From 7813b63f5f737c9d4e47142d690966651ed8678b Mon Sep 17 00:00:00 2001 From: guanglei Date: Tue, 11 Jul 2006 08:39:49 +0000 Subject: [PATCH] changes to addevent.process to generate adequate info of process relationships use current->parent->tgid as the parent process id for ascii tracing modified lket-b2a to be sync with the new addevent.process event hooks updated lket man pages to be sync with newly changes to addevent.process event hooks --- lket.5.in | 8 ++++---- runtime/ChangeLog | 5 +++++ runtime/lket/b2a/lket_b2a.c | 30 ++++++++++++++++++++---------- tapset/LKET/Changelog | 8 ++++++++ tapset/LKET/lket_trace.stp | 2 +- tapset/LKET/process.stp | 16 +++++++++++----- tapset/LKET/register_event.stp | 6 +++--- 7 files changed, 52 insertions(+), 23 deletions(-) diff --git a/lket.5.in b/lket.5.in index 6fc5e58ff..673ed1a76 100644 --- a/lket.5.in +++ b/lket.5.in @@ -45,7 +45,7 @@ The data common(i.e. in the following subsecions) to all event hooks is: .RS -.B usec(INT64),(pid<<32 | groupID<<24 | hookID<<16 | cpu_id<<8)(INT64) +.B usec(INT64),(tid<<32 | groupID<<24 | hookID<<16 | cpu_id<<8)(INT64) .RE Each event hook group is a collection of those hooks that have @@ -109,7 +109,7 @@ by LKET silently to take a snapshot of all running processes. Data format is: -.I common_data, process_id(INT32), process_name(STRING) +.I common_data, tid(INT32), pid(INT32), ppid(INT32), process_name(STRING) .P .TP @@ -118,14 +118,14 @@ Trace fork of processes Data format is: -.I common_data, new_process_id(INT32) +.I common_data, new_tid(INT32), new_pid(INT32), ppid(INT32) .TP .B addevent.process.execve (HOOKID=3) Trace execve of new processes Data format is: -.I common_data, new_process_name(STRING) +.I common_data, pid(INT32), new_process_name(STRING) .SS IO SCHEDULER ACTIVITIES (GROUPID=4) You could use diff --git a/runtime/ChangeLog b/runtime/ChangeLog index f364286fa..61d7ed723 100644 --- a/runtime/ChangeLog +++ b/runtime/ChangeLog @@ -1,3 +1,8 @@ +2006-07-11 Li Guanglei + + * lket/b2a/lket_b2a.c: modified to be sync with + the new addevent.process event hooks + 2006-06-29 Li Guanglei * lket/b2a/lket_b2a.c, lket/b2a/lket_b2a.h: modified to be diff --git a/runtime/lket/b2a/lket_b2a.c b/runtime/lket/b2a/lket_b2a.c index 1754e972c..87823274f 100644 --- a/runtime/lket/b2a/lket_b2a.c +++ b/runtime/lket/b2a/lket_b2a.c @@ -105,16 +105,20 @@ int main(int argc, char *argv[]) // j is the next if(min) { - if(HDR_GroupID(&hdrs[j])==_GROUP_PROCESS && - (HDR_HookID(&hdrs[j])==_HOOKID_PROCESS_SNAPSHOT - || HDR_HookID(&hdrs[j])==_HOOKID_PROCESS_EXECVE)) - { - register_appname(j, infps[j], &hdrs[j]); - } else if(HDR_GroupID(&hdrs[j])==_GROUP_REGEVT) { + if(HDR_GroupID(&hdrs[j])==_GROUP_REGEVT) { register_events(HDR_HookID(&hdrs[j]), infps[j], hdrs[j].sys_size); } else { + print_pkt_header(outfp, &hdrs[j]); + + if(HDR_GroupID(&hdrs[j])==_GROUP_PROCESS && + (HDR_HookID(&hdrs[j])==_HOOKID_PROCESS_SNAPSHOT + || HDR_HookID(&hdrs[j])==_HOOKID_PROCESS_EXECVE)) + { + register_appname(j, infps[j], &hdrs[j]); + } + ascii_print(hdrs[j], infps[j], outfp, EVT_SYS); if(hdrs[j].total_size != hdrs[j].sys_size) ascii_print(hdrs[j], infps[j], outfp, EVT_USER); @@ -163,15 +167,20 @@ void register_appname(int i, FILE *fp, lket_pkt_header *phdr) int count; int len; int c; + int location; len=0; count=0; appname = (char *)malloc(1024); + location = ftell(fp); + if(HDR_HookID(phdr) ==1 ) { /* process_snapshot */ - len = fread(&pid, 1, 4, fp); + fseek(fp, 4, SEEK_CUR); /* skip tid */ + fread(&pid, 1, 4, fp); /* read pid */ + fseek(fp, 4, SEEK_CUR); /* skip ppid */ c = fgetc_unlocked(fp); - ++len; + len+=13; while (c && len < 1024) { appname[count++] = (char)c; c = fgetc_unlocked(fp); @@ -180,10 +189,10 @@ void register_appname(int i, FILE *fp, lket_pkt_header *phdr) appname[count]='\0'; //fseek(fp, 0-len, SEEK_CUR); } else if (HDR_HookID(phdr) == 2) { /* process.execve */ - pid = HDR_PID(phdr); + fread(&pid, 1, 4, fp); /* read pid */ c = fgetc_unlocked(fp); - ++len; + len+=5; while (c && len < 1024) { appname[count++] = (char)c; c = fgetc_unlocked(fp); @@ -195,6 +204,7 @@ void register_appname(int i, FILE *fp, lket_pkt_header *phdr) free(appname); return; } + fseek(fp, location, SEEK_SET); g_tree_insert(appNameTree, (gpointer)((long)pid), (gpointer)appname); } diff --git a/tapset/LKET/Changelog b/tapset/LKET/Changelog index c31e072fd..b26b0d222 100644 --- a/tapset/LKET/Changelog +++ b/tapset/LKET/Changelog @@ -1,3 +1,11 @@ +2006-07-11 Li Guanglei + + * process.stp, register_event.stp: changes to + addevent.process to generate adequate info + of process relationships + * lket_trace.stp: use current->parent->tgid as the + parent process id for ascii tracing + 2006-06-29 Li Guanglei * lket_trace.stp: diff --git a/tapset/LKET/lket_trace.stp b/tapset/LKET/lket_trace.stp index 4336377c1..59a08ec08 100755 --- a/tapset/LKET/lket_trace.stp +++ b/tapset/LKET/lket_trace.stp @@ -111,7 +111,7 @@ void fmt_change(char *oldfmt, char *newfmt, int newfmt_start) fmt_change(fmt, new_sysfmt, NEW_SYSFMT_START); \ _stp_printf(new_sysfmt, \ (_FMT_)GroupID, (_FMT_)hookID, (_FMT_)tv.tv_sec, (_FMT_)tv.tv_usec,\ - (_FMT_)current->tgid, (_FMT_)current->parent->pid,\ + (_FMT_)current->tgid, (_FMT_)current->parent->tgid,\ (_FMT_)current->pid, (_FMT_)current->thread_info->cpu, args);\ } while(0) diff --git a/tapset/LKET/process.stp b/tapset/LKET/process.stp index f09e97ba4..b9dbb4dc0 100755 --- a/tapset/LKET/process.stp +++ b/tapset/LKET/process.stp @@ -9,15 +9,21 @@ function log_execve_tracedata(var_id:long, var:long) %{ long tmp=(long)THIS->var; - _lket_trace(_GROUP_PROCESS, THIS->var_id, "%0s", (char *)tmp); + _lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b%0s", + current->tgid, (char *)tmp); %} /* record the newly forked process id */ -function log_fork_tracedata(var_id:long, var:long) +function log_fork_tracedata(var_id:long, task:long) %{ + /* pid_t pid = (pid_t)THIS->var; _lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b", (_FMT_)pid); + */ + struct task_struct *task = (struct task_struct *)THIS->task; + _lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b%4b%4b", (_FMT_)task->pid, + (_FMT_)task->tgid, (_FMT_)task->parent->tgid); %} @@ -38,8 +44,8 @@ function process_snapshot() name for each entry */ list_for_each(cur, head) { tsk = (struct task_struct *)(list_entry(cur, struct task_struct, tasks)); - _lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_SNAPSHOT, "%4b%0s", - (_FMT_)tsk->pid, tsk->comm); + _lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_SNAPSHOT, "%4b%4b%4b%0s", + (_FMT_)tsk->pid, (_FMT_)tsk->tgid, (_FMT_)tsk->parent->tgid, tsk->comm); #if !defined(ASCII_TRACE) total_length = &_stp_pbuf[cpu][STP_PRINT_BUF_START]; *(int16_t *)total_length = _stp_pbuf_len[cpu] - 4; @@ -81,6 +87,6 @@ probe _addevent.process.fork = process.create { if(filter_by_pid() == 1 ) { - log_fork_tracedata(HOOKID_PROCESS_FORK, new_pid) + log_fork_tracedata(HOOKID_PROCESS_FORK, $return) } } diff --git a/tapset/LKET/register_event.stp b/tapset/LKET/register_event.stp index 385986031..1a41bd1d3 100755 --- a/tapset/LKET/register_event.stp +++ b/tapset/LKET/register_event.stp @@ -125,11 +125,11 @@ function register_sys_events() register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_RETURN, "STRING", "syscall") register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_SNAPSHOT, - "INT32:STRING", "pid:pname") + "INT32:INT32:INT32:STRING", "tid:pid:ppid:pname") register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_EXECVE, - "STRING", "pname") + "INT32:STRING", "pid:pname") register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_FORK, - "INT32", "pid") + "INT32:INT32:INT32", "tid:pid:ppid") register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_NEXT_REQ, "STRING:INT8:INT8:INT64:INT64", "elv_name:major:minor:request:req_flags") -- 2.43.5