1*ed81dd52SAlek Pinchuk #!/usr/sbin/dtrace -s 2*ed81dd52SAlek Pinchuk /* 3*ed81dd52SAlek Pinchuk * This file and its contents are supplied under the terms of the 4*ed81dd52SAlek Pinchuk * Common Development and Distribution License ("CDDL"), version 1.0. 5*ed81dd52SAlek Pinchuk * You may only use this file in accordance with the terms of version 6*ed81dd52SAlek Pinchuk * 1.0 of the CDDL. 7*ed81dd52SAlek Pinchuk * 8*ed81dd52SAlek Pinchuk * A full copy of the text of the CDDL should have accompanied this 9*ed81dd52SAlek Pinchuk * source. A copy of the CDDL is also available via the Internet at 10*ed81dd52SAlek Pinchuk * http://www.illumos.org/license/CDDL. 11*ed81dd52SAlek Pinchuk */ 12*ed81dd52SAlek Pinchuk 13*ed81dd52SAlek Pinchuk /* 14*ed81dd52SAlek Pinchuk * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 15*ed81dd52SAlek Pinchuk */ 16*ed81dd52SAlek Pinchuk 17*ed81dd52SAlek Pinchuk /* 18*ed81dd52SAlek Pinchuk * User-level dtrace for smbd 19*ed81dd52SAlek Pinchuk * Usage: dtrace -s smbd-pipesvc.d -p `pgrep smbd` 20*ed81dd52SAlek Pinchuk */ 21*ed81dd52SAlek Pinchuk 22*ed81dd52SAlek Pinchuk #pragma D option flowindent 23*ed81dd52SAlek Pinchuk 24*ed81dd52SAlek Pinchuk self int trace; 25*ed81dd52SAlek Pinchuk self int mask; 26*ed81dd52SAlek Pinchuk 27*ed81dd52SAlek Pinchuk /* 28*ed81dd52SAlek Pinchuk * The smbd_authsvc_work() function is a good place to start tracing 29*ed81dd52SAlek Pinchuk * to watch RPC service actions. This worker handles all activity 30*ed81dd52SAlek Pinchuk * for a given named pipe instance, including the payload from all 31*ed81dd52SAlek Pinchuk * SMB read/write requests on this endpoint. 32*ed81dd52SAlek Pinchuk */ 33*ed81dd52SAlek Pinchuk pid$target:*smbd:pipesvc_worker:entry 34*ed81dd52SAlek Pinchuk { 35*ed81dd52SAlek Pinchuk self->trace++; 36*ed81dd52SAlek Pinchuk } 37*ed81dd52SAlek Pinchuk 38*ed81dd52SAlek Pinchuk /* 39*ed81dd52SAlek Pinchuk * If traced and not masked, print entry/return 40*ed81dd52SAlek Pinchuk */ 41*ed81dd52SAlek Pinchuk pid$target:*smbd::entry, 42*ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::entry, 43*ed81dd52SAlek Pinchuk pid$target:libmlrpc.so.1::entry, 44*ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::entry, 45*ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::entry 46*ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 47*ed81dd52SAlek Pinchuk { 48*ed81dd52SAlek Pinchuk printf("\t0x%x", arg0); 49*ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 50*ed81dd52SAlek Pinchuk printf("\t0x%x", arg2); 51*ed81dd52SAlek Pinchuk printf("\t0x%x", arg3); 52*ed81dd52SAlek Pinchuk printf("\t0x%x", arg4); 53*ed81dd52SAlek Pinchuk printf("\t0x%x", arg5); 54*ed81dd52SAlek Pinchuk } 55*ed81dd52SAlek Pinchuk 56*ed81dd52SAlek Pinchuk /* 57*ed81dd52SAlek Pinchuk * Mask (don't print) all function calls below these functions. 58*ed81dd52SAlek Pinchuk * These make many boring, repetitive function calls like 59*ed81dd52SAlek Pinchuk * smb_mbtowc, smb_msgbuf_has_space, ... 60*ed81dd52SAlek Pinchuk * 61*ed81dd52SAlek Pinchuk * Also, libmlrpc has rather deep call stacks, particularly under 62*ed81dd52SAlek Pinchuk * ndr_encode_decode_common(), so this stops traces below there. 63*ed81dd52SAlek Pinchuk * Remove that from the mask actions to see the details. 64*ed81dd52SAlek Pinchuk */ 65*ed81dd52SAlek Pinchuk pid$target::ht_findfirst:entry, 66*ed81dd52SAlek Pinchuk pid$target::ht_findnext:entry, 67*ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:entry, 68*ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:entry, 69*ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:entry, 70*ed81dd52SAlek Pinchuk pid$target::smb_strlwr:entry, 71*ed81dd52SAlek Pinchuk pid$target::smb_strupr:entry, 72*ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:entry 73*ed81dd52SAlek Pinchuk { 74*ed81dd52SAlek Pinchuk self->mask++; 75*ed81dd52SAlek Pinchuk } 76*ed81dd52SAlek Pinchuk 77*ed81dd52SAlek Pinchuk /* 78*ed81dd52SAlek Pinchuk * Now inverses of above, unwind order. 79*ed81dd52SAlek Pinchuk */ 80*ed81dd52SAlek Pinchuk 81*ed81dd52SAlek Pinchuk pid$target::ht_findfirst:return, 82*ed81dd52SAlek Pinchuk pid$target::ht_findnext:return, 83*ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:return, 84*ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:return, 85*ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:return, 86*ed81dd52SAlek Pinchuk pid$target::smb_strlwr:return, 87*ed81dd52SAlek Pinchuk pid$target::smb_strupr:return, 88*ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:return 89*ed81dd52SAlek Pinchuk { 90*ed81dd52SAlek Pinchuk self->mask--; 91*ed81dd52SAlek Pinchuk } 92*ed81dd52SAlek Pinchuk 93*ed81dd52SAlek Pinchuk pid$target:*smbd::return, 94*ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::return, 95*ed81dd52SAlek Pinchuk pid$target:libmlrpc.so.1::return, 96*ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::return, 97*ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::return 98*ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 99*ed81dd52SAlek Pinchuk { 100*ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 101*ed81dd52SAlek Pinchuk } 102*ed81dd52SAlek Pinchuk 103*ed81dd52SAlek Pinchuk /* 104*ed81dd52SAlek Pinchuk * This function in libmlrpc prints out lots of internal state. 105*ed81dd52SAlek Pinchuk * Comment it out if you don't want that noise. 106*ed81dd52SAlek Pinchuk */ 107*ed81dd52SAlek Pinchuk pid$target:libmlrpc.so.1:ndo_trace:entry 108*ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 109*ed81dd52SAlek Pinchuk { 110*ed81dd52SAlek Pinchuk printf("ndo_trace: %s", copyinstr(arg0)); 111*ed81dd52SAlek Pinchuk } 112*ed81dd52SAlek Pinchuk 113*ed81dd52SAlek Pinchuk pid$target:*smbd:pipesvc_worker:return 114*ed81dd52SAlek Pinchuk { 115*ed81dd52SAlek Pinchuk self->trace--; 116*ed81dd52SAlek Pinchuk } 117