2 * Copyright (c) 2011, David E. O'Brien.
3 * Copyright (c) 2009-2011, Juniper Networks, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #if __FreeBSD_version > 800032
32 #define FILEMON_HAS_LINKAT
35 #if __FreeBSD_version < 900044 /* r225617 (2011-09-16) failed to bump
36 __FreeBSD_version. This really should
37 be based on "900045". "900044" is r225469
38 (2011-09-10) so this code is broken for
39 9-CURRENT September 10th-16th. */
40 #define sys_chdir chdir
41 #define sys_execve execve
45 #define sys_rename rename
47 #define sys_symlink symlink
48 #define sys_unlink unlink
49 #define sys_vfork vfork
50 #define sys_sys_exit sys_exit
51 #ifdef FILEMON_HAS_LINKAT
52 #define sys_linkat linkat
54 #endif /* __FreeBSD_version */
57 filemon_output(struct filemon *filemon, char *msg, size_t len)
62 if (filemon->fp == NULL)
70 auio.uio_segflg = UIO_SYSSPACE;
71 auio.uio_rw = UIO_WRITE;
72 auio.uio_td = curthread;
73 auio.uio_offset = (off_t) -1;
77 fo_write(filemon->fp, &auio, curthread->td_ucred, 0, curthread);
80 static struct filemon *
81 filemon_pid_check(struct proc *p)
83 struct filemon *filemon;
85 TAILQ_FOREACH(filemon, &filemons_inuse, link) {
86 if (p->p_pid == filemon->pid)
90 if (p->p_pptr == NULL)
93 return (filemon_pid_check(p->p_pptr));
97 filemon_comment(struct filemon *filemon)
102 /* Load timestamp before locking. Less accurate but less contention. */
105 /* Grab a read lock on the filemon inuse list. */
108 /* Lock the found filemon structure. */
109 filemon_filemon_lock(filemon);
111 len = snprintf(filemon->msgbufr, sizeof(filemon->msgbufr),
112 "# filemon version %d\n# Target pid %d\n# Start %ju.%06ju\nV %d\n",
113 FILEMON_VERSION, curproc->p_pid, (uintmax_t)now.tv_sec,
114 (uintmax_t)now.tv_usec, FILEMON_VERSION);
116 filemon_output(filemon, filemon->msgbufr, len);
118 /* Unlock the found filemon structure. */
119 filemon_filemon_unlock(filemon);
121 /* Release the read lock. */
122 filemon_unlock_read();
126 filemon_wrapper_chdir(struct thread *td, struct chdir_args *uap)
131 struct filemon *filemon;
133 if ((ret = sys_chdir(td, uap)) == 0) {
134 /* Grab a read lock on the filemon inuse list. */
137 if ((filemon = filemon_pid_check(curproc)) != NULL) {
138 /* Lock the found filemon structure. */
139 filemon_filemon_lock(filemon);
141 copyinstr(uap->path, filemon->fname1,
142 sizeof(filemon->fname1), &done);
144 len = snprintf(filemon->msgbufr,
145 sizeof(filemon->msgbufr), "C %d %s\n",
146 curproc->p_pid, filemon->fname1);
148 filemon_output(filemon, filemon->msgbufr, len);
150 /* Unlock the found filemon structure. */
151 filemon_filemon_unlock(filemon);
154 /* Release the read lock. */
155 filemon_unlock_read();
162 filemon_wrapper_execve(struct thread *td, struct execve_args *uap)
164 char fname[MAXPATHLEN];
168 struct filemon *filemon;
170 copyinstr(uap->fname, fname, sizeof(fname), &done);
172 if ((ret = sys_execve(td, uap)) == 0) {
173 /* Grab a read lock on the filemon inuse list. */
176 if ((filemon = filemon_pid_check(curproc)) != NULL) {
177 /* Lock the found filemon structure. */
178 filemon_filemon_lock(filemon);
180 len = snprintf(filemon->msgbufr,
181 sizeof(filemon->msgbufr), "E %d %s\n",
182 curproc->p_pid, fname);
184 filemon_output(filemon, filemon->msgbufr, len);
186 /* Unlock the found filemon structure. */
187 filemon_filemon_unlock(filemon);
190 /* Release the read lock. */
191 filemon_unlock_read();
197 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
199 filemon_wrapper_freebsd32_execve(struct thread *td,
200 struct freebsd32_execve_args *uap)
202 char fname[MAXPATHLEN];
206 struct filemon *filemon;
208 copyinstr(uap->fname, fname, sizeof(fname), &done);
210 if ((ret = freebsd32_execve(td, uap)) == 0) {
211 /* Grab a read lock on the filemon inuse list. */
214 if ((filemon = filemon_pid_check(curproc)) != NULL) {
215 /* Lock the found filemon structure. */
216 filemon_filemon_lock(filemon);
218 len = snprintf(filemon->msgbufr,
219 sizeof(filemon->msgbufr), "E %d %s\n",
220 curproc->p_pid, fname);
222 filemon_output(filemon, filemon->msgbufr, len);
224 /* Unlock the found filemon structure. */
225 filemon_filemon_unlock(filemon);
228 /* Release the read lock. */
229 filemon_unlock_read();
237 filemon_wrapper_fork(struct thread *td, struct fork_args *uap)
241 struct filemon *filemon;
243 if ((ret = sys_fork(td, uap)) == 0) {
244 /* Grab a read lock on the filemon inuse list. */
247 if ((filemon = filemon_pid_check(curproc)) != NULL) {
248 /* Lock the found filemon structure. */
249 filemon_filemon_lock(filemon);
251 len = snprintf(filemon->msgbufr,
252 sizeof(filemon->msgbufr), "F %d %ld\n",
253 curproc->p_pid, (long)curthread->td_retval[0]);
255 filemon_output(filemon, filemon->msgbufr, len);
257 /* Unlock the found filemon structure. */
258 filemon_filemon_unlock(filemon);
261 /* Release the read lock. */
262 filemon_unlock_read();
269 filemon_wrapper_open(struct thread *td, struct open_args *uap)
274 struct filemon *filemon;
276 if ((ret = sys_open(td, uap)) == 0) {
277 /* Grab a read lock on the filemon inuse list. */
280 if ((filemon = filemon_pid_check(curproc)) != NULL) {
281 /* Lock the found filemon structure. */
282 filemon_filemon_lock(filemon);
284 copyinstr(uap->path, filemon->fname1,
285 sizeof(filemon->fname1), &done);
287 if (uap->flags & O_RDWR) {
289 * We'll get the W record below, but need
290 * to also output an R to distingish from
293 len = snprintf(filemon->msgbufr,
294 sizeof(filemon->msgbufr), "R %d %s\n",
295 curproc->p_pid, filemon->fname1);
296 filemon_output(filemon, filemon->msgbufr, len);
300 len = snprintf(filemon->msgbufr,
301 sizeof(filemon->msgbufr), "%c %d %s\n",
302 (uap->flags & O_ACCMODE) ? 'W':'R',
303 curproc->p_pid, filemon->fname1);
304 filemon_output(filemon, filemon->msgbufr, len);
306 /* Unlock the found filemon structure. */
307 filemon_filemon_unlock(filemon);
310 /* Release the read lock. */
311 filemon_unlock_read();
318 filemon_wrapper_rename(struct thread *td, struct rename_args *uap)
323 struct filemon *filemon;
325 if ((ret = sys_rename(td, uap)) == 0) {
326 /* Grab a read lock on the filemon inuse list. */
329 if ((filemon = filemon_pid_check(curproc)) != NULL) {
330 /* Lock the found filemon structure. */
331 filemon_filemon_lock(filemon);
333 copyinstr(uap->from, filemon->fname1,
334 sizeof(filemon->fname1), &done);
335 copyinstr(uap->to, filemon->fname2,
336 sizeof(filemon->fname2), &done);
338 len = snprintf(filemon->msgbufr,
339 sizeof(filemon->msgbufr), "M %d '%s' '%s'\n",
340 curproc->p_pid, filemon->fname1, filemon->fname2);
342 filemon_output(filemon, filemon->msgbufr, len);
344 /* Unlock the found filemon structure. */
345 filemon_filemon_unlock(filemon);
348 /* Release the read lock. */
349 filemon_unlock_read();
356 filemon_wrapper_link(struct thread *td, struct link_args *uap)
361 struct filemon *filemon;
363 if ((ret = sys_link(td, uap)) == 0) {
364 /* Grab a read lock on the filemon inuse list. */
367 if ((filemon = filemon_pid_check(curproc)) != NULL) {
368 /* Lock the found filemon structure. */
369 filemon_filemon_lock(filemon);
371 copyinstr(uap->path, filemon->fname1,
372 sizeof(filemon->fname1), &done);
373 copyinstr(uap->link, filemon->fname2,
374 sizeof(filemon->fname2), &done);
376 len = snprintf(filemon->msgbufr,
377 sizeof(filemon->msgbufr), "L %d '%s' '%s'\n",
378 curproc->p_pid, filemon->fname1, filemon->fname2);
380 filemon_output(filemon, filemon->msgbufr, len);
382 /* Unlock the found filemon structure. */
383 filemon_filemon_unlock(filemon);
386 /* Release the read lock. */
387 filemon_unlock_read();
394 filemon_wrapper_symlink(struct thread *td, struct symlink_args *uap)
399 struct filemon *filemon;
401 if ((ret = sys_symlink(td, uap)) == 0) {
402 /* Grab a read lock on the filemon inuse list. */
405 if ((filemon = filemon_pid_check(curproc)) != NULL) {
406 /* Lock the found filemon structure. */
407 filemon_filemon_lock(filemon);
409 copyinstr(uap->path, filemon->fname1,
410 sizeof(filemon->fname1), &done);
411 copyinstr(uap->link, filemon->fname2,
412 sizeof(filemon->fname2), &done);
414 len = snprintf(filemon->msgbufr,
415 sizeof(filemon->msgbufr), "L %d '%s' '%s'\n",
416 curproc->p_pid, filemon->fname1, filemon->fname2);
418 filemon_output(filemon, filemon->msgbufr, len);
420 /* Unlock the found filemon structure. */
421 filemon_filemon_unlock(filemon);
424 /* Release the read lock. */
425 filemon_unlock_read();
431 #ifdef FILEMON_HAS_LINKAT
433 filemon_wrapper_linkat(struct thread *td, struct linkat_args *uap)
438 struct filemon *filemon;
440 if ((ret = sys_linkat(td, uap)) == 0) {
441 /* Grab a read lock on the filemon inuse list. */
444 if ((filemon = filemon_pid_check(curproc)) != NULL) {
445 /* Lock the found filemon structure. */
446 filemon_filemon_lock(filemon);
448 copyinstr(uap->path1, filemon->fname1,
449 sizeof(filemon->fname1), &done);
450 copyinstr(uap->path2, filemon->fname2,
451 sizeof(filemon->fname2), &done);
453 len = snprintf(filemon->msgbufr,
454 sizeof(filemon->msgbufr), "L %d '%s' '%s'\n",
455 curproc->p_pid, filemon->fname1, filemon->fname2);
457 filemon_output(filemon, filemon->msgbufr, len);
459 /* Unlock the found filemon structure. */
460 filemon_filemon_unlock(filemon);
463 /* Release the read lock. */
464 filemon_unlock_read();
472 filemon_wrapper_stat(struct thread *td, struct stat_args *uap)
477 struct filemon *filemon;
479 if ((ret = sys_stat(td, uap)) == 0) {
480 /* Grab a read lock on the filemon inuse list. */
483 if ((filemon = filemon_pid_check(curproc)) != NULL) {
484 /* Lock the found filemon structure. */
485 filemon_filemon_lock(filemon);
487 copyinstr(uap->path, filemon->fname1,
488 sizeof(filemon->fname1), &done);
490 len = snprintf(filemon->msgbufr,
491 sizeof(filemon->msgbufr), "S %d %s\n",
492 curproc->p_pid, filemon->fname1);
494 filemon_output(filemon, filemon->msgbufr, len);
496 /* Unlock the found filemon structure. */
497 filemon_filemon_unlock(filemon);
500 /* Release the read lock. */
501 filemon_unlock_read();
507 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
509 filemon_wrapper_freebsd32_stat(struct thread *td,
510 struct freebsd32_stat_args *uap)
515 struct filemon *filemon;
517 if ((ret = freebsd32_stat(td, uap)) == 0) {
518 /* Grab a read lock on the filemon inuse list. */
521 if ((filemon = filemon_pid_check(curproc)) != NULL) {
522 /* Lock the found filemon structure. */
523 filemon_filemon_lock(filemon);
525 copyinstr(uap->path, filemon->fname1,
526 sizeof(filemon->fname1), &done);
528 len = snprintf(filemon->msgbufr,
529 sizeof(filemon->msgbufr), "S %d %s\n",
530 curproc->p_pid, filemon->fname1);
532 filemon_output(filemon, filemon->msgbufr, len);
534 /* Unlock the found filemon structure. */
535 filemon_filemon_unlock(filemon);
538 /* Release the read lock. */
539 filemon_unlock_read();
547 filemon_wrapper_sys_exit(struct thread *td, struct sys_exit_args *uap)
550 struct filemon *filemon;
553 /* Get timestamp before locking. */
556 /* Grab a read lock on the filemon inuse list. */
559 if ((filemon = filemon_pid_check(curproc)) != NULL) {
560 /* Lock the found filemon structure. */
561 filemon_filemon_lock(filemon);
563 len = snprintf(filemon->msgbufr, sizeof(filemon->msgbufr),
564 "X %d %d\n", curproc->p_pid, uap->rval);
566 filemon_output(filemon, filemon->msgbufr, len);
568 /* Check if the monitored process is about to exit. */
569 if (filemon->pid == curproc->p_pid) {
570 len = snprintf(filemon->msgbufr,
571 sizeof(filemon->msgbufr),
572 "# Stop %ju.%06ju\n# Bye bye\n",
573 (uintmax_t)now.tv_sec, (uintmax_t)now.tv_usec);
575 filemon_output(filemon, filemon->msgbufr, len);
578 /* Unlock the found filemon structure. */
579 filemon_filemon_unlock(filemon);
582 /* Release the read lock. */
583 filemon_unlock_read();
585 sys_sys_exit(td, uap);
589 filemon_wrapper_unlink(struct thread *td, struct unlink_args *uap)
594 struct filemon *filemon;
596 if ((ret = sys_unlink(td, uap)) == 0) {
597 /* Grab a read lock on the filemon inuse list. */
600 if ((filemon = filemon_pid_check(curproc)) != NULL) {
601 /* Lock the found filemon structure. */
602 filemon_filemon_lock(filemon);
604 copyinstr(uap->path, filemon->fname1,
605 sizeof(filemon->fname1), &done);
607 len = snprintf(filemon->msgbufr,
608 sizeof(filemon->msgbufr), "D %d %s\n",
609 curproc->p_pid, filemon->fname1);
611 filemon_output(filemon, filemon->msgbufr, len);
613 /* Unlock the found filemon structure. */
614 filemon_filemon_unlock(filemon);
617 /* Release the read lock. */
618 filemon_unlock_read();
625 filemon_wrapper_vfork(struct thread *td, struct vfork_args *uap)
629 struct filemon *filemon;
631 if ((ret = sys_vfork(td, uap)) == 0) {
632 /* Grab a read lock on the filemon inuse list. */
635 if ((filemon = filemon_pid_check(curproc)) != NULL) {
636 /* Lock the found filemon structure. */
637 filemon_filemon_lock(filemon);
639 len = snprintf(filemon->msgbufr,
640 sizeof(filemon->msgbufr), "F %d %ld\n",
641 curproc->p_pid, (long)curthread->td_retval[0]);
643 filemon_output(filemon, filemon->msgbufr, len);
645 /* Unlock the found filemon structure. */
646 filemon_filemon_unlock(filemon);
649 /* Release the read lock. */
650 filemon_unlock_read();
657 filemon_wrapper_install(void)
659 #if defined(__i386__)
660 struct sysent *sv_table = elf32_freebsd_sysvec.sv_table;
661 #elif defined(__amd64__)
662 struct sysent *sv_table = elf64_freebsd_sysvec.sv_table;
664 #error Machine type not supported
667 sv_table[SYS_chdir].sy_call = (sy_call_t *) filemon_wrapper_chdir;
668 sv_table[SYS_exit].sy_call = (sy_call_t *) filemon_wrapper_sys_exit;
669 sv_table[SYS_execve].sy_call = (sy_call_t *) filemon_wrapper_execve;
670 sv_table[SYS_fork].sy_call = (sy_call_t *) filemon_wrapper_fork;
671 sv_table[SYS_open].sy_call = (sy_call_t *) filemon_wrapper_open;
672 sv_table[SYS_rename].sy_call = (sy_call_t *) filemon_wrapper_rename;
673 sv_table[SYS_stat].sy_call = (sy_call_t *) filemon_wrapper_stat;
674 sv_table[SYS_unlink].sy_call = (sy_call_t *) filemon_wrapper_unlink;
675 sv_table[SYS_vfork].sy_call = (sy_call_t *) filemon_wrapper_vfork;
676 sv_table[SYS_link].sy_call = (sy_call_t *) filemon_wrapper_link;
677 sv_table[SYS_symlink].sy_call = (sy_call_t *) filemon_wrapper_symlink;
678 #ifdef FILEMON_HAS_LINKAT
679 sv_table[SYS_linkat].sy_call = (sy_call_t *) filemon_wrapper_linkat;
682 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
683 sv_table = ia32_freebsd_sysvec.sv_table;
685 sv_table[FREEBSD32_SYS_chdir].sy_call = (sy_call_t *) filemon_wrapper_chdir;
686 sv_table[FREEBSD32_SYS_exit].sy_call = (sy_call_t *) filemon_wrapper_sys_exit;
687 sv_table[FREEBSD32_SYS_freebsd32_execve].sy_call = (sy_call_t *) filemon_wrapper_freebsd32_execve;
688 sv_table[FREEBSD32_SYS_fork].sy_call = (sy_call_t *) filemon_wrapper_fork;
689 sv_table[FREEBSD32_SYS_open].sy_call = (sy_call_t *) filemon_wrapper_open;
690 sv_table[FREEBSD32_SYS_rename].sy_call = (sy_call_t *) filemon_wrapper_rename;
691 sv_table[FREEBSD32_SYS_freebsd32_stat].sy_call = (sy_call_t *) filemon_wrapper_freebsd32_stat;
692 sv_table[FREEBSD32_SYS_unlink].sy_call = (sy_call_t *) filemon_wrapper_unlink;
693 sv_table[FREEBSD32_SYS_vfork].sy_call = (sy_call_t *) filemon_wrapper_vfork;
694 sv_table[FREEBSD32_SYS_link].sy_call = (sy_call_t *) filemon_wrapper_link;
695 sv_table[FREEBSD32_SYS_symlink].sy_call = (sy_call_t *) filemon_wrapper_symlink;
696 #ifdef FILEMON_HAS_LINKAT
697 sv_table[FREEBSD32_SYS_linkat].sy_call = (sy_call_t *) filemon_wrapper_linkat;
699 #endif /* COMPAT_ARCH32 */
703 filemon_wrapper_deinstall(void)
705 #if defined(__i386__)
706 struct sysent *sv_table = elf32_freebsd_sysvec.sv_table;
707 #elif defined(__amd64__)
708 struct sysent *sv_table = elf64_freebsd_sysvec.sv_table;
710 #error Machine type not supported
713 sv_table[SYS_chdir].sy_call = (sy_call_t *)sys_chdir;
714 sv_table[SYS_exit].sy_call = (sy_call_t *)sys_sys_exit;
715 sv_table[SYS_execve].sy_call = (sy_call_t *)sys_execve;
716 sv_table[SYS_fork].sy_call = (sy_call_t *)sys_fork;
717 sv_table[SYS_open].sy_call = (sy_call_t *)sys_open;
718 sv_table[SYS_rename].sy_call = (sy_call_t *)sys_rename;
719 sv_table[SYS_stat].sy_call = (sy_call_t *)sys_stat;
720 sv_table[SYS_unlink].sy_call = (sy_call_t *)sys_unlink;
721 sv_table[SYS_vfork].sy_call = (sy_call_t *)sys_vfork;
722 sv_table[SYS_link].sy_call = (sy_call_t *)sys_link;
723 sv_table[SYS_symlink].sy_call = (sy_call_t *)sys_symlink;
724 #ifdef FILEMON_HAS_LINKAT
725 sv_table[SYS_linkat].sy_call = (sy_call_t *)sys_linkat;
728 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
729 sv_table = ia32_freebsd_sysvec.sv_table;
731 sv_table[FREEBSD32_SYS_chdir].sy_call = (sy_call_t *)sys_chdir;
732 sv_table[FREEBSD32_SYS_exit].sy_call = (sy_call_t *)sys_sys_exit;
733 sv_table[FREEBSD32_SYS_freebsd32_execve].sy_call = (sy_call_t *)freebsd32_execve;
734 sv_table[FREEBSD32_SYS_fork].sy_call = (sy_call_t *)sys_fork;
735 sv_table[FREEBSD32_SYS_open].sy_call = (sy_call_t *)sys_open;
736 sv_table[FREEBSD32_SYS_rename].sy_call = (sy_call_t *)sys_rename;
737 sv_table[FREEBSD32_SYS_freebsd32_stat].sy_call = (sy_call_t *)freebsd32_stat;
738 sv_table[FREEBSD32_SYS_unlink].sy_call = (sy_call_t *)sys_unlink;
739 sv_table[FREEBSD32_SYS_vfork].sy_call = (sy_call_t *)sys_vfork;
740 sv_table[FREEBSD32_SYS_link].sy_call = (sy_call_t *)sys_link;
741 sv_table[FREEBSD32_SYS_symlink].sy_call = (sy_call_t *)sys_symlink;
742 #ifdef FILEMON_HAS_LINKAT
743 sv_table[FREEBSD32_SYS_linkat].sy_call = (sy_call_t *)sys_linkat;
745 #endif /* COMPAT_ARCH32 */
projects / FreeBSD / releng / 9.1.git / blob