1 #!/usr/sbin/dtrace -s 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 #pragma D option flowindent 29 */ 30 31 /* 32 *** vscan kernel pseudo driver *** 33 */ 34 35 /* 36 * vscan_svc.c 37 */ 38 sdt:vscan::vscan-req-counts 39 { 40 printf("%s reql: %d, node: %d, taskq: %d", 41 stringof(arg0), 42 ((vscan_svc_counts_t *)arg1)->vsc_reql, 43 ((vscan_svc_counts_t *)arg1)->vsc_node, 44 ((vscan_svc_counts_t *)arg1)->vsc_tq); 45 } 46 47 sdt:vscan::vscan-svc-state-violation 48 { 49 printf("%d %s", arg0, 50 arg0 == 0 ? "UNCONFIG" : 51 arg0 == 1 ? "IDLE" : 52 arg0 == 2 ? "ENABLED" : 53 arg0 == 3 ? "DISABLED" : "UNKNOWN"); 54 } 55 56 sdt:vscan::vscan-scan-timeout 57 { 58 printf("idx: %d, seqnum: %d - %s", 59 ((vscan_req_t *)arg0)->vsr_idx, 60 ((vscan_req_t *)arg0)->vsr_seqnum, 61 stringof(((vscan_req_t *)arg0)->vsr_vp->v_path)); 62 } 63 64 sdt:vscan::vscan-scan-file 65 { 66 printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync"); 67 } 68 69 sdt:vscan::vscan-exempt-filesize 70 { 71 printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW"); 72 } 73 74 sdt:vscan::vscan-type-match 75 { 76 printf("ext: %s matched: %s", stringof(arg0), stringof(arg1)); 77 } 78 79 sdt:vscan::vscan-exempt-filetype 80 { 81 printf("%s EXEMPT", stringof(arg0)); 82 } 83 84 sdt:vscan::vscan-getattr 85 { 86 printf("%s, m: %d, q: %d, scanstamp: %s", 87 stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path), 88 ((vscan_svc_node_t *)arg0)->vsn_modified, 89 ((vscan_svc_node_t *)arg0)->vsn_quarantined, 90 stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp)); 91 } 92 93 sdt:vscan::vscan-setattr 94 { 95 /* XAT_AV_QUARANTINED */ 96 printf("%s", (arg1 & 0x400) == 0 ? "" : 97 ((vscan_svc_node_t *)arg0)->vsn_quarantined ? "q: 1, " : "q: 0, "); 98 99 /* XAT_AV_MODIFIED */ 100 printf("%s", (arg1 & 0x800) == 0 ? "" : 101 ((vscan_svc_node_t *)arg0)->vsn_modified ? "m: 1, " : "m: 0, "); 102 103 /* XAT_AV_SCANSTAMP */ 104 printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: "); 105 printf("%s", (arg1 & 0x1000) == 0 ? "" : 106 stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp)); 107 } 108 109 110 sdt:vscan::vscan-mtime-changed 111 { 112 printf("%s", 113 stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path)); 114 } 115 116 117 sdt:vscan::vscan-result 118 { 119 printf("idx: %d, seqnum: %d, VS_STATUS_%s - VS_ACCESS_%s", 120 arg0, arg1, 121 arg2 == 0 ? "UNDEFINED" : 122 arg2 == 1 ? "NO_SCAN" : 123 arg2 == 2 ? "ERROR" : 124 arg2 == 3 ? "CLEAN" : 125 arg2 == 4 ? "INFECTED" : 126 arg2 == 5 ? "SCANNING" : "XXX unknown", 127 arg3 == 0 ? "UNDEFINED" : 128 arg3 == 1 ? "ALLOW" : "DENY"); 129 } 130 131 /* insert request into request list */ 132 fbt:vscan:vscan_svc_reql_insert:entry 133 { 134 printf("%s", stringof(args[0]->v_path)); 135 } 136 fbt:vscan:vscan_svc_reql_insert:return 137 /args[1] != 0/ 138 { 139 printf("seqnum %d %s", args[1]->vsr_seqnum, 140 stringof(args[1]->vsr_vp->v_path)); 141 } 142 fbt:vscan:vscan_svc_reql_insert:return 143 /args[1] == 0/ 144 { 145 printf("request list full"); 146 } 147 /* insert request into scan table */ 148 fbt:vscan:vscan_svc_insert_req:entry 149 { 150 printf("seqnum: %d - %s", 151 args[0]->vsr_seqnum, stringof(args[0]->vsr_vp->v_path)); 152 } 153 fbt:vscan:vscan_svc_insert_req:return 154 { 155 printf("idx: %d", args[1]); 156 } 157 /* remove request from request list and scan table and delete it*/ 158 fbt:vscan:vscan_svc_delete_req:entry 159 { 160 printf("idx: %d, seqnum: %d - %s", 161 args[0]->vsr_idx, args[0]->vsr_seqnum, 162 stringof(args[0]->vsr_vp->v_path)); 163 } 164 165 fbt:vscan:vscan_svc_delete_req:return, 166 fbt:vscan:vscan_svc_reql_handler:entry, 167 fbt:vscan:vscan_svc_reql_handler:return 168 { 169 } 170 171 fbt:vscan:vscan_svc_taskq_callback:entry, 172 fbt:vscan:vscan_svc_do_scan:entry 173 { 174 printf("idx: %d, seqnum: %d - %s", 175 ((vscan_req_t *)(args[0]))->vsr_idx, 176 ((vscan_req_t *)(args[0]))->vsr_seqnum, 177 stringof(((vscan_req_t *)(args[0]))->vsr_vp->v_path)); 178 } 179 fbt:vscan:vscan_svc_scan_complete:entry 180 { 181 printf("idx: %d, seqnum: %d, state: %s - %s", 182 args[0]->vsr_idx, args[0]->vsr_seqnum, 183 args[0]->vsr_state == 0 ? "INIT" : 184 args[0]->vsr_state == 1 ? "QUEUED" : 185 args[0]->vsr_state == 2 ? "IN_PROGRESS" : 186 args[0]->vsr_state == 3 ? "SCANNING" : 187 args[0]->vsr_state == 4 ? "ASYNC_COMPLETE" : 188 args[0]->vsr_state == 5 ? "COMPLETE" : "UNKNOWN", 189 stringof(args[0]->vsr_vp->v_path)); 190 } 191 192 fbt:vscan:vscan_svc_taskq_callback:return, 193 fbt:vscan:vscan_svc_do_scan:return, 194 fbt:vscan:vscan_svc_scan_complete:return 195 { 196 } 197 198 sdt:vscan::vscan-abort 199 { 200 printf("idx: %d, seqnum: %d - %s", 201 ((vscan_req_t *)(arg0))->vsr_idx, 202 ((vscan_req_t *)(arg0))->vsr_seqnum, 203 stringof(((vscan_req_t *)(arg0))->vsr_vp->v_path)); 204 } 205 206 fbt:vscan:vscan_svc_enable:entry, 207 fbt:vscan:vscan_svc_enable:return, 208 fbt:vscan:vscan_svc_disable:entry, 209 fbt:vscan:vscan_svc_disable:return, 210 fbt:vscan:vscan_svc_configure:entry, 211 fbt:vscan:vscan_svc_configure:return 212 { 213 } 214 215 /* 216 * vscan_door.c 217 */ 218 fbt:vscan:vscan_door_open:entry, 219 fbt:vscan:vscan_door_open:return, 220 fbt:vscan:vscan_door_close:entry, 221 fbt:vscan:vscan_door_close:return 222 { 223 } 224 225 fbt:vscan:vscan_door_scan_file:entry 226 { 227 printf("idx: %d, seqnum: %d - %s", 228 args[0]->vsr_idx, args[0]->vsr_seqnum, args[0]->vsr_path); 229 } 230 fbt:vscan:vscan_door_scan_file:return 231 { 232 printf("VS_STATUS_%s", 233 args[1] == 0 ? "UNDEFINED" : 234 args[1] == 1 ? "NO_SCAN" : 235 args[1] == 2 ? "ERROR" : 236 args[1] == 3 ? "CLEAN" : 237 args[1] == 4 ? "INFECTED" : 238 args[1] == 5 ? "SCANNING" : "XXX unknown"); 239 } 240 241 242 /* 243 * vscan_drv.c 244 */ 245 sdt:vscan::vscan-drv-state-violation 246 { 247 printf("%d %s", arg0, 248 arg0 == 0 ? "UNCONFIG" : 249 arg0 == 1 ? "IDLE" : 250 arg0 == 2 ? "CONNECTED" : 251 arg0 == 3 ? "ENABLED" : 252 arg0 == 4 ? "DELAYED_DISABLE" : "UNKNOWN"); 253 } 254 255 sdt:vscan::vscan-minor-node 256 { 257 printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error"); 258 } 259 260 /* unprivileged vscan driver access attempt */ 261 sdt:vscan::vscan-priv 262 /arg0 != 0/ 263 { 264 printf("vscan driver access attempt by unprivileged process"); 265 } 266 267 /* daemon-driver synchronization */ 268 sdt:vscan::vscan-reconnect 269 { 270 } 271 272 fbt:vscan:vscan_drv_open:entry 273 / *(int *)args[0] == 0/ 274 { 275 printf("vscan daemon attach"); 276 } 277 278 fbt:vscan:vscan_drv_close:entry 279 / (int)args[0] == 0/ 280 { 281 printf("vscan daemon detach"); 282 } 283 284 fbt:vscan:vscan_drv_ioctl:entry 285 / (int)args[0] == 0/ 286 { 287 printf("vscan daemon ioctl %d %s", args[1], 288 args[1] == 1 ? "ENABLE" : 289 args[1] == 2 ? "DISABLE" : 290 args[1] == 3 ? "CONFIG" : 291 args[1] == 4 ? "RESULT" : 292 args[1] == 5 ? "MAX FILES" : "unknown"); 293 } 294 295 fbt:vscan:vscan_drv_delayed_disable:entry, 296 fbt:vscan:vscan_drv_delayed_disable:return, 297 fbt:vscan:vscan_drv_attach:entry, 298 fbt:vscan:vscan_drv_detach:entry 299 { 300 } 301 302 fbt:vscan:vscan_drv_attach:return, 303 fbt:vscan:vscan_drv_detach:return 304 { 305 printf("%s", args[1] ? "DDI_FAILURE" : "DDI_SUCCESS"); 306 } 307 308 fbt:vscan:vscan_drv_in_use:return 309 { 310 printf("%s", args[1] ? "TRUE" : "FALSE"); 311 } 312 313 314 /* file access */ 315 316 /* 317 fbt:vscan:vscan_drv_open:entry 318 / *(int *)args[0] != 0/ 319 { 320 printf("%d", *(int *)args[0]); 321 } 322 323 fbt:vscan:vscan_drv_close:entry, 324 fbt:vscan:vscan_drv_read:entry 325 / (int)args[0] != 0/ 326 { 327 printf("%d", (int)args[0]); 328 } 329 */ 330 331 332 /* 333 *** vscan daemon - vscand *** 334 */ 335 336 pid$target::vs_svc_init:entry 337 { 338 printf("Max concurrent scan requests from kernel: %d", arg1); 339 } 340 341 pid$target::vs_svc_init:return 342 { 343 } 344 345 346 pid$target::vs_door_scan_req:entry, 347 pid$target::vs_svc_scan_file:entry, 348 pid$target::vs_svc_queue_scan_req:entry, 349 pid$target::vs_svc_async_scan:entry, 350 pid$target::vs_eng_scanstamp_current:entry, 351 pid$target::vs_icap_scan_file:entry 352 { 353 } 354 355 pid$target::vs_svc_queue_scan_req:return, 356 pid$target::vs_svc_async_scan:return 357 { 358 } 359 360 pid$target::vs_svc_scan_file:return 361 { 362 printf("VS_STATUS_%s", 363 arg1 == 0 ? "UNDEFINED" : 364 arg1 == 1 ? "NO_SCAN" : 365 arg1 == 2 ? "ERROR" : 366 arg1 == 3 ? "CLEAN" : 367 arg1 == 4 ? "INFECTED" : 368 arg1 == 5 ? "SCANNING" : "XXX unknown"); 369 } 370 371 pid$target::vs_eng_scanstamp_current:return 372 { 373 printf("%sCURRENT", arg1 == 0 ? "NOT " : ""); 374 } 375 376 pid$target::vs_icap_scan_file:return 377 { 378 printf("%d VS_RESULT_%s", (int)arg1, 379 (int)arg1 == 0 ? "UNDEFINED" : 380 (int)arg1 == 1 ? "CLEAN" : 381 (int)arg1 == 2 ? "CLEANED" : 382 (int)arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR"); 383 } 384 385 pid$target::vs_stats_set:entry 386 { 387 printf("%s", (arg0 == 1) ? "CLEAN" : 388 (arg0 == 2) ? "CLEANED" : 389 (arg0 == 3) ? "QUARANTINE" : "ERROR"); 390 } 391 392 pid$target::vs_stats_set:return 393 { 394 } 395 396 /* get engine connection */ 397 pid$target::vs_eng_get:entry, 398 pid$target::vs_eng_connect:entry, 399 pid$target::vs_eng_release:entry, 400 pid$target::vs_eng_release:return 401 { 402 } 403 pid$target::vs_eng_get:return, 404 pid$target::vs_eng_connect:return 405 { 406 printf("%s", arg1 == 0 ? "success" : "error"); 407 } 408 409 /* engine errors */ 410 pid$target::vs_eng_set_error:entry 411 / arg1 == 1 / 412 { 413 printf("scan engine error"); 414 } 415 416 /* configuration */ 417 pid$target::vscand_cfg_init:entry, 418 pid$target::vscand_cfg_fini:entry, 419 pid$target::vscand_cfg_init:return, 420 pid$target::vscand_cfg_fini:return, 421 pid$target::vscand_cfg_handler:entry, 422 pid$target::vscand_cfg_handler:return 423 { 424 } 425 426 pid$target::vscand_dtrace_gen:entry 427 { 428 printf("maxsize: %s action: %s\n", 429 copyinstr(arg0), (arg1 == 1) ? "allow" : "deny"); 430 printf("types: %s\n", copyinstr(arg2)); 431 printf("log: %s\n", copyinstr(arg3)); 432 } 433 pid$target::vscand_dtrace_eng:entry 434 { 435 printf("\n%s %s \nhost: %s \nport: %d \nmax connections: %d\n", 436 copyinstr(arg0), (arg1 == 1) ? "enabled" : "disabled", 437 copyinstr(arg2), arg3, arg4); 438 } 439 440 441 442 /* shutdown */ 443 pid$target::vscand_sig_handler:entry 444 { 445 printf("received signal %d", arg0); 446 } 447 pid$target::vscand_sig_handler:return, 448 pid$target::vscand_fini:entry, 449 pid$target::vscand_fini:return, 450 pid$target::vscand_kernel_disable:entry, 451 pid$target::vscand_kernel_disable:return, 452 pid$target::vscand_kernel_unbind:entry, 453 pid$target::vscand_kernel_unbind:return, 454 pid$target::vscand_kernel_result:entry, 455 pid$target::vscand_kernel_result:return, 456 pid$target::vs_svc_terminate:entry, 457 pid$target::vs_svc_terminate:return, 458 pid$target::vs_eng_fini:entry, 459 pid$target::vs_eng_fini:return, 460 pid$target::vs_eng_close_connections:entry, 461 pid$target::vs_eng_close_connections:return 462 { 463 } 464 465 /* vs_icap.c */ 466 467 /* trace entry and exit (inc status) */ 468 pid$target::vs_icap_option_request:entry, 469 pid$target::vs_icap_send_option_req:entry, 470 pid$target::vs_icap_read_option_resp:entry, 471 pid$target::vs_icap_respmod_request:entry, 472 pid$target::vs_icap_may_preview:entry, 473 pid$target::vs_icap_send_preview:entry, 474 pid$target::vs_icap_send_respmod_hdr:entry, 475 pid$target::vs_icap_read_respmod_resp:entry 476 { 477 } 478 479 pid$target::vs_icap_option_request:return, 480 pid$target::vs_icap_send_option_req:return, 481 pid$target::vs_icap_read_option_resp:return, 482 pid$target::vs_icap_respmod_request:return, 483 pid$target::vs_icap_send_preview:return, 484 pid$target::vs_icap_send_respmod_hdr:return, 485 pid$target::vs_icap_read_respmod_resp:return 486 { 487 printf("%s", (int)arg1 < 0 ? "error" : "success"); 488 } 489 490 pid$target::vs_icap_may_preview:return 491 { 492 printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE"); 493 } 494 495 /* trace failures only - these functions return -1 on failure */ 496 pid$target::vs_icap_read_resp_code:return, 497 pid$target::vs_icap_read_hdr:return, 498 pid$target::vs_icap_send_termination:return, 499 pid$target::vs_icap_write:return, 500 pid$target::vs_icap_set_scan_result:return, 501 pid$target::vs_icap_read_encap_hdr:return, 502 pid$target::vs_icap_read_encap_data:return, 503 pid$target::vs_icap_read_resp_body:return, 504 pid$target::vs_icap_read_body_chunk:return, 505 pid$target::vs_icap_read:return, 506 pid$target::vs_icap_readline:return, 507 pid$target::vs_icap_send_chunk:return, 508 pid$target::gethostname:return 509 /(int)arg1 == -1/ 510 { 511 printf("error"); 512 } 513 514 /* trace failures only - these functions return 1 on success */ 515 pid$target::vs_icap_opt_value:return, 516 pid$target::vs_icap_opt_ext:return, 517 pid$target::vs_icap_resp_infection:return, 518 pid$target::vs_icap_resp_virus_id:return, 519 pid$target::vs_icap_resp_violations:return, 520 pid$target::vs_icap_resp_violation_rec:return, 521 pid$target::vs_icap_resp_istag:return, 522 pid$target::vs_icap_resp_encap:return 523 /arg1 != 1/ 524 { 525 printf("error"); 526 } 527 528 pid$target::write:return, 529 pid$target::read:return, 530 pid$target::open:return, 531 pid$target::calloc:return 532 /arg1 <= 0/ 533 { 534 printf("error"); 535 } 536 /* 537 pid$target::recv:return, 538 */ 539