1#!/usr/sbin/dtrace -s 2/* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22/* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27#pragma ident "%Z%%M% %I% %E% SMI" 28 29/* 30#pragma D option flowindent 31*/ 32 33/* 34 *** vscan kernel pseudo driver *** 35 */ 36 37/* 38 * vscan_svc.c 39 */ 40sdt:vscan::vscan-req-counts 41{ 42 printf("%s reql: %d, node: %d, taskq: %d", 43 stringof(arg0), 44 ((vscan_svc_counts_t *)arg1)->vsc_reql, 45 ((vscan_svc_counts_t *)arg1)->vsc_node, 46 ((vscan_svc_counts_t *)arg1)->vsc_tq); 47} 48 49sdt:vscan::vscan-svc-state-violation 50{ 51 printf("%d %s", arg0, 52 arg0 == 0 ? "UNCONFIG" : 53 arg0 == 1 ? "IDLE" : 54 arg0 == 2 ? "ENABLED" : 55 arg0 == 3 ? "DISABLED" : "UNKNOWN"); 56} 57 58sdt:vscan::vscan-scan-timeout 59{ 60 printf("idx: %d, seqnum: %d - %s", 61 ((vscan_req_t *)arg0)->vsr_idx, 62 ((vscan_req_t *)arg0)->vsr_seqnum, 63 stringof(((vscan_req_t *)arg0)->vsr_vp->v_path)); 64} 65 66sdt:vscan::vscan-scan-file 67{ 68 printf("%s (%s)", stringof(arg0), arg1 ? "async" : "sync"); 69} 70 71sdt:vscan::vscan-exempt-filesize 72{ 73 printf("%s EXEMPT (%s)", stringof(arg0), arg1 ? "DENY" : "ALLOW"); 74} 75 76sdt:vscan::vscan-type-match 77{ 78 printf("ext: %s matched: %s", stringof(arg0), stringof(arg1)); 79} 80 81sdt:vscan::vscan-exempt-filetype 82{ 83 printf("%s EXEMPT", stringof(arg0)); 84} 85 86sdt:vscan::vscan-getattr 87{ 88 printf("%s, m: %d, q: %d, scanstamp: %s", 89 stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path), 90 ((vscan_svc_node_t *)arg0)->vsn_modified, 91 ((vscan_svc_node_t *)arg0)->vsn_quarantined, 92 stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp)); 93} 94 95sdt:vscan::vscan-setattr 96{ 97 /* XAT_AV_QUARANTINED */ 98 printf("%s", (arg1 & 0x400) == 0 ? "" : 99 ((vscan_svc_node_t *)arg0)->vsn_quarantined ? "q: 1, " : "q: 0, "); 100 101 /* XAT_AV_MODIFIED */ 102 printf("%s", (arg1 & 0x800) == 0 ? "" : 103 ((vscan_svc_node_t *)arg0)->vsn_modified ? "m: 1, " : "m: 0, "); 104 105 /* XAT_AV_SCANSTAMP */ 106 printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: "); 107 printf("%s", (arg1 & 0x1000) == 0 ? "" : 108 stringof(((vscan_svc_node_t *)arg0)->vsn_scanstamp)); 109} 110 111 112sdt:vscan::vscan-mtime-changed 113{ 114 printf("%s", 115 stringof(((vscan_svc_node_t *)arg0)->vsn_req->vsr_vp->v_path)); 116} 117 118 119sdt:vscan::vscan-result 120{ 121 printf("idx: %d, seqnum: %d, VS_STATUS_%s - VS_ACCESS_%s", 122 arg0, arg1, 123 arg2 == 0 ? "UNDEFINED" : 124 arg2 == 1 ? "NO_SCAN" : 125 arg2 == 2 ? "ERROR" : 126 arg2 == 3 ? "CLEAN" : 127 arg2 == 4 ? "INFECTED" : 128 arg2 == 5 ? "SCANNING" : "XXX unknown", 129 arg3 == 0 ? "UNDEFINED" : 130 arg3 == 1 ? "ALLOW" : "DENY"); 131} 132 133/* insert request into request list */ 134fbt:vscan:vscan_svc_reql_insert:entry 135{ 136 printf("%s", stringof(args[0]->v_path)); 137} 138fbt:vscan:vscan_svc_reql_insert:return 139/args[1] != 0/ 140{ 141 printf("seqnum %d %s", args[1]->vsr_seqnum, 142 stringof(args[1]->vsr_vp->v_path)); 143} 144fbt:vscan:vscan_svc_reql_insert:return 145/args[1] == 0/ 146{ 147 printf("request list full"); 148} 149/* insert request into scan table */ 150fbt:vscan:vscan_svc_insert_req:entry 151{ 152 printf("seqnum: %d - %s", 153 args[0]->vsr_seqnum, stringof(args[0]->vsr_vp->v_path)); 154} 155fbt:vscan:vscan_svc_insert_req:return 156{ 157 printf("idx: %d", args[1]); 158} 159/* remove request from request list and scan table and delete it*/ 160fbt:vscan:vscan_svc_delete_req:entry 161{ 162 printf("idx: %d, seqnum: %d - %s", 163 args[0]->vsr_idx, args[0]->vsr_seqnum, 164 stringof(args[0]->vsr_vp->v_path)); 165} 166 167fbt:vscan:vscan_svc_delete_req:return, 168fbt:vscan:vscan_svc_reql_handler:entry, 169fbt:vscan:vscan_svc_reql_handler:return 170{ 171} 172 173fbt:vscan:vscan_svc_taskq_callback:entry, 174fbt:vscan:vscan_svc_do_scan:entry 175{ 176 printf("idx: %d, seqnum: %d - %s", 177 ((vscan_req_t *)(args[0]))->vsr_idx, 178 ((vscan_req_t *)(args[0]))->vsr_seqnum, 179 stringof(((vscan_req_t *)(args[0]))->vsr_vp->v_path)); 180} 181fbt:vscan:vscan_svc_scan_complete:entry 182{ 183 printf("idx: %d, seqnum: %d, state: %s - %s", 184 args[0]->vsr_idx, args[0]->vsr_seqnum, 185 args[0]->vsr_state == 0 ? "INIT" : 186 args[0]->vsr_state == 1 ? "QUEUED" : 187 args[0]->vsr_state == 2 ? "IN_PROGRESS" : 188 args[0]->vsr_state == 3 ? "SCANNING" : 189 args[0]->vsr_state == 4 ? "ASYNC_COMPLETE" : 190 args[0]->vsr_state == 5 ? "COMPLETE" : "UNKNOWN", 191 stringof(args[0]->vsr_vp->v_path)); 192} 193 194fbt:vscan:vscan_svc_taskq_callback:return, 195fbt:vscan:vscan_svc_do_scan:return, 196fbt:vscan:vscan_svc_scan_complete:return 197{ 198} 199 200sdt:vscan::vscan-abort 201{ 202 printf("idx: %d, seqnum: %d - %s", 203 ((vscan_req_t *)(arg0))->vsr_idx, 204 ((vscan_req_t *)(arg0))->vsr_seqnum, 205 stringof(((vscan_req_t *)(arg0))->vsr_vp->v_path)); 206} 207 208fbt:vscan:vscan_svc_enable:entry, 209fbt:vscan:vscan_svc_enable:return, 210fbt:vscan:vscan_svc_disable:entry, 211fbt:vscan:vscan_svc_disable:return, 212fbt:vscan:vscan_svc_configure:entry, 213fbt:vscan:vscan_svc_configure:return 214{ 215} 216 217/* 218 * vscan_door.c 219 */ 220fbt:vscan:vscan_door_open:entry, 221fbt:vscan:vscan_door_open:return, 222fbt:vscan:vscan_door_close:entry, 223fbt:vscan:vscan_door_close:return 224{ 225} 226 227fbt:vscan:vscan_door_scan_file:entry 228{ 229 printf("idx: %d, seqnum: %d - %s", 230 args[0]->vsr_idx, args[0]->vsr_seqnum, args[0]->vsr_path); 231} 232fbt:vscan:vscan_door_scan_file:return 233{ 234 printf("VS_STATUS_%s", 235 args[1] == 0 ? "UNDEFINED" : 236 args[1] == 1 ? "NO_SCAN" : 237 args[1] == 2 ? "ERROR" : 238 args[1] == 3 ? "CLEAN" : 239 args[1] == 4 ? "INFECTED" : 240 args[1] == 5 ? "SCANNING" : "XXX unknown"); 241} 242 243 244/* 245 * vscan_drv.c 246 */ 247sdt:vscan::vscan-drv-state-violation 248{ 249 printf("%d %s", arg0, 250 arg0 == 0 ? "UNCONFIG" : 251 arg0 == 1 ? "IDLE" : 252 arg0 == 2 ? "CONNECTED" : 253 arg0 == 3 ? "ENABLED" : 254 arg0 == 4 ? "DELAYED_DISABLE" : "UNKNOWN"); 255} 256 257sdt:vscan::vscan-minor-node 258{ 259 printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error"); 260} 261 262/* unprivileged vscan driver access attempt */ 263sdt:vscan::vscan-priv 264/arg0 != 0/ 265{ 266 printf("vscan driver access attempt by unprivileged process"); 267} 268 269/* daemon-driver synchronization */ 270sdt:vscan::vscan-reconnect 271{ 272} 273 274fbt:vscan:vscan_drv_open:entry 275/ *(int *)args[0] == 0/ 276{ 277 printf("vscan daemon attach"); 278} 279 280fbt:vscan:vscan_drv_close:entry 281/ (int)args[0] == 0/ 282{ 283 printf("vscan daemon detach"); 284} 285 286fbt:vscan:vscan_drv_ioctl:entry 287/ (int)args[0] == 0/ 288{ 289 printf("vscan daemon ioctl %d %s", args[1], 290 args[1] == 1 ? "ENABLE" : 291 args[1] == 2 ? "DISABLE" : 292 args[1] == 3 ? "CONFIG" : 293 args[1] == 4 ? "RESULT" : 294 args[1] == 5 ? "MAX FILES" : "unknown"); 295} 296 297fbt:vscan:vscan_drv_delayed_disable:entry, 298fbt:vscan:vscan_drv_delayed_disable:return, 299fbt:vscan:vscan_drv_attach:entry, 300fbt:vscan:vscan_drv_detach:entry 301{ 302} 303 304fbt:vscan:vscan_drv_attach:return, 305fbt:vscan:vscan_drv_detach:return 306{ 307 printf("%s", args[1] ? "DDI_FAILURE" : "DDI_SUCCESS"); 308} 309 310fbt:vscan:vscan_drv_in_use:return 311{ 312 printf("%s", args[1] ? "TRUE" : "FALSE"); 313} 314 315 316/* file access */ 317 318/* 319fbt:vscan:vscan_drv_open:entry 320/ *(int *)args[0] != 0/ 321{ 322 printf("%d", *(int *)args[0]); 323} 324 325fbt:vscan:vscan_drv_close:entry, 326fbt:vscan:vscan_drv_read:entry 327/ (int)args[0] != 0/ 328{ 329 printf("%d", (int)args[0]); 330} 331*/ 332 333 334/* 335 *** vscan daemon - vscand *** 336 */ 337 338pid$target::vs_svc_init:entry 339{ 340 printf("Max concurrent scan requests from kernel: %d", arg1); 341} 342 343pid$target::vs_svc_init:return 344{ 345} 346 347 348pid$target::vs_door_scan_req:entry, 349pid$target::vs_svc_scan_file:entry, 350pid$target::vs_svc_queue_scan_req:entry, 351pid$target::vs_svc_async_scan:entry, 352pid$target::vs_eng_scanstamp_current:entry, 353pid$target::vs_icap_scan_file:entry 354{ 355} 356 357pid$target::vs_svc_queue_scan_req:return, 358pid$target::vs_svc_async_scan:return 359{ 360} 361 362pid$target::vs_svc_scan_file:return 363{ 364 printf("VS_STATUS_%s", 365 arg1 == 0 ? "UNDEFINED" : 366 arg1 == 1 ? "NO_SCAN" : 367 arg1 == 2 ? "ERROR" : 368 arg1 == 3 ? "CLEAN" : 369 arg1 == 4 ? "INFECTED" : 370 arg1 == 5 ? "SCANNING" : "XXX unknown"); 371} 372 373pid$target::vs_eng_scanstamp_current:return 374{ 375 printf("%sCURRENT", arg1 == 0 ? "NOT " : ""); 376} 377 378pid$target::vs_icap_scan_file:return 379{ 380 printf("%d VS_RESULT_%s", (int)arg1, 381 (int)arg1 == 0 ? "UNDEFINED" : 382 (int)arg1 == 1 ? "CLEAN" : 383 (int)arg1 == 2 ? "CLEANED" : 384 (int)arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR"); 385} 386 387pid$target::vs_stats_set:entry 388{ 389 printf("%s", (arg0 == 1) ? "CLEAN" : 390 (arg0 == 2) ? "CLEANED" : 391 (arg0 == 3) ? "QUARANTINE" : "ERROR"); 392} 393 394pid$target::vs_stats_set:return 395{ 396} 397 398/* get engine connection */ 399pid$target::vs_eng_get:entry, 400pid$target::vs_eng_connect:entry, 401pid$target::vs_eng_release:entry, 402pid$target::vs_eng_release:return 403{ 404} 405pid$target::vs_eng_get:return, 406pid$target::vs_eng_connect:return 407{ 408 printf("%s", arg1 == 0 ? "success" : "error"); 409} 410 411/* engine errors */ 412pid$target::vs_eng_set_error:entry 413/ arg1 == 1 / 414{ 415 printf("scan engine error"); 416} 417 418/* configuration */ 419pid$target::vscand_cfg_init:entry, 420pid$target::vscand_cfg_fini:entry, 421pid$target::vscand_cfg_init:return, 422pid$target::vscand_cfg_fini:return, 423pid$target::vscand_cfg_handler:entry, 424pid$target::vscand_cfg_handler:return 425{ 426} 427 428pid$target::vscand_dtrace_gen:entry 429{ 430 printf("maxsize: %s action: %s\n", 431 copyinstr(arg0), (arg1 == 1) ? "allow" : "deny"); 432 printf("types: %s\n", copyinstr(arg2)); 433 printf("log: %s\n", copyinstr(arg3)); 434} 435pid$target::vscand_dtrace_eng:entry 436{ 437 printf("\n%s %s \nhost: %s \nport: %d \nmax connections: %d\n", 438 copyinstr(arg0), (arg1 == 1) ? "enabled" : "disabled", 439 copyinstr(arg2), arg3, arg4); 440} 441 442 443 444/* shutdown */ 445pid$target::vscand_sig_handler:entry 446{ 447 printf("received signal %d", arg0); 448} 449pid$target::vscand_sig_handler:return, 450pid$target::vscand_fini:entry, 451pid$target::vscand_fini:return, 452pid$target::vscand_kernel_disable:entry, 453pid$target::vscand_kernel_disable:return, 454pid$target::vscand_kernel_unbind:entry, 455pid$target::vscand_kernel_unbind:return, 456pid$target::vscand_kernel_result:entry, 457pid$target::vscand_kernel_result:return, 458pid$target::vs_svc_terminate:entry, 459pid$target::vs_svc_terminate:return, 460pid$target::vs_eng_fini:entry, 461pid$target::vs_eng_fini:return, 462pid$target::vs_eng_close_connections:entry, 463pid$target::vs_eng_close_connections:return 464{ 465} 466 467/* vs_icap.c */ 468 469/* trace entry and exit (inc status) */ 470pid$target::vs_icap_option_request:entry, 471pid$target::vs_icap_send_option_req:entry, 472pid$target::vs_icap_read_option_resp:entry, 473pid$target::vs_icap_respmod_request:entry, 474pid$target::vs_icap_may_preview:entry, 475pid$target::vs_icap_send_preview:entry, 476pid$target::vs_icap_send_respmod_hdr:entry, 477pid$target::vs_icap_read_respmod_resp:entry 478{ 479} 480 481pid$target::vs_icap_option_request:return, 482pid$target::vs_icap_send_option_req:return, 483pid$target::vs_icap_read_option_resp:return, 484pid$target::vs_icap_respmod_request:return, 485pid$target::vs_icap_send_preview:return, 486pid$target::vs_icap_send_respmod_hdr:return, 487pid$target::vs_icap_read_respmod_resp:return 488{ 489 printf("%s", (int)arg1 < 0 ? "error" : "success"); 490} 491 492pid$target::vs_icap_may_preview:return 493{ 494 printf("TRANSFER %s", arg1 == 1 ? "PREVIEW" : "COMPLETE"); 495} 496 497/* trace failures only - these functions return -1 on failure */ 498pid$target::vs_icap_read_resp_code:return, 499pid$target::vs_icap_read_hdr:return, 500pid$target::vs_icap_send_termination:return, 501pid$target::vs_icap_write:return, 502pid$target::vs_icap_set_scan_result:return, 503pid$target::vs_icap_read_encap_hdr:return, 504pid$target::vs_icap_read_encap_data:return, 505pid$target::vs_icap_read_resp_body:return, 506pid$target::vs_icap_read_body_chunk:return, 507pid$target::vs_icap_read:return, 508pid$target::vs_icap_readline:return, 509pid$target::vs_icap_send_chunk:return, 510pid$target::gethostname:return 511/(int)arg1 == -1/ 512{ 513 printf("error"); 514} 515 516/* trace failures only - these functions return 1 on success */ 517pid$target::vs_icap_opt_value:return, 518pid$target::vs_icap_opt_ext:return, 519pid$target::vs_icap_resp_infection:return, 520pid$target::vs_icap_resp_virus_id:return, 521pid$target::vs_icap_resp_violations:return, 522pid$target::vs_icap_resp_violation_rec:return, 523pid$target::vs_icap_resp_istag:return, 524pid$target::vs_icap_resp_encap:return 525/arg1 != 1/ 526{ 527 printf("error"); 528} 529 530pid$target::write:return, 531pid$target::read:return, 532pid$target::open:return, 533pid$target::calloc:return 534/arg1 <= 0/ 535{ 536 printf("error"); 537} 538/* 539pid$target::recv:return, 540*/ 541