:return,
293 pid$target::vs_icap_read_body_chunk:return,
294 pid$target::vs_icap_read:return,
295 pid$target::vs_icap_readline:return,
296 pid$target::vs_icap_send_chunk:return,
297 pid$target::gethostname:return
298 /arg1 < 0/
299 {
300 	printf("error");
301 }
302 
303 /* trace failures only  - these functions return 1 on success */
304 pid$target::vs_icap_opt_value:return,
305 pid$target::vs_icap_opt_ext:return,
306 pid$target::vs_icap_resp_infection:return,
307 pid$target::vs_icap_resp_virus_id:return,
308 pid$target::vs_icap_resp_violations:return,
309 pid$target::vs_icap_resp_violation_rec:return,
310 pid$target::vs_icap_resp_istag:return,
311 pid$target::vs_icap_resp_encap:return
312 /arg1 != 1/
313 {
314 	printf("error");
315 }
316 
317 pid$target::write:return,
318 pid$target::read:return,
319 pid$target::recv:return,
320 pid$target::open:return,
321 pid$target::calloc:return
322 /arg1 <= 0/
323 {
324 	printf("error");
325 }
326