xref: /titanic_41/usr/src/cmd/vscan/vscand/vscan.d (revision bfc848c632c9eacb2a640246d96e198f1b185c03) 
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30 #pragma D option flowindent
31 */
32 
33 /*
34  *** vscan kernel pseudo driver ***
35  */
36 
37 /*
38  * vscan_svc.c
39  */
40 sdt:vscan::vscan-req-counts
41 {
42 	printf("%s reql: %d, node: %d, taskq: %d",
43 	    stringof(arg0),
44 	    ((vscan_svc_counts_t *)arg1)->vsc_reql,
45 	    ((vscan_svc_counts_t *)arg1)->vsc_node,
46 	    ((vscan_svc_counts_t *)arg1)->vsc_tq);
47 }
48 
49 sdt:vscan::vscan-svc-state-violation
50 {
51 	printf("%d %s", arg0,
52 		arg0 == 0 ? "UNCONFIG" :
53 		arg0 == 1 ? "IDLE" :
54 		arg0 == 2 ? "ENABLED" :
55 		arg0 == 3 ? "DISABLED" : "UNKNOWN");
56 }
57 
58 sdt:vscan::vscan-scan-timeout
59 {
60 	printf("idx: %d, seqnum: %d - %s",
61 	    ((vscan_req_t *)arg0)->vsr_idx,
62 		((vscan_req_t *)arg0)->vsr_seqnum,
63 		stringof(((vscan_req_t *)arg0)->vsr_vp->v_path));
64 }
65 
66 sdt:vscan::vscan-scan-file
67 {
68 	printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync");
69 }
70 
71 sdt:vscan::vscan-exempt-filesize
72 {
73 	printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW");
74 }
75 
76 sdt:vscan::vscan-type-match
77 {
78 	printf("ext: %s matched: %s", stringof(arg0), stringof(arg1));
79 }
80 
81 sdt:vscan::vscan-exempt-filetype
82 {
83 	printf("%s EXEMPT", stringof(arg0));
84 }
85 
86 sdt:vscan::vscan-getattr
87 {
88 	printf("%s, m: %d, q: %d, scanstamp: %s",
89 		stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path),
90 		((vscan_svc_node_t *)arg0)->vsn_modified,
91 		((vscan_svc_node_t *)arg0)->vsn_quarantined,
92 		stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
93 }
94 
95 sdt:vscan::vscan-setattr
96 {
97 	/* XAT_AV_QUARANTINED */
98 	printf("%s", (arg1 & 0x400) == 0 ? "" :
99 	    ((vscan_svc_node_t *)arg0)->vsn_quarantined ? "q: 1, " : "q: 0, ");
100 
101 	/* XAT_AV_MODIFIED */
102 	printf("%s", (arg1 & 0x800) == 0 ? "" :
103 	    ((vscan_svc_node_t *)arg0)->vsn_modified ? "m: 1, " : "m: 0, ");
104 
105 	/* XAT_AV_SCANSTAMP */
106 	printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: ");
107 	printf("%s", (arg1 & 0x1000) == 0 ? "" :
108 	    stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
109 }
110 
111 
112 sdt:vscan::vscan-mtime-changed
113 {
114 	printf("%s",
115 		stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path));
116 }
117 
118 
119 sdt:vscan::vscan-result
120 {
121 	printf("idx: %d, seqnum: %d, VS_STATUS_%s - VS_ACCESS_%s",
122 		arg0, arg1,
123 	    arg2 == 0 ? "UNDEFINED" :
124 	    arg2 == 1 ? "NO_SCAN" :
125 	    arg2 == 2 ? "ERROR" :
126 	    arg2 == 3 ? "CLEAN" :
127 	    arg2 == 4 ? "INFECTED" :
128 	    arg2 == 5 ? "SCANNING" : "XXX unknown",
129 	    arg3 == 0 ? "UNDEFINED" :
130 	    arg3 == 1 ? "ALLOW" : "DENY");
131 }
132 
133 /* insert request into request list */
134 fbt:vscan:vscan_svc_reql_insert:entry
135 {
136 	printf("%s", stringof(args[0]->v_path));
137 }
138 fbt:vscan:vscan_svc_reql_insert:return
139 /args[1] != 0/
140 {
141 	printf("seqnum %d %s", args[1]->vsr_seqnum,
142 	    stringof(args[1]->vsr_vp->v_path));
143 }
144 fbt:vscan:vscan_svc_reql_insert:return
145 /args[1] == 0/
146 {
147 	printf("request list full");
148 }
149 /* insert request into scan table */
150 fbt:vscan:vscan_svc_insert_req:entry
151 {
152 	printf("seqnum: %d - %s",
153 	    args[0]->vsr_seqnum, stringof(args[0]->vsr_vp->v_path));
154 }
155 fbt:vscan:vscan_svc_insert_req:return
156 {
157 	printf("idx: %d", args[1]);
158 }
159 /* remove request from request list and  scan table and delete it*/
160 fbt:vscan:vscan_svc_delete_req:entry
161 {
162 	printf("idx: %d, seqnum: %d - %s",
163 	    args[0]->vsr_idx, args[0]->vsr_seqnum,
164 		stringof(args[0]->vsr_vp->v_path));
165 }
166 
167 fbt:vscan:vscan_svc_delete_req:return,
168 fbt:vscan:vscan_svc_reql_handler:entry,
169 fbt:vscan:vscan_svc_reql_handler:return
170 {
171 }
172 
173 fbt:vscan:vscan_svc_taskq_callback:entry,
174 fbt:vscan:vscan_svc_do_scan:entry
175 {
176 	printf("idx: %d, seqnum: %d - %s",
177 	    ((vscan_req_t *)(args[0]))->vsr_idx,
178 		((vscan_req_t *)(args[0]))->vsr_seqnum,
179 		stringof(((vscan_req_t *)(args[0]))->vsr_vp->v_path));
180 }
181 fbt:vscan:vscan_svc_scan_complete:entry
182 {
183 	printf("idx: %d, seqnum: %d, state: %s - %s",
184 	    args[0]->vsr_idx, args[0]->vsr_seqnum,
185 		args[0]->vsr_state == 0 ? "INIT" :
186 		args[0]->vsr_state == 1 ? "QUEUED" :
187 		args[0]->vsr_state == 2 ? "IN_PROGRESS" :
188 		args[0]->vsr_state == 3 ? "SCANNING" :
189 		args[0]->vsr_state == 4 ? "ASYNC_COMPLETE" :
190 		args[0]->vsr_state == 5 ? "COMPLETE" : "UNKNOWN",
191 		stringof(args[0]->vsr_vp->v_path));
192 }
193 
194 fbt:vscan:vscan_svc_taskq_callback:return,
195 fbt:vscan:vscan_svc_do_scan:return,
196 fbt:vscan:vscan_svc_scan_complete:return
197 {
198 }
199 
200 sdt:vscan::vscan-abort
201 {
202 	printf("idx: %d, seqnum: %d - %s",
203 	    ((vscan_req_t *)(arg0))->vsr_idx,
204 		((vscan_req_t *)(arg0))->vsr_seqnum,
205 		stringof(((vscan_req_t *)(arg0))->vsr_vp->v_path));
206 }
207 
208 fbt:vscan:vscan_svc_enable:entry,
209 fbt:vscan:vscan_svc_enable:return,
210 fbt:vscan:vscan_svc_disable:entry,
211 fbt:vscan:vscan_svc_disable:return,
212 fbt:vscan:vscan_svc_configure:entry,
213 fbt:vscan:vscan_svc_configure:return
214 {
215 }
216 
217 /*
218  * vscan_door.c
219  */
220 fbt:vscan:vscan_door_open:entry,
221 fbt:vscan:vscan_door_open:return,
222 fbt:vscan:vscan_door_close:entry,
223 fbt:vscan:vscan_door_close:return
224 {
225 }
226 
227 fbt:vscan:vscan_door_scan_file:entry
228 {
229 	printf("idx: %d, seqnum: %d - %s",
230 	    args[0]->vsr_idx, args[0]->vsr_seqnum, args[0]->vsr_path);
231 }
232 fbt:vscan:vscan_door_scan_file:return
233 {
234 	printf("VS_STATUS_%s",
235 	    args[1] == 0 ? "UNDEFINED" :
236 	    args[1] == 1 ? "NO_SCAN" :
237 	    args[1] == 2 ? "ERROR" :
238 	    args[1] == 3 ? "CLEAN" :
239 	    args[1] == 4 ? "INFECTED" :
240 	    args[1] == 5 ? "SCANNING" : "XXX unknown");
241 }
242 
243 
244 /*
245  * vscan_drv.c
246  */
247 sdt:vscan::vscan-drv-state-violation
248 {
249 	printf("%d %s", arg0,
250 		arg0 == 0 ? "UNCONFIG" :
251 		arg0 == 1 ? "IDLE" :
252 		arg0 == 2 ? "CONNECTED" :
253 		arg0 == 3 ? "ENABLED" :
254 		arg0 == 4 ? "DELAYED_DISABLE" : "UNKNOWN");
255 }
256 
257 sdt:vscan::vscan-minor-node
258 {
259 	printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error");
260 }
261 
262 /* unprivileged vscan driver access attempt */
263 sdt:vscan::vscan-priv
264 /arg0 != 0/
265 {
266 	printf("vscan driver access attempt by unprivileged process");
267 }
268 
269 /* daemon-driver synchronization */
270 sdt:vscan::vscan-reconnect
271 {
272 }
273 
274 fbt:vscan:vscan_drv_open:entry
275 / *(int *)args[0] == 0/
276 {
277 	printf("vscan daemon attach");
278 }
279 
280 fbt:vscan:vscan_drv_close:entry
281 / (int)args[0] == 0/
282 {
283 	printf("vscan daemon detach");
284 }
285 
286 fbt:vscan:vscan_drv_ioctl:entry
287 / (int)args[0] == 0/
288 {
289 	printf("vscan daemon ioctl %d %s", args[1],
290 		args[1] == 1 ? "ENABLE" :
291 		args[1] == 2 ? "DISABLE" :
292 		args[1] == 3 ? "CONFIG" :
293 		args[1] == 4 ? "RESULT" :
294 		args[1] == 5 ? "MAX FILES" : "unknown");
295 }
296 
297 fbt:vscan:vscan_drv_delayed_disable:entry,
298 fbt:vscan:vscan_drv_delayed_disable:return,
299 fbt:vscan:vscan_drv_attach:entry,
300 fbt:vscan:vscan_drv_detach:entry
301 {
302 }
303 
304 fbt:vscan:vscan_drv_attach:return,
305 fbt:vscan:vscan_drv_detach:return
306 {
307 	printf("%s", args[1] ? "DDI_FAILURE" : "DDI_SUCCESS");
308 }
309 
310 fbt:vscan:vscan_drv_in_use:return
311 {
312 	printf("%s", args[1] ? "TRUE" : "FALSE");
313 }
314 
315 
316 /* file access */
317 
318 /*
319 fbt:vscan:vscan_drv_open:entry
320 / *(int *)args[0] != 0/
321 {
322 	printf("%d", *(int *)args[0]);
323 }
324 
325 fbt:vscan:vscan_drv_close:entry,
326 fbt:vscan:vscan_drv_read:entry
327 / (int)args[0] != 0/
328 {
329 	printf("%d", (int)args[0]);
330 }
331 */
332 
333 
334 /*
335  *** vscan daemon - vscand ***
336  */
337 
338 pid$target::vs_svc_init:entry
339 {
340 	printf("Max concurrent scan requests from kernel: %d", arg1);
341 }
342 
343 pid$target::vs_svc_init:return
344 {
345 }
346 
347 
348 pid$target::vs_door_scan_req:entry,
349 pid$target::vs_svc_scan_file:entry,
350 pid$target::vs_svc_queue_scan_req:entry,
351 pid$target::vs_svc_async_scan:entry,
352 pid$target::vs_eng_scanstamp_current:entry,
353 pid$target::vs_icap_scan_file:entry
354 {
355 }
356 
357 pid$target::vs_svc_queue_scan_req:return,
358 pid$target::vs_svc_async_scan:return
359 {
360 }
361 
362 pid$target::vs_svc_scan_file:return
363 {
364 	printf("VS_STATUS_%s",
365 	    arg1 == 0 ? "UNDEFINED" :
366 	    arg1 == 1 ? "NO_SCAN" :
367 	    arg1 == 2 ? "ERROR" :
368 	    arg1 == 3 ? "CLEAN" :
369 	    arg1 == 4 ? "INFECTED" :
370 	    arg1 == 5 ? "SCANNING" : "XXX unknown");
371 }
372 
373 pid$target::vs_eng_scanstamp_current:return
374 {
375 	printf("%sCURRENT", arg1 == 0 ? "NOT " : "");
376 }
377 
378 pid$target::vs_icap_scan_file:return
379 {
380 	printf("%d VS_RESULT_%s", (int)arg1,
381 	    (int)arg1 == 0 ? "UNDEFINED" :
382 	    (int)arg1 == 1 ? "CLEAN" :
383 	    (int)arg1 == 2 ? "CLEANED" :
384 	    (int)arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR");
385 }
386 
387 pid$target::vs_stats_set:entry
388 {
389 	printf("%s", (arg0 == 1) ? "CLEAN" :
390 		(arg0 == 2) ? "CLEANED" :
391 		(arg0 == 3) ? "QUARANTINE" : "ERROR");
392 }
393 
394 pid$target::vs_stats_set:return
395 {
396 }
397 
398 /* get engine connection */
399 pid$target::vs_eng_get:entry,
400 pid$target::vs_eng_connect:entry,
401 pid$target::vs_eng_release:entry,
402 pid$target::vs_eng_release:return
403 {
404 }
405 pid$target::vs_eng_get:return,
406 pid$target::vs_eng_connect:return
407 {
408 	printf("%s", arg1 == 0 ? "success" : "error");
409 }
410 
411 /* engine errors */
412 pid$target::vs_eng_set_error:entry
413 / arg1 == 1 /
414 {
415 	printf("scan engine error");
416 }
417 
418 /* configuration */
419 pid$target::vscand_cfg_init:entry,
420 pid$target::vscand_cfg_fini:entry,
421 pid$target::vscand_cfg_init:return,
422 pid$target::vscand_cfg_fini:return,
423 pid$target::vscand_cfg_handler:entry,
424 pid$target::vscand_cfg_handler:return
425 {
426 }
427 
428 pid$target::vscand_dtrace_gen:entry
429 {
430 	printf("maxsize: %s action: %s\n",
431 		copyinstr(arg0), (arg1 == 1) ? "allow" : "deny");
432 	printf("types: %s\n", copyinstr(arg2));
433 	printf("log: %s\n", copyinstr(arg3));
434 }
435 pid$target::vscand_dtrace_eng:entry
436 {
437 	printf("\n%s %s \nhost: %s \nport: %d \nmax connections: %d\n",
438 		copyinstr(arg0), (arg1 == 1) ? "enabled" : "disabled",
439 		copyinstr(arg2), arg3, arg4);
440 }
441 
442 
443 
444 /* shutdown */
445 pid$target::vscand_sig_handler:entry
446 {
447 	printf("received signal %d", arg0);
448 }
449 pid$target::vscand_sig_handler:return,
450 pid$target::vscand_fini:entry,
451 pid$target::vscand_fini:return,
452 pid$target::vscand_kernel_disable:entry,
453 pid$target::vscand_kernel_disable:return,
454 pid$target::vscand_kernel_unbind:entry,
455 pid$target::vscand_kernel_unbind:return,
456 pid$target::vscand_kernel_result:entry,
457 pid$target::vscand_kernel_result:return,
458 pid$target::vs_svc_terminate:entry,
459 pid$target::vs_svc_terminate:return,
460 pid$target::vs_eng_fini:entry,
461 pid$target::vs_eng_fini:return,
462 pid$target::vs_eng_close_connections:entry,
463 pid$target::vs_eng_close_connections:return
464 {
465 }
466 
467 /* vs_icap.c */
468 
469 /* trace entry and exit (inc status) */
470 pid$target::vs_icap_option_request:entry,
471 pid$target::vs_icap_send_option_req:entry,
472 pid$target::vs_icap_read_option_resp:entry,
473 pid$target::vs_icap_respmod_request:entry,
474 pid$target::vs_icap_may_preview:entry,
475 pid$target::vs_icap_send_preview:entry,
476 pid$target::vs_icap_send_respmod_hdr:entry,
477 pid$target::vs_icap_read_respmod_resp:entry
478 {
479 }
480 
481 pid$target::vs_icap_option_request:return,
482 pid$target::vs_icap_send_option_req:return,
483 pid$target::vs_icap_read_option_resp:return,
484 pid$target::vs_icap_respmod_request:return,
485 pid$target::vs_icap_send_preview:return,
486 pid$target::vs_icap_send_respmod_hdr:return,
487 pid$target::vs_icap_read_respmod_resp:return
488 {
489 	printf("%s", (int)arg1 < 0 ? "error" : "success");
490 }
491 
492 pid$target::vs_icap_may_preview:return
493 {
494 	printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE");
495 }
496 
497 /* trace failures only  - these functions return -1 on failure */
498 pid$target::vs_icap_read_resp_code:return,
499 pid$target::vs_icap_read_hdr:return,
500 pid$target::vs_icap_send_termination:return,
501 pid$target::vs_icap_write:return,
502 pid$target::vs_icap_set_scan_result:return,
503 pid$target::vs_icap_read_encap_hdr:return,
504 pid$target::vs_icap_read_encap_data:return,
505 pid$target::vs_icap_read_resp_body:return,
506 pid$target::vs_icap_read_body_chunk:return,
507 pid$target::vs_icap_read:return,
508 pid$target::vs_icap_readline:return,
509 pid$target::vs_icap_send_chunk:return,
510 pid$target::gethostname:return
511 /(int)arg1 == -1/
512 {
513 	printf("error");
514 }
515 
516 /* trace failures only  - these functions return 1 on success */
517 pid$target::vs_icap_opt_value:return,
518 pid$target::vs_icap_opt_ext:return,
519 pid$target::vs_icap_resp_infection:return,
520 pid$target::vs_icap_resp_virus_id:return,
521 pid$target::vs_icap_resp_violations:return,
522 pid$target::vs_icap_resp_violation_rec:return,
523 pid$target::vs_icap_resp_istag:return,
524 pid$target::vs_icap_resp_encap:return
525 /arg1 != 1/
526 {
527 	printf("error");
528 }
529 
530 pid$target::write:return,
531 pid$target::read:return,
532 pid$target::open:return,
533 pid$target::calloc:return
534 /arg1 <= 0/
535 {
536 	printf("error");
537 }
538 /*
539 pid$target::recv:return,
540 */
541