xref: /titanic_44/usr/src/cmd/vscan/vscand/vscan.d (revision 3caf11144eab1a56717f986d44ae7f40ee8b28fc)
1 #!/usr/sbin/dtrace -s
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #pragma D option flowindent
30 
31 /*
32  *** vscan kernel pseudo driver ***
33  */
34 
35 /* vscan_svc.c */
36 sdt:vscan::vscan-scan-file
37 {
38 	printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync");
39 }
40 
41 sdt:vscan::vscan-exempt-filesize
42 {
43 	printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW");
44 }
45 
46 sdt:vscan::vscan-type-match
47 {
48 	printf("ext: %s matched: %s", stringof(arg0), stringof(arg1));
49 }
50 
51 sdt:vscan::vscan-exempt-filetype
52 {
53 	printf("%s EXEMPT", stringof(arg0));
54 }
55 
56 sdt:vscan::vscan-wait-scan
57 {
58 	printf("%s (%d) waiters: %d",
59 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path),
60 		arg1, ((vscan_file_t *)arg0)->vsf_wait_count);
61 }
62 
63 sdt:vscan::vscan-wait-slot
64 {
65 	printf("%s", stringof(arg0));
66 }
67 
68 sdt:vscan::vscan-insert
69 {
70 	printf("idx: %d - %s", arg1, stringof(arg0));
71 }
72 
73 sdt:vscan::vscan-release
74 {
75 	printf("idx: %d - %s", arg1, stringof(arg0));
76 }
77 
78 sdt:vscan::vscan-getattr
79 {
80 	printf("%s, m: %d, q: %d, scanstamp: %s",
81 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path),
82 		((vscan_file_t *)arg0)->vsf_modified,
83 		((vscan_file_t *)arg0)->vsf_quarantined,
84 		stringof(((vscan_file_t *)arg0)->vsf_scanstamp));
85 }
86 
87 sdt:vscan::vscan-setattr
88 {
89 	/* XAT_AV_QUARANTINED */
90 	printf("%s", (arg1 & 0x400) == 0 ? "" :
91 	    ((vscan_file_t *)arg0)->vsf_quarantined ? "q: 1, " : "q: 0, ");
92 
93 	/* XAT_AV_MODIFIED */
94 	printf("%s", (arg1 & 0x800) == 0 ? "" :
95 	    ((vscan_file_t *)arg0)->vsf_modified ? "m: 1, " : "m: 0, ");
96 
97 	/* XAT_AV_SCANSTAMP */
98 	printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: ");
99 	printf("%s", (arg1 & 0x1000) == 0 ? "" :
100 	    stringof(((vscan_file_t *)arg0)->vsf_scanstamp));
101 }
102 
103 
104 sdt:vscan::vscan-mtime-changed
105 {
106 	printf("%s",
107 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path));
108 }
109 
110 
111 sdt:vscan::vscan-result
112 {
113 	printf("VS_STATUS_%s - VS_ACCESS_%s",
114 	    arg0 == 0 ? "UNDEFINED" :
115 	    arg0 == 1 ? "NO_SCAN" :
116 	    arg0 == 2 ? "ERROR" :
117 	    arg0 == 3 ? "CLEAN" :
118 	    arg0 == 4 ? "INFECTED" : "XXX unknown",
119 	    arg1 == 0 ? "UNDEFINED" :
120 	    arg1 == 1 ? "ALLOW" : "DENY");
121 }
122 
123 
124 fbt:vscan:vscan_svc_enable:entry,
125 fbt:vscan:vscan_svc_enable:return,
126 fbt:vscan:vscan_svc_disable:entry,
127 fbt:vscan:vscan_svc_disable:return,
128 fbt:vscan:vscan_svc_configure:entry,
129 fbt:vscan:vscan_svc_configure:return,
130 fbt:vscan:vscan_svc_exempt_filetype:entry,
131 fbt:vscan:vscan_svc_scan_file:return,
132 fbt:vscan:vscan_svc_taskq_callback:entry,
133 fbt:vscan:vscan_svc_taskq_callback:return,
134 fbt:vscan:vscan_svc_do_scan:return
135 {
136 }
137 
138 /*
139 fbt:vscan:vscan_svc_match_ext:entry
140 {
141 	printf("ext: %s, check: %s", stringof(args[1]), stringof(args[0]));
142 }
143 
144 fbt:vscan:vscan_svc_match_ext:return
145 {
146 }
147 */
148 
149 /* vscan_door.c */
150 fbt:vscan:vscan_door_scan_file:entry
151 {
152 	printf("%s (%d)", args[0]->vsr_path, args[0]->vsr_id);
153 }
154 fbt:vscan:vscan_door_scan_file:return
155 {
156 	printf("%s", args[1] == 0 ? "success" : "error");
157 }
158 
159 /* vscan_drv.c */
160 
161 sdt:vscan::vscan-minor-node
162 {
163 	printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error");
164 }
165 
166 /*
167  * unprivileged vscan driver access attempt
168  */
169 sdt:vscan::vscan-priv
170 /arg0 != 0/
171 {
172 	printf("vscan driver access attempt by unprivileged process");
173 }
174 
175 /*
176  * daemon-driver synchronization
177  */
178 fbt:vscan:vscan_drv_open:entry
179 / *(int *)args[0] == 0/
180 {
181 	printf("vscan daemon attach");
182 }
183 
184 fbt:vscan:vscan_drv_close:entry
185 / (int)args[0] == 0/
186 {
187 	printf("vscan daemon detach");
188 }
189 
190 fbt:vscan:vscan_drv_ioctl:entry
191 / (int)args[0] == 0/
192 {
193 	printf("vscan daemon ioctl %d %s", args[1],
194 		args[1] == 1 ? "ENABLE" :
195 		args[1] == 2 ? "DISABLE" :
196 		args[1] == 4 ? "CONFIG" : "unknown");
197 }
198 
199 fbt:vscan:vscan_drv_delayed_disable:entry,
200 fbt:vscan:vscan_drv_delayed_disable:return
201 {
202 }
203 
204 sdt:vscan::vscan-reconnect
205 {
206 }
207 
208 /*
209 fbt:vscan:vscan_drv_attach:entry,
210 fbt:vscan:vscan_drv_attach:return,
211 fbt:vscan:vscan_drv_detach:entry,
212 fbt:vscan:vscan_drv_detach:return
213 {
214 }
215 
216 fbt:vscan:vscan_drv_in_use:return,
217 fbt:vscan:vscan_svc_in_use:return
218 {
219 	printf("%s", args[1] ? "in use" : "not in use");
220 }
221 */
222 
223 
224 /*
225  * file access
226  */
227 
228 /*
229 fbt:vscan:vscan_drv_open:entry
230 / *(int *)args[0] != 0/
231 {
232 	printf("%d", *(int *)args[0]);
233 }
234 
235 fbt:vscan:vscan_drv_close:entry,
236 fbt:vscan:vscan_drv_read:entry
237 / (int)args[0] != 0/
238 {
239 	printf("%d", (int)args[0]);
240 }
241 */
242 
243 
244 /*
245  *** vscan daemon - vscand ***
246  */
247 
248 pid$target::vs_door_scan_req:entry,
249 pid$target::vs_svc_scan_file:entry,
250 pid$target::vs_eng_scanstamp_current:entry,
251 pid$target::vs_icap_scan_file:entry
252 {
253 }
254 
255 pid$target::vs_svc_scan_file:return
256 {
257 	printf("VS_STATUS_%s",
258 	    arg1 == 0 ? "UNDEFINED" :
259 	    arg1 == 1 ? "NO_SCAN" :
260 	    arg1 == 2 ? "ERROR" :
261 	    arg1 == 3 ? "CLEAN" :
262 	    arg1 == 4 ? "INFECTED" : "XXX unknown");
263 }
264 
265 pid$target::vs_eng_scanstamp_current:return
266 {
267 	printf("%sCURRENT", arg1 == 0 ? "NOT " : "");
268 }
269 
270 pid$target::vs_icap_scan_file:return
271 {
272 	printf("%ld VS_RESULT_%s", arg1,
273 	    arg1 == 0 ? "UNDEFINED" :
274 	    arg1 == 1 ? "CLEAN" :
275 	    arg1 == 2 ? "CLEANED" :
276 	    arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR");
277 }
278 
279 pid$target::vs_stats_set:entry
280 {
281 	printf("%s", (arg0 == 1) ? "CLEAN" :
282 		(arg0 == 2) ? "CLEANED" :
283 		(arg0 == 3) ? "QUARANTINE" : "ERROR");
284 }
285 
286 pid$target::vs_stats_set:return
287 {
288 }
289 
290 /* get engine connection */
291 pid$target::vs_eng_get:entry,
292 pid$target::vs_eng_connect:entry
293 {
294 }
295 pid$target::vs_eng_get:return,
296 pid$target::vs_eng_connect:return
297 {
298 	printf("%s", arg1 == 0 ? "success" : "error");
299 }
300 
301 /* engine errors */
302 pid$target::vs_eng_set_error:entry
303 / arg1 == 1 /
304 {
305 	printf("scan engine %d error", arg0 + 1);
306 }
307 
308 /* shutdown */
309 pid$target::vscand_sig_handler:entry
310 {
311 	printf("received signal %d", arg0);
312 }
313 pid$target::vscand_sig_handler:return,
314 pid$target::vscand_fini:entry,
315 pid$target::vscand_fini:return,
316 pid$target::vscand_kernel_disable:entry,
317 pid$target::vscand_kernel_disable:return,
318 pid$target::vscand_kernel_unbind:entry,
319 pid$target::vscand_kernel_unbind:return,
320 pid$target::vs_eng_fini:entry,
321 pid$target::vs_eng_fini:return,
322 pid$target::vs_eng_close_connections:entry,
323 pid$target::vs_eng_close_connections:return
324 {
325 }
326 
327 /* vs_icap.c */
328 
329 /* trace entry and exit (inc status) */
330 pid$target::vs_icap_option_request:entry,
331 pid$target::vs_icap_send_option_req:entry,
332 pid$target::vs_icap_read_option_resp:entry,
333 pid$target::vs_icap_respmod_request:entry,
334 pid$target::vs_icap_may_preview:entry,
335 pid$target::vs_icap_send_preview:entry,
336 pid$target::vs_icap_send_respmod_hdr:entry,
337 pid$target::vs_icap_read_respmod_resp:entry
338 {
339 }
340 
341 pid$target::vs_icap_option_request:return,
342 pid$target::vs_icap_send_option_req:return,
343 pid$target::vs_icap_read_option_resp:return,
344 pid$target::vs_icap_respmod_request:return,
345 pid$target::vs_icap_send_preview:return,
346 pid$target::vs_icap_send_respmod_hdr:return,
347 pid$target::vs_icap_read_respmod_resp:return
348 {
349 	printf("%s", arg1 < 0 ? "error" : "success");
350 }
351 
352 pid$target::vs_icap_may_preview:return
353 {
354 	printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE");
355 }
356 
357 /* trace failures only  - these functions return -1 on failure */
358 pid$target::vs_icap_read_resp_code:return,
359 pid$target::vs_icap_read_hdr:return,
360 pid$target::vs_icap_send_termination:return,
361 pid$target::vs_icap_write:return,
362 pid$target::vs_icap_set_scan_result:return,
363 pid$target::vs_icap_read_encap_hdr:return,
364 pid$target::vs_icap_read_encap_data:return,
365 pid$target::vs_icap_read_resp_body:return,
366 pid$target::vs_icap_read_body_chunk:return,
367 pid$target::vs_icap_read:return,
368 pid$target::vs_icap_readline:return,
369 pid$target::vs_icap_send_chunk:return,
370 pid$target::gethostname:return
371 /arg1 < 0/
372 {
373 	printf("error");
374 }
375 
376 /* trace failures only  - these functions return 1 on success */
377 pid$target::vs_icap_opt_value:return,
378 pid$target::vs_icap_opt_ext:return,
379 pid$target::vs_icap_resp_infection:return,
380 pid$target::vs_icap_resp_virus_id:return,
381 pid$target::vs_icap_resp_violations:return,
382 pid$target::vs_icap_resp_violation_rec:return,
383 pid$target::vs_icap_resp_istag:return,
384 pid$target::vs_icap_resp_encap:return
385 /arg1 != 1/
386 {
387 	printf("error");
388 }
389 
390 pid$target::write:return,
391 pid$target::read:return,
392 pid$target::recv:return,
393 pid$target::open:return,
394 pid$target::calloc:return
395 /arg1 <= 0/
396 {
397 	printf("error");
398 }
399