#!/usr/sbin/dtrace -s
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
#pragma D option flowindent
*/
/*
*** vscan kernel pseudo driver ***
*/
/*
* vscan_svc.c
*/
sdt:vscan::vscan-req-counts
{
printf("%s reql: %d, node: %d, taskq: %d",
stringof(arg0),
((vscan_svc_counts_t *)arg1)->vsc_reql,
((vscan_svc_counts_t *)arg1)->vsc_node,
((vscan_svc_counts_t *)arg1)->vsc_tq);
}
sdt:vscan::vscan-svc-state-violation
{
printf("%d %s", arg0,
arg0 == 0 ? "UNCONFIG" :
arg0 == 1 ? "IDLE" :
arg0 == 2 ? "ENABLED" :
arg0 == 3 ? "DISABLED" : "UNKNOWN");
}
sdt:vscan::vscan-scan-timeout
{
printf("idx: %d, seqnum: %d - %s",
((vscan_req_t *)arg0)->vsr_idx,
((vscan_req_t *)arg0)->vsr_seqnum,
stringof(((vscan_req_t *)arg0)->vsr_vp->v_path));
}
sdt:vscan::vscan-scan-file
{
printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync");
}
sdt:vscan::vscan-exempt-filesize
{
printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW");
}
sdt:vscan::vscan-type-match
{
printf("ext: %s matched: %s", stringof(arg0), stringof(arg1));
}
sdt:vscan::vscan-exempt-filetype
{
printf("%s EXEMPT", stringof(arg0));
}
sdt:vscan::vscan-getattr
{
printf("%s, m: %d, q: %d, scanstamp: %s",
stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path),
((vscan_svc_node_t *)arg0)->vsn_modified,
((vscan_svc_node_t *)arg0)->vsn_quarantined,
stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
}
sdt:vscan::vscan-setattr
{
/* XAT_AV_QUARANTINED */
printf("%s", (arg1 & 0x400) == 0 ? "" :
((vscan_svc_node_t *)arg0)->vsn_quarantined ? "q: 1, " : "q: 0, ");
/* XAT_AV_MODIFIED */
printf("%s", (arg1 & 0x800) == 0 ? "" :
((vscan_svc_node_t *)arg0)->vsn_modified ? "m: 1, " : "m: 0, ");
/* XAT_AV_SCANSTAMP */
printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: ");
printf("%s", (arg1 & 0x1000) == 0 ? "" :
stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp));
}
sdt:vscan::vscan-mtime-changed
{
printf("%s",
stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path));
}
sdt:vscan::vscan-result
{
printf("idx: %d, seqnum: %d, VS_STATUS_%s - VS_ACCESS_%s",
arg0, arg1,
arg2 == 0 ? "UNDEFINED" :
arg2 == 1 ? "NO_SCAN" :
arg2 == 2 ? "ERROR" :
arg2 == 3 ? "CLEAN" :
arg2 == 4 ? "INFECTED" :
arg2 == 5 ? "SCANNING" : "XXX unknown",
arg3 == 0 ? "UNDEFINED" :
arg3 == 1 ? "ALLOW" : "DENY");
}
/* insert request into request list */
fbt:vscan:vscan_svc_reql_insert:entry
{
printf("%s", stringof(args[0]->v_path));
}
fbt:vscan:vscan_svc_reql_insert:return
/args[1] != 0/
{
printf("seqnum %d %s", args[1]->vsr_seqnum,
stringof(args[1]->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_reql_insert:return
/args[1] == 0/
{
printf("request list full");
}
/* insert request into scan table */
fbt:vscan:vscan_svc_insert_req:entry
{
printf("seqnum: %d - %s",
args[0]->vsr_seqnum, stringof(args[0]->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_insert_req:return
{
printf("idx: %d", args[1]);
}
/* remove request from request list and scan table and delete it*/
fbt:vscan:vscan_svc_delete_req:entry
{
printf("idx: %d, seqnum: %d - %s",
args[0]->vsr_idx, args[0]->vsr_seqnum,
stringof(args[0]->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_delete_req:return,
fbt:vscan:vscan_svc_reql_handler:entry,
fbt:vscan:vscan_svc_reql_handler:return
{
}
fbt:vscan:vscan_svc_taskq_callback:entry,
fbt:vscan:vscan_svc_do_scan:entry
{
printf("idx: %d, seqnum: %d - %s",
((vscan_req_t *)(args[0]))->vsr_idx,
((vscan_req_t *)(args[0]))->vsr_seqnum,
stringof(((vscan_req_t *)(args[0]))->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_scan_complete:entry
{
printf("idx: %d, seqnum: %d, state: %s - %s",
args[0]->vsr_idx, args[0]->vsr_seqnum,
args[0]->vsr_state == 0 ? "INIT" :
args[0]->vsr_state == 1 ? "QUEUED" :
args[0]->vsr_state == 2 ? "IN_PROGRESS" :
args[0]->vsr_state == 3 ? "SCANNING" :
args[0]->vsr_state == 4 ? "ASYNC_COMPLETE" :
args[0]->vsr_state == 5 ? "COMPLETE" : "UNKNOWN",
stringof(args[0]->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_taskq_callback:return,
fbt:vscan:vscan_svc_do_scan:return,
fbt:vscan:vscan_svc_scan_complete:return
{
}
sdt:vscan::vscan-abort
{
printf("idx: %d, seqnum: %d - %s",
((vscan_req_t *)(arg0))->vsr_idx,
((vscan_req_t *)(arg0))->vsr_seqnum,
stringof(((vscan_req_t *)(arg0))->vsr_vp->v_path));
}
fbt:vscan:vscan_svc_enable:entry,
fbt:vscan:vscan_svc_enable:return,
fbt:vscan:vscan_svc_disable:entry,
fbt:vscan:vscan_svc_disable:return,
fbt:vscan:vscan_svc_configure:entry,
fbt:vscan:vscan_svc_configure:return
{
}
/*
* vscan_door.c
*/
fbt:vscan:vscan_door_open:entry,
fbt:vscan:vscan_door_open:return,
fbt:vscan:vscan_door_close:entry,
fbt:vscan:vscan_door_close:return
{
}
fbt:vscan:vscan_door_scan_file:entry
{
printf("idx: %d, seqnum: %d - %s",
args[0]->vsr_idx, args[0]->vsr_seqnum, args[0]->vsr_path);
}
fbt:vscan:vscan_door_scan_file:return
{
printf("VS_STATUS_%s",
args[1] == 0 ? "UNDEFINED" :
args[1] == 1 ? "NO_SCAN" :
args[1] == 2 ? "ERROR" :
args[1] == 3 ? "CLEAN" :
args[1] == 4 ? "INFECTED" :
args[1] == 5 ? "SCANNING" : "XXX unknown");
}
/*
* vscan_drv.c
*/
sdt:vscan::vscan-drv-state-violation
{
printf("%d %s", arg0,
arg0 == 0 ? "UNCONFIG" :
arg0 == 1 ? "IDLE" :
arg0 == 2 ? "CONNECTED" :
arg0 == 3 ? "ENABLED" :
arg0 == 4 ? "DELAYED_DISABLE" : "UNKNOWN");
}
sdt:vscan::vscan-minor-node
{
printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error");
}
/* unprivileged vscan driver access attempt */
sdt:vscan::vscan-priv
/arg0 != 0/
{
printf("vscan driver access attempt by unprivileged process");
}
/* daemon-driver synchronization */
sdt:vscan::vscan-reconnect
{
}
fbt:vscan:vscan_drv_open:entry
/ *(int *)args[0] == 0/
{
printf("vscan daemon attach");
}
fbt:vscan:vscan_drv_close:entry
/ (int)args[0] == 0/
{
printf("vscan daemon detach");
}
fbt:vscan:vscan_drv_ioctl:entry
/ (int)args[0] == 0/
{
printf("vscan daemon ioctl %d %s", args[1],
args[1] == 1 ? "ENABLE" :
args[1] == 2 ? "DISABLE" :
args[1] == 3 ? "CONFIG" :
args[1] == 4 ? "RESULT" :
args[1] == 5 ? "MAX FILES" : "unknown");
}
fbt:vscan:vscan_drv_delayed_disable:entry,
fbt:vscan:vscan_drv_delayed_disable:return,
fbt:vscan:vscan_drv_attach:entry,
fbt:vscan:vscan_drv_detach:entry
{
}
fbt:vscan:vscan_drv_attach:return,
fbt:vscan:vscan_drv_detach:return
{
printf("%s", args[1] ? "DDI_FAILURE" : "DDI_SUCCESS");
}
fbt:vscan:vscan_drv_in_use:return
{
printf("%s", args[1] ? "TRUE" : "FALSE");
}
/* file access */
/*
fbt:vscan:vscan_drv_open:entry
/ *(int *)args[0] != 0/
{
printf("%d", *(int *)args[0]);
}
fbt:vscan:vscan_drv_close:entry,
fbt:vscan:vscan_drv_read:entry
/ (int)args[0] != 0/
{
printf("%d", (int)args[0]);
}
*/
/*
*** vscan daemon - vscand ***
*/
pid$target::vs_svc_init:entry
{
printf("Max concurrent scan requests from kernel: %d", arg1);
}
pid$target::vs_svc_init:return
{
}
pid$target::vs_door_scan_req:entry,
pid$target::vs_svc_scan_file:entry,
pid$target::vs_svc_queue_scan_req:entry,
pid$target::vs_svc_async_scan:entry,
pid$target::vs_eng_scanstamp_current:entry,
pid$target::vs_icap_scan_file:entry
{
}
pid$target::vs_svc_queue_scan_req:return,
pid$target::vs_svc_async_scan:return
{
}
pid$target::vs_svc_scan_file:return
{
printf("VS_STATUS_%s",
arg1 == 0 ? "UNDEFINED" :
arg1 == 1 ? "NO_SCAN" :
arg1 == 2 ? "ERROR" :
arg1 == 3 ? "CLEAN" :
arg1 == 4 ? "INFECTED" :
arg1 == 5 ? "SCANNING" : "XXX unknown");
}
pid$target::vs_eng_scanstamp_current:return
{
printf("%sCURRENT", arg1 == 0 ? "NOT " : "");
}
pid$target::vs_icap_scan_file:return
{
printf("%d VS_RESULT_%s", (int)arg1,
(int)arg1 == 0 ? "UNDEFINED" :
(int)arg1 == 1 ? "CLEAN" :
(int)arg1 == 2 ? "CLEANED" :
(int)arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR");
}
pid$target::vs_stats_set:entry
{
printf("%s", (arg0 == 1) ? "CLEAN" :
(arg0 == 2) ? "CLEANED" :
(arg0 == 3) ? "QUARANTINE" : "ERROR");
}
pid$target::vs_stats_set:return
{
}
/* get engine connection */
pid$target::vs_eng_get:entry,
pid$target::vs_eng_connect:entry,
pid$target::vs_eng_release:entry,
pid$target::vs_eng_release:return
{
}
pid$target::vs_eng_get:return,
pid$target::vs_eng_connect:return
{
printf("%s", arg1 == 0 ? "success" : "error");
}
/* engine errors */
pid$target::vs_eng_set_error:entry
/ arg1 == 1 /
{
printf("scan engine error");
}
/* configuration */
pid$target::vscand_cfg_init:entry,
pid$target::vscand_cfg_fini:entry,
pid$target::vscand_cfg_init:return,
pid$target::vscand_cfg_fini:return,
pid$target::vscand_cfg_handler:entry,
pid$target::vscand_cfg_handler:return
{
}
pid$target::vscand_dtrace_gen:entry
{
printf("maxsize: %s action: %s\n",
copyinstr(arg0), (arg1 == 1) ? "allow" : "deny");
printf("types: %s\n", copyinstr(arg2));
printf("log: %s\n", copyinstr(arg3));
}
pid$target::vscand_dtrace_eng:entry
{
printf("\n%s %s \nhost: %s \nport: %d \nmax connections: %d\n",
copyinstr(arg0), (arg1 == 1) ? "enabled" : "disabled",
copyinstr(arg2), arg3, arg4);
}
/* shutdown */
pid$target::vscand_sig_handler:entry
{
printf("received signal %d", arg0);
}
pid$target::vscand_sig_handler:return,
pid$target::vscand_fini:entry,
pid$target::vscand_fini:return,
pid$target::vscand_kernel_disable:entry,
pid$target::vscand_kernel_disable:return,
pid$target::vscand_kernel_unbind:entry,
pid$target::vscand_kernel_unbind:return,
pid$target::vscand_kernel_result:entry,
pid$target::vscand_kernel_result:return,
pid$target::vs_svc_terminate:entry,
pid$target::vs_svc_terminate:return,
pid$target::vs_eng_fini:entry,
pid$target::vs_eng_fini:return,
pid$target::vs_eng_close_connections:entry,
pid$target::vs_eng_close_connections:return
{
}
/* vs_icap.c */
/* trace entry and exit (inc status) */
pid$target::vs_icap_option_request:entry,
pid$target::vs_icap_send_option_req:entry,
pid$target::vs_icap_read_option_resp:entry,
pid$target::vs_icap_respmod_request:entry,
pid$target::vs_icap_may_preview:entry,
pid$target::vs_icap_send_preview:entry,
pid$target::vs_icap_send_respmod_hdr:entry,
pid$target::vs_icap_read_respmod_resp:entry
{
}
pid$target::vs_icap_option_request:return,
pid$target::vs_icap_send_option_req:return,
pid$target::vs_icap_read_option_resp:return,
pid$target::vs_icap_respmod_request:return,
pid$target::vs_icap_send_preview:return,
pid$target::vs_icap_send_respmod_hdr:return,
pid$target::vs_icap_read_respmod_resp:return
{
printf("%s", (int)arg1 < 0 ? "error" : "success");
}
pid$target::vs_icap_may_preview:return
{
printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE");
}
/* trace failures only - these functions return -1 on failure */
pid$target::vs_icap_read_resp_code:return,
pid$target::vs_icap_read_hdr:return,
pid$target::vs_icap_send_termination:return,
pid$target::vs_icap_write:return,
pid$target::vs_icap_set_scan_result:return,
pid$target::vs_icap_read_encap_hdr:return,
pid$target::vs_icap_read_encap_data:return,
pid$target::vs_icap_read_resp_body:return,
pid$target::vs_icap_read_body_chunk:return,
pid$target::vs_icap_read:return,
pid$target::vs_icap_readline:return,
pid$target::vs_icap_send_chunk:return,
pid$target::gethostname:return
/(int)arg1 == -1/
{
printf("error");
}
/* trace failures only - these functions return 1 on success */
pid$target::vs_icap_opt_value:return,
pid$target::vs_icap_opt_ext:return,
pid$target::vs_icap_resp_infection:return,
pid$target::vs_icap_resp_virus_id:return,
pid$target::vs_icap_resp_violations:return,
pid$target::vs_icap_resp_violation_rec:return,
pid$target::vs_icap_resp_istag:return,
pid$target::vs_icap_resp_encap:return
/arg1 != 1/
{
printf("error");
}
pid$target::write:return,
pid$target::read:return,
pid$target::open:return,
pid$target::calloc:return
/arg1 <= 0/
{
printf("error");
}
/*
pid$target::recv:return,
*/